I-Network Packet BrokerAmadivayisi acubungula Ithrafikhi yenethiwekhi ukuze amanye amadivayisi okuqapha, njengalawo anikezelwe ekuqaphelweni kokusebenza Kwenethiwekhi nokuqapha okuhlobene nokuphepha, akwazi ukusebenza kahle kakhulu. Izici zifaka ukuhlunga kwephakethe ukuze kubonwe amazinga engcuphe, ukulayishwa kwephakethe, nokufakwa kwesitembu sesikhathi esisekelwe kuhadiwe.
I-Network Security Architectisho isethi yezibopho ezihlobene nezakhiwo zokuvikela ifu, ukwakheka kokuphepha kwenethiwekhi, kanye nezakhiwo zokuvikela idatha. Ngokuya ngosayizi wenhlangano, kungase kube nelungu elilodwa elibhekele isizinda ngasinye. Kungenjalo, inhlangano ingase ikhethe umphathi. Noma iyiphi indlela, izinhlangano zidinga ukuchaza ukuthi ubani onesibopho futhi uzinike amandla okwenza izinqumo ezibaluleke kakhulu.
I-Network Risk Assessment iwuhlu oluphelele lwezindlela ukuhlasela okunonya kwangaphakathi noma kwangaphandle noma okungaqondiswanga kahle okungasetshenziswa ukuze kuxhunywe izinsiza. Ukuhlola okuphelele kuvumela inhlangano ukuthi ichaze ubungozi futhi izinciphise ngokusebenzisa izilawuli zokuphepha. Lezi zingozi zingabandakanya:
- Ukuqonda okunganele kwezinhlelo noma izinqubo
- Izinhlelo okunzima ukukala amazinga obungozi
- Izinhlelo "ezixubile" ezibhekene nebhizinisi nezingozi zobuchwepheshe
Ukuthuthukisa izilinganiso ezisebenzayo kudinga ukusebenzisana phakathi kwe-IT kanye nababambiqhaza bebhizinisi ukuze baqonde ububanzi bengozi. Ukusebenza ndawonye nokudala inqubo yokuqonda isithombe esibanzi sengozi kubaluleke kakhulu njengesethi yokugcina yobungozi.
I-Zero Trust Architecture (ZTA)ipharadigm yezokuphepha yenethiwekhi ethatha ukuthi ezinye izivakashi kunethiwekhi ziyingozi futhi ziningi kakhulu izindawo zokufinyelela okumele zivikelwe ngokugcwele. Ngakho-ke, vikela ngempumelelo izimpahla kunethiwekhi kunenethiwekhi ngokwayo. Njengoba ihlotshaniswa nomsebenzisi, umenzeli uyanquma ukuthi angasivumela yini isicelo sokufinyelela ngasinye ngokusekelwe kuphrofayela yobungozi ebalwe ngokusekelwe kwinhlanganisela yezici zomongo ezifana nohlelo lokusebenza, indawo, umsebenzisi, idivayisi, isikhathi, ukuzwela kwedatha, nokunye. Njengoba igama lisho, i-ZTA iyisakhiwo, hhayi umkhiqizo. Awukwazi ukuyithenga, kodwa ungayithuthukisa ngokusekelwe kwezinye izici zobuchwepheshe eziqukethwe.
I-Firewall Yenethiwekhiiwumkhiqizo wokuvikela ovuthiwe nowaziwa kakhulu onochungechunge lwezici eziklanyelwe ukuvimbela ukufinyelela okuqondile kuzinhlelo zokusebenza zenhlangano esingethwe namaseva edatha. I-firewall yenethiwekhi inikeza ukuguquguquka kwakho kokubili amanethiwekhi angaphakathi namafu. Emafini, kukhona iminikelo ye-cloud-centric, kanye nezindlela ezisetshenziswe abahlinzeki be-IaaS ukuze kusetshenziswe amanye amakhono afanayo.
I-Secureweb Gatewayzisukile ekuthuthukiseni umkhawulokudonsa we-inthanethi ukuya ekuvikeleni abasebenzisi ekuhlaselweni okunonya okuvela ku-inthanethi. Ukuhlunga kwe-URL, ukulwa namagciwane, ukukhishwa kwemfihlo nokuhlolwa kwamawebhusayithi afinyelelwe nge-HTTPS, ukuvimbela ukwephulwa kwedatha (DLP), kanye nezinhlobo ezilinganiselwe ze-ejenti yokuphepha yokufinyelela ifu (CASB) manje kuyizici ezijwayelekile.
Ukufinyelela Okukudeithembele kancane kancane ku-VPN, kodwa iya ngokuya ifinyelela i-zero-trust network (ZTNA), eyenza abasebenzisi bakwazi ukufinyelela izinhlelo zokusebenza ngazinye besebenzisa amaphrofayili womongo ngaphandle kokubonakala ezimpahleni.
I-Intrusion Prevention Systems (IPS)gwema ubungozi obunganamathiselwe ekuhlaselweni ngokuxhuma amadivayisi e-IPS kumaseva angavaliwe ukuze kutholwe futhi kuvinjwe ukuhlaselwa. Amakhono e-IPS manje avamise ukufakwa kweminye imikhiqizo yezokuphepha, kodwa kusenemikhiqizo ezimele yodwa. I-IPS isiqala ukukhuphuka futhi njengoba isilawuli somdabu samafu sibangenisa kancane enqubeni.
