Page tree

Contents

A security policy is a set of rules and actions that you define to balance access and constraints, so you can mitigate malicious attacks and provide security for your networks.

Note

To provide flexibility and support for the new policy types, BloxOne Threat Defense Cloud has updated the evaluation process for security policies. Previously, BloxOne Endpoint and DNS forwarding proxy had implicit precedence over external networks. After the update, the policies are evaluated in the order you define and observe on the Security Policies page of the Cloud Services Portal. If you have existing security policies, the policy precedence is updated to match the behavior that was defined before the update.

BloxOne Threat Defense Cloud provides a default global policy that gives you a head start in protecting your networks. You can review the default global policy, and decide whether you want to add or remove some of the rules based on your business requirements.

In addition to the default global policy, you can add new security policies from scratch or clone an existing policy to complement the default policy. When you create a new security policy, you must first define a network scope to which you add external networks, user groups, DNS forwarding proxies, DDI IPAM, and Endpoint groups. BloxOne Threat Defense Cloud applies the security policy to all the entities that you include in the network scope. After you define the network scope, you can add policy rules and specify actions and their precedence order. For more information, see Security Policy Precedence.

To quickly create a new security policy, you can clone an existing one and modify certain elements before you save the new configuration.

The Security Policies page displays the following information for each security policy you have configured by default:

  • PRECEDENCE: The precedence order of the security policy. BloxOne Threat Defense Cloud enforces security policies in an ascending precedence order in which the policy rule with the lowest precedence order has the highest priority in the evaluation process.
  • NAME: The policy name.
  • DEFAULT ACTION: The default action currently configured for the entities that are not included in the network scope.
  • DESCRIPTION: The policy description.

You can also click to choose the following columns for display:

  • EXTERNAL NETWORKS: The total number of external networks included in the network scope for this policy. 
  • DNS FORWARDING PROXIES: The total number of DNS forwarding proxies included in the network scope for this policy.
  • BLOXONE ENDPOINT GROUPS: The total number of endpoint groups included in the network scope for this policy.
  • USER GROUPS: The total number of user groups included in the network scope for this policy.
  • LISTS: The total number of custom lists configured for the security policy.
  • CATEGORY FILTERS: The total number of category filters configured for the security policy.
  • APPLICATION FILTERS: The total number of appication filters configured for the security policy.
  • GEOLOCATION: The geolocation state for the policy. Geolocation can be enabled or disabled.
  • BYPASS CODES: The number of bypass codes associated with a security policy. 
  • LOCAL ON-PREM RESOLUTION: When local on-prem resolution is enabled, all DNS requests and responses will be resolved locally on the on-prem host. The DNS requests and responses are then validated according to the configured policy in the BloxOne Cloud. When local on-prem resolution is disabled (the default state), DNS requests and responses will be validated per policy in BloxOne Cloud. For additional information, see Using Local On-prem Resolution.

You can also view more information about each security policy in the right panel. When you expand Network Scope, Policy Rules, and Bypass Codes, you can see the total number of each entities within the respective category. When you click the number next to each entity, the system takes you to the Summary page of the security policy. On the Summary page, you can find more information about the specific entity or navigate to other sections to view or modify certain information about the security policy.

You can also perform the following in this tab:

  • Click Create Security Policy to create a new security policy.
  • Click  -> Edit to modify the respective security policy information. You can also choose the respective security policy and click the Edit button to do so.
  • Click  -> Edit Precedence to set the precedence order for the security policy. Click  to save the changes, or click  to discard the changes. For more information, see Security Policy Precedence.
  • Choose a security policy and click Clone to create a new policy by cloning the selected one.  
  • Click  -> Remove to delete a security policy. You can also choose the respective security policy and click Remove.

  • Choose a security policy to view additional details in the right panel. You can collapse the right panel by clicking.

  • Enter the value that you want to search in the Search text box. The Cloud Services Portal displays the list of records that match the keyword in the text box.
  • Click to choose the columns you want to display or use the arrow keys to reorder the columns.

For more information about how to create security policies, see the following:

For more information about how to use Local Internet DNS Breakout (local on-prem resolution) with BloxOne Threat Defense Cloud and BloxOne DDI DNS, see the following:

  • No labels

This page has no comments.