Broker ye-Network PacketAmadivayisi acubungula ithrafikhi yenethiwekhi ukuze amanye amadivayisi wokuqapha, njengaleyo enikezelwe ekuhlolweni kokusebenza kwenethiwekhi nokuhlola okuhlobene nokuphepha, kungasebenza kahle. Izici zifaka ukuhlunga iphakethe lokuhlonza amazinga engozi, imithwalo yephakethe, kanye nokufakwa kwe-timestamp esekwe nge-hardwap.
I-Network Security FingcectKubhekiswa kusethi yezibopho ezihlobene nezakhiwo zokuphepha zefu, izakhiwo zokuphepha kwenethiwekhi, kanye nezakhiwo zokuphepha kwedatha. Ngokuya ngosayizi wenhlangano, kungaba nelungu elilodwa elibhekele isizinda ngasinye. Ngenye indlela, inhlangano ingakhetha umphathi. Noma iyiphi indlela, izinhlangano kudingeka zichaze ukuthi ngubani onomthwalo wemfanelo futhi zinikeze amandla okwenza izinqumo ezibucayi kakhulu.
Ukuhlola ubungozi benethiwekhi kuluhlu oluphelele lwezindlela zokuhlasela okungaphakathi noma kwangaphandle noma okungaphandle kungasetshenziswa ukuxhuma izinsiza. Ukuhlola okuphelele kuvumela inhlangano ukuthi ichaze ubungozi futhi iisuse ngokusebenzisa izilawuli zokuphepha. Lezi zingozi zingafaka:
- Ukuqonda okunganele kwezinhlelo noma izinqubo
- Izinhlelo ezinzima ukukala amazinga engozi
- Izinhlelo ze- "hybrid" ezibhekene nezamabhizinisi nobuchwepheshe
Ukuthuthukisa ukulinganiselwa okusebenzayo kudinga ukubambisana phakathi kwaso kanye nababambiqhaza bebhizinisi ukuqonda ubukhulu bengozi. Ukusebenza ngokubambisana futhi kwakha inqubo yokuqonda isithombe sengozi ebanzi sibaluleke kakhulu njengokusetha kokugcina kwengozi.
I-Zero Trust Architecture (ZTA)Ingabe i-paradigm yokuphepha kwenethiwekhi ecabanga ukuthi ezinye izivakashi ezisenethiwekhi ziyingozi nokuthi kunamaphoyinti amaningi kakhulu wokufinyelela avikelekile ngokuphelele. Ngakho-ke, ukuvikela ngempumelelo izimpahla kwinethiwekhi hhayi inethiwekhi uqobo. Njengoba kuhlotshaniswa nomsebenzisi, i-ejenti inquma ukuthi iyayivumela yini isicelo ngasinye ngokususelwa kuphrofayili yengozi ebaliwe ngokuhambisana nenhlanganisela yezinto zokuqukethwe ezifana nokusetshenziswa, ukuzwela kwedatha, nokunye ukuzwela, ukuzwela kwedatha nokunye. Njengoba igama lisho, zta ukwakhiwa, hhayi umkhiqizo. Awukwazi ukuyithenga, kepha ungakuthuthukisa ngokusekelwe kwezinye zezobuchwepheshe eziqukethe.
Inethiwekhi Firewallngumkhiqizo wokuphepha ovuthiwe futhi owaziwayo onochungechunge lwezinto ezenzelwe ukuvikela ukufinyelela okuqondile kwizinhlelo zokusebenza zenhlangano ezibanjelwe kanye namaseva wedatha. Izicishamlilo zenethiwekhi zinikeza ukuguquguquka kwamanethiwekhi wangaphakathi kanye nefu. Ngefu, kukhona iminikelo yamaveni-centric, kanye nezindlela ezithunyelwe ngabahlinzeki be-IAAS ukuze basebenzise amanye amakhono afanayo.
I-SecureWeb Gatewaybaphenduke benze ngcono i-bandwidth ye-inthanethi ukuvikela abasebenzisi ekuhlaselweni okunonya kusuka kwi-Intanethi. Ukuhlunga kwe-URL, i-anti-virus, ukuhumusha nokuhlola amawebhusayithi atholakale ngaphezulu kwe-HTTPS, ukuvimba kwe-DLP (i-DLP), kanye nezindlela ezinqunyelwe ze-Cloud Access Ejenti Yezokuphepha (i-CASB) manje izici ezijwayelekile.
Ukufinyelela okukudeUthembela kancane futhi ngaphansi ku-VPN, kepha ngaphezulu kokufinyelela kwenethiwekhi ye-zero-trust (ZTNA), okuvumela abasebenzisi ukufinyelela izinhlelo ngazinye besebenzisa amaphrofayli.
Izinhlelo Zokuvimbela I-Inclusion (IPS)Vikela ubungozi obungafakwanga ukuthi bahlaselwe ngokuxhuma amadivaysi e-IPS abe amaseva angafakwanga ukuthola nokuvimba ukuhlaselwa. Amandla we-IPS manje avame ukufakwa kweminye imikhiqizo yezokuphepha, kepha kunemikhiqizo eyedwa. Ama-IP aqala ukuvuka futhi njengoba amandla okulawula amafu ahamba kancane enza inqubo.
