AIOPS From Palo Alto Networks

Many organizations have acquired security tools that due to many circumstances are often configured sub optimally. This often leads to extremely low ROI for these security tools which in turn can lead to poor security posture. The challenge lies in trying to get ahead of the issues before they can lead to a network disruption.

Palo Alto Networks has tools available such as the Best Practice Assessment (BPA) that enables organizations to get a view into their usage of next-gen features as well as seeing how close they are to Palo Alto recommended configuration best practices. This is an invaluable tool for many organizations looking to attain better security prevention as well as ROI by using more of what they paid for. While this is a great tool, it needs to be run on a continuous basis to ensure that constant improvements are being made. It only provides valuable information for a point in time. What if this process could be automated?

Introducing Palo Alto Networks AIOPS

AIOPS stands for “Artificial Intelligence for IT Operations”. This sounds very compelling so let’s dig a little deeper. Palo Alto Networks utilizes big data and machine learning to automate security operations processes, including event correlation, anomaly detection, and causality determination.

Palo Alto Networks introduces the industry’s first domain-centric AIOps for NGFW that redefines firewall operational experience by predicting, interpreting, and resolving problems before they become business-impacting.

AIOps for NGFW enables security teams to continuously improve security posture by optimizing configuration into their dynamic environment based on best practices and configuration recommendations. I think of this as an always running BPA that is proactively providing information around things like device health and configuration recommendations.

It also empowers network security operations teams to become proactive with ML-powered anomaly detection and actionable insights into the health and performance of the entire deployment. AIOps for NGFW proactively addresses the top operational challenges of today, like misconfigurations, human errors, compliance with best practices, resource usage, hardware and software failures, and more.

What are the benefits from utilizing AIOPS:

Utilizing AIOPS, you can for example strengthen your security posture by reducing the attack surface with built-in best practices and configuration recommendations customized to your unique deployment. Best-practice recommendations are based on industry standards, security policy context, and advanced telemetry data collected from all Palo Alto Networks firewalls. Get complete coverage for detecting security gaps in security profiles for antivirus, antispyware, vulnerability protection, file blocking, URL filtering, and sandboxing with WildFire^® based on Palo Alto Networks best practices.

A few examples:

Decryption profiles: For example, suppose you want a policy-based decryption exclusion for all traffic that contains PII. You create a decryption policy rule that matches the criteria and set the option to “No Decrypt.” However, you fail to attach a decryption profile to this rule. This rule is vulnerable to untrusted certificate issuers. AIOps for NGFW will alert you to this and recommend that a decryption profile be attached to the policy to guard against expired certificates and untrusted certificates.

Firewall performance and capacity disruptions: Insights across your deployment and reduce NGFW downtime with proactive insights to maintain optimal firewall health and performance and keep your NGFWs running smoothly. AIOps can intelligently predict firewall health, performance, and capacity problems seven days in advance based on machine learning (ML) powered by telemetry data and provides actionable insights to resolve the predicted disruptions. Think of taking on additional interfaces or adding large numbers of users behind the firewall. How is this going to affect performance?

Visibility: Obtain a comprehensive view of the activity seen in your organization across applications, threats, networks, users, and security subscriptions (e.g., URL Filtering, DNS Security, Data Loss Prevention and WildFire) in one place. The “Activity” tab lets you know how you use your security services and drills down into the details of threats in addition to understanding usage patterns across users, apps, and networks.

The rich and interactive dashboards provide the ability to explore data to the lowest possible level of detail—i.e., logs for troubleshooting, investigation, compliance, and other purposes. Furthermore, you will also be able to download, share, and schedule offline PDF reports of the dashboards.

Where to Start: Optimize your time and focus on the parts of the network that are most critical. In a single view, you have insight into the most critical alerts around device health, lowest security grades by device, top configuration alerts by devices. You are shown the first device to investigate from a device health, device security and security alert perspective.

AIOps provides an ongoing view into device health, configuration recommendations, and a deep view into activity seen across your devices. This allows the operations team to become more proactive instead of reactive to issues such as degraded device performance, increasing your security posture by having an ongoing view into best practice recommendations and an increased ROI on your Palo Alto Networks firewall investment. Contact your Optiv client manager today to learn more!

Comments are closed.