eBooks/eGuides

CHAPTER 5 Ten Evaluation Criteria for Network Security 59 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. For example, your network security platform should understand usage of application functions, such as audio streaming, remote access, and posting documents, and be able to enforce granular controls over that usage, such as upload versus download permis- sions, chat versus file transfer, and so on. This must be done con- tinuously. The concept of "one-and-done" traffic classification is not an option because it ignores the fact that these commonly used applications share sessions and support multiple functions. If a different function or feature is introduced in the session, such as sharing a desktop in a Webex conference, the network security platform must perform a policy check again. Continuous state tracking to understand the functions each application may support — and the different associated risks — is a must. Once a complete picture of applications is gained, safe applica- tion enablement of applications is essential to deliver the right security policies in the data center or across a hybrid cloud envi- ronment. This includes more fine-grained and appropriate appli- cation functions than simply "allow" or "deny," such as allow but enforce traffic shaping through Quality of Service (QoS) or allow based on schedule, users, or groups. Application visibility and control allows organizations to reduce the attack surface by blocking rogue and misconfigured applications, such as unau- thorized management tools and P2P file-sharing software. It also enables the protection of high-value targets, such as domain controllers, finance servers, and email and database servers with meaningful network segmentation. Accurate traffic classification — regardless of ports, protocols, evasive tactics, and Secure Sockets Layer (SSL) encryption — is important in any data center. This is even more critical in a hybrid cloud environment where virtual machines (VMs) and applica- tion workloads communicate between on-premises and cloud environments, often without appropriate policies or risk analysis. FIGURE 5-1: Control application usage in policy.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA