Use Case: Respond to an Incident Using Panorama
Network threats can originate from different vectors,
including malware and spyware infections due to drive-by downloads,
phishing attacks, unpatched servers, and random or targeted denial
of service (DoS) attacks, to name a few methods of attack. The ability
to react to a network attack or infection requires processes and
systems that alert the administrator to an attack and provide the
necessary forensics evidence to track the source and methods used
to launch the attack.
The advantage that Panorama provides is a centralized and consolidated
view of the patterns and logs collected from the managed firewalls
across your network. You can use the information from the automated
correlation engine alone or in conjunction with the reports and
logs generated from a Security Information Event Manager (SIEM),
to investigate how an attack was triggered and how to prevent future
attacks and loss of damage to your network.
The questions that this use case probes are:
How are you notified of an incident?
How do you corroborate that the incident is not a false positive?
What is your immediate course of action?
How do you use the available information to reconstruct the
sequence of events that preceded or followed the triggering event?
What are the changes you need to consider for securing your
network?
This use case traces a specific incident and shows how the visibility
tools on Panorama can help you respond to the report.