Data Center Best Practice Methodology
Inspect all traffic, reduce the data center attack surface, and prevent known and unknown threats. Phase in protection starting with your most valuable assets.
The following best practice methodologies ensure detection and prevention at multiple stages of the attack life cycle.
|Best Practice Methodology||Why Is This Important?|
|Inspect All Traffic to Gain Complete Visibility||Seeing network traffic enables you to identify
the presence of attackers. Inspect traffic to see the users, applications,
and content that flow into, through, and out of the data center:|
Visibility into traffic enables the firewall to use its native App-ID, Content-ID, and User-ID technologies to tie the applications, threats, and content to users, regardless of user location or device type, port, encryption, or evasive technique.
|Reduce the Attack Surface||The attack surface is all of the points of
network interaction, both hardware and software, including applications,
content, and users, along with servers, switches, routers, and other
physical and virtual equipment. Reducing the attack surface leaves
fewer vulnerabilities for attackers to target. The more you reduce
the attack surface, the harder it is to breach the network.|
|Prevent Known Threats||Security profiles attached to security policy
allow rules scan traffic for known threats such as viruses, spyware,
application-layer vulnerability exploits, malicious files, and more.
The firewall applies an action such as allow, alert, drop, block
IP, or a connection reset to those threats based on the security
profile configuration. Content updates automatically update all of
the default security profiles as new threats are discovered, so
it’s important to schedule regular content updates. Security profiles
are fundamental protections that are easy to apply to security policy
External dynamic lists (EDLs) also protect against known threats. EDLs import lists of malicious and risky IP addresses, URLs, or domains into the firewall to prevent known threats. EDLs come from trusted third parties, from predefined EDLs on the firewall, and from custom EDLs that you create. EDLs are updated dynamically on the firewall without requiring a commit.
Preventing known threats is another reason that enabling decryption is important. If you can’t see the threat, it doesn’t matter if you know about it, you may still be victimized because you can’t see it.
|Prevent Unknown Threats||How do you detect a threat nobody has seen
before? To avoid unknown and new threats lurking in applications
and content, forward all unknown files to WildFire for analysis. |
WildFire identifies unknown or targeted malware. The first time a firewall detects an unknown file, the firewall forwards the file to its internal destination and also to the WildFire cloud for analysis. WildFire analyzes the file (or a link in an email) and returns a verdict to the firewall in as little as five minutes. WildFire also includes a signature that identifies the file, transforming the unknown file to a known file. If the file contained a threat, the threat is now known. If the file is malicious, the next time the file arrives at the firewall, the firewall blocks it.
You can check verdicts in the WildFire submission logs (MonitorLogsWildFire Submissions).
- Manage firewalls centrally with Panorama to consistently enforce policy across physical and virtual environments and for centralized visibility.
- Use positive security enforcement to allow traffic you want on your data center network and deny the rest.
- Create a standardized, scalable design that you can replicate and apply consistently across data centers.
- Get buy-in from executives, IT and data center administrators, users, and other affected parties.
Phase in next-generation security by focusing on the most likely threats to your particular business and network, and then determine the most important assets to protect and protect them first. Ask the following questions to help prioritize the assets to protect first:
- What makes our company what it is? What properties define and differentiate your company, and what assets map to those properties? Assets that relate to your company’s proprietary competitive advantages should be high on the protection priority ladder. For example, a software development company would prioritize its source code, or a pharmaceutical company would prioritize its drug formulas.
- What keeps the enterprise in business? Which systems and applications do you need to support the daily operation of the company? For example, your active directory (AD) service provides employee access to applications and workstations. Compromising your AD service gives an attacker access to all accounts within your enterprise, which gives the attacker full access your network. Other examples include critical IT infrastructure such as management tools and authentication servers, and servers that house the most critical data for business operations.
- If I lost this asset, what would happen? The worse the consequences of losing an asset, the higher the priority to protect that asset. For example, the user experience may differentiate a service company, so protecting that experience is high priority. Proprietary processes and equipment may differentiate a manufacturing company, so protecting the intellectual property and proprietary designs is high priority. Create a priority list to define what to protect first.
Define the ideal future state of your data center network and work in phases to achieve it. Periodically revisit your definition to account for changes in your business, new regulatory and legal requirements, and new security requirements.
Plan Your Data Center Best Practice Deployment
If you’re already familiar with Palo Alto Networks’ platform, this checklist streamlines planning your data center best practice deployment strategy and roll-out so that you ...
Data Center Best Practice Security Policy
Learn about Palo Alto Networks data center security policy best practices to protect your most valuable assets. ...
What Is a Best Practice Internet Gateway Security Policy?
What Is a Best Practice Internet Gateway Security Policy? A best practice internet gateway security policy has two main security goals: Minimize the chance of ...
How Do I Deploy a Data Center Best Practice Security Policy
Learn how to create and implement a best practice data center security policy that protects your most valuable assets. ...
Define the Initial Intra-Data-Center Traffic Security Polic...
Define the traffic that can flow between data center server tiers to provide application services. ...
What Is a Data Center Best Practice Security Policy?
Protect all north-south and east-west traffic flows and prevent attackers from getting into your data center and executing malware or exfiltrating data. ...
Firewall Overview Palo Alto Networks® next-generation firewalls safely enable applications and prevent modern threats by inspecting all traffic—applications, threats, and content—and tying it to the ...
Create Intra-Data-Center Application Whitelist Rules
Create whitelist rules that allow servers in different data center server tiers to communicate so that they can provide application services, while preventing unnecessary communication ...
How to Assess Your Data Center
Discover, list, and evaluate your data center assets to understand which assets to protect first and who should have access to those assets. ...