Field
Embodiments of the present disclosure generally relate to providing security in a network. In particular, embodiments of the present disclosure relate to providing inter-zone and intra-zone security in a network.
Description of the Related Art
With ever increasing security threats, network security devices are becoming increasingly important nowadays. Today's security devices provide security solutions such as firewall, Virtual Private Network (VPN), antivirus, Intrusion Prevention (IPS), web filtering, anti-spam, antispyware, traffic shaping, etc. The security solutions provided by the network security devices can be configured according to the requirements of a network. Generally, a network security device can be configured in only one profile and provides the same type of security to the whole network.
However, today's networking environment generally comprises of multiple sub-networks or zones catering to various sub-groups of users, for example, in a company's network, human resources department may form one sub-network, finance department may form another sub-network, and the like, or employees of a company working in one city may belong to a first zone and those working in a second city may belong to a second zone. In this way it is possible to sub-divide a network into sub-networks and zones. It may be required that each sub-network or zone may have a different security profile, for example, financial sites may be accessible to the finance department but not to the human resources department. Therefore, there exists a need to provide a network security device that may be able to configure multiple profiles within the same network security device. Such a network device is required for both a virtual as well as a physical environment.
In addition, until now firewall/unified threat management vendors have used Application Program Interface (API) to provide security in a virtual environment. These APIs are provided by hypervisor companies. However, these APIs are not scalable and not available on all hypervisors.
Therefore, in view of the foregoing, there exists an opportunity for providing a method for securing inter-zone and intra-zone traffic in a virtual as well as a physical network.