Ukulawula Ukufinyelela Kwenethiwekhiinikeza ukubonakala kukho konke okuqukethwe Kunethiwekhi kanye nokulawulwa kokufinyelela kungqalasizinda Yenethiwekhi yebhizinisi esekelwe kunqubomgomo. Izinqubomgomo zingachaza ukufinyelela ngokusekelwe endimeni yomsebenzisi, ukufakazela ubuqiniso, noma ezinye izici.
I-DNS Cleansing(Isistimu Yegama Lesizinda Esihlanzekile)iyisevisi ehlinzekwe ngumdayisi esebenza njengesizinda Segama Sesizinda senhlangano ukuvimbela abasebenzisi bokugcina (okuhlanganisa nabasebenzi abakude) ekufinyeleleni amasayithi anedumela elibi.
I-DDoSmitigation (DDoS Mitigation)ikhawulela umthelela owonakalisayo wokunqatshelwa kokusatshalaliswa kokuhlaselwa kwesevisi kunethiwekhi. Umkhiqizo uthatha indlela yezendlalelo eziningi ukuze uvikele izinsiza zenethiwekhi ngaphakathi kohlelo lokuvikela, lezo ezisetshenziswe ngaphambi kwe-firewall yenethiwekhi, nalezo ezingaphandle kwenhlangano, njengamanethiwekhi ezisetshenziswa ezivela kubahlinzeki besevisi ye-inthanethi noma ukulethwa kokuqukethwe.
Ukuphathwa Kwenqubomgomo Yokuphepha Kwenethiwekhi (NSPM)kuhlanganisa ukuhlaziya nokucwaninga ukuze kuthuthukiswe imithetho elawula Ukuvikeleka Kwenethiwekhi, kanye nokushintsha ukugeleza komsebenzi wokuphatha, ukuhlolwa kwemithetho, ukuhlola ukuthobela, nokubonwa ngeso lengqondo. Ithuluzi le-NSPM lingasebenzisa imephu yenethiwekhi ebonakalayo ukuze ibonise wonke amadivayisi nemithetho yokufinyelela ku-firewall ehlanganisa izindlela eziningi zenethiwekhi.
I-Microsegmentationkuyindlela evimbela ukuhlaselwa kwenethiwekhi osekwenzeka kakade kusukela ekuhambeni ngokuvundlile kuya ekufinyeleleni izimpahla ezibalulekile. Amathuluzi e-Microisolation okuphepha kwenethiwekhi awela ezigabeni ezintathu:
- Amathuluzi asekelwe kunethiwekhi asetshenziswe kusendlalelo senethiwekhi, ngokuvamile ngokuhlanganyela namanethiwekhi achazwe ngesofthiwe, ukuvikela izimpahla ezixhunywe kunethiwekhi.
- Amathuluzi asekelwe ku-Hypervisor ayizinhlobo zakudala zamasegimenti ahlukene ukuze kuthuthukiswe ukubonakala kwethrafikhi yenethiwekhi ekhanyayo ehamba phakathi kwama-hypervisors.
- Amathuluzi asekelwe kumenzeli wosokhaya afaka ama-ejenti kubasingathi abafuna ukuwahlukanisa nenethiwekhi yonke; Isixazululo se-ejenti yokusingatha sisebenza kahle ngokulinganayo ekulayisheni umsebenzi wamafu, imithwalo yemisebenzi ye-hypervisor, namaseva angokwenyama.
I-Secure Access Service Edge (SASE)kuwuhlaka olusafufusa oluhlanganisa amakhono okuphepha enethiwekhi aphelele, afana ne-SWG, i-SD-WAN ne-ZTNA, kanye namandla e-WAN aphelele okusekela izidingo zokufinyelela Okuvikelekile zezinhlangano. Okungaphezu komqondo kunohlaka, i-SASE ihlose ukuhlinzeka ngemodeli yesevisi yezokuvikela ehlangene eletha ukusebenza kuwo wonke amanethiwekhi ngendlela enokukala, eguquguqukayo, nenezinga eliphansi.
Ukutholwa Kwenethiwekhi kanye Nempendulo (NDR)ngokuqhubekayo ihlaziya ithrafikhi engenayo nephumayo kanye namalogi ethrafikhi ukuze irekhode ukuziphatha Okuvamile Kwenethiwekhi, ukuze okudidayo kubonakale futhi kuxwayiswe ezinhlanganweni. Lawa mathuluzi ahlanganisa ukufunda komshini (ML), i-heuristics, ukuhlaziya, nokutholwa okusekelwe emthethweni.
Izandiso Zokuphepha ze-DNSziyizengezo kuphrothokholi ye-DNS futhi zenzelwe ukuqinisekisa izimpendulo ze-DNS. Izinzuzo zokuphepha ze-DNSSEC zidinga ukusayinwa kwedijithali kwedatha ye-DNS eqinisekisiwe, inqubo edinga iphrosesa.
I-Firewall njengesevisi (i-FWaaS)ubuchwepheshe obusha obuhlobene eduze ne-SWGS esekwe emafini. Umehluko usekudwebeni kwezakhiwo, lapho i-FWaaS isebenzisa ukuxhumana kwe-VPN phakathi kwamaphoyinti kanye namadivayisi onqenqemeni lwenethiwekhi, kanye nesitaki sokuvikeleka emafini. Ingakwazi futhi ukuxhuma abasebenzisi bokugcina kumasevisi wendawo ngokusebenzisa imigudu ye-VPN. I-FWaaS okwamanje ayijwayelekile kakhulu kune-SWGS.
Isikhathi sokuthumela: Mar-23-2022