Umthengisi Wephakethe Lenethiwekhiamadivayisi acubungula ithrafikhi yenethiwekhi ukuze amanye amadivayisi okuqapha, njengalawo anikezelwe ekuqapheni ukusebenza kwenethiwekhi kanye nokuqapha okuhlobene nokuphepha, akwazi ukusebenza kahle kakhulu. Izici zifaka phakathi ukuhlunga amaphakethe ukuze kutholakale amazinga engozi, imithwalo yamaphakethe, kanye nokufakwa kwesitembu sesikhathi esisekelwe kwihadiwe.
Umakhi Wezokuphepha KwenethiwekhiKubhekisela kusethi yemithwalo yemfanelo ehlobene nokwakhiwa kokuphepha kwamafu, ukwakheka kokuphepha kwenethiwekhi, kanye nokwakhiwa kokuphepha kwedatha. Kuye ngobukhulu benhlangano, kungaba nelungu elilodwa elinomthwalo wemfanelo wesizinda ngasinye. Ngaphandle kwalokho, inhlangano ingakhetha umphathi. Noma ngabe yikuphi, izinhlangano zidinga ukuchaza ukuthi ubani onomthwalo wemfanelo futhi zizinike amandla okwenza izinqumo ezibalulekile.
Ukuhlolwa Kwengozi Yenethiwekhi uhlu oluphelele lwezindlela ukuhlaselwa kwangaphakathi noma kwangaphandle okunonya noma okuqondiswe kabi okungasetshenziswa ngazo ukuxhuma izinsiza. Ukuhlolwa okuphelele kuvumela inhlangano ukuthi ichaze izingozi futhi izinciphise ngokusebenzisa izilawuli zokuphepha. Lezi zingozi zingafaka:
- Ukuqonda okunganele kwezinhlelo noma izinqubo
- Izinhlelo okunzima ukuzilinganisa amazinga engozi
- Izinhlelo "ezihlanganisiwe" ezibhekene nezingozi zebhizinisi nezobuchwepheshe
Ukuthuthukisa izilinganiso ezisebenzayo kudinga ukubambisana phakathi kwe-IT kanye nababambiqhaza bebhizinisi ukuze kuqondwe ububanzi bengozi. Ukusebenza ndawonye nokudala inqubo yokuqonda isithombe esibanzi sengozi kubaluleke kakhulu njengesethi yokugcina yengozi.
Ukwakhiwa Kwe-Zero Trust (ZTA)kuyipharadesi yokuphepha kwenethiwekhi ecabanga ukuthi ezinye izivakashi kunethiwekhi ziyingozi nokuthi kunezindawo zokufinyelela eziningi kakhulu ukuthi zingavikelwa ngokugcwele. Ngakho-ke, vikela ngempumelelo izimpahla kunethiwekhi kunokuba inethiwekhi ngokwayo ivikelwe. Njengoba ihlotshaniswa nomsebenzisi, i-ejenti inquma ukuthi izovuma yini isicelo ngasinye sokufinyelela ngokusekelwe kuphrofayela yengozi ebalwe ngokusekelwe ekuhlanganisweni kwezici zomongo njengohlelo lokusebenza, indawo, umsebenzisi, idivayisi, isikhathi, ukuzwela kwedatha, njalo njalo. Njengoba igama lisho, i-ZTA iyisakhiwo, hhayi umkhiqizo. Awukwazi ukuyithenga, kodwa ungayithuthukisa ngokusekelwe kwezinye zezinto zobuchwepheshe eziqukethe.
I-Firewall Yenethiwekhiiwumkhiqizo wokuphepha ovuthiwe nowaziwayo onezici eziningi ezenzelwe ukuvimbela ukufinyelela okuqondile kuzinhlelo zokusebenza zenhlangano ezisingathiwe kanye namaseva wedatha. Ama-firewall enethiwekhi ahlinzeka ngokuguquguquka kokubili kumanethiwekhi angaphakathi kanye nefu. Efwini, kunezinhlinzeko ezigxile efwini, kanye nezindlela ezisetshenziswa abahlinzeki be-IaaS ukuze basebenzise amanye amakhono afanayo.
Isango Le-SecurewebKuye kwavela ekusebenziseni kahle i-bandwidth ye-inthanethi kuya ekuvikeleni abasebenzisi ekuhlaselweni okunonya okuvela ku-inthanethi. Ukuhlunga i-URL, ukulwa namagciwane, ukususa ukubethela kanye nokuhlolwa kwamawebhusayithi afinyelelwe nge-HTTPS, ukuvimbela ukwephulwa kwedatha (i-DLP), kanye nezinhlobo ezilinganiselwe ze-ejenti yokuphepha yokufinyelela kwamafu (i-CASB) manje seziyizinto ezijwayelekile.
Ukufinyelela OkukudeIncika kancane kancane ku-VPN, kodwa incika kakhulu ekufinyeleleni kwenethiwekhi ye-zero-trust (ZTNA), okuvumela abasebenzisi ukufinyelela izinhlelo zokusebenza ngazinye besebenzisa amaphrofayili omongo ngaphandle kokubonakala ezimpahleni.
Izinhlelo Zokuvimbela Ukungena (IPS)vimbela ubuthakathaka obungalungiswanga ukuthi buhlaselwe ngokuxhuma amadivayisi e-IPS kumaseva angalungiswanga ukuze kutholakale futhi kuvinjwe ukuhlaselwa. Amakhono e-IPS manje avame ukufakwa kweminye imikhiqizo yokuphepha, kodwa kusenemikhiqizo ezimele yodwa. I-IPS iqala ukukhuphuka futhi njengoba ukulawulwa kwemvelo kwamafu kuletha kancane kancane enkambisweni.
