>
    Strata Copilot
    Insights: Zero Trust Posture Center
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Strata Cloud Manager Getting Started
    4. Insights: Strata Cloud Manager
    5. Insights: Zero Trust Posture Center
    Download PDF
    Strata Cloud Manager

    Insights: Zero Trust Posture Center

    Table of Contents

    Insights: Zero Trust Posture Center

    Provides a conceptual overview of the Zero Trust Posture Center, detailing its capabilities and integration points.
    Where Can I Use This?What Do I Need?
    • NGFW
    • Prisma® Access
    • Strata Cloud Manager Essentials or Pro
    • Panorama® CloudConnector Plugin 3.0.0 for Panorama managed deployments
    • Traffic logs in Strata Logging Service
    The Zero Trust Posture Center quantifies your security posture risk and assesses your alignment with Zero Trust principles within Strata Cloud Manager. It analyzes configuration data from your ecosystem to derive insights and provide an actionable roadmap for achieving a Zero Trust architecture.
    This feature is available in both the Essentials and Pro licensing tiers of Strata Cloud Manager. In the Essentials tier, you get all of Palo Alto Networks best practices, aligned to the zero trust framework. In the Pro tier, you get additional insights from all Strata Cloud Manager posture features, including Policy Analyzer, Policy Optimizer, Config Cleanup, and Custom Posture Checks.
    Zero Trust Posture Center derives insights from NGFW and Prisma Access configurations by analyzing configurations collected via telemetry, through the Panorama CloudConnector Plugin, or directly from Strata Cloud Manager’s configuration manager. Configurations are sent via device telemetry once a day, the CloudConnector plugin for Panorama sends the configuration during each local commit, and Strata Cloud Manager processes the configuration every 3 minutes.
    Here is a video that shows how to manage network security using Zero Trust Posture Center in Strata Cloud Manager.

    The Zero Trust Posture Center integrates insights from several existing Strata Cloud Manager capabilities to provide a unified posture assessment:
    • Best Practice Checks - Assesses configurations against Palo Alto Networks\' predefined security best practices, aligning your environment with recommended standards.
    • Policy Analyzer - Identifies and analyzes policy anomalies, such as shadowed, redundant, consolidated, correlated, and generalized rules, ensuring policies function as intended.
    • Policy Optimizer - Identifies overly permissive security rules and recommends granular policy adjustments to enforce least privilege.
    • Config Cleanup - Detects and highlights unused objects, zero-hit rules, zero-hit objects, and duplicate objects within your configuration, reducing complexity and attack surface.

    Dashboard Architecture and Components

    The Zero Trust Posture Center dashboard assesses your alignment with the Zero Trust framework using Palo Alto Networks configuration best practices. For users with Strata Cloud Manager Pro license tier, Zero Trust Posture Center dashboard displays insights at the top of the dashboard to help identify high-risk areas and prioritize immediate security tasks.
    The BEST PRACTICES section provides a prescriptive guide to security, assessing your alignment with the Zero Trust framework. It displays your overall percentage of passed assessments and compares it against your industry's average passing rate. Your overall posture breaks down into five Zero Trust pillars, each with a percentage passing rate. Consider these factors when implementing in your network:
    • Optimize Configuration for Resiliency - Focuses on foundational infrastructure and network settings to ensure maximum availability and stability of your security platform.
    • Identify All Users, Devices, and Applications - Assesses the deployment and effectiveness of User-ID™, Device-ID, and App-ID™ to ensure comprehensive visibility and accurate identification of all entities accessing your network.
    • Enforce Least Privilege - Analyzes security policies to ensure they are not overly permissive and leverage Next-Generation Firewall features to restrict access to only what is strictly necessary.
    • Apply Holistic Security Inspection - Verifies that security services are configured for comprehensive, real-time inspection of allowed traffic, operating in prevention mode to stop threats.
    • Control Data Access and Movement - Focuses on mechanisms like Data Loss Prevention (DLP) and file blocking to protect sensitive data from unauthorized exfiltration or movement.

    Impact and Recommendations

    The Zero Trust Posture Center prioritizes security tasks by stack-ranking impacts and providing detailed recommendations. The Current Impacts and Recommendations section presents a prioritized list of recommendations for addressing top active threats or impacts to your network security deployment. Each impact card identifies a potential security impact, explains the associated risk, lists detected active threats from logs, and provides specific recommendations. A green percentage indicates the potential increase in your total passed percentage upon resolving associated incidents.
    The Zero Trust Posture Center integrates with the Unified Incident Framework to guide your remediation process. Recommendations within impact cards link directly to a filtered view of the Incidents list page, showing specific incidents requiring resolution. Posture incidents are created on the configuration object where checks fail. The Incident Detail page provides comprehensive information for understanding and remediation, divided into four key areas:
    • Standard incident info along with description.
    • Remediation playbook for corrective steps.
    • Evidence to identify the incorrect configuration and its path in the web interface.
    • Activity log that consolidates all pertinent information required to understand, diagnose, and resolve the posture incident effectively.

