Skip to main content

Overview

Security policies define the rules and controls that govern network access, traffic flow, and threat protection across your cloud infrastructure. This guide provides comprehensive instructions for implementing security policies using three different approaches.

Security Policy Types

Network Security Policies

Purpose: Control traffic flow between network segments and applications
Scope: Layer 3/4 network traffic filtering and routing decisions
Use Cases: Micro-segmentation, compliance zones, application isolation

Application Security Policies

Purpose: Protect applications from threats and unauthorized access
Scope: Layer 7 application-aware security controls
Use Cases: Web application protection, API security, content filtering

Identity-Based Policies

Purpose: Control access based on user and device identity
Scope: Authentication, authorization, and conditional access
Use Cases: Zero trust access, privileged user controls, device compliance

Prerequisites

Before configuring security policies, ensure you have:
  • Network topology and application inventory documented
  • Identity provider integration configured
  • Threat intelligence feeds and security tools integrated
  • Compliance requirements and security frameworks defined

Security Policy Implementation

Step 1: Access Security Policy Configuration

  1. Navigate to Security > Distributed Cloud Firewall in the CoPilot console
  2. Select Create Policy to start the policy wizard
  3. Choose the policy type based on your security requirements

Step 2: Network Segmentation Policies

Create Micro-Segmentation Rules

  1. Policy Name: web-to-app-tier-policy
  2. Source Configuration:
    • Type: Tag-based
    • Source Tags: web-tier
    • IP Ranges: Any (or specific ranges)
  3. Destination Configuration:
    • Type: Tag-based
    • Destination Tags: app-tier
    • Ports: 80, 443, 8080
  4. Action: Allow
  5. Logging: Enable for compliance auditing

Application-Level Policies

  1. Navigate: Security > Application Policies
  2. Create New Policy:
    • Name: api-protection-policy
    • Application: Web Application
    • Protection Level: High
    • Rate Limiting: 1000 requests/minute
    • DDoS Protection: Enabled

Step 3: Identity-Based Access Control

Zero Trust Policy Configuration

  1. Navigate: Security > Zero Trust Policies
  2. Configure User-Based Rules:
    • Policy Name: developer-access-policy
    • User Groups: developers, devops
    • Resource Access: Development environments only
    • Time Restrictions: Business hours (9 AM - 6 PM)
    • Device Compliance: Required

Conditional Access Rules

  1. Multi-Factor Authentication: Required for admin access
  2. Device Trust: Corporate-managed devices only
  3. Location-Based: Block access from high-risk countries
  4. Risk Assessment: Adaptive authentication based on behavior

Step 4: Advanced Threat Protection

Intrusion Detection System (IDS)

  1. Navigate: Security > Threat Detection
  2. Enable IDS Policies:
    • Signature-Based Detection: Latest threat signatures
    • Anomaly Detection: Behavioral analysis
    • Custom Rules: Organization-specific threats

Data Loss Prevention (DLP)

  1. Configure DLP Policies:
    • Sensitive Data Types: PII, PHI, PCI data
    • Action: Block and alert
    • Encryption: Enforce for sensitive data transmission