Issue link: https://insights.oneneck.com/i/1458399
60 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Machine learning is helpful for accurate traffic classification due to its ability to continuously adapt to data patterns and envi- ronment variables. However, this level of classification is chal- lenging, and many organizations take a more general, phased approach with less fine-grained micro-segmentation. Identify Users and Enable Appropriate Access Employees, customers, and partners connect to different reposi- tories of information within your network, as well as to the Internet. These people and their many devices represent your network's users. It's important for your organization's risk pos- ture that you're able to identify your users beyond Internet Pro- tocol (IP) address, as well as grasp the inherent risks they bring, based on the devices they're using — especially when security policies have been circumvented or new threats have been intro- duced to your network. In addition, users are constantly mov- ing to different physical locations and using multiple devices, operating systems, and application versions to access the data they need (see Figure 5-2). IP address subnets are mapped only to physical devices, not individual users, meaning that if users move around — even within the office — policy doesn't follow them. Therefore, user and group information must be directly integrated into the technology platforms that secure data centers and hybrid cloud environments. Your network security platform must be able to pull user identity from multiple sources, including virtual private networks (VPNs), wireless local area network (WLAN) access controllers, directory servers, email servers, and captive portals. Knowing who is using the applications on your network, and who may be transmit- ting a threat or transferring files, strengthens security policies, and improves incident response times. The platform must allow policies to safely enable applications based on users or groups of users, outbound or inbound — for example, by allowing only your IT department to use tools such as SSH, Telnet, and File Transfer Protocol (FTP). User-based policies follow users no matter where they go — at headquarters, branch offices, or home — and on whatever devices they use. However, the issue of user identity goes beyond classifying users for policy reporting.