    Exception Management

    You can create and manage exceptions for posture checks, and exempting those not applicable to your environment. Once an exception is active, related incidents automatically close if it was the only failing check. Zero Trust Posture Center removes exempted checks from all calculations, ensuring your posture score accurately reflects your specific security policy. Exceptions are tracked and displayed as an independent dashboard metric. See Custom Posture Check.

    Onboard to the Zero Trust Posture Center

    This procedure guides you through accessing the Zero Trust Posture Center, understanding its dashboard, identifying security risks, and initiating remediation actions within your Strata Cloud Manager environment.
    1. Select Insights > Posture > Zero Trust Posture Center dashboard. This page provides an initial overview of your organization's zero trust posture.
    2. Filter the dashboard view to focus on specific products or devices.
      • Select All, Prisma Access, or NGFW, in the top center of the Best Practice section to filter by product. This allows you to view posture assessments relevant to specific product deployments.
      • If you manage multiple NGFWs, use the dropdown menu to select a specific NGFW device. This enables a granular view of the posture for individual NGFW instances.
    3. Review the dashboard insights and overall posture assessment.
      1. Observe the insights displayed across the top of the dashboard. These insights highlight high-risk areas and immediate security priorities for users with Strata Cloud Manager Pro license tier.
      2. Examine the Best Practice section to view your current alignment to the zero trust framework. This section provides a prescriptive guide for improving your security posture based on Palo Alto Networks' best practices.
      3. Check your organization's overall percentage of passed assessments and compare it to your industry’s average passing rate on the far left of the dashboard. This benchmark provides context on your security posture relative to your peers.
      4. Review the breakdown of the five critical zero trust pillars and their individual percentage passing rates. This breakdown helps you identify specific areas of strength and weakness within the zero trust framework, guiding where to focus your improvement efforts.
    4. Review Current Impact and Recommendations to understand potential risks and proposed solutions. This section prioritizes your remediation efforts by highlighting the most critical active threats and impacts to your network security deployment.
      1. For an impact card of interest, review the following details to get a comprehensive understanding of the security issue:
        • Potential impact.
        • Explanation of the risk.
        • Any detected active threats from logs.
      2. Click the Recommendations link in the bottom right corner of the impact card to expand the list of suggested actions. Expanding the card reveals specific, actionable steps to address the identified impact and threats.
      3. Note the green percentage displayed at the top right of the card and next to each recommendation. This percentage indicates the potential increase in your total passing score if the associated incidents are resolved, aiding in your prioritization.
    5. Remediate incidents using the Unified Incident Framework.
      1. Select a Recommendations link within an expanded impact card. This action redirects you to a filtered view of the Incidents page within the Unified Incident Framework, showing only incidents relevant to the chosen recommendation.
      2. Select an individual incident from the list to load the incident detail page. This provides a comprehensive view of a specific posture incident, including all necessary information for resolution.
      3. Review the four key sections of the incident detail page to get all necessary context, guidance, and technical details to understand and resolve the incident:
        • Standard incident info along with description.
        • Remediation playbook for corrective steps.
        • Evidence to identify the incorrect configuration and its path in the web interface.
        • Activity log that consolidates all pertinent information required to understand, diagnose, and resolve the compliance incident effectively.
      4. Select Go to Configuration in the REMEDIATION PLAYBOOK to apply the necessary changes. This provides a direct link to the relevant configuration interface in Strata Cloud Manager, greatly simplifying the remediation process. For configurations managed by Panorama or NGFW, the link opens the manager web UI in a new tab; you must then follow the instructions in the incident details to find and modify the object configuration.
    6. Select View Incident Setting from the Action menu to create scope-based or global exceptions that prevent recommendations or Posture Checks from continuously flagging as non-compliant—for instance, if a check is not applicable or the configuration is intentionally non-standard. Zero Trust Posture Center respects these exceptions, and the assessed recommendation or Posture Check will be removed from all calculations. For more information, see Custom Posture Check.

    © 2026 Palo Alto Networks, Inc. All rights reserved.