Full Best Practices Assessment

Palo Alto Networks’ Best Practice Assessment (BPA) Tool

Palo Alto Networks created a Best Practice Assessment (BPA) Tool to check whether your firewall is still Next-Generation. The BPA tool performs more than 200 security checks on a firewall or the Panorama central management configuration and provides a pass/fail score for each check.

The Best Practices Assessment uses the configuration files from your Palo Alto Networks Next-Generation Firewall(s) to produce a heatmap and a list of recommendations. The heatmap provides a detailed overview of the adoption of security capabilities like App-ID, User-ID, Threat Prevention, URL Filtering, WildFire and Logging on your firewall.

According to Gartner research, 95% of all firewall breaches are caused by misconfiguration, not flaws. It is essential to adhere your firewall configuration to the evolving Best Practices on a regular basis in order to keep the security posture of your Next-Generation Firewall at a maximized level.

The Best Practices tool has the following features:

  • It evaluates a device’s configuration by measuring the adoption of your firewall’s security capabilities like App-ID, User-ID, Threat Prevention, URL Filtering, WildFire, and Logging;

  • It validates whether the policies adhere to best practices & compares against industry standards; The Best Practices Assessment tool performs more than 200 checks and compares industry averages in your sector based on all other Best Practice Assessment checks worldwide.

  • It provides recommendations and instructions on how to remediate failed best practice checks;

  • It benchmarks against CIS Top 20 Critical Security Controls.

 

The adoption ratio of firewall capabilities like App-ID, User-ID and Service/Port.

Overall Adoption: The adoption ratio of security capabilities like Threat Prevention, URL Filtering, WildFire of your firewall.

Industry Average: The industry average of your sector worldwide

Best Practice Mode: The compliance of your firewall configuration with Best Practices.

The level of compliance with CIS Top 20 Critical Security Controls

The outcome of the BPA tool is an excellent starting point for a more secure and consistent configuration of your firewall. Best practices, however, always depend on a specific environment. That is why an experienced consultant should always interpret your results.

SecureLink Best Practices Expert Advice

At SecureLink, we add an extra layer of expert advice to the results of the Palo Alto Networks BPA tool in a detailed report.

This report includes:

  • An Executive Summary,
  • Prioritized Recommendations customized to your environment

These recommendations are based on a set of configuration best practices developed by SecureLink called ‘The SecureLink Project Approach’. This approach helps you to bring your firewall to a maximized level of security.

Some Best Practice examples are:

  • Convert the Layer 4 Security rule base to an application Security rule base;
  • Enhance Threat Protection Profiles;
  • Apply URL-Filtering Best Practices;
  • Enhance SSL Decryption Visibility;
  • Apply Threat Intelligence in Security Policies;
  • Integrate with other security components.

When the necessary prioritized actions are taken, the results can improve a lot:

The adoption ratio of firewall capabilities like App-ID, User-ID and Service/Port.

 

Overall Adoption: The adoption ratio of security capabilities like Threat Prevention, URL Filtering, WildFire of your firewall.

Industry Average: The industry average in your sector worldwide

Best Practice Mode: The compliance of your firewall configuration with Best Practices.

The level of compliance with CIS Top 20 Critical Security Controls

QUESTIONS ABOUT THIS TOPIC?

2019-02-15T14:31:42+00:00
SecureLink Belgium