Use Palo Alto Networks Assessment and Review Tools
Identify network security risks and methods of mitigating
those risks, analyze your current security posture, and assess the
adoption of security best practices.
The Customer Success Team at Palo Alto Networks has
developed a prevention architecture with tools and
resources to help you review and assess the security risks of your
network and how well you have used the capabilities of the firewall
and other tools to secure your network. Contact your Palo Alto Networks
representative to schedule assessments and reviews (a Palo Alto
Networks sales engineer conducts the reviews to provide expertise
in assessing the security state of your network). As of this publication,
the available Security Risk prevention tools include:
Prevention Posture Assessment (PPA)
—The PPA is
a set of questionnaires that help uncover security risk prevention gaps
across all areas of network and security architecture. The PPA not
only helps to identify all security risks, it also provides detailed
suggestions on how to prevent the risks and close the gaps. The
assessment, guided by an experienced Palo Alto Networks sales engineer,
helps determine the areas of greatest risk where you should focus
prevention activities. You can run the PPA on firewalls and on Panorama.
Best Practice Assessment (BPA) Tool
—The BPA for next-generation
firewalls and Panorama evaluates a device’s configuration by measuring
the adoption of capabilities, validating whether the policies adhere
to best practices, and providing recommendations and instructions
for how to remediate failed best practice checks.
Policy Adoption Heatmap component filters the information by device
groups, serial numbers, zones, areas of architecture, and other categories.
The results include trending data, which shows the rate of security
improvement as you adopt new capabilities, fix gaps, and progress
toward a Zero-Trust network.
The BPA component performs more
than 200 security checks on a firewall or Panorama configuration
and provides a pass/fail score for each check. Each check is a best
practice identified by Palo Alto Networks security experts. If a
check returns a failing score, the tool provides the justification
for the failing score and how to fix the issue.
Palo Alto Networks continues to develop new tools and refine
existing tools. Contact your Palo Alto Networks representative to
find out what the most current tools can do to increase your data
center network security.