This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

S.Cantwell
Cyber Elite
Cyber Elite
In response to jforsythe

‎07-29-2021 11:13 AM - last edited on ‎08-05-2021 02:16 PM by

@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 


From my perspective, the answer would be, believing that their current rule sets are properly configured and providing adequate projection.

The typical IT professional is very busy through his/her day, and there never seems a moment in time to just re-prioritize and focus on your current security posture.

 

Example: 

Can someone, right now, tell me EXACTLY how many application their network has seen in the past 30 days.

Can you tell me if all of these applications are needed (think.. Acceptable Use Policy of your employer...) just because someone uses an application does not mean it is a business justified one. 

 

Do you have rules limiting the risk level of your applications?.   There are 143 Risk Level 5 applications detected by the PANW FW. Have you reviewed the 143?  Do you have security rules/posture to block the apps that are not being used? 

If you look at your application usage and only three risk level 5 (say, FTP, SMTP, and Skype) are needed... and you do not see any other risk level 5 in your network... are you actively creating policies to BLOCK the apps that your enterprise is not even using. 

 

This is called "Reducing the Attack Surface" 

 

There are 3563 applications known on the PANW appliance.  Have you taken the time to review the application and appropriately TAGGED the application using the "Sanctioned" tag.  Imagine how easy your security policy could be if you only allowed SANCTIONED applications?  Your security rules numbers could be easily reduced.

 

For those with Panorama... are you looking and utilizing the  the Automated Correlation Engine?  If the Panorama is the "single pane of glass" to your security posture, have you reviewed its output against these events:

SteveCantwell_0-1627582205763.png

And lastly, when was the last time your company ran its configuration through the PANW created Best Practice Assessment tool, available in your support account.  It takes your configuration and finds EVERY single area of improvement that needs to be performed (according to the recommendations of PANW_ to secure and improve the posture of your network.   Perform these 2 to 4 times a year, to keep current.

 

The list could go on, in ways to improve.  Review the CyberElite comments and take advantage of the knowledge and experience from these experts. 

Please help out other users and “Accept as Solution” if a post helps solve your problem !

View solution in original post

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks