Step 1: Asset Discovery and Prioritization
Expand all | Collapse all
Step 1: Asset Discovery and Prioritization
Identify assets that are valuable to your business so
you can prioritize what you need to protect first.
To protect your assets and ensure normal business operation,
you need to know what those assets are and how they are used so
that you can:
Understand exactly which users, devices/infrastructure,
applications, data, and services are part of your network or have
access to your network. Understand the different access requirements
of different user groups and key individual users.
Prioritize how you roll out Zero Trust to protect those assets.
You can’t protect assets that you don’t know exist. When you
identify all assets in all locations (on-premises, cloud, remote,
third-party, etc.), you can protect all assets. Unknown users, applications,
and infrastructure, including unmanaged IoT devices, are potential
security vulnerabilities. Discovering internet-connected IoT devices
may reveal devices that are vulnerable to attack—not only expected
devices such as printers, cameras, and other unmanaged terminals,
but also unexpected internet-connected devices such as coffee mug
warmers and personal fans.
How you prioritize what to protect first depends on several factors:
What is important to your business and critical to running
your business? Different businesses place different values on different
assets. Evaluate your infrastructure, applications, and other assets to
identify what is important to your business.
Industry standards and local regulations such as General
Data Protection Regulation (GDPR), the Health Insurance Portability
and Accountability Act (HIPAA), and payment card industry (PCI)
standards.
Evaluation of the sensitivity if an asset is exposed:
Low sensitivity assets—Exposure causes limited harm to the
enterprise. For example, non-critical data and applications with
limited user bases that don’t access critical data or infrastructure.
Moderate sensitivity assets—Exposure risks serious harm to
the enterprise or its customers. For example, business data and
applications, email, voice, and video communication, and infrastructure and
services whose compromise impacts the enterprise.
High sensitivity assets—Exposure causes severe harm to the
enterprise or its customers. For example, information theft that
requires a breach notification, personally identifiable information
(PII), critical intellectual property such as code, designs, architectures,
etc., critical infrastructure such as the enterprise’s public key
infrastructure (PKI) and critical servers, and critical services
such as Active Directory (AD), DNS, and DHCP.
Palo Alto Networks
Zero Trust Advisory Service can
help you prioritize your Zero Trust rollout with advisory and roadmap
services and can help you design and implement your Zero Trust deployment.
Start the transition with your most valuable assets, which are
often in your data center or in the cloud, where you store source
code, customer data, and other business-critical, proprietary assets.
Use the following methods to gain visibility into traffic and
help identify users, applications, and infrastructure:
The team’s knowledge of the business. For example, business
leaders can speak to the strategic value of applications.
Insert one or more next-generation firewalls transparently
into your network in
virtual wire (vwire) mode,
which is a passthrough mode that requires no topology changes because
vwire interfaces don’t have IP or MAC addresses, to gain visibility
into traffic. Check
Traffic logs to view and
analyze traffic. If you have managed firewalls, use Panorama logs.
Use
Policy Optimizer to help
identify key applications on existing Security policy rules. (Policy
Optimizer even shows you all of the applications on port-based rules.)
Use Application Dependency Mapping tools to discover application
dependencies (the resources an application uses, such as databases,
load balancers, servers, etc.) automatically.