There’s No “I” in Secure Network: User-Based Access Policy is a Team Effort

Stephanie Johnson


Today’s cyber attackers have proven themselves far more capable and committed, stopping at nothing to access the pools of valuable data that uphold the integrity and reliability of your business. To maintain a strong security posture and prevent cyber breaches, leverage User-ID™, user-based access controls, on your next-generation firewall (NGFW) to safely enable the applications and technologies required to drive your business forward. User-ID significantly improves network visibility by mapping network traffic to specific users, rather than IP address, and offer several features to protect your network and help block potential threats at every stage of the typical attack lifecycle.

  • Access controls can be applied to ensure that only valid, approved users can access necessary assets and data. Note, however, that legitimate users are not threat free. Threat prevention should also be applied to the network to protect systems and application vulnerabilities from exploitation.
  • Leverage User-ID controls to identify and block malicious command and control traffic.
  • In the event of an infection or data breach, control sensitive data exfiltration by ensuring every user, even infected users, can only access a small subset of the network.
  • Leverage user-based reports and breach forensics for a complete, accurate analysis of the breach to help with future policy implementation.

User-based access controls are steadily becoming in integral component of the network security infrastructure and threat prevention measures. However, it’s important to understand that establishing and implementing a user-based security strategy and policy is not a single team’s responsibility, and should be rooted in the business leadership team’s position on cybercrime prevention. Given the recent spate of high-profile cybercrimes, security is now being discussed at the boardroom level. Leverage the heightened security awareness to build a business case for user-based access policy with the leadership team, and work in tandem to create business policies to simplify and reinforce the implementation. The leadership team’s support will be helpful during policy roll out, and when making necessary adjustments, such as denying access to certain websites, or to help ease the minds of less-than-patient users in the face of issues that need to be ironed out.

Beyond the organization’s leadership, User-ID access policy requires coordination and buy-in from several teams to ensure a seamless adoption and execution. Here are a few examples of who should be involved in the planning and implementation of user-based access policy:

IT Architects

The IT architects know the ins and outs of accessibility. They can offer insight regarding which users log in to the network from various office locations, and whether those users require access to resources that may be safeguarded by NGFWs in other locations.

IT & Security Operations

When it’s time to roll out the new user-based access controls and policy created with User-ID, the IT & Security Operations team will be critical to the execution, helping to troubleshoot any issues associated with implementation. Make sure to provide the proper training so that they are equipped to handle the higher-than-average volume of help desk tickets and user accessibility inquiries.

IT Administrators

Administrators are vital in providing user identity information on which to frame user-based access controls and policy around:

  • Network Admins: As device owners, network admins can provide user identity information from Wireless LAN controllers, NAC devices or VPN gateways
  • Directory Admins: Work with directory admins to gain valuable user identity information from directory servers, such as Active Directory
  • Enterprise Services Admins: To define user-based access requirements for enterprise services, like SAP for example, security practitioners must team up with enterprise service admins
  • Endpoint Admins: In addition to traditional VPN remote access and secure connectivity, coordination with endpoint admins is necessary to ensure user-based access controls extend to the mobile workforce

Implementing User-ID access policy on your Palo Alto Networks NGFW, with the participation and buy-in of all appropriate groups, will aide in meeting your organization’s goal to reduce individual users’, and the entire networks’, risk of infection.

To learn more about the benefits of leveraging User-ID, user-based access controls, on your Palo Alto Networks NGFW:

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS