Workloads are Deployed, Moved and Retired – 5 Steps to Keep Network Security Enforcement Points Secure and Up-To-Date
The only constant is change. Product deployments come and go and get moved as a result of data center reorganizations, mergers & acquisitions and migration to the cloud – and even retromigrations from cloud to on-prem.
Every time this happens it’s very easy for new risk to be created in your network. Think of all the enforcement points on your network. Here’s just a few:
- Classic firewalls
- Next-gen firewalls (NGFW)
- Wireless Access Points
- Cloud resources like Azure Network Security Groups
If you want to avoid the fate of companies like Equifax, Target and many others, one of the crucial steps is proper network segmentation on the inside of your network – let alone connection to public clouds and virtual networks in the cloud.
But a properly segmented, global network security policy is difficult. And keeping that policy up-to-date is even more difficult. In this webinar, we’ll explore how to address this risky burden with help from subject matter experts at FireMon.
Whenever you deploy or move a technology, product or workload here’s what you need to do:
- Identify new network connections required
- Understand the actual traffic requirements – especially in terms of protocols
- Determine who needs to communicate with the workload and in which directions. By who, we mean sets of users, regions, datacenters, segments, application servers, etc.
- What are the security differentials between the communicating entities?
- Are additional enforcement points required?
When you move or retire a workload, it’s equally important to identify old policies and remove them from affected enforcement points. Old rules create risk because you’ve punched holes in your enforcement points to accommodate that traffic and never plugged them. When new resources are deployed to those IP addresses, they will be exposed unintentionally. Beyond that, old rules slow down firewalls and muddy the waters when you are trying to understand the current policy in effect on a given enforcement point.
We will drill down into each of these steps and then Tim Woods and Josh Williams from FireMon will briefly show you how the Global Policy Controller gives you a birds-eye view of your entire hybrid network by bringing every enforcement point and its arcane configuration onto a single pane of glass, driven by your actual intent rather than thousands of rules expressed in terms of IP address and port numbers scattered among different firewalls and products across the globe. I believe you’ll appreciate both of our presentations.
View this real training for free session.WATCH NOW