Learn the risks of the traditional approach to securing
user traffic to the data center and how the best practice approach
mitigates those risks.
The traditional legacy approach to securing user traffic
flowing to the data center leaves valuable assets exposed to risk,
while the best practice approach protects your valuable assets.
The Traditional Approach
The Best Practice Approach
Port-based rules provide sufficient security
because the data center is inside a trusted network.
Malicious applications access the network by
spoofing port numbers, tunneling through a port, or using port hopping
to avoid detection.
Application allow rules tie together applications,
users, and servers so that only legitimate users using sanctioned applications
can access the right sets of data center servers.
you transition from port-based to application-based rules, in the
rulebase, place the application-based rule above the port-based
rule it will replace. Reset the policy rule hit counter for both rules.
If traffic hits the port-based rule, its policy rule hit count increases.
Tune the application-based rule until no traffic hits the port-based
rule for a period of time, then remove the port-based rule.
Trust internal users and allow the application
the user accesses to determine whether access is allowed based on credentials
and possibly on IP address rules.
An attacker gains access to a data center endpoint
and then moves laterally to any other data center endpoint to exploit
stolen credentials or server-side vulnerabilities. Unknown users
gain access to data center endpoints.
Enable User-ID, block unknown users, and allow
access for sanctioned users. Create separate identity domains for
employees, partners, and contractors. Use multi-factor authentication
(MFA) for partner, contractor, and sensitive server access.
Analyzing unknown files is unnecessary because
the data center is inside a trusted network.
Users may inadvertently download malware from
file sharing and other cloud applications.
Send all unknown files to WildFire for analysis
to identify new and unknown malware and protect against it.
A mix of threat prevention profiles from multiple vendors.
A conglomeration of individual tools leaves security
holes for attackers and may not work together well.
The Palo Alto Networks suite of coordinated security
tools works together to plug security holes and prevent attacks.