Learn the risks of the traditional approach to securing
user traffic to the data center and how the best practice approach
mitigates those risks.
The traditional legacy approach to securing user traffic
flowing to the data center leaves valuable assets exposed to risk,
while the best practice approach protects your valuable assets.
The Traditional Approach
The Best Practice Approach
Port-based rules provide sufficient security
because the data center is inside a trusted network.
Malicious applications access the network by
spoofing port numbers, tunneling through a port, or using port hopping
to avoid detection.
Application whitelist rules tie together applications,
users, and servers so that only legitimate users using sanctioned applications
can access the right sets of data center servers.
Trust internal users and allow the application
the user accesses to determine whether access is allowed based on
credentials and possibly on IP address rules.
An attacker gains access to a data center endpoint
and then moves laterally to any other data center endpoint to exploit
stolen credentials or server-side vulnerabilities. Unknown users
gain access to data center endpoints.
Enable User-ID, block unknown users, and whitelist
access for sanctioned users. Create separate identity domains for
employees, partners, and contractors. Use multi-factor authentication
(MFA) for partner, contractor, and sensitive server access.
Analyzing unknown files is unnecessary because
the data center is inside a trusted network.
Users may inadvertently download malware from
file sharing and other cloud applications.
Send all unknown files to WildFire for analysis
to identify new and unknown malware and protect against it.
A mix of threat prevention profiles from multiple
A conglomeration of individual tools leaves
security holes for attackers and may not work together well.
The Palo Alto Networks suite of coordinated
security tools works together to plug security holes and prevent