Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1322
Views
0
Helpful
0
Comments

Security for the undefined perimeter (CWPP)

Andre Camillo
Level 5
Level 5

on ‎01-08-2020 06:59 PM

galleon-ship-photo-under-the-cloudy-sky-1050656.jpg

                                                                  - complex connections in the cloud :) -

 

 

 

Attack Surface will increase due to the huge transformation in how end users are deploying services. The industry is seeing huge transformation in how services are deployed. Not only can customers make use of multi-cloud to deploy their services, there are also new ways to do so, making it more difficult to secure and efficiently control their workloads. Applications have shifted from Dedicated (Bare metal) appliances to virtualized and now we're seeing the rise of Containerized and Serverless workloads. Developers are now more empowered than ever: they can spin up new workloads in matters of minutes to test and eventually deploy applications and services faster. While the business needs more apps, faster, IT needs to ensure they follow the company’s security policies.

 

Why isn’t the traditional security approach enough?

Traditionally, IT Security has been about protecting a perimeter through different controls - this has been the Information Security Philosophy for a few decades now. But with the shift in how workloads are deployed, this has changed – the modern Datacenter evolved - it is now larger, more dynamic and ever-expanding. This is true for its capabilities, services and its threat surface.

 

Introducing CWPP

Even the most advanced Endpoint Protection Platform (EPP) or Next Generation Firewall (NGFW) can’t keep up with this larger threat surface, these solutions help with some challenges, but not all.

The modern IT team need a solution that can provide visibility across all their workload stack, no matter when, what, how or even where they're running.

It is for this complex scenario that a new product type is required, and it is called: Cloud Workload Protection Platform (CWPP). It’s workload-centric Protection for multi-cloud environments.

 

These solutions provide visibility, discovery and control of workloads in multiple clouds for multiple deployment methods (bare-metal, virtual, container or serverless).

With Visibility, it is possible to discover what services are running everywhere, inspect every single workload for open ports then correlate and investigate what can be done to reduce the threat surface on them.

Discovery enables the definition of rules that all workloads must follow, ensuring compliance. Only required services are allowed to run.

CWPP solutions are a fundamental need for the modern, undefined workload.

They complement access solutions, such as MFA and Access Controllers, helping our customers get closer to deploying a true Zero-Trust infrastructure.

 

#tetration #ftd #NGFW @#zerotrust

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents