What is considered best practice for default rules in a cloud-gen firewall?

The best practice for default rules in a cloud-gen firewall is to block everything and then start allowing what your users need. This security approach is often referred to as a "deny all" or "default deny" strategy. It minimizes potential exposure to threats by ensuring that only the necessary traffic is allowed through the firewall. By starting with a restrictive default posture, you can better manage and monitor the access that users have, ensuring that only required applications and services are open, effectively reducing the attack surface.

This practice encourages a more comprehensive evaluation of what is truly necessary for operations, leading to a more secure environment. It makes the security policies proactive rather than reactive because it emphasizes allowing only the traffic that has been explicitly justified for business needs. As users' requirements change, rules can be incrementally added to accommodate legitimate traffic without introducing unnecessary risks.