Use Palo Alto Networks Assessment and Review Tools

Identify network security risks and methods of mitigating those risks, analyze your current security posture, and assess the adoption of security best practices.
The Customer Success Team at Palo Alto Networks has developed a prevention architecture with tools and resources to help you review and assess the security risks of your network and how well you have used the capabilities of the firewall and other tools to secure your network. Contact your Palo Alto Networks representative to schedule assessments and reviews (a Palo Alto Networks sales engineer conducts the reviews to provide expertise in assessing the security state of your network). As of this publication, the available Security Risk prevention tools are:
  • Prevention Posture Assessment (PPA)—The PPA is a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture. The PPA not only helps to identify all security risks, it also provides detailed suggestions on how to prevent the risks and close the gaps. The assessment, guided by an experienced Palo Alto Networks sales engineer, helps determine the areas of greatest risk where you should focus prevention activities. You can run the PPA on firewalls and on Panorama.
  • Best Practice Assessment (BPA) Tool—The BPA for next-generation firewalls and Panorama evaluates a device’s configuration by measuring the adoption of capabilities, validating whether the policies adhere to best practices, and providing recommendations and instructions for how to remediate failed best practice checks.
    The Security Policy Adoption Heatmap component filters the information by device groups, serial numbers, zones, areas of architecture, and other categories. The results include trending data, which shows the rate of security improvement as you adopt new capabilities, fix gaps, and progress toward a Zero-Trust network.
    The BPA component performs more than 200 security checks on a firewall or Panorama configuration and provides a pass/fail score for each check. Each check is a best practice identified by Palo Alto Networks security experts. If a check returns a failing score, the tool provides the justification for the failing score and how to fix the issue.
Palo Alto Networks continues to develop new tools and refine existing tools. Contact your Palo Alto Networks representative to find out what the most current tools can do to increase your data center network security.

Related Documentation