This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

BPA Transition to AIOps for NGFW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

BPA Transition to AIOps for NGFW

jhsiao
L3 Networker
‎07-10-2023 09:05 AM

 

We are excited to announce that the Best Practice Assessment (BPA) will be transitioning to AIOps for NGFW. BPA is a tool that allows users to assess their firewall configuration against best practices, identify gaps that can pose network security risks, and get recommendations to mitigate issues. 

 

While the BPA has proven very useful in helping customers identify and mitigate network security risks, it has some limitations. As security threats become increasingly agile, it becomes more critical than ever to have complete visibility into your security posture at all times. This transition to AIOps for NGFW will allow for several advantages over the current BPA, helping users improve their security and best practice compliance. 

 

What is the Timeline for This Transition?

 

Starting July 17, 2023, TSF uploads to the Best Practice Assessment via the Customer Support Portal and Customer Success Site will be disabled. Historical BPA data will be maintained until December 31, 2023.

 

Why Transition BPA to AIOps for NGFW?

 

AIOps for NGFW offers several key advantages over the standalone BPA tool:

 

  1. Telemetry-powered dashboards and workflows offer a continual view of security posture, instead of relying on manual generation of point-in-time snapshots of a single device like the BPA requires today.
  2. AIOps for NGFW supports advanced, cloud-delivered capabilities not possible with the BPA today, such as the ability to proactively enforce best practices on your Panorama devices and prevent security misconfigurations before they’re applied.
  3. AIOps for NGFW offers greater customization of best practices, allowing you to focus on what’s relevant to your unique environment. 
  4. AIOps for NGFW offers support through official TAC support channels - unlike the BPA.

 

All AIOps BPA capabilities (excluding proactive BPA) are available free of charge, in the Free version of AIOps for NGFW. 

 

How Does AIOps for NGFW Help You Achieve Better Security Posture?

 

AIOps for NGFW provides views of your feature adoption and configuration in the Feature Adoption dashboard, helping you understand the effectiveness and usage of your security features. 

 

Figure 1_AIOps-NFGW_palo-alto-networks.png

 

With the AIOps Best Practices dashboard report, you can continually assess your deployment and identify security misconfigurations.

 

Figure 2_AIOps-NFGW_palo-alto-networks.png

 

For failed best practice checks that have CLI remediations available, you can also view and export remediation details via the Best Practices dashboard. 

 

Figure 3_AIOps-NFGW_palo-alto-networks.png
Figure 4_AIOps-NFGW_palo-alto-networks.png


To unlock the full potential of your AIOps adoption and best practices dashboards, we recommend you onboard your devices to AIOps and enable telemetry (PAN-OS 10.0 or higher required). However, if you do not wish to enable telemetry for your devices, you can still upload PAN-OS version 9.1 and higher TSFs to AIOps via the On-Demand workflow, and generate adoption and best practices reports.

 

Figure 5_AIOps-NFGW_palo-alto-networks.png


Additionally, AIOps for NGFW also generates security alerts for your Panorama device groups and template stacks that are failing best practices, helping you understand the most critical issues impacting your security posture and prioritize what to fix.

 

 

How Can I Start Using AIOps for NGFW Today?

 

If you’re new to AIOps for NGFW, first activate your free AIOps for NGFW instance on the Hub.

 

Next, onboard your devices to AIOps for NGFW with telemetry enabled (PAN-OS 10.0 or higher required) to start generating daily adoption and best practice dashboard views, as well as security alerts for Panorama configuration. 

 

If you do not wish to enable telemetry for your devices, you can upload PAN-OS 9.1 or higher TSFs via our On-Demand BPA workflow to generate adoption and best practices reports right away, no telemetry required.


Helpful Resources

 

AIOps for NGFW BPA features demo

Check out this demo, which walks through the best practice features available in AIOps for NGFW as part of this transition.

(view in My Videos)

 

 

For more information about AIOps for NGFW, check out our AIOps for NGFW LIVEcommunity and TechDocs resources, or reach out to your PANW sales teams today. 

 

AIOps for NGFW LIVEcommunity

Activate AIOps for NGFW

AIOps best practice capabilities overview

Where can I find my AIOps for NGFW features?

  • 8206 Views
  • 0 comments
  • 3 Likes
Register or Sign-in
Labels
Popular Blogs
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks