- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Today, data centers and clouds are sprawling, dynamic environments where a single workload breach can lead to a catastrophic lateral spread. Micro-segmentation, creating secure zones around individual applications and workloads, is needed in modern data centers to limit the spread of a breach and protect your most critical assets. In addition to zone-based segmentation, it is imperative to protect our most critical assets with intra-subnet / intra-VLAN workload segmentation. If one workload in a zone is compromised, the entire segment can be at risk. We need to evolve our strategy by adding secure micro-segmentation for critical assets on top of broad network segmentation implemented via Dynamic Address Group policies.
Lateral movement is how attackers escalate a minor intrusion into a major incident, moving from an initial point of compromise to find and exploit high-value assets within the same security zone. While micro-segmentation is the accepted strategy to prevent this, traditional approaches often fail due to complexity, hypervisor lock-in, and a critical lack of deep, Layer 7 visibility. These tools may filter traffic by port and protocol but remain blind to threats within allowed application traffic, creating a false sense of security as attackers move undetected across the network.
Available within Palo Alto Networks Software Firewalls, Traffic Redirector is engineered to overcome the common challenges of traditional micro-segmentation. Powered by the just-announced PAN-OS 12.1 Orion operating system, our software firewalls provide the advanced threat prevention required for deep east-west traffic inspection. It provides a precise and scalable approach to protect your most valuable assets without the complexity of an environment-wide deployment. By using a lightweight module with no hypervisor dependency, Traffic Redirector offers the flexibility needed for modern, hybrid environments. Most importantly, it delivers the deep Layer 7 inspection required to find and block threats within east-west traffic, closing the visibility gaps left by port-based filtering tools.
Traffic Redirector is built around three core capabilities:
Implementing Traffic Redirector delivers strategic benefits that strengthen your security posture and streamline operations. It directly reduces risk by inspecting all traffic to and from critical assets, which prevents lateral threat spread and provides the granular controls needed to maintain compliance. Operationally, it provides a consistent security policy across hybrid environments and delivers the deep visibility required to build and enforce effective security rules. It allows security teams to:
Implementing a dynamic and precise defense with Traffic Redirector is a critical step in moving beyond outdated, static security models. This targeted approach to microsegmentation becomes even more powerful when integrated with a scalable security architecture for the entire data center.
In large private data centers, securing east-west traffic presents a significant challenge for both capacity planning and threat inspection. While north-south traffic is often predictable, the dynamic and high-volume nature of internal traffic requires a security architecture that is both precise and highly elastic.
To address this, Palo Alto Networks provides a unified solution by integrating the capabilities of Traffic Redirector and the Hyperscale Security Fabric (HSF). This combination delivers granular micro-segmentation at a scale previously difficult to achieve.
The solution operates as a seamless workflow. The Traffic Redirector module is deployed on critical workloads to precisely direct their east-west traffic to the Prisma AIRS platform for inspection. This traffic is then managed by the Hyperscale Security Fabric, which automatically scales firewall resources to meet demand. Using available compute and Software NGFW credits, HSF can elastically deploy additional dataplanes to handle traffic bursts and then scale them back in as demand subsides.
This automated scalability ensures security performance keeps pace with unpredictable east-west traffic patterns, eliminating the risk of security bottlenecks and the cost of overprovisioning. Ultimately, it makes your security as agile as your data center.
Learn where Traffic Redirector may be best used in your cloud deployments by understanding the true risk profile of your entire multicloud environment with Cloud Network and AI Risk Assessment (CLARA).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
1 Like | |
1 Like | |
1 Like | |
1 Like | |
1 Like |