Table of Contents
Scanning And Detection Are Critical
The digital transformation is driving companies to move important applications to public clouds and containers. Therefore, they have to use the same multi-layer security approach. Palo Alto Networks explains why in this environment virtual and container NGFWs (New Generation Firewalls) are essential for security in the cloud.
Cloud Applications Target More Than One Environment
Most companies today use data centers and several public clouds, in the form of the multi-cloud. They also run workloads, some of which may be containerized or serverless today. However, most companies still have a variety of bare metal servers, virtual machines, and even mainframes.
Where the workloads are running, what matters is the enterprise applications that run on hybrid infrastructures. These applications tend to be closely related. Most applications are connected to core services such as Active Directory, administration, monitoring, and logging of the infrastructure. Many of these applications are also connected to critical databases that run on legacy systems such as Solaris or mainframes. Because it is the network that connects these applications, network security must span the entire infrastructure. For this reason, network protection for native cloud applications needs to be tackled holistically.
Complete network protection requires next-generation firewalls and identity-based micro-segmentation. Since the cloud journey is a constant journey, it is important to get a complete overview of all connections made via the network. This includes connections from the Internet to workloads, workloads towards the Internet, and workloads to workloads.
Whole-Body And Luggage Scanners
This level aims to ensure that people heading for departing aircraft do not carry anything dangerous with them. Security guards do this with scanners that examine people, luggage, and countless small items. The airport authorities use this procedure in strategic locations. Some airports have only one security and scan station at the entrance, while larger airports usually have one or more at the border of each terminal.
This is where the next generation firewalls come into play in the world of IT because they are aimed at these security scans. Just as security is deployed at strategically selected perimeters at the airport, NGFWs must be deployed at carefully selected perimeters or trust limits.
Boarding Pass Scanner
This level of inspection aims to reduce the area of attack by minimizing the movement of people to places they should not go. Boarding pass scanners are used at every gate – usually as close as possible to the boarding entrance of the respective aircraft. Just as boarding pass scanners are used at every gate of an airport, micro-segmentation has to be enforced for every workload. Agent-based solutions are best suited to enforce micro-segmentation policies directly at the workload level.
Incoming Protection
To make applications available to users on the Internet, the workloads must accept connections from the Internet. Most modern applications are provided via HTTPS. Incoming connections are generally protected by cloud-based web application firewalls (WAFs). However, most workloads must accept incoming connections, not just the Internet. These include orchestration and monitoring tools such as Terraform and Puppet, connections to MySQL ports by database administrators, and the SSH / RDP ports by server administrators.
Also Read: New Improvements To The Glass Storage Media