At Palo Alto Networks, it’s our mission to develop products and services that help you, our customer, detect and prevent successful cyberattacks. We’ve developed our best practice documentation to help you do just that. Whether you’re looking for the best way to secure administrative access to your next-gen firewalls and Panorama, create best practice security policy to safely enable application access at the internet gateway and the data center, or learn the best way roll out a decryption policy to prevent threats from sneaking into your network, you will find the guidance you need here in our best practice documentation. And, our best practice library keeps growing and evolving to keep up with the ever-changing threat landscape, so be sure to check back often! Show
SpotlightTransition to Best PracticesDocuments, checklists, videos, webinars, best practice assessment tools, and more help you learn about and apply security best practices. Best Practices for Managing Firewalls with PanoramaUse the Panorama Best Practices to help manage and secure your firewalls.
 Best Practices Assessment (BPA)Administrative Access Best PracticesFirewalls and Panorama centralized management servers are the gatekeepers and protectors of your network. To prevent attackers from gaining access to these devices and reconfiguring them to permit malicious access to your network, follow these best practices to secure administrative access. DocumentationDoS and Zone Protection Best PracticesProtect against DoS attacks that try to take down your network and critical devices using a layered approach that defends your network perimeter, zones, and individual devices. Data Center Best Practice Security PolicyBest Practices for Migrating to Application-Based PolicyConvert port-based Security policy to application-based Security policy safely when you migrate to the next-generation firewall. Decryption Best PracticesYou can't defend against threats you can’t see. By enabling decryption on your next-gen firewalls you can inspect and control SSL/TLS and SSH traffic so that you can detect and prevent threats that would otherwise remain hidden in encrypted traffic. Use the best practice guidelines in this site to learn how to plan for and deploy decryption in your organization. Best Practices Getting StartedApply security best practices to reduce the attack surface, gain visibility into traffic, prevent threats, and protect your network, users, and data. Best Practices for Managing Firewalls with PanoramaLearn the best practices for managing firewalls centrally using Panorama. Getting Started with the BPAEvaluate your Security policy, identify areas to improve, prioritize changes, and then transition safely to a best practice Security policy. Internet Gateway Best Practice Security PolicyTo protect your network from cyberattack and improve your overall security posture, implement a best practice internet gateway security policy. Use the guidelines in this site to plan, deploy, and maintain your internet gateway best practice security policy. Administrative Access Best PracticesFirewalls and Panorama centralized management servers are the gatekeepers and protectors of your network. To prevent attackers from gaining access to these devices and reconfiguring them to permit malicious access to your network, follow these best practices to secure administrative access. Best Practices Implementing Zero Trust with Palo Alto NetworksWildFire Best PracticesLearn the best practices for using WildFire as part of your network threat detection and prevention solution. PAN-OS Best Practices for Securing Administrative AccessLearn the best practices for securing administrative access to your firewalls to prevent successful cyberattacks through an exposed management interface. PAN-OS 9.0-10.0 Best Practices for Applications and Threats Content UpdatesLearn the best practices for keeping application and threat content signatures up-to-date seamlessly. PAN-OS 8.1 Best Practices for Applications and Threats Content UpdatesLearn the best practices for keeping applications and threats content signatures up-to-date seamlessly. PAN-OS 10.1 Best Practices for Applications and Threats Content UpdatesLearn the best practices for keeping application and threat content signatures up-to-date seamlessly. IoT Security Best PracticesApply best practices during the planning, deployment, and maintenance of your IoT Security implementation. User-ID Best PracticesLearn the best practices for implementing User-ID so that you know and control every user on your network. URL Filtering Best PracticesUse the URL Filtering best practices to guide you how to reduce your exposure to web-based threats, without limiting your users’ access to web content that they need. Best Practices for Securing Your Network from Layer 4 and L...To monitor and protect your network from most Layer 4 and Layer 7 attacks, follow our best practice recommendations. Recommended TopicsCreate Best Practice Security Profiles for the Internet GatewayBlock malicious traffic, including viruses, vulnerability exploits, bad file types, bad websites, and more.
