Implement Initial Best Practice Controls

Reduce the attack surface, prevent known and unknown threats, and improve your security posture.
After you gain visibility and context into the traffic on your network—applications, content, threats, and users—implement strict controls to reduce the attack surface and prevent known and unknown threats to complete the transition to a best practice configuration.
After you implement control capabilities, the firewall can scan all allowed traffic and detect and block network and application-layer vulnerability exploits, buffer overflows, DoS attacks, port scans, and known and unknown malware variants. The firewall controls application and user access as well as blocking malicious and unwanted applications.
After you configure changes, Run the BPA to validate the changes, measure progress, and prioritize the next changes.

Related Documentation