eBooks/eGuides

CHAPTER 1 The Evolution of the Data Center 13 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. (continued) • A strategy that uses whitelisting for positive security enforce- ment and helps you define trust zones to move toward a Zero Trust architecture. Start with tiered applications and proceed from that model with regard to Zero Trust micro-segmentation. • Architecture that consistently protects traffic flows initiated by users or from bare metal servers, virtual machines, and contain- ers hosted in on-premises data centers, private clouds, public clouds, or even branches and campuses. 2. Work with stakeholders in IT/Support and Security as well as groups that require data center access, such as Engineering and Legal, to develop an access strategy. You'll want to: • Identify users who need access — and the assets they need to access — to define efficient security policy rules by user group. • Enforce granular access by implementing segmentation to create trust zones and minimize the opportunities of attack across north-south and east-west traffic. 3. Assess your data center to understand its current state so you can create a plan to reach your desired future state. You should: • Inventory the physical as well as virtual environment and assets, and determine which assets you should protect first. • Work with application, network and enterprise architects, as well as business stakeholders, to learn about typical baseline traffic loads and patterns so you understand normal work behavior. 4. Create a data center segmentation strategy to help reduce risk and business impact by preventing hackers from stealing data as well as stopping malware that gains a foothold in your data center from infecting other systems. Use firewalls based on flexible form factors to design a granular segmentation strategy for physical and virtual networks to pro- vide visibility into your data center traffic everywhere — at the perimeter, on the network, and on the host.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA