Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 1 The Evolution of the Data Center 11 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. such as installation, deployment, and maintenance, from a single console across all locations. This level of visibility also allows for the automation of effective Zero Trust policy implementation and deployment. With greater visibility into the data center, network security teams can understand who is accessing what, when, and where, both inside the data center and across multi-cloud environments. Read Chapter 3 to learn more about gaining complete visibility in hybrid cloud environments. Minimize the attack surface The best way to protect against advanced attacks, such as advanced persistent threats (APTs) or ransomware, is to mini- mize opportunities for attack and prevent the lateral movement of any threat in the data center. Segmenting the environment into trust zones helps protect critical applications and shared services from lateral movement attacks by limiting network communi- cation to only the necessary connections. Examples of common trust boundaries include the boundary between the Internet and the data center, a public cloud environment and an on-premises environment, an environment that hosts information governed by regulatory compliance and the rest of the data center, or two applications in a data center. Physical, virtualized, and containerized next-generation firewalls enable you to define the boundaries between trust zones and easily integrate into the network fabric or third-party switches. Virtualized next-generation firewalls can also be deployed on hypervisors or integrated into software-defined networks (SDNs) and cloud networks to help define trust zones in virtualized and public cloud environments. Read Chapter 3 to learn more about minimizing the attack surface in data centers and hybrid cloud environments. Automate threat protection While segmentation reduces the attack surface, a multilayered defense is incomplete without the ability to discover threats and malicious activity, block threats in real time, and automatically isolate infected hosts to minimize business disruption as well as prevent data loss. Inserting automated threat protection at trust zone boundaries is a common strategy for protecting hybrid cloud