Evaluate Security Policy Capability Adoption

Measure your adoption of Security policy capabilities using the Best Practice Assessment (BPA) tool.
The Best Practice Assessment (BPA) tool helps you understand your current level of Security policy capability adoption and helps you assess the maturity and effectiveness of your security posture. Adopting capabilities such as WildFire, Vulnerability Protection, SSL Decryption, etc., contributes to detecting and preventing attacks. Developing a solid understanding of how and where to use each capability in different environments is critical to understanding how to best protect your network and its valuable assets.
Getting Started with Best Practices shows how to access and run the BPA. The Capability Adoption Heatmaps section of the BPA report enables you to review the adoption of these capabilities across the Security policy rulebase. Watch the Introduction to Heatmaps video to learn about Heatmaps, and take advantage of the BPA video library and the BPA+ video library to learn more about the tool.
In Panorama-managed environments, Panorama may manage large numbers of next-generation firewalls. Should you run the BPA on Panorama or on each individual firewall? The tradeoff is speed and convenience versus completeness.
Running the BPA on Panorama is fast, convenient, and assesses most of the capabilities of the managed firewalls, but does not examine local firewall overrides.
Running the BPA on each managed firewall assesses the complete configuration (including local overrides) but takes much more time.
The most practical method is to run the BPA on Panorama first. Examine the results, decide if you need to focus on any particular managed devices, and then run the BPA on those devices. This method saves time while still focusing on relevant information that enables you to improve your security posture.
Review and analyze the information on the Heatmap tabs to identify gaps in security capability adoption and determine what you want to improve:

Recommended For You