Step 5: Monitor and Maintain the Network

Your business changes, your applications change, and your network evolves. Log traffic, monitor the environment, and maintain the Zero Trust deployment.
Security is an iterative process because logging and monitoring reveal improvements to make and because your business and network change over time. Follow the operational processes you developed when architecting the network to maintain and continually update prevention controls.
  • Decrypt, inspect, and log all traffic (internal and external) through Layer 7.
  • Forward logs to the Cortex Data Lake from Panorama for managed firewalls, from individual firewalls (firewalls not managed by Panorama), from Prisma Access, and from Traps to centralize and aggregate your on-premise and virtual (private and public cloud) log storage. This provides visibility into your network traffic and protect surfaces.
  • Update policy and potentially add new protect surfaces based on intelligence from Cortex XDR, which uses Cortex Data Lake data and machine learning to automate analyzing your network based on your network’s normal behavior and identifying anomalous behavior that may indicate an intrusion or other threat. Threat activity that targets DAAS elements which aren’t in a protect surface can highlight protect surfaces you didn’t consider when you originally defined your protect surfaces.
  • Use Cortex XDR to gain visibility into your network traffic, simplify threat investigation by correlating logs, and enable you to identify the root cause of alerts and respond immediately.
  • Use Cortext XDR APIs to integrate with Demisto and automate responses using Desmisto response playbooks that are tailored to your business workflows, which can reduce response time from days to minutes.
  • Use Prisma Cloud to aggregate and provide visibility into configuration data, user activity information, and network traffic information. Prisma Cloud analyzes data and delivers concise and actionable insights.
  • Follow Best Practices for Applications and Threats Content Updates to get new and modified App-IDs and to keep your threat signatures up-to-date.
  • Use the Best Practice Assessment tool to measure progress toward a best-practice configuration and to help you transition to a best practice security posture.
  • Monitor network activity, use predefined reports, and generate custom reports to gain visibility into your environment.
  • Keep the cross-functional team together to help maintain your Zero Trust deployment as the network and the business evolve, and create education and training to ensure that new members of the team understand the strategy and the implementation.
  • Continue to automate actions and responses as automation capabilities advance.

Recommended For You