The BPA tool performs more than 200 security checks on a firewall or the Panorama central management configuration and provides a pass/fail score for each check.
The Best Practices Assessment uses the configuration files from your Palo Alto Networks Next-Generation Firewall(s) to produce a heat-map and a list of recommendations. The heat-map provides a detailed overview of the adoption of security capabilities like App-ID, User-ID, Threat Prevention, URL Filtering, WildFire and Logging on your firewall.
According to Gartner research, 95% of all firewall breaches are caused by misconfiguration, not flaws. It is essential to adhere your firewall configuration to the evolving Best Practices on a regular basis in order to keep the security posture of your Next-Generation Firewall at a maximised level.
The Best Practices tool has the following features:
- It evaluates a device’s configuration by measuring the adoption of your firewall’s security capabilities like App-ID, User-ID, Threat Prevention, URL Filtering, WildFire, and Logging;
- It validates whether the policies adhere to best practices & compares against industry standards; The Best Practices Assessment tool performs more than 200 checks and compares industry averages in your sector based on all other Best Practice Assessment checks worldwide.
- It provides recommendations and instructions on how to remediate failed best practice checks;
- It benchmarks against CIS Top 20 Critical Security Controls.