Enforcing Best Practices Using USP

Managing network security is an increasingly complex and complicated task, with a typical network consisting of both physical and virtual devices from multiple vendors. Take proactive control of your network security by creating, monitoring, and enforcing best practice policies with SecureTrack's Unified Security Policy.

This topic will show you how to create a best practices matrix for identifying, monitoring and blocking Risky Services, and for enforcing the use of rule properties for devices.

Overview

To implement best practices or the compliance regulations of a standard, you need to create a USP Matrix containing the compliance zones required by the standard. The compliance zones are placeholder zones into which you place your network zones, using SecureTrack zone hierarchies. Your existing zones can then be collected into these compliance zones, to ensure compliance monitoring of your entire network. To ensure that you maintain ongoing compliance as your network topology evolves, we recommend that you periodically review the hierarchy of your compliance zones.

Zones of protection are unique to each company and vary based on their specific critical cyber asset structure and segmentation. The granularity of the connections between the zones of protection, internal networks, and the internet will also vary by company. The Best Practices USP is a matrix of five example zones: Internet, data center, PM (product management), RnD and sales.

Create the USP

To create a USP that implements Best Practices:

Before you create this USP, make sure all the required compliance zones have been created (see Network Zones).

  1. From the menu, go to Browser > USP Viewer.
  2. Click +ADD UNIFIED SECURITY POLICY.
  3. Select Best Practices from the menu. The zones required for Best Practices appear.

  4. For each required zone displayed, select the appropriate compliance zone.

  5. (optional) Enter the USP description.

  6. Click Create.

The Best Practices USP has now been created. You can click on the card to view the matrix in the USP Builder and modify the policy as needed.

Best Practices Policy for Rule Properties

To create a matrix for enforcing best practices for rule properties of a device, create a matrix that specifies ANY as the USP service and identifies the specific properties to enforce. All device rules that violate the properties requirements specified in the matrix will appear in SecureTrack as violations.

Example policy from one zone to another:

Each entry in the matrix specifies ANY as the USP service, and lists the restrictions for rule property and flow. Customize the matrix to suit your specific best practice policy requirements.

Best Practices Policy for Risky Services

To create a matrix for enforcing best practices for risky services, create a matrix that identifies and blocks all the services you define as risky. All device rules that violate the risky services requirements specified in the matrix will appear in SecureTrack as violations.

Example of a best practices matrix for risky services:

Each entry in the matrix specifies all the services you want to block. Customize the matrix to suit your specific risky services policy requirements.