Issue link: https://insights.oneneck.com/i/1458399
8 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Looking at Why Legacy Security Infrastructure is Ineffective Legacy security infrastructures are generally flat network archi- tectures that rely on a perimeter firewall as their only point of traffic inspection and control. These traditional port-based fire- walls provide limited value in a cloud and mobile world where network boundaries have all but disappeared and the majority of traffic in a data center is east-west (traffic flow within the data center). For security to be effective, it must deliver perime- ter security as well as build trust zones within an organization's internal network. This ensures that traffic between apps and ser- vices of different trust levels is filtered using best-in-breed net- work security services, such as intrusion prevention and Domain Name System (DNS) security. The same level of protection must extend to public clouds to ensure consistent network security and segmentation in hybrid environments as well. In addition to limited visibility into network traffic context, many of these solutions apply static policies and controls based on more or less permanent physical and/or logical locations, such as IP addresses and ports. They are thus unable to adapt effectively to hybrid cloud environments in which application workloads have shorter lifecycles and can move dynamically between on- premises, private, and public cloud locations. A next-generation firewall must deliver the same capabilities consistently at the network edge or to aid segmentation in the cloud. It is important to move security controls as close as pos- sible to the workloads they are protecting. Different physical and virtual form factors allow organizations to accomplish this goal across a hybrid cloud model. Firewalls Firewalls are often used as a first line of defense, but legacy port- based firewalls provide only coarse filtering of traffic and limited network segmentation. One drawback to port-based firewalls is that they use protocol and port to identify and control what gets in and out of the network. This port-centric design is ineffective when faced with malware and evasive applications that hop from port to port until they find an open connection to the network. Such firewalls themselves have little ability to identify and control advanced threats.