Ukulawulwa kokufinyelela kwenethiwekhiInikeza ukubonakala kukho konke okuqukethwe kunethiwekhi nokulawulwa kokufinyelela kwingqalasizinda yenethiwekhi esekwe kwinqubomgomo. Izinqubomgomo zingachaza ukufinyelela ngokuya ngeqhaza lomsebenzisi, ubuqiniso, noma ezinye izinto.
Ukuhlanzwa kwe-DNS (uhlelo lwegama lesizinda lwe-sanitised)Ingabe insizakalo enikeziwe yomthengisi esebenza njengohlelo lwegama lesizinda senhlangano ukuvikela abasebenzisi bokugcina (kufaka phakathi abasebenzi abakude) ekufinyeleleni amasayithi aphazamisekayo.
I-Ddosimitigation (i-DDOS mit)kukhawulela umthelela owonakalisayo wokuphikwa okusatshalaliswa kokuhlaselwa kwensiza kunethiwekhi. Umkhiqizo uthatha indlela enobungqingili yokuvikela izinsizakusebenza zenethiwekhi ngaphakathi kwe-firewall, ezakhiswa phambi kwenethiwekhi firewall, kanye nalabo abangaphandle kwenhlangano, njengamanethiwekhi ezinsizakusebenza ezivela kubahlinzeki benkonzo ye-Intanethi noma ukulethwa kokuqukethwe.
Ukuphathwa Kwezinqubomgomo Zokuphepha Kwenethiwekhi (NSPM)Kubandakanya ukuhlaziywa nokucwaningwa kwamabhuku okuthuthukisa imithetho elawula ukuphepha kwenethiwekhi, kanye nokushintsha komsebenzi wokuphepha, ukuhlolwa komthetho, ukuhlola ukuthobela, nokubuka ngokubona. Ithuluzi le-NSPM lingasebenzisa imephu yenethiwekhi ebonakalayo ukukhombisa wonke amadivayisi nemithetho yokufinyelela ye-firewall emboza izindlela eziningi zenethiwekhi.
Ukunyumbakuyindlela evimbela ukuthi kuhlaselwa yinethiwekhi okuvele kwenzeka kusuka ekuhambeni ngokuqondile ukufinyelela izimpahla ezibucayi. Amathuluzi we-Microisolotation wokuphepha kwenethiwekhi awela ezigabeni ezintathu:
- Amathuluzi asekelwe kwinethiwekhi athunyelwa engxenyeni yenethiwekhi, imvamisa ngokubambisana namanethiwekhi achazwe ngesoftware, ukuvikela impahla exhunywe kwinethiwekhi.
- Amathuluzi asuselwa ku-Hypervisor asuselwa kuma-Primitive of Differial HEGSHESO ukuthuthukisa ukubonakala kwethrafikhi yenethiwekhi ye-Opaque ehamba phakathi kwama-hypervisors.
- I-Agent-based amathuluzi afaka ama-ejenti kuma-hostos afuna ukuhlukanisa kuwo wonke amanethiwekhi; Isixazululo se-ejenti yomgcini sisebenza kahle kahle emisebenzini yamafu, imithwalo yomsebenzi we-hypervisor kanye namaseva omzimba.
I-Secur Fice Service Edge (I-SASE)Ingabe uhlaka oluvelayo oluhlanganisa amakhono aphelele okuphepha kwenethiwekhi, njenge-SWG, SD-Wan ne-ZTNA, kanye namandla aphelele we-wan ukusekela izidingo zokufinyelela eziphephile zezinhlangano. Okuningi komqondo kunohlaka, i-SASE ihlose ukuhlinzeka ngemodeli yensizakalo yezokuphepha enobunye ehambisa ukusebenza kuwo wonke amanethiwekhi kumanethiwekhi ane-scable, eguquguqukayo, nasezingeni eliphansi.
Ukutholwa kwenethiwekhi nokuphendula (NDR)Ngokuqhubekayo uhlaziye inqolomu yokungena ngaphakathi kanye nezingodo eziphumayo ukuqopha indlela ejwayelekile yokusebenza kwenethiwekhi, ngakho-ke ama-anomalies angakhonjwa futhi axwayiswe ezinhlanganweni. Lawa mathuluzi ahlanganisa umshini wokufunda (ML), ama-Heuristics, ukuhlaziya, nokutholwa okusekwe ekubuyiseleni.
Izandiso Zokuphepha kwe-DNSzingezangezo kwiphrothokholi ye-DNS futhi zenzelwe ukuqinisekisa izimpendulo ze-DNS. Izinzuzo zokuphepha ze-DNSSEC zidinga ukusayinwa kwedijithali yedatha ye-DNS eqinisekisiwe, inqubo enamandla kakhulu.
I-Firewall njengensizakalo (FWAAS)ubuchwepheshe obusha buhlobene kakhulu ne-SWG esekelwe efwini. Umehluko osenkingeni yezakhiwo, lapho ama-FWAAS egijima ngokuxhunyaniswa kwe-VPN phakathi kwama-Endpoints namadivayisi onqenqemeni lwenethiwekhi, kanye nesitaki sezokuphepha efwini. Ingaphinde ixhume abasebenzisi bokugcina ezinsizakalweni zasendaweni ngemigudu ye-VPN. Ama-Fwaas njengamanje ajwayelekile kakhulu kune-SWGS.
Isikhathi sePosi: Mar-23-2022
