12-02-2023 12:40 PM - edited 12-02-2023 12:40 PM
I'm not sure how much it's been publicized, but there's a pretty significant improvement to how Palo is letting customers handle newly released APP-IDs or application shifts.
Thus far when new app-ids are released customers just have to accept them without really understanding if the coming change will effect existing security policy. Well finally Palo is doing something about it. Palo will create a "threat" signature that will be fired on a new "to be released" application. This "threat" alert will inform firewall admins about traffic that while is currently hitting a certain application will match a "to be released" / coming application.
Not only will this awareness exist. Palo is also creating a "Policy Optimizer" of sorts where admins can proactively add these coming applications to existing policy, or even create a new security rule with these new applications.
This is an amazing feature that will make handling new app-ids something Palo admins can finally say we have a process for. (I'm just a long time Palo admin sharing what I hope is some helpful news)
I wanted to bring awareness to the below blog post. It's in an area people might not always look at so I figured I'd share here.
12-05-2023 05:28 AM
Hi @Brandon_Wertz ,
This is indeed another step forward !! Thanks for sharing !
One did already have the option to disable new applications in scheduled content updates so you weren't necessarily forced to just accept them:
Thanks again !
Kim.
12-05-2023 05:44 AM
Yeah, there are ways, like creating an application filter that targets newly released applications and allows you to create policy, but that's really a guessing game. Disabling newly released apps is also a way, but that too is just kicking the can down the road and doesn't really allow admins to understand the change of policy implications on their security policy.
None of the existing options, IMO, were what you'd expect from a firewall security appliance.
This new feature squarely hits the target on what admins need to do to properly address application changes in a secured way.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
