Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 5 Ten Evaluation Criteria for Network Security 67 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. application delivery, improving processes, or hunting for threats. There are three ways to think about automation: » Workflow automation. Your network security platform must expose standard application programming interfaces (APIs) so it can be programmed from other tools and scripts you may be using. In the cloud, it must integrate with tools like Ansible and Terraform. In addition, it must be able to kick off workflows on other devices in your security ecosys- tem, using their APIs, without manual intervention. » Policy automation. The network security platform must be able to adapt policies to any changes in your environment, such as movement of applications across virtual machines. It must also be able to ingest threat intelligence from third- party sources and automatically act on that intelligence. » Security automation. Your environment must be able to uncover unknown threats and deliver protections to the network security platform so new threats are blocked automatically. Some threats remain hidden in data. By looking deeper into that data across locations and deployment types, you can find threats that may be lurking in plain sight. With automation, you can accurately identify threats, enable rapid prevention, improve efficiency, better utilize the talent of your specialized staff, and improve your organization's security posture. Flexible Deployment Options The choice of whether a physical or virtual network security appliance should be deployed in the data center depends on the specific issues to be addressed. Physical network security appliances are often adequate if the same trust levels are maintained within a single cluster of vir- tual hosts. In this scenario, visibility of east–west traffic (internal communications between servers) is less critical and can be forced off-box through a default security appliance, if necessary. Virtual systems also offer scale and performance in the data center with east-west traffic inspection, and larger physical platforms can be partitioned with virtual systems for both north-south and east- west traffic inspection.