eBooks/eGuides

CHAPTER 5 Ten Evaluation Criteria for Network Security 63 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. platform should use content-based signatures to detect variants, polymorphic malware, or C2 activity. In addition, C2 signatures based on analysis of outbound communication patterns are much more effective protective measures that can scale at machine speed when created automatically. Finally, cloud-delivered secu- rity infrastructure is critical for security enforcement. It supports threat detection and prevention at massive scale across your net- work, endpoints, and clouds in addition to allowing you to tap into an open ecosystem of trusted innovators. Flexible, Adaptive Integration One of the key integration challenges in the data center is secu- rity design. Network architectures must often be redesigned when security requirements evolve due to changing applications and threats, new compliance mandates, and shifting risk postures. A new paradigm that enables network security to be flexible and adaptive is needed. Networking flexibility helps ensure compatibility with practically any organization's data center environment. Enabling integra- tion without the need for redesign or reconfiguration depends not only on supporting a wide range of networking features and options, such as port-based virtual local area networks (VLANs), but also on the ability to integrate at the Open Systems Intercon- nection (OSI) Reference Model Layer 1 (Physical), Layer 2 (Data Link), or Layer 3 (Network). In addition, the network security solution should be able to turn on additional security features as the security posture changes. Finally, your security solution needs the ability to support multiple hypervisor types, such as VMware ESXi, Microsoft Hyper-V, Nutanix AHV, KVM, and potentially software-defined network (SDN) driven provisioning, particu- larly in hybrid cloud environments. Secure Access for Mobile and Remote Users The modern enterprise continues to become far more distributed than in the past. The mobile workforce continues to grow along with the use of mobile devices to connect to business applications,

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA