Best Practice Assessment (BPA) can now generate a Prisma Access BPA!

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L4 Transporter

Prisma Access BPA


We have introduced a new BPA report! This new BPA report aims to guide Prisma Access Security Posture. Below are some feature highlights. 


A user can generate the regular BPA report or Prisma Access BPA report in the same way we do today. Prisma Access BPA report is generated using a Panorama Tech Support File (TSF).  One requirement to run this report is to have the Cloud Services Plugin for Prisma Access configured. If a TSF generated on Panorama does not have this plugin, then it will only have the option to generate a regular BPA report the way we do today.


Dedicated BPA report for Prisma Access implementation

In a Prisma Access BPA report, we are processing the configuration needed to address Prisma Access features. We process the Device groups and template stacks that are configured in the Prisma Access configuration settings. We also consider any parent device groups for the configured device groups in Prisma Access configuration.


The benefit of the Prisma Access BPA report is to focus on tracking feature adoption, security posture and features that associate with Prisma Access so you can be assured that your remote workers and locations are the most secure they can be.



Best Practice Assessment for Prisma Access


Ability to view BPA results not at device level but at individual Tenant level

We are now able to track security posture and feature adoption at each tenant level. 


In a multi-tenant environment we should have the ability to go granular at tenant level so we can identify the strong and weak areas for each tenant to focus our efforts in getting up a section of implementation to the expected value. This helps monitoring at tenant level and not only at system level.


We also have a Prisma Access Deployment Type to filter just Remote Network or Mobile user of one or more tenants and go as granular as possible.



View BPA analysis at one or more Tenant level


Heatmap Trending at Tenant level

We can now track Adoption heatmap trending over a period of time for each tenant. As you can see in the image, we are able to select one or more tenants and see its Heatmap trending over a period of time.



Heatmap Trending results now can be viewed for each Tenant


Summary Graphs with Compliance framework at Tenant level

We can now measure security compliance framework such as NIST, CIS Critical Security Controls and others at each tenant level. Each tenant may have its own business case to implement certain security capabilities and the BPA report is now able to track and guide.



Summary Graph and Security Compliance results for each Tenant


Mapping Definitions at per Tenant level

We can now look at Mapping Definition tab results for every Best practice check at per Tenant level.



Track Passing % of each check at Tenant level


Global Filters to help user experience. Selected global filter criteria persists across the report.

We have created new filters as Global filters. These filters are designed to help in two ways

  • Ability to select one or more Tenants so we do not need to review data for the whole Panorama configuration.
  • Ability to retain/persist the filtered selections as we move across the BPA report different tabs so the user filters the whole report to narrowed and selected criteria. 



Ability to narrow down the report results and keep it persistent