Ukulawula Ukufinyelela Kwenethiwekhiinikeza ukubonakala kukho konke okuqukethwe kuNethiwekhi kanye nokulawulwa kokufinyelela kwingqalasizinda yeNethiwekhi yenkampani esekelwe kwinqubomgomo. Izinqubomgomo zingachaza ukufinyelela ngokusekelwe endimeni yomsebenzisi, ubuqiniso, noma ezinye izinto.
Ukuhlanzwa kwe-DNS (Uhlelo Lokuhlanzwa Kwesizinda)iyisevisi enikezwa ngumthengisi esebenza njengohlelo lwegama lesizinda senhlangano ukuvimbela abasebenzisi bokugcina (kufaka phakathi izisebenzi ezikude) ekufinyeleleni amasayithi angemukeleki.
Ukunciphisa Ukunciphisa (i-DDoS)ikhawulela umthelela owonakalisayo wokuhlaselwa kwensizakalo okusatshalaliswa kunethiwekhi. Umkhiqizo uthatha indlela enezingqimba eziningi yokuvikela izinsiza zenethiwekhi ngaphakathi kwe-firewall, lezo ezibekwe phambi kwe-firewall yenethiwekhi, kanye nalezo ezingaphandle kwenhlangano, njengezinsiza zenethiwekhi ezivela kubahlinzeki bezinsizakalo ze-inthanethi noma ukulethwa kokuqukethwe.
Ukuphathwa Kwenqubomgomo Yokuphepha Kwenethiwekhi (NSPM)kuhilela ukuhlaziywa nokuhlolwa ukuze kwenziwe ngcono imithetho elawula ukuphepha kwenethiwekhi, kanye nokusebenza kokuphathwa koshintsho, ukuhlolwa kwemithetho, ukuhlolwa kokuhambisana, kanye nokubona ngeso lengqondo. Ithuluzi le-NSPM lingasebenzisa imephu yenethiwekhi ebonakalayo ukukhombisa wonke amadivayisi kanye nemithetho yokufinyelela ku-firewall ehlanganisa izindlela eziningi zenethiwekhi.
Ukuhlukaniswa okuncanekuyindlela evimbela ukuhlaselwa kwenethiwekhi okuvele kwenzeka ukuthi kungahambi ngokuvundlile ukuze kufinyelelwe ezimpahleni ezibalulekile. Amathuluzi okuhlukanisa ama-microisolation okuphepha kwenethiwekhi ahlukaniswe ngezigaba ezintathu:
- Amathuluzi asekelwe kunethiwekhi asetshenziswa kungqimba yenethiwekhi, ngokuvamile ehambisana namanethiwekhi achazwe yisofthiwe, ukuvikela izimpahla ezixhunywe kunethiwekhi.
- Amathuluzi asekelwe ku-hypervisor ayizinhlobo zokuqala zezigaba ezihlukile zokuthuthukisa ukubonakala kwethrafikhi yenethiwekhi engacacile ehamba phakathi kwama-hypervisor.
- Amathuluzi asekelwe ku-Host agent afaka ama-agent kuma-host afuna ukuwahlukanisa nenethiwekhi yonke; Isixazululo se-host agent sisebenza kahle ngokulinganayo emisebenzini yamafu, imisebenzi ye-hypervisor, kanye namaseva angokoqobo.
I-Secure Access Service Edge (SASE)luhlaka oluvelayo oluhlanganisa amakhono okuphepha kwenethiwekhi aphelele, njenge-SWG, i-SD-WAN kanye ne-ZTNA, kanye namakhono e-WAN aphelele ukusekela izidingo ze-Secure Access zezinhlangano. Njengoba ingumqondo kunokuba uhlaka, i-SASE ihlose ukuhlinzeka ngemodeli yesevisi yokuphepha ehlanganisiwe enikeza ukusebenza kuwo wonke amanethiwekhi ngendlela ekwazi ukukala, eguquguqukayo, neyokulinda okuphansi.
Ukutholwa Nokuphendula Kwenethiwekhi (NDR)ihlaziya njalo ithrafikhi engenayo nephumayo kanye namalogi ethrafikhi ukuze iqophe ukuziphatha okuvamile kweNethiwekhi, ukuze kutholakale futhi kuqashelwe izinhlangano izinto ezingavamile. Lawa mathuluzi ahlanganisa ukufunda komshini (i-ML), ukuhlelwa kwezinto, ukuhlaziywa, kanye nokutholwa okusekelwe emithethweni.
Izandiso Zokuphepha ze-DNSziyizengezo kuphrothokholi ye-DNS futhi zenzelwe ukuqinisekisa izimpendulo ze-DNS. Izinzuzo zokuphepha ze-DNSSEC zidinga ukusayinwa kwedijithali kwedatha ye-DNS eqinisekisiwe, inqubo edinga kakhulu iprosesa.
I-Firewall njengesevisi (FWaaS)ubuchwepheshe obusha obuhlobene eduze ne-SWGS esekelwe efwini. Umehluko usekwakheni, lapho i-FWaaS idlula khona ekuxhumaneni kwe-VPN phakathi kwama-endpoints namadivayisi asemaphethelweni enethiwekhi, kanye ne-security stack efwini. Ingaxhumanisa futhi abasebenzisi bokugcina nezinsizakalo zasendaweni ngemigudu ye-VPN. I-FWaaS okwamanje ayivamile kakhulu kune-SWGS.
Isikhathi sokuthunyelwe: Mashi-23-2022
