Dashboard
The dashboard of the Onboarding Flow is shown below:
At the top, the Protection Score, Prevention Score, Coverage, and Total Servers give quick at-a-glance feedback about the overall security posture of your deployment. The scores are calculated based on the exposed attack surface enabled by the Chamber and Access Policies, and
The Segmentation Protection Scorecard analyzes your deployment and provides hints about actions that can improve the scores.
Below the scores is a section that provides quick access to an overview of the applications, services, users, and servers that are onboarded to CoIP Platform. Additionally, an Alerts section collects the most recent security alerts.
Onboarding and Management
The Onboarding and Management section is used to onboard or offboard applications, services, and users. Selecting Manage Servers allows you to review the collected identity factors for any onboarded endpoint, and allows you to remotely upgrade an endpoint’s zLink agent.
Finally, this section also enables to you configure and control a Micro-Segmentation Gatekeeper (MSG).
Object Management
CoIP Platform’s policy model uses objects as policy elements. This enables you to quickly define an object that can be reused in many policies; subsequent changes to the object are automatically reflected in each of the policies which uses it.
There are 3 core types of objects:
Application Process objects describe application identities, based on the executable name, the path to the executable, or the cryptographic identity of that binary, and can specify hierarchies (parent-child processes)
Service Port objects describe a network port and protocol (e.g. TCP 443)
Address objects describe remote machines based on IP (10.10.5.2), IP ranges (10.10.5.2-10.10.5.12), CIDR subnet (10.10.5.1/24), FQDN (example.myhost.com), or wildcard FQDN (*.myhost.com)
There are also an additional two policy objects, which can define policies based on the core objects.
Chamber Policy objects describe a chamber policy to promote reuse (e.g. “Allow access to a specified list of DNS resolvers on TCP/UDP 53”)
Port Mapping objects describe application entry points that will be used in Generic Port Mapped Accesses (e.g. “web access on TCP 443”)
Objects can also be grouped into Object Groups to simplify their definition and use.
Access Policy Management
Access Policies define access between Users and Applications/Services and from Applications to other Applications or Services. Access Policies use objects as described above to promote reuse and manageability.
Chamber Policy Management
Chamber Policies apply to individual Applications or MSG Device Groups, and apply to all traffic to, from, and between servers in the Application or MSG Device Group.
The Chamber Policy is a powerful tool to cloak servers, hiding them from ransomware and lateral attacks.
Monitoring and Reporting
The Monitoring and Reporting submenu contains a variety of reports and logs that can be used to administer and monitor the CoIP Platform deployment. Session logs display in-progress as well as historical sessions, and allow you to terminate an in-progress session.
The Diagnostics menu item allows you to troubleshoot CoIP Platform by initiating commands such as ping or iperf remotely.
Settings
The Settings menu enables you to configure the behavior of the CoIP Platform deployment, such as Remote Desktop default settings, any Identity Services (Okta/Active Directory, etc), and how Domain and Name Resolution should be handled for GPMA.
Many other settings are available in the Advanced view.
Comments
0 comments
Please sign in to leave a comment.