Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 5 Ten Evaluation Criteria for Network Security 65 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Organizations must be able to operationalize the deployment of consistent, centralized security policies across tens of thousands of firewalls spanning on-premises and cloud deployments — including remote locations, mobile users, and SaaS applications — through centralized management, consolidated core security tasks, and streamlined capabilities. For example, you should be able to use a single console to view all network traffic, man- age configuration, push global policies, and generate reports on traffic patterns or security incidents. Your reporting capabilities must let your security personnel rapidly drill down into network, application, and user behavior for the context they need to make informed decisions. When these capabilities are delivered from the cloud, your teams can build out the right security architecture to prevent known and unknown threats at every corner of your extended network. In today's constantly changing threat landscape, using a single security vendor to address the vast spectrum of your security and business needs isn't always practical. In this case, the abil- ity to integrate with and consume third-party and cloud service provider (CSP) insight and telemetry is critical. When evaluat- ing future security vendors, be sure to evaluate the integration, extensibility, and programmability that they offer. Hybrid data centers are composed of physical and virtual infra- structures deployed on-premises and in private, public, and hybrid cloud environments. Network security solutions in the hybrid data center need to include both physical and virtualized options. The network security policy management platform must also support hybrid data center environments; otherwise, security policies can become convoluted, leading to needless complexity, misconfigurations, and security blind spots. In addition, a single, comprehensive security policy that fully integrates application control, threat management, and user identification is a must. Cloud Ready To succeed, your organization needs cloud security that extends policy consistently from the network to the cloud, stops malware from accessing and moving laterally (east-west) within the cloud, simplifies management, and minimizes the security policy lag as virtual workloads change. Your network security platform must protect the resident applications and data with the same security posture that you may have established on your physical network.