eBooks/eGuides

34 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. In this chapter, you learn how Zero Trust helps you ensure an effective and consistent security posture across your data center and hybrid cloud environment. Gaining Complete Visibility A Zero Trust architecture requires complete visibility of your orga- nization's protect surface, which is orders of magnitude smaller than its attack surface and is always knowable. Your organiza- tion's protect surface consists of all your critical data, applications, assets, and services (DAAS). This can include: » Data such as protected health information (PHI), personally identifiable information (PII), financial information, and intellectual property (IP) » Applications including commercial off-the-shelf software, software-as-a-service (SaaS), and custom developed software » Assets such as supervisory control and data acquisition (SCADA) systems, point-of-sale (POS) terminals, medical equipment, manufacturing systems, and Internet of Things (IoT) devices » Services such as Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Active Directory, and Lightweight Directory Access Protocol (LDAP) As discussed in Chapter 1, legacy port-based firewalls do a poor job of identifying applications, content, and users. A next-generation firewall enables comprehensive Layer 7 visibility of your entire data center and hybrid cloud protect surface (see Figure 3-1). It performs true classification of data and application traffic, based not simply on port and protocol (like a port-based firewall) but on contextual factors such as a user, their device, and the applications they need to use to perform their role throughout the day. This classification and filtering activity occurs as an ongoing process of application analysis, decryption, decoding, and heuris- tics as well. These capabilities progressively peel back the layers of a traffic stream to determine its true application identity.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA