AIOPS From Palo Alto Networks

September 8, 2022

Many organizations have acquired security tools that due to many circumstances are often configured sub optimally. This often leads to extremely low ROI for these security tools which in turn can lead to poor security posture. The challenge lies in trying to get ahead of the issues before they can lead to a network disruption.

 

Palo Alto Networks has tools available such as the Best Practice Assessment (BPA) that enables organizations to get a view into their usage of next-gen features as well as seeing how close they are to Palo Alto recommended configuration best practices. This is an invaluable tool for many organizations looking to attain better security prevention as well as ROI by using more of what they paid for. While this is a great tool, it needs to be run on a continuous basis to ensure that constant improvements are being made. It only provides valuable information for a point in time. What if this process could be automated?

 

 

Introducing Palo Alto Networks AIOPS

AIOPS stands for “Artificial Intelligence for IT Operations”. This sounds very compelling so let’s dig a little deeper. Palo Alto Networks utilizes big data and machine learning to automate security operations processes, including event correlation, anomaly detection, and causality determination.

 

Palo Alto Networks introduces the industry’s first domain-centric AIOps for NGFW that redefines firewall operational experience by predicting, interpreting, and resolving problems before they become business-impacting.

 

AIOps for NGFW enables security teams to continuously improve security posture by optimizing configuration into their dynamic environment based on best practices and configuration recommendations. I think of this as an always running BPA that is proactively providing information around things like device health and configuration recommendations.

 

It also empowers network security operations teams to become proactive with ML-powered anomaly detection and actionable insights into the health and performance of the entire deployment. AIOps for NGFW proactively addresses the top operational challenges of today, like misconfigurations, human errors, compliance with best practices, resource usage, hardware and software failures, and more.

 

Image
aiops_img1.png

 

What are the benefits from utilizing AIOPS:

 

  • Maximum security: With telemetry from over 100,000+ NGFWs, AIOps continuously recommends best practices to improve your overall security.
  • Minimum downtime: Avoid preventable disruptions and reduce downtime. AIOps uses machine learning, based on support case analysis, to predict up to 51% of disruptions to your NGFWs before they impact your firewall.
  • Gain confidence: Assess the security and health of your network and the impact of your future deployment options with proactive insights and gain confidence in your network stability.
  • Save time: Reduces time to detect network security gaps by up to 99%.
  • Unprecedented visibility: Get a unified view into the activity seen in your organization across applications, threats, networks, users, and security subscriptions.
  • Higher return on investment (ROI): Save tens of thousands of dollars by automatically detecting security gaps in your network.

 

Utilizing AIOPS, you can for example strengthen your security posture by reducing the attack surface with built-in best practices and configuration recommendations customized to your unique deployment. Best-practice recommendations are based on industry standards, security policy context, and advanced telemetry data collected from all Palo Alto Networks firewalls. Get complete coverage for detecting security gaps in security profiles for antivirus, antispyware, vulnerability protection, file blocking, URL filtering, and sandboxing with WildFire® based on Palo Alto Networks best practices.

 

A few examples:

 

Decryption profiles: For example, suppose you want a policy-based decryption exclusion for all traffic that contains PII. You create a decryption policy rule that matches the criteria and set the option to “No Decrypt.” However, you fail to attach a decryption profile to this rule. This rule is vulnerable to untrusted certificate issuers. AIOps for NGFW will alert you to this and recommend that a decryption profile be attached to the policy to guard against expired certificates and untrusted certificates.

 

Firewall performance and capacity disruptions: Insights across your deployment and reduce NGFW downtime with proactive insights to maintain optimal firewall health and performance and keep your NGFWs running smoothly. AIOps can intelligently predict firewall health, performance, and capacity problems seven days in advance based on machine learning (ML) powered by telemetry data and provides actionable insights to resolve the predicted disruptions. Think of taking on additional interfaces or adding large numbers of users behind the firewall. How is this going to affect performance?

 

Image
aiops_img2.png

 

Visibility: Obtain a comprehensive view of the activity seen in your organization across applications, threats, networks, users, and security subscriptions (e.g., URL Filtering, DNS Security, Data Loss Prevention and WildFire) in one place. The “Activity” tab lets you know how you use your security services and drills down into the details of threats in addition to understanding usage patterns across users, apps, and networks.

 

The rich and interactive dashboards provide the ability to explore data to the lowest possible level of detail—i.e., logs for troubleshooting, investigation, compliance, and other purposes. Furthermore, you will also be able to download, share, and schedule offline PDF reports of the dashboards.

 

Image
aiops_img3.png

 

Where to Start: Optimize your time and focus on the parts of the network that are most critical. In a single view, you have insight into the most critical alerts around device health, lowest security grades by device, top configuration alerts by devices. You are shown the first device to investigate from a device health, device security and security alert perspective.

 

Image
aiops_img4.png

 

AIOps provides an ongoing view into device health, configuration recommendations, and a deep view into activity seen across your devices. This allows the operations team to become more proactive instead of reactive to issues such as degraded device performance, increasing your security posture by having an ongoing view into best practice recommendations and an increased ROI on your Palo Alto Networks firewall investment. Contact your Optiv client manager today to learn more!

Anthony Tanzi
Partner Architect-Palo Alto Networks-Strata | Optiv
Anthony Tanzi has more than 20 years’ experience in the networking and network security space. As a Partner Architect focused on Palo Alto Networks, Tanzi is responsible for Optiv’s pre-sales enablement and support to accelerate growth between Palo Alto Networks and Optiv in existing and new markets across the U.S. and Canada. This includes training and enablement of the pre-sales team as well as supporting them in pre-sales Palo Alto Networks conversations as well as assisting in proof of concepts, running Ultimate test drives, perform best practice assessments as well as being a technical sounding board for Optiv customers. Tanzi works directly with Optiv’s dedicated Palo Alto Channel SE to drive technical enablement as well as being an advocate for our customers. He is also focused on supporting Optiv’s post sale implementation team and working with marketing on Palo Alto specific campaigns.

Tanzi came to Optiv as part of the acquisition of the Philadelphia based integrator Comm Solutions in 2017. While at Comm Solutions for 10 years, Tanzi lead the Palo Alto Networks practice as a pre-sales engineer, post-sale implementation engineer, certified Palo Alto instructor as well as holding his own Palo Alto user groups and other marketing functions and support.

Tanzi is a member of Palo Alto Networks Cyberforce and was the first partner engineer to reach the highest level of “Cyberforce Hero” in the United States as well as being the first worldwide to be awarded “Ultimate Cyberforce Hero”.
Chad Francis
Enterprise Architect | Optiv
Chad Francis (NetSec/Strata) - Chad is a graduate of Penn State University and has over 20 years of experience in IT, Networking and Cyber Security. Chad has been working with Palo Alto Networks products for 12 years, utilizing NGFWs including VM-series and Cloud firewalls, Panorama and CDSS (Cloud Delivered Security Services- e.g. TP, WF, URL, etc.). Chad is responsible for Optiv’s pre-sales enablement and support to accelerate growth between Palo Alto Networks and Optiv. He is also focused on supporting Optiv’s post-sales implementation team and working with marketing on Palo Alto specific campaigns.

Chad came to Optiv, in 2022, from Penn State University. While at Penn State he was a Sr. Cyber Security Engineer on the Cyber Network Defense team. He focused on Palo Alto Networks design and architecture for both on-premise and the PSU public cloud solutions, along with day-to-day operations. Chad previously worked in Healthcare at Penn State Health as well as R&D in the DoD space along with experience in the manufacturing industry.

Optiv Security: Secure greatness.™

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.