Palo Alto Networks best practices are designed to help you get the most secure
network possible by streamlining the process of checking compliance on your network
infrastructure. We’ve built best practice checks directly in to
Strata Cloud Manager
, so that you can get a live evaluation of your configuration. Tighten your security
posture by aligning with best practices. You can leverage
Strata Cloud Manager
assess your Panorama, NGFW, and Panorama Managed Prisma Access security configurations
against best practices and remediate failed best practice checks.
Best practice guidance aims to help you bolster your security posture, but also to help
you manage your environment efficiently and to best enable user productivity.
Continually assess your configuration against these inline checks—and when you see an
opportunity to improve your security, take action then and there.
Visibility into Best Practice Adoption and Compliance
To get started, you can quickly assess your overall security posture by checking the
See how you’re doing at a high-level and pinpoint areas where you might want to start
Check the Dashboard: Best Practices dashboard for daily best practices reports, and their
mapping to the Center for Internet Security’s Critical Security Controls
(CSC) checks, to help you identify areas where you can make changes to
improve your best practices compliance. Share the best practice report as a
PDF and schedule it to be regularly delivered to your inbox.
Check the Compliance Summary dashboard to view
a history of changes to the security checks made up to 12 months in the
past, grouped together by the Center for Internet Security (CIS) and
National Institute of Standards and Technology (NIST) frameworks.
Use Config Cleanup to identify and remove unused configuration objects
and policy rules.
Configure Policy Optimizer Settings to hone and optimize overly
permissive security rules so that they only allow applications that are actually
in use in your network.
Create your own Compliance Checks –
Customize existing best practice checks and create and manage special
exemptions to better align to your organization’s business requirements.
Use Policy Analyzer to quickly ensure that updates you
make to your Security policy rules meet your requirements and don't
introduce errors or misconfigurations (such as changes that result in
duplicate or conflicting rules).
Live, Inline Best Practice Configuration Checks
Best practice guidance aims to help you bolster your security posture, but also to
help you manage your environment efficiently and to best enable user productivity.
Continually assess your configuration against these inline checks—and when you see
an opportunity to improve your security, take action then and there.
Best Practice Scores
Best practice scores are displayed on a feature dashboard (Security policy,
decryption, or URL Access Control, for example). These scores give you a
quick view into your best practice progress. At a glance, you can identify
areas for further investigation or where you want to take action to improve
your security posture.
Field-level checks show you exactly where your configuration does not align
with a best practice. Best practice guidance is provided inline, so you can
immediately take action.
Best Practice Assessment
Here, you can get a comprehensive view into how your implementation of a
feature aligns with best practices. Examine failed checks to see where you
can make improvements (you can also review passed checks). Rulebase checks
highlight configuration changes you can make outside of individual rules,
for example to a policy object that is used across several rules.
Best practice checks are available for:
Your security policy rulebase
Rulebase checks look at how security policy is organized and managed,
including configuration settings that apply across many rules.