{"id":112140,"date":"2020-06-01T18:00:39","date_gmt":"2020-06-02T01:00:39","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=112140"},"modified":"2020-08-07T15:18:59","modified_gmt":"2020-08-07T22:18:59","slug":"network-euc-environments","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/06\/network-euc-environments\/","title":{"rendered":"Secure EUC Environments with Palo Alto Networks and Nutanix"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Palo Alto Networks and our technology partner Nutanix have teamed up to make it easy for you to implement Zero Trust in virtualized environments. From healthcare to education and professional services, many industries have embraced virtual desktops and <\/span><a href=\"https:\/\/www.nutanix.com\/solutions\/end-user-computing\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">End User Computing<\/span><\/a><span style=\"font-weight: 400;\"> (EUC) as part of their data center virtualization strategy. Users gain a consistent interface and portability, while IT gains greater control, scalability and efficiency through virtualization and central management of desktop environments. Since adoption of EUC environments is on the rise, now is a perfect time to talk about efficient and effective ways to deploy and secure them.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Deploying Zero Trust in Virtualized Environments<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">A <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-a-zero-trust-architecture\"><span style=\"font-weight: 400;\">Zero Trust<\/span><\/a><span style=\"font-weight: 400;\"> security model, or \u201cnever trust, always verify,\u201d is the gold standard for reducing cyber risk. It assumes that any user, system or device is inherently untrustworthy. While traditional security architectures focused on identifying threats attempting to breach an organization\u2019s network perimeter, a Zero Trust architecture makes no assumptions about the safety or validity of traffic, even in the data center.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Using the principles of Zero Trust to segment EUC environments from the rest of the data center is a best practice, particularly since many cyberattacks start with compromising a user\u2019s device. The ultimate goal is to prevent attacks originating from a compromised virtual desktop from spreading to the rest of the data center.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Implementing a Zero Trust architecture for EUC environments can be done in a few steps:<\/span><\/p>\n<ol>\n<li><b> Microsegment<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Protect the software infrastructure that delivers the EUC service using <\/span><span style=\"font-weight: 400;\">microsegmenta<\/span><span style=\"font-weight: 400;\">tion<\/span><span style=\"font-weight: 400;\">. Establish a granular network policy that limits access to the management, brokers and other essential IT services (directory services, VPN, DNS and so on) to only required communications. When creating and managing policies, it is helpful to use software that can discover and visualize these network dependencies.\u00a0<\/span><\/p>\n<ol start=\"2\">\n<li><b> Define Dynamic, User-based Policies<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Define dynamic policies that grant EUC users access to certain applications and data based on their role. This can further reduce the attack surface available should a user\u2019s desktop become compromised. For example, you may want to limit the applications and services that contractors can access compared with employees, or differentiate access between job functions.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Accomplishing this kind of segmentation using traditional methods typically requires more complex configuration and deployments of both the software delivering EUC and the solutions providing physical networking and security or threat intelligence. A software-based solution using virtual networking and security appliances reduces the cost and complexity of achieving this level of control while allowing for integration into automated service delivery applications.\u00a0\u00a0\u00a0<\/span><\/p>\n<ol start=\"3\">\n<li><b> Inspect Permitted Traffic<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Once you\u2019ve defined policies that allow only valid traffic flows, you must also inspect the permitted traffic for any threats that might be hiding within it. Security tools should detect and block suspicious traffic on an open port, or malware attempting to spread from a compromised virtual desktop.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Simplifying the Process of Securing EUC Environments<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">While this all sounds pretty complex, Palo Alto Networks and Nutanix are working together to help you meet this business need. Organizations using Nutanix Hyper-Converged Infrastructure (HCI) with Nutanix Acropolis Hypervisor (AHV) virtualization and Nutanix Flow can protect virtual infrastructure and isolate groups of virtual desktops with identity-based microsegmentation with Active Directory integration. Then, they can define which traffic to route to Palo Alto Networks VM-Series, a virtualized form factor of Next-Generation Firewalls, for additional network inspection and threat detection. VM-Series virtual firewalls enable you to define and enforce granular Layer 7 security policies based on application and user identity. Threat Prevention and other cloud-delivered security subscriptions\u00a0 enabled on VM-Series firewalls detect and stop threats \u2013 even zero-day threats \u2013 attempting to penetrate the data center, move laterally across virtualized environments or exfiltrate data.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Nutanix and Palo Alto Networks also make it easy for you to automatically deploy and centrally manage Zero Trust security in your virtualized environments. Using Nutanix Calm, your team can deploy VM-Series and Palo Alto Networks Panorama, a network security management solution, into a Nutanix Flow environment with a few clicks. From Panorama, security teams can consistently manage their Nutanix environment and security policies from a single interface.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Learn more about <\/span><a href=\"http:\/\/nutanix.com\/panw\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">using Nutanix and Palo Alto Networks to secure your virtualized environment<\/span><\/a><span style=\"font-weight: 400;\">. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks and our technology partner Nutanix have teamed up to make it easy for you to implement Zero Trust in virtualized environments. <\/p>\n","protected":false},"author":670,"featured_media":108494,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6768,6765],"tags":[111,1860,309,73],"coauthors":[6949],"class_list":["post-112140","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-cloud","category-secure-the-enterprise","tag-ngfw","tag-partner","tag-vm-series","tag-zero-trust","net_sec_category-next-generation-firewalls"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/03\/IMG_2009.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/112140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/670"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=112140"}],"version-history":[{"count":5,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/112140\/revisions"}],"predecessor-version":[{"id":112257,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/112140\/revisions\/112257"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/108494"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=112140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=112140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=112140"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=112140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}