This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who rated this post

OtakarKlier
Cyber Elite
Cyber Elite

‎03-17-2023 11:28 AM

Hello,

Well I think I have a special case, because most of all my services that are externally accessible are whitelisted. But for those that are not, I dont get many. You kinda just have to filter through the noise. Since every environment is different, I would say start with your internal zones first when it comes to alerting. It should be reasonable quiet. Then add the external stuff and just start to recognize the 'noise' rather than anything else.

Here are a few things I use to try to limit my external exposure footprint.

  • Whitelist countries that can connect to my external IP's
    • We only allow the US
  • Use the External Dynamic Lists to help block others
  • Make sure to use Applications instead of ports (sometimes not possible)
    • SSL instead of 443, etc
  • Enable Telemetry
    • This allows usage stats to be sent to Palo Alto so they can use their Machine learning to create new threat profies etc. This helps everyone out (kind of a way to giving back to the community)

The idea is to make is as difficult as possible for an adversary so they go after someone else. Also realize that most ways companies get compromised is from the inside, someone clicks a link or attachment, etc. so dont forget to secure that as well!

 

Hope this helps.

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks