Hackers are becoming increasingly stealthy and creative, relentlessly trying to gain access to sensitive data, while organizations work tirelessly to prevent security breaches and data theft. In this complex game of cat and mouse, security practitioners are being forced to rethink how they identify and control traffic on the network, shifting to an application-focused approach, rather than port- and protocol-based policy, to defend against successful cyberattacks and uphold business integrity.
User-based access controls, based on user identity information, rather than IP address, allow organizations to safely enable applications traversing the network, make informed decisions on network access, and strengthen overall network security. Here are four reasons why you should take advantage of user-based access controls, called User-ID, on your Palo Alto Networks next-generation firewall (NGFW):
1. Complete Network Visibility
Improve network visibility by mapping network traffic to users, rather than IP address. Application visibility based on users provides an organization with a more relevant picture of network activity, along with the power to quickly determine associated risks and respond accordingly. User-based access policies can be applied to application, URL, and file type accessibility, reducing the organization’s risk of initial attack, lateral threat movement, and insider threats by ensuring that data movement to and from users is both allowed and approved.
2. Simple Security Policy; Simple Life
Security practitioners do not have the time nor resources to invest in tracking thousands of IP addresses and complex security rules. Access controls based on User-ID, user identity, who is allowed or required to do what, dramatically simplifies the rules and safely enables applications, while simultaneously reducing the administrative effort associated with end-user moves, adds and changes. User-based access policy eliminates the need for a multitude of location-specific rules, as well as the need to dynamically adapt to the most appropriate policy for individual users and user groups, even as users move around the office, or outside the corporate network with various devices on different network addresses.
3. Minimum Access; Maximum Control
End users – employees, customers, partners – must be able to access required information repositories, as well as the Internet, to perform various functions of their jobs. Leveraging user-based access controls to analyze application threats and web surfing activity in terms of individual users, or groups of users, ensures access to mission-critical resources, and restricts access beyond the scope of approved means. When determining accessibility parameters, align application usage with business requirements following the principle of least privilege – minimum access based on job requirements – and, if appropriate, inform users that they are in violation of policy, or even block their application usage outright. User-based policy follows users regardless of location or device.
4. Increased Security; Better Forensics
It’s important to have the right user-based access controls in place to manage the identities and access of both internal and external employees, customers and partners. Knowing who is using each of the applications on your network, and who may have transmitted a threat or is transferring files, reduces incident response times and allows for damage control if an attacker does successfully infiltrate. In addition, user-based access policy ensures an attacker will only gain access to a small portion of data on the network, rather than the entire net worth of information. For maximum security protection and breach prevention, employ the right user access to mechanisms not only on the applications and endpoints that users access, but also on the organization’s next generation firewall infrastructure.
To learn more about the benefits of leveraging User-ID, user-based access controls, on your Palo Alto Networks NGFW:
- Register for the “How to Implement User-based Controls for Cybersecurity” webinar on January 18, 2017
- Check out the PAN-OS Administrator’s Guide
[Palo Alto Networks Research Center]