Monitor Applications and Threats
Focus
Focus
Next-Generation Firewall

Monitor Applications and Threats

Table of Contents

Monitor Applications and Threats

Where Can I Use This?What Do I Need?
  • NGFW (Managed by PAN-OS or Panorama)
  • Support license
  • (Panorama) Device management license
Palo Alto Networks next-generation firewalls come equipped with the App-ID technology, which identifies the applications traversing your network, irrespective of protocol, encryption, or evasive tactic. This deep application awareness helps you manage applications effectively using the Application Command Center (ACC). The ACC offers a graphical summary of data from various log databases, highlighting which applications are in use, by whom, and their potential security implications. ACC is dynamically updated, using the continuous traffic classification that App-ID performs; if an application changes ports or behavior, App-ID continues to see the traffic, displaying the results in ACC. Beyond applications, the ACC enriches this visibility with insights into URL categories, threats, and data patterns, painting a comprehensive picture of the network landscape and enabling the creation of more informed security policies.
To enhance monitoring capabilities, you can also leverage the Dashboard feature on the firewall. This customizable dashboard provides a quick overview of key network metrics and security posture.
To proactively assess security risks, review the Content Delivery Network (CDN) infrastructure. This involves examining logged events on the firewall that might indicate suspicious activity related to CDN traffic. Additionally, the AutoFocus intelligence summary provides context on the prevalence of specific properties, activities, or behaviors associated with logs in your network and on a global scale. This summary also includes the WildFire verdict and relevant AutoFocus tags. With an active AutoFocus subscription, you can leverage this information to configure customized AutoFocus Alerts, enabling proactive tracking of specific threats and behaviors pertinent to your network environment.