At Palo Alto Networks, it’s our mission to develop products and services that help you, our customer, detect and prevent successful cyberattacks. We’ve developed our best practice documentation to help you do just that. Whether you’re looking for the best way to secure administrative access to your next-gen firewalls and Panorama, create best practice security policy to safely enable application access at the internet gateway and the data center, or learn the best way roll out a decryption policy to prevent threats from sneaking into your network, you will find the guidance you need here in our best practice documentation. And, our best practice library keeps growing and evolving to keep up with the ever-changing threat landscape, so be sure to check back often!

Spotlight

Tech Docs: SSL Decryption Best Practices Light Up Hidden Malware

Best Practices Assessment (BPA)

Prevention Architecture Methodology


The Prevention Architecture Methodology helps customers devise a stronger security strategy founded in prevention and improve their platform adoption while increasing your account's LTV.

Documentation

Data Center Best Practice Security Policy


Your enterprise's most valuable assets reside in your data center, including proprietary source code, intellectual property, and sensitive company and customer data. Your customers and employees trust you to maintain the confidentiality and integrity of their data and expect that data to be always available, so it's important to implement a data center best practice security policy that safeguards your data and prevents successful attacks. Use the guidelines in this site to plan, deploy, and maintain your data center best practice security policy.

Internet Gateway Best Practice Security Policy


One of the cheapest and easiest ways for an attacker to gain access to your network is through users accessing the internet. By successfully exploiting an endpoint, an attacker can take hold in your network and begin to move laterally towards the end goal, whether that is to steal your source code, exfiltrate your customer data, or take down your infrastructure. To protect your network from cyberattack and improve your overall security posture, implement a best practice internet gateway security policy. Use the guidelines in this site to plan, deploy, and maintain your internet gateway best practice security policy.

Decryption Best Practices


You can't defend against threats you can’t see. By enabling decryption on your next-gen firewalls you can inspect and control SSL/TLS and SSH traffic so that you can detect and prevent threats that would otherwise remain hidden in encrypted traffic. Use the best practice guidelines in this site to learn how to plan for and deploy decryption in your organization.

DoS and Zone Protection Best Practices


WildFire 8.1 Best Practices


WildFire 8.0 Best Practices


WildFire 7.1 Best Practices


PAN-OS 8.1 | Best Practices for Securing Administrative Access


Learn the best practices for securing administrative access to your firewalls to prevent successful cyberattacks through an exposed management interface.

PAN-OS 8.0 | Best Practices for Securing Administrative Access


Learn the best practices for securing administrative access to your firewalls to prevent successful cyberattacks through an exposed management interface.

PAN-OS 8.1 | Best Practices for Applications and Threats Content Updates


Learn the best practices for keeping application and threat content signatures up-to-date seamlessly.

PAN-OS 8.0 | Best Practices for Applications and Threats Content Updates


Learn the best practices for keeping applications and threats content signatures up-to-date seamlessly.

PAN-OS 7.1 | Best Practices for Applications and Threats Content Updates


PAN-OS 8.1 | Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions


PAN-OS 8.0 | Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions


PAN-OS 7.1 | Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions


PAN 7.1 | Best Practice Internet Gateway Security Policy


Recommended Topics

Create Best Practice Security Profiles for the Internet Gat...


Use these File Blocking settings as a best practice at your internet gateway.

Ways to Strengthen Your Internet Gateway


Videos

Using Best Practices to Prevent Successful Cyber Attacks

This session covers our approach for gaining full visibility and reducing your attack surface to prevent successful cyber attacks across all areas of architecture. We discuss the best way to protect against cyber threats and build confidence that you are reducing risk. The session includes how to implement best practices without interrupting business continuity. We use three case studies as examples to show how we use the approach with customers.

How To Implement App-ID on Your Next-Generation Firewall

Watch the video to learn how to implement App-ID on your next-generation firewall to protect against increasingly evasive threats and prevent successful cyber breaches.

Stop Operating in Darkness – Let Decryption Light the Way

More traffic is being encrypted with each passing day, and the rate of encryption adoption grew by 90+% year over year in 2016. Without a sound strategy for implementing SSL decryption, is your organization blind to the threats may be sneaking past the firewall? To use the power of the Palo Alto Networks security platform, come and learn about SSL Decryption best practices. Ensure complete visibility throughout the organization. Don't be blinded by encryption!

How To Implement User-ID on your Next-Gen Firewall

Watch the video to learn how to implement User-ID on your next-generation firewall to maximize your security investments and defend your business from successful cyber attacks.

Strengthen Your Internet Gateway

See your network from the vantage point of an attacker and learn what attackers do to achieve their objectives. Learn how to map the specific steps an attacker takes to prevention technologies available on a next-generation firewall. Based on this understanding, you will know how to defend your networks using App-ID, User-ID, Decryption, Threat Prevention and WildFire.

Find the Hidden Threats in Your Traffic

Next-generation firewalls from Palo Alto Networks® decrypt, inspect and then re-encrypt network traffic before it is sent to its destination.

Webinars

How to Prevent Breaches through Application Controls

About this webinar

Employees are accessing any application they want, using work or personal devices, regardless of the business and security risks involved.

Join the webinar and discover:

  • How attackers use apps to infect and exfiltrate data 
  • How to use app control the right way to prevent breaches 
  • How to extend visibility and control to SaaS apps



How to Implement User-Based Controls for Cybersecurity

About this webinar

Visibility and policy control based on users is critical for cybersecurity. User-based policies readily show their business relevance, are more secure, easier to manage, and allow better forensics. In this webinar you will:

  • Learn the value of user-based controls using real-life data breach examples 
  • Discover a step-by-step approach for implementing User-IDTM on your Palo Alto Networks Next-Generation Firewall


Enabling and Deploying Your SSL Decryption

About this webinar

The growth in SSL/TLS encrypted traffic traversing the internet is on an explosive upturn. Given the primary benefits associated with encryption, the private and secure exchange of information over the internet, compliance with certain privacy and security regulations – such as the Health Insurance Portability and Accountability Act and Payment Card Industry Data Security Standard, or HIPAA and PCI DSS – the trend in SSL adoption is expected to continue to rise.

Watch as our Palo Alto Networks® team of experts presents the “hows and whys” of SSL decryption. In this webcast, you will:

  • Learn why you need to enable decryption and the key metrics to support your case
  • Find out how to address internal logistics and legal considerations
  • Discover how to effectively plan and deploy decryption