Use Case: Respond to an Incident Using Panorama

Network threats can originate from different vectors, including malware and spyware infections due to drive-by downloads, phishing attacks, unpatched servers, and random or targeted denial of service (DoS) attacks, to name a few methods of attack. The ability to react to a network attack or infection requires processes and systems that alert the administrator to an attack and provide the necessary forensics evidence to track the source and methods used to launch the attack.
The advantage that Panorama provides is a centralized and consolidated view of the patterns and logs collected from the managed firewalls across your network. You can use the information from the automated correlation engine alone or in conjunction with the reports and logs generated from a Security Information Event Manager (SIEM), to investigate how an attack was triggered and how to prevent future attacks and loss of damage to your network.
The questions that this use case probes are:
  • How are you notified of an incident?
  • How do you corroborate that the incident is not a false positive?
  • What is your immediate course of action?
  • How do you use the available information to reconstruct the sequence of events that preceded or followed the triggering event?
  • What are the changes you need to consider for securing your network?
This use case traces a specific incident and shows how the visibility tools on Panorama can help you respond to the report.

Related Documentation