Reduce the attack surface, prevent known and unknown
threats, and improve your security posture.
After you gain visibility and context
into the traffic on your network—applications, content, threats,
and users—implement strict controls to reduce the attack surface
and prevent known and unknown threats to complete the transition
to a best practice configuration.
Create application-based Security policy rules for data center and perimeter firewalls; use
the perimeter firewall best practice recommendations for other firewalls
that aren’t in the data center. If you run PAN-OS 9.0 or later on
firewalls or PAN-OS 9.0 or later on a Panorama managing firewalls
running PAN-OS 8.1 (or later), you can use Policy Optimizer to convert port-based
rules to application-based rules.
After you implement control capabilities, the firewall can scan
all allowed traffic and detect and block network and application-layer
vulnerability exploits, buffer overflows, DoS attacks, port scans,
and known and unknown malware variants. The firewall controls application
and user access as well as blocking malicious and unwanted applications.
After you configure changes, Run the BPA to validate
the changes, measure progress, and prioritize the next changes.