Cloud self-help management enables efficient firewall O & M

Cloud self-help management enables efficient firewall O & M
In recent years, with the vigorous promotion of many manufacturers, media, and third-party professional consulting institutions, as well as the hands-on practices of numerous enterprise users after purchase, the next generation firewall (NGFW) it has been gradually recognized and accepted by end users by virtue of perfect intrusion prevention and integration capabilities, meticulous application and user control capabilities, and higher application layer processing performance, it has become an important choice for them to replace traditional firewalls and UTM products. However, this does not mean that NGFW has become a "cure for all diseases". In fact, users still face a lot of troubles when operating and using NGFW, which are embodied in the following aspects:

1. to maximize the effectiveness of NGFW, enterprises must be equipped with good management platforms and professional O & M personnel. In fact, most enterprises, especially small and medium enterprises, have limited budgets, it is impossible to invest a lot of money and O & M personnel in security.

2. Even if you have professional O & M personnel and a good management platform, you are not so comfortable with the actual use process. The current security management system, from the detection of security events --> Analysis --> processing --> report display is not in the same line, the user's continuous experience is poor, in addition, security issues cannot be detected and solved.

3. after some threat incidents occur, O & M personnel are not on site and want to know the details of the threat incidents at the first time. It is very difficult to handle the threat incidents, especially the complicated operations of connecting to the Intranet, you must have a certain working environment.

To effectively solve these problems, enterprises can consider connecting NGFW to a system called cloud-based self-management. The so-called cloud self-help management is to achieve remote self-help management of NGFW by administrators through an open customer self-help portal system. Administrators can easily connect NGFW to the cloud self-help management platform with one click, and access NGFW at any time, anywhere, or through a browser, it also monitors, queries, analyzes, tracks and produces reports on security events.

In general, this open self-management platform can achieve the following key capabilities:

1. device management

NGFW is connected to the cloud self-help management platform to achieve the first step of device management, such as real-time monitoring of device status information such as CPU and memory, once an exception occurs, the Administrator is immediately alerted by email or text message. In addition, the cloud self-help management platform supports saving, viewing, and deleting basic configuration files, allowing you to easily and efficiently manage the current configuration information of NGFW.

2. Security Event Management

Discovering and blocking security threats in a timely manner is the core value provided by NGFW to users. In addition to monitoring and managing devices, the cloud Self-Help Management Platform, it can also monitor, query, analyze, track, and report security events to achieve closed-loop management of security events.

 

 

1) event monitoring and response

After NGFW is connected to the cloud self-help management platform, the cloud platform can provide event trend charts and Event Type Distributions for a certain period of time, the administrator needs to pay attention to the days when many events occur and the types of events are heavy. The administrator can also display the latest TOPN events, such as the alarm time, event type, source address, Destination Address, event name, processing time, reported device, summary, and event details. At the same time, the administrator can perform Response Processing Based on the information displayed by the event, such as confirmed, ignored, and false positives.

2) Event Filtering and query

Besides real-time event monitoring and response, the administrator can also query specific event records based on the alert object, alert start and end times, alert processing time, alert type, alert source address, alert reporting device, and alert summary information.

3) event analysis and tracking

Through one phase of event monitoring and processing, the cloud self-help management platform can provide the Administrator with a worm chart to directly display TOPN events and instructions. You can associate the attack address with the attacked address through each type of threat event to view which IP addresses are attacked, which of the following attacks are performed on each attacked IP address? If you are interested in the attacks, you can view the Attack Details in one click, in this way, the entire event process can be analyzed in a complete and coherent manner.

 

 

4) generate customized reports

Finally, through the above analysis, the administrator can customize the report generation time range, filtering rules, TOPN events, report title, custom logo, and so on, generate customized data reports for customers.

3. Remote Expert collaboration

After NGFW is connected to the cloud self-help management platform, it can effectively connect remote security experts with user administrators. When users encounter emergency security incidents, the user administrator can use account authorization to invite remote security experts to respond to and handle the problem immediately and quickly recover the fault.

Concerning the security of the cloud management platform, which is widely concerned by users, the author believes that it can be comprehensively solved through data protection, encryption and key management, identity recognition and access management, and business continuity. Data protection enables different protection measures in the creation, storage, use, sharing, archiving, and destruction phases to implement complete data lifecycle protection, this ensures the confidentiality, integrity, and availability of data in the cloud. Encryption and key management can ensure the confidentiality and integrity of data during the upload process through link encryption and key management mechanisms; identity identification and access management can ensure that the cloud platform is not maliciously damaged by unauthorized users during its operation. Business Continuity Management can enable the cloud platform to encounter serious problems (such: fire, long-time power outages, and network faults), and quickly restore services through corresponding technical measures (such as backing up data centers, network redundancy architecture, and anti-denial-of-service attacks, to provide uninterrupted services to users.

After talking about this, what are the advantages and values of the cloud self-help management platform for enterprise users? In summary, there are three points:

1. Low Cost

After NGFW is connected to the cloud self-help management platform, the customer does not need to purchase a separate log server, eliminating the need for local Log Server Installation, deployment, O & M, and other work, in addition, it eliminates the need for regular expansion of log storage capabilities. It is a good choice for small and medium-sized enterprise users with tight budgets.

2. Convenient Management

After NGFW is connected to the cloud self-help management platform, the user administrator can no longer be bound by the site and time, and can perform daily O & M and Management of devices at any time, anywhere and on any terminal. When a security event or device operation failure occurs again, the Administrator no longer needs to go to the data center. You can easily sit at home and press the keyboard.

3. Efficient O & M

After NGFW is connected to the cloud self-help management platform, it can monitor, analyze, track, and visualize the security event information generated by devices, and efficiently and consistently complete the entire process. Administrators are no longer worried about facing a large number of security incidents, which greatly reduces the O & M pressure on administrators.

With the continuous expansion of enterprise business and the deepening integration of IT, security has become an essential factor for enterprise IT construction, and security O & M has become increasingly important in the daily IT management of enterprises. When selecting a security solution, enterprise managers not only need to consider whether the solution can meet the security protection requirements of enterprises, at the same time, it is also necessary to consider whether this solution can effectively reduce the cost of enterprise O & M and improve security management efficiency. This prevents Security O & M from becoming tedious and hard-working and "thankless !" . Therefore, it is believed that the cloud-based NGFW management solution mentioned in this article will become a very good choice for enterprises.