Palo Alto Networks is proud to announce the availability of AIOps for NGFW 2.5 to help our customers improve the operational efficiency of managing firewalls from a health and performance point of view, maximize their security posture and visualize and report the interplay between users, applications, and threats across their entire deployment.
Key features in the AIOps for NGFW 2.5 release:
Improved Best Practice Assessments
AIOps now meets and exceeds all the capabilities of the standalone Best Practice Assessment for NGFW and Panorama tool.
The ability to manually upload Tech Support Files (TSFs), which is particularly useful for NGFWs where telemetry simply cannot be enabled
The telemetry-based “Best Practices” section of AIOps now has full parity with the standalone tool in terms of the number of checks performed – going to over 240 now.
The recommendations provided for Security Alerts now exceed the ones provided by the standalone tool in terms of how detailed and extensive they are, especially when it comes to providing CLI commands for remediation of the alerts (shown below).
Security Posture Overview
Security Posture Overview is a brand-new feature that allows customers to identify services and features of their NGFWs that are not activated or configured but are available to them and would improve their security posture. It further identifies NGFWs that may be activated and configured, but the configuration is not following Best Practices. This allows customers to fully leverage the capabilities that they have already licensed. A sense of relevance permeates all three stages. AIOps squeezes intelligence out of the configuration to map user-named zones to predefined network architecture roles and derive this sense of relevance.
Network traffic patterns vary by time of the day, day of the week, etc. With static threshold values, you may get accustomed to ignoring Alerts that you perceive as false alarms, and you might miss an actual Alert that could lead to a business outage.
With Dynamic Thresholds, AIOps automatically adjusts the warning level threshold values by employing ML algorithms that learn the behavior of the underlying metric. This feature means the Alert is generated only when the firewall is experiencing an actual problem. This dramatically reduces alerts that, with static values for the thresholds, might be created because of a cyclical behavior, or even if the normal behavior of the metric is just above the out-of-the-box static threshold values.
CDL Infrastructure Health
The new CDL Infrastructure Health features ensure the CDL Infrastructure is stable and healthy – e.g., on log ingestion, forwarding and retention (to support Log Explore), Compliance, and Threat behavior analysis and trends.
AIOps for NGFW relies on CDL data for many of its analytics features and ensuring the availability and integrity of that data is key to a well-oiled AIOps for NGFW deployment.
Software Upgrade Recommendation Engine
With the new SURE (Software Upgrade Recommendation Engine), AIOps for NGFW 2.5 Premium provides guidance on the software version best suited for your NGFWs based on:
The enabled feature set on the firewall
The model of the hardware, and
AIOps for NGFW 2.5 Premium has the new Policy Analyzer which helps identify errors and misconfigurations in security policies; you can perform this analysis before committing changes to a NGFW’s policy configuration (Pre-Change Policy Analysis) or after the change has already been committed in Panorama (Post-Change Policy Analysis).
When the operator receives a new request for a policy change, this feature allows the operator to understand if the desired outcome of this policy is already met, explicitly refuted or denied by default.
New Threat Insights Dashboard
Last but not least: a new Threat Insights dashboard in AIOps 2.5 Premium which provides a 360-degree view into all the threats detected in your network — across WildFire, Advanced URL Filtering, DNS Security, Advanced Threat Prevention and Enterprise DLP. You can view all impacted users and applications as well as specific rules that are allowing or blocking threats: