cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Cyber Elite
Cyber Elite

Hello,

Well I think I have a special case, because most of all my services that are externally accessible are whitelisted. But for those that are not, I dont get many. You kinda just have to filter through the noise. Since every environment is different, I would say start with your internal zones first when it comes to alerting. It should be reasonable quiet. Then add the external stuff and just start to recognize the 'noise' rather than anything else.

Here are a few things I use to try to limit my external exposure footprint.

  • Whitelist countries that can connect to my external IP's
    • We only allow the US
  • Use the External Dynamic Lists to help block others
  • Make sure to use Applications instead of ports (sometimes not possible)
    • SSL instead of 443, etc
  • Enable Telemetry
    • This allows usage stats to be sent to Palo Alto so they can use their Machine learning to create new threat profies etc. This helps everyone out (kind of a way to giving back to the community)

The idea is to make is as difficult as possible for an adversary so they go after someone else. Also realize that most ways companies get compromised is from the inside, someone clicks a link or attachment, etc. so dont forget to secure that as well!

 

Hope this helps.

Who rated this post