The increased visibility into network activity generated by App-ID, User-ID and Content-ID can help simplify the task of determining which applications are traversing the network, who is using them, the potential security risk and then easily determine the appropriate response. Armed with these data points, administrators can apply policies with a range of responses that are more fine-grained than allow or deny. Policy control responses include:
|
|||||||||
Using a policy editor that carries a familiar look and feel, experienced firewall administrators can quickly create flexible firewall policies such as:
- Assign Saleforce.com and Oracle to the sales and marketing groups by leveraging Active Directory integration.
- Enable only the IT group to use a fixed set of management applications such as SSH, telnet and RDP.
- Block bad applications such as P2P file sharing, circumventors and external proxies.
- Define and enforce a corporate policy that allows and inspects specific webmail and instant messaging usage.
- Control the file transfer functionality within an individual application, allowing application use yet preventing file transfer.
- Identify the transfer of sensitive information such as credit card numbers or social security numbers, either in text or file format.
- Deploy multi-level URL filtering policies that block access to obvious non-work related sites, monitor questionable sites and “coach” access to others.
- Implement QoS policies to allow media and other bandwidth intensive applications but limit their impact on business critical applications.
