Over the past few years, with many manufacturers, media and third-party professional advisory bodies to promote and many enterprise users after the purchase of hands-on practice, a new generation of firewalls (hereafter referred to as NGFW) has been the perfect intrusion defense integration capabilities, The meticulous application and the user control ability and so on the higher application layer processing performance all receives the widespread pursue. Become an important choice for them to replace the current traditional firewalls and UTM products. But this does not mean that NGFW has become a panacea for the "medicine", mainly in the use of NGFW and peacekeeping users are still facing a lot of problems, specifically reflected in the following:
1. In order to maximize the effectiveness of NGFW, enterprises need to be equipped with a better management platform and professional operational personnel, and in fact, most enterprises, especially small and medium-sized enterprises, because of limited budget, it is impossible to invest a large amount of funds and operational manpower.
2. Even if there are more professional operation and maintenance personnel and better management platform, but in the actual use of the process is not so handy. The current security management system, from the Security Incident detection--> Analysis--> Processing--> report display is not the same, the user's continuous experience is poor, and can not be very good to find and solve security problems.
3. After some of the threats occurred, the operators are not at the scene, want the first time to understand the details of the threat incident, dealing with the threat is very difficult, especially in the intranet operation more cumbersome, have a certain working environment to be able to complete.
In order to solve these problems effectively, enterprises may consider choosing to connect NGFW to a system called Cloud self-service management. The so-called Cloud Self-Service management is through an open Customer Self-Service Portal system realizes the administrator to the NGFW remote self-service management. Administrators can easily access the NGFW to the Cloud Self-Service management platform in a single key way, and realize that at any time, any place, any terminal through the browser to access the NGFW, and its security events for monitoring, querying, analysis, tracking and production reports.
In total, this open self-service management platform can achieve the following key competencies:
1. Equipment Management
NGFW access to the Cloud Self-Service management platform, the realization of the device itself management is the first step, such as real-time monitoring equipment, CPU, memory and other equipment status information, once the abnormal operation, the first time by mail or SMS to the administrator to alarm. In addition, the cloud Self-Service management platform can also support the basic configuration file save, view, delete and so on, enabling users to easily and efficiently manage NGFW current configuration information.
2. Security Incident Management
Timely detection and blocking of security threats is NGFW to provide users with the core value of the Cloud Self-Service management platform in addition to the equipment itself monitoring and management, but also to achieve security incidents monitoring, query, analysis, tracking, reporting operations, to achieve the closed-loop management of security events.
1 Event monitoring and response
NGFW access to the Cloud Self-Service management platform, the cloud platform can provide a time period of event trend map and event type map, so that administrators fully understand what days occur more and which types of events accounted for more heavy, need to pay attention to. You can also provide the administrator with the most recent TOPN event display, such as display alarm time, event type, source address, Destination address, event name, processing time, escalation device, summary information, event details. At the same time, the administrator can according to the event display information such as: confirmed, ignored, false positives and other related response processing.
2 Event filtering and querying
In addition to the real-time monitoring and response to events, the administrator can also be based on the alarm object, alarm starting and ending time, alarm processing time, alarm type, alarm source destination address, alarm escalation equipment, alarm summary and other information to find the specific event records.
3 Event analysis and tracking
Through a phase of event monitoring and processing, the cloud Self-Service management platform can provide the administrator with a bug map to directly display TOPN events and descriptions. Through each type of threat event, the attack address and the address of the attack are associated, you can see what is the specific attack IP, each attack IP by which attack IP each number of attacks, and what is more interested in the attack can be a key to view the details of the attack, This enables a fairly complete coherent analysis of the entire event process.
4 Generate personalized Report
Finally, through the above analysis, the administrator can create a fully personalized data report for customers by customizing the time interval, filtering rules, TOPN events, report headings, and custom logos of the report.
3. Collaboration of remote experts
NGFW access to the Cloud Self-Service management platform, the remote security experts can also be effectively connected to the user administrator, when the user in the presence of emergency security incidents, user managers can be authorized by the account to invite remote security experts to assist in the first time to respond and processing, and rapid recovery.
For the security of cloud management platform, the author thinks that it can be solved comprehensively through data protection, encryption and key management, identity and access management, business continuity and so on. Data protection can ensure the confidentiality, integrality and usability of data in the cloud by using different protection measures in the stage of creating, storing, using, sharing, archiving and destroying. Encryption and key management can protect the confidentiality and integrality of data during uploading through link encryption and key management mechanism. Identity and access management can guarantee that the cloud platform will not be corrupted by unauthorized users during its operation, while business continuity management can cause serious problems for the cloud platform (e.g. fire, Long-time power outages and network failures, etc.), through the corresponding technical measures (such as backup data center, network redundancy architecture, anti-denial-of-service attacks, etc.) quickly restore the business, so as to provide users with uninterrupted service.
Said so much, Cloud self-service management platform for enterprise users what is the advantages and values, summed up, there are the following three points:
1. Low cost
NGFW access to the Cloud Self-Service management platform, customers do not need to buy a separate log server, eliminating the local log server installation, deployment, operation and other large amount of work, but also exempt the log storage capacity needs to be periodically expanded. It is a good choice for small and medium business users who have a tight budget.
2. Easy Management
NGFW access to the Cloud Self-Service management platform, user managers can no longer be subject to the site and time constraints, can be any time, any place, any terminal to achieve the day-to-day operation of equipment management. When there is a security incident or equipment failure, the administrator no longer need to run to the computer room, sitting at home knocking on the keyboard can be easily done.
3. Operation and maintenance efficiency
NGFW access to the Cloud Self-Service management platform, can realize the equipment generated by the security event information monitoring, analysis, tracking processing, visualization, such as the whole process of seamless convergence, and can be effectively and coherently complete the whole process. Administrators no longer worry about the face of a large number of security incidents pheromone hand no strategy, greatly reducing the administrator's operational pressure.
With the continuous expansion of business and the deepening of it integration, security has become a necessary factor in the enterprise IT construction, and security operations in the day-to-day management of the enterprise it is becoming more important. When choosing the security plan, the enterprise managers should not only consider whether the scheme itself can meet the safety protection demand of the enterprise, but also need to consider if the scheme can effectively reduce the cost of enterprise operation and improve the safety management efficiency. Avoid safe operation and maintenance into tedious, hard work and appear "thankless!" of the phenomenon. Therefore, I believe that the cloud based NGFW management scheme mentioned in this paper will be a very good choice for enterprises.
"Responsible Editor: Dan TEL: (010) 68476606"