Beruflich Dokumente
Kultur Dokumente
An Introduction
In the face of todays complex cybersecurity landscape, choosing your next rewall is more than a simple comparison of technical features. Its about embracing a change in your role as an enabler of business rather than a blocker. Its about balancing the needs of the company with the business and security risks associated with modern applications. Its about acknowledging that the world has changed around you and you can no longer protect yourself with an approach to cybersecurity that worked well when web browsing and email were the only two applications on the Internet. Its about the 10 things we describe in this booklet that we believe your next rewall must do.
designed to enforce those policies. External proxies, remote server/desktop management tools, and encrypted tunnel applications are being used to circumvent security controls like rewalls. Without the ability to identify and control these tools, your organization cannot enforce your security policies, exposing the business to the very cyberattacks the security controls were designed to mitigate. Your next rewall must be capable of dealing with these circumvention tools.
Stop Thinking:
Closed doors.
Start Thinking:
Freedom.
hovers at around 25% . The increased use of HTTPS for many high-risk, high-reward applications and users ability to manually enable SSL on many websites means your network security team has a large and growing blind spot. As SSH is used more commonly by tech-savvy employees, the encryption blind spot may be even larger than you thought. Your next rewall must be capable of decrypting and inspecting SSL trafc on any port; be exible enough to bypass selected segments of SSL trafc (e.g., web trafc from health care organizations) and enforce the native use of SSH via policy.
presenting your organization with different risk proles and value. Many business focused as well as end-user focused examples exist. WebEx vs. WebEx Desktop Sharing and Google Mail vs. Google Talk. If your organization is heavily dependent on intellectual property, then external desktop sharing and le transfer applications may represent security and regulatory risks. Your next rewall must continually evaluate the trafc and watch for changesif a different function or feature is introduced in the session, the rewall must recognize the shift and perform a policy check.
A signicant number of your users are now working remotely and they expect to connect to their applications via WiFi, wireless broadband, or any means necessaryseamlessly and consistently. Regardless of where the user is or the type of device they are using, the same standard of network application control must apply, regardless of location or device. If your next rewall enables application visibility and control over trafc inside the four walls of the enterprise, but not outside, it misses the mark on some of the riskiest trafc.
Your security team is overloaded with managing multiple information feeds, a range of security policies, and associated device management interfaces. Adding more to an overloaded team will not help. Given that typical rewall installations have thousands of rules, your next rewall must make your security teams life easier with the ability to identify, control, investigate and report on applications, users and content traversing your network.
Deliver the same throughput and performance with application control fully activated
Many enterprises struggle with the forced compromise between performance and security. All too often, enabling network security features means turning down throughput and performance. If your next rewall is built the right way, this compromise is unnecessary. Given the requirement for computationally intensive tasks (e.g. application identication) performed on high trafc volumes with low latency, your next rewall must have hardware optimized for specic tasks such as networking, security, and content scanning.
10
In Conclusion
Applications are how your users get their jobs done in the face of competing personal and professional priorities. As your users continue to adopt new applications and technologies, they inadvertently introduce new cybersecurity risks. Allowing them all is unreasonable and obstructing their adoption may inhibit your business. Because of this, safe application enablement is increasingly the correct policy stance. Safe application enablement is best implemented using a systematic approach of determining the usage patterns, the business case, then documenting the appropriate use as policy moving forward, and enforcing the use with technology. The 10 Things Your Next Firewall Must Do can help you put the necessary controls in placeespecially in the face of a more varied and rich application and threat landscape. Without the network security infrastructure to cope with such variety and depth, you cant safely enable the necessary applications and manage risk. A next-generation rewall that delivers on these 10 capabilities is really all it takes.
Us.
2013 Palo Alto Networks, Inc. All Rights Reserved. Palo Alto Networks and the Palo Alto Networks Logo are trademarks or registered trademarks of Palo Alto Networks, Inc. Other company and product names may be trademarks of their respective owners. Specications are subject to change without notice. PAN_10TBKLT_072613