Tech Docs: SSL Decryption Best Practices Light Up Hidden Malware
Ways to Strengthen Your Internet Gateway
Policy Optimizer Webinar: Strengthen Your Security Rule SetTranslated Best Practices DocumentationGlobalProtect Best Practices Webinar
VideosIntroduction to the Best Practice Assessment Plus (BPA+) Tool
Learn about how to check and improve your best practice network security posture using the BPA+. How To Implement App-ID on Your Next-Generation Firewall
Watch the video to learn how to implement App-ID on your next-generation firewall to protect against increasingly evasive threats and prevent successful cyber breaches. Use Policy Optimizer to Improve your Security PostureMoving from port-based legacy firewall rules to App-ID™ technology-based ones greatly reduces the opportunity for attack. However, that transformation takes time, effort and resources. The new Policy Optimizer makes it easy. It uses simple workflows and intelligence gathered by PAN-OS to move from legacy rules to App-ID based controls and strengthen your security. Best Practice Assessment Plus (BPA+) Tool Demo
View the BPA+ demo, which shows you how to check your PAN-OS best practice configuration and update it if necessary. How To Implement User-ID on your Next-Gen Firewall
Watch the video to learn how to implement User-ID on your next-generation firewall to maximize your security investments and defend your business from successful cyber attacks. What is Zero Trust?Traditional cybersecurity models classify users as “trusted” and “untrusted.” However, trust can be exploited. For example, 80% of data breaches today are caused by misuse of privileged credentials. The increasing sophistication of attackers requires a comprehensive Zero Trust strategy to "remove trust and reduce overall cybersecurity risk across the network, endpoints and cloud. BPA+ YouTube ChannelClick "View BPA+ Playlist" to access all of the BPA+ videos, including best practice network security checks and a demo. Strengthen Your Internet Gateway
See your network from the vantage point of an attacker and learn what attackers do to achieve their objectives. Learn how to map the specific steps an attacker takes to prevention technologies available on a next-generation firewall. Based on this understanding, you will know how to defend your networks using App-ID, User-ID, Decryption, Threat Prevention and WildFire. Find the Hidden Threats in Your TrafficNext-generation firewalls from Palo Alto Networks® decrypt, inspect and then re-encrypt network traffic before it is sent to its destination. WebinarsPolicy Optimizer - Strengthen Your Security Rule Set and Save TimeAbout this webinar App-ID increases the value of our next-generation firewalls by making it easier and faster to determine the exact identity of applications traversing the network, enabling teams to set and enforce the right policies. Join Palo Alto Networks experts and learn how you can use the New Policy Optimizer capability to migrate your legacy rule set to App-ID based rules. In this webcast, you will:
How to Prevent Breaches through Application ControlsAbout this webinar Employees are accessing any application they want, using work or personal devices, regardless of the business and security risks involved. Join the webinar and discover:
How to Implement User-Based Controls for CybersecurityAbout this webinar Visibility and policy control based on users is critical for cybersecurity. User-based policies readily show their business relevance, are more secure, easier to manage, and allow better forensics. In this webinar you will:
Enabling and Deploying Your SSL DecryptionAbout this webinar The growth in SSL/TLS encrypted traffic traversing the internet is on an explosive upturn. Given the primary benefits associated with encryption, the private and secure exchange of information over the internet, compliance with certain privacy and security regulations – such as the Health Insurance Portability and Accountability Act and Payment Card Industry Data Security Standard, or HIPAA and PCI DSS – the trend in SSL adoption is expected to continue to rise. Watch as our Palo Alto Networks® team of experts presents the “hows and whys” of SSL decryption. In this webcast, you will:
Which are VM security recommendations?Remove Unnecessary Hardware Devices.. Disable Unused Display Features.. Disable Unexposed Features.. Disable VMware Shared Folders Sharing Host Files to the Virtual Machine.. Disable Copy and Paste Operations Between Guest Operating System and Remote Console.. Limiting Exposure of Sensitive Data Copied to the Clipboard.. How do I protect my virtual network?Use strong network controls.. Logically segment subnets.. Adopt a Zero Trust approach.. Control routing behavior.. Use virtual network appliances.. Deploy perimeter networks for security zones.. Avoid exposure to the internet with dedicated WAN links.. Optimize uptime and performance.. What is the correct option to how do you protect internal networks on Azure?Use Network Security Groups (NSGs) or Azure Firewall to protect and control traffic within the VNet. Use Service Endpoints or Private Link for accessing Azure PaaS services. Use Azure Firewall to protect against data exfiltration attacks. Restrict access to backend services to a minimal set of public IP addresses.
What is used to enhance the security of a virtual machine deployed in Azure cloud?Azure Disk Encryption helps you address organizational security and compliance requirements, by encrypting your virtual machine disks with keys and policies that you control in Azure Key Vault. Azure Disk Encryption enables you to encrypt your virtual machine disks, including the boot and the data disks.
|
