eBooks/eGuides

16 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. "streamlined" out of the cloud design. Cloud security trade-offs often include: » Simplicity or function » Efficiency or visibility » Agility or security Cloud computing technologies enable you to evolve your data cen- ter from a hardware-centric architecture where applications run on dedicated servers, to a dynamic and automated environment where pools of computing resources are available on-demand, to support application workloads that can be accessed anywhere, anytime, and from any device. However, many of the features that make cloud computing attractive to organizations are counter to network security best practices. For example: » Cloud computing doesn't mitigate existing network security risks. The security risks that threaten your network today don't go away when you move to the cloud. In some ways, the security risks you face when moving to the cloud become more significant. Many data center applications use a wide range of ports, rendering traditional security ineffec- tive. Cybercriminals are creating sophisticated port-agnostic attacks that use multiple vectors to compromise their target and then hide in plain sight, using common applications to achieve their objectives. » Separation and segmentation are fundamental to security; the cloud relies on shared resources. Security best practices dictate that mission-critical applications and data be separated into secure segments, or trust zones, on the network, based on Zero Trust principles ("never trust, always verify"). On a physical network, Zero Trust is relatively straightforward, using firewalls and policies based on application and user identity. In a cloud environment, direct communication between virtual machines (VMs) and containers within a server host occurs constantly — in some cases, across varied levels of trust, making segmenta- tion a real challenge. Mixed levels of trust, combined with a lack of intra-host traffic visibility by virtualized port-based security offerings, may weaken your security posture.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA