13Strata by Palo Alto Networks | Network Security Buyer’s Guide
Policy Consistency
Challenge: Maintain Consistent Policies Across the Hybrid Cloud Environment
The Problem
Complexity in security management is on the rise, and company
leaders are not happy about it. A recent study found that nearly half
(46%) of organizations are consolidating or plan on consolidating
the number of vendors they do business with as a way to reduce the
complexity of their security systems.
11
This complexity is often a result of legacy decisions. Organizations
have adopted a wide range of point products to address dierent
network and security requirements for applications hosted
on-premises, in cloud environments, or both. However, with each
product comes a separate policy and interface to manage, creating
extra costs, complexity, and gaps in security. Additionally, these
products are not integrated and cannot share insights into network
access, application access, or policy violations, nor can they
provide consolidated logs.
Organizations also nd it challenging to onboard new rewall
appliances at scale, maintain consistent security policies,
and deploy policy changes across thousands of rewalls. This
approach causes gaps in security and network performance,
leading to sta and cost shortages.
Solution Requirements
To be successful, rewall solutions must deliver security
capabilities in a variety of form factors—hardware, software, and
containerized—to integrate security protections into the optimal
parts of the environment. You must be able to operationalize the
deployment of consistent, centralized security policies across
tens of thousands of rewalls spanning on-premises and cloud
deployments—including remote locations, mobile users, and SaaS
applications—through centralized management, consolidated
core security tasks, and streamlined capabilities.
For example, you should be able to use a single console to view all
network trac, manage congurations, push global policies, and
generate reports on trac patterns or security incidents. Your
reporting capabilities must let your security personnel drill down
into network, application, and user behavior for the context they
need to make informed decisions.
When these capabilities are delivered from the cloud, your teams
can get the networking and security needed in an architecture
designed for everything: trac, applications, and users, no matter
their location. In today’s constantly changing threat landscape,
using a single security vendor to address the vast spectrum of your
security and business needs may not be practical. In this case,
the ability to integrate with and consume third-party insight and
innovation is critical.
When evaluating security vendors, be sure to evaluate the exibility,
extensibility, and programmability of what they oer. Read this
e-book to learn about a new approach to securing cloud-enabled
organizations as well as delivering speed and agility to enterprise
networking and security.
RFQ Questions
Can your NGFW:
• Deliver consistent network security and threat prevention for applications running on-premises and in virtualized and container
environments?
• Natively deploy within Kubernetes environments?
• Provision into a continuous integration/continuous development (CI/CD) process?
• Integrate into software-dened networking (SDN) solutions to extend security protections to remote locations for branch segmentation
and to meet PCI compliance?
• Automate conguration changes using APIs for every feature?
Does your NGFW allow central administrators to:
• Work directly on the appliance and change congurations as needed without logging in to a central manager?
• Monitor and view changes made by local administrators?
• Quickly roll back changes from specic users and restore working conguration?
Can your central rewall manager:
• Separate log management from core conguration management?
• Ingest logs for throughputs as high as 50,000 LPS?
• Act as a single pane of glass for unied visibility?
11. Jon Oltsik, Technology Perspectives from Cybersecurity Professionals, ESG, July 2022,
https://www.issa.org/wp-content/uploads/2022/07/ESG-ISSA-Research-Report-Security-Process-and-Technology-Trends-Jul-2022.pdf.