Focus
Focus
Table of Contents

Step 5: Report and Maintenance

Your business changes, your applications change, and your network evolves. Log traffic, monitor the environment, and maintain the Zero Trust deployment.
Security is an iterative process because logging and monitoring reveal improvements to make and because your business and network change over time. Follow the standards and designs you developed to maintain and continually update prevention controls.
  • Decrypt, inspect, and log all traffic (internal and external) through Layer 7.
  • Forward logs to Strata Logging Service from managed firewalls using Panorama to push log forwarding settings to firewall groups, from individual firewalls (firewalls not managed by Panorama), from Prisma Access, and from Cortex XDR to centralize and aggregate your on-premise and virtual (private and public cloud) log storage. This provides visibility into your traffic and attack surfaces.
  • Send CDL as much telemetry data as possible about your environment (endpoints, network, and cloud) so that you receive the most complete and actionable insights into how to improve your Zero Trust network over time.
  • Update policy based on intelligence from Cortex XDR, which uses Strata Logging Service data and machine learning to automate analyzing your network based on your network’s normal behavior and identifying anomalous behavior that may indicate an intrusion or other threat. Threat activity that targets assets which aren’t protected highlights resources that were missed during the initial asset discovery and prioritization.
  • Use Cortex XDR to gain visibility into your network traffic, simplify threat investigation by correlating logs, and enable you to identify the root cause of alerts and respond immediately.
  • Use Cortext XDR APIs to integrate with Cortex XSOAR and automate responses using response playbooks that are tailored to your business workflows, which can reduce response time from days to minutes.
  • Use Prisma Cloud to aggregate and provide visibility into configuration data, user activity information, and network traffic information. Prisma Cloud analyzes data and delivers concise and actionable insights.
  • Follow Best Practices for Applications and Threats Content Updates to get new and modified App-IDs and to keep your threat signatures up-to-date.
  • Use the Best Practice Assessment tool to measure progress toward a best-practice configuration and to help you transition to a best practice security posture.
  • Monitor network activity, use predefined reports, and generate custom reports to gain visibility into your environment.
  • Keep the cross-functional team together to help maintain your Zero Trust deployment as the network and the business evolve, and create education and training to ensure that new members of the team understand the strategy and the implementation.
  • Continue to automate actions and responses as automation capabilities advance.