This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Oct 16, 2019
A basic truth in network security is that it's never static. Changes in the network, applications, business strategy, cyberattack vectors and methods, and even the security technologies used all impact your network security configuration. The goal is always to reduce the potential threat surface to as close to zero as is possible, which means you must constantly update firewall rues as you deploy, move, or retire workloads, allowing necessary access but nothing more.
In principal, your network security should aim to limit the number of ways workloads can communicate while still allowing them to properly function. Security models such as Least Privilege or Zero Trust take the default stance of reducing access down to bare bones -- opening access based only on business need -- and reflect this in firewall rules. Technologies like microsegmentation can assist with this restricted form of access, but you want to have the same limitations in play for both virtual and physical network devices.
Ensuring policy consistency requires having detailed context around who needs to talk to who, where they are coming from, what they need access to, over what ports, etc. These details help to create enforceable points necessary to keep the organization both secure and productive.
So, where should you start?
In this whitepaper, we'll discuss five steps you can take to understand the current state of your network connections and ensure that the enforcement points designed to protect the environment remain up-to-date and carried out.