Community Blog

Goodbye 2018, Hello 2019!

by Community Manager ‎01-04-2019 07:24 AM - edited ‎02-07-2019 02:45 AM (971 Views)

Read Reaper’s 2018 recap and 2019 groundwork. Learn about ways to utilize IronSkillet during new gear deployment, new Palo Alto Networks cybersecurity certifications (PCNSE, PCCSA, PCNSA), Best Practice Assessment (BPA) tool, and places you can go to ask questions and get answers on Live Community.

 

 

2018-2019 animated graphic

It's been a great year and the Live Community has seen plenty of new users join and more interactions between members getting more involved. So I'd like to start by thanking everyone in the Live Community for making this a good year for my department's goals and objectives. ;)

 

But sincerely:

Happy New Year to everyone. May your year be full of joy and free of infections! 

 

Since it's the start of the year and you're probably gearing up to complete some projects this year, I'd like to point out a few of our own "projects" that may come in handy while you prepare:

 

1. Deploy New Gear

If you're going to deploy one or more new devices (virtual or metal), a good start would be to prep your config through our "IronSkillet, day 1 configuration templates."

IronSkillet is there to help you mix and match a fresh configuration file with configuration snippets containing what we consider "best practices configuration." This helps you hit the ground running when the firewall is deployed in the field with the minimum required configuration but already touting an improved security posture. It will also save you time once the deployment starts.

 

Here are some examples of what kind of settings are included in the config snippets:

 

  • Set optimal file size for WildFire, set verdict for malware, greyware and phishing
  • Strip XFF headers from outbound web requests
  • Set TCP and UDP buffer overflow protections
  • Set content update schedules with time delays and thresholds
  • Select log-forwarding
  • Set DNS-sinkhole
  • Add bogon list dynamic objects
  • Set various security profiles (File Blocking, Anti Spyware, etc.) to recommended settings
  • Set zone protection
  • And many more—look at PAN-OS templates for a full list

Note: All of these are optional, so you can pick and choose which of the best practices you want to add and which ones to leave out or set aside to review later.

 

I show you how to start a basic template here: Getting Started with 'IronSkillet' Best Practices Templates

Once you're ready to take the plunge, you can hit the motherlode here: Welcome to IronSkillet template documentation

And the GitHub repository can be found here: PaloAltoNetworks/iron-skillet

 

2. Assess Your Current Security Health on Deployed Gear

If you already have some devices deployed and want to set aside some time this year to review your policies and posture, our customer experience team has built out a comprehensive prevention methodology that will help you assess what your current situation is and guide you through the process of improving your overal posture.

 

To help make this process more comfortable, less time consuming, and most importantly readable, the BPA (Best Practices Assessment) Tool was developed to analyse a TechSupport File and run it through more than 200 checks to see which settings are optimal and which can be improved. The BPA Tool can provide you with a heatmap and full report of what we recommend you review. 

You can access the BPA Tool directly through the support portal: How to use the new BPA functionality

 

Screenshot of Security Profile Adoption

 

Use Palo Alto Networks Assessment and Review Tools

Our complete collection of Best Practices can be found here: Best Practices

 

3. Assess Yourself

Have you considered getting a certification? Palo Alto Networks offers several new Certification Roadmaps to help you stand out among your peers and demonstrate your knowledge.

 

Screenshot of certificates roadmaps

 

Courseware is available on our education portal and a PCNSE prep playlist is up on YouTube to help you get ready for the exam.

 

4. Assess Us :)

Our goal is to ensure our user community gets solid information and a good experience interacting with peers; #AskQuestions #GetAnswers is our driving motto. If you want to make suggestions or are desperately missing something from the Community, there is a Community Feedback area where we take feedback and requests from the Live Community members. :)

 

I hope you have a great year with nothing but content nods from management. ;)

 

Stay frosty

@reaper

Ask Questions Get Answers Join the Live Community
Labels