Data Loading...
AIOps for NGFW Solution Brief Flipbook PDF
AIOps for NGFW Solution Brief
181 Views
106 Downloads
FLIP PDF 1.56MB
AIOps for NGFW An Industry First That Revolutionizes Firewall Operations
Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
1
As enterprises expand and the threat landscape evolves, security teams invest in new and expensive network security equipment and tools to support their growing infrastructure and prevent threats to maintain a secure workplace. Yet, security teams across industries struggle to fully utilize their network security infrastructure. Security teams don’t know the best practices to configure various features to effectively maximize their security functionality or have insights into misconfigurations. This leads to gaps in their security posture and puts them at a greater risk of a breach. According to Gartner®, misconfigurations will cause 99% of all firewall breaches through 2023.1 Additionally, what happens when one of the hundred security tools runs out of capacity due to a high processing activity or system-related factors, such as hardware failures, software defects, or licensing issues? It delays or shuts down the network causing the loss of several thousand or millions of dollars. The average hourly cost of enterprise server downtime worldwide is US$300,000–$400,0002, and an average cost of a data center outage is US$740,357.3 Network Operations teams lack the visibility and product knowledge to prevent business-disrupting incidents due to firewall-related errors. Once impacted, they spend immense time and resources reacting to the situation—trying to determine the root cause—while under tremendous pressure to bring the business back online. Poor Security Posture
Preventable Business Disruptions
Feature-rich security equipment configured suboptimally leads to low Rol
No ability to get ahead of issues that will lead to network disruptions
Figure 1: Organizations want to get more out of their existing security investments but are challenged today To be efficient in managing firewalls, network security operators would need these insights in advance and prevent business-disrupting incidents due to security gaps and firewall-related errors before they become business-impacting.
Typical IT Security Management Solutions Increase Investment but Not Return on Investment Existing solutions in the market are not enough as it is impossible to see what your current security posture is and how to improve it; an offer-reactive process, which depends on a rear-view mirror, and cannot predict and prevent disruptions; and there is no way to assess the impact of future deployment options confidently. We need an alternative approach to address all these issues and intend to address all these gaps with AIOps.
What Is AIOps? AIOps (Artificial Intelligence for IT Operations) implies combining big data and machine learning to automate IT operations processes, including event correlation, anomaly detection, and causality deter-
1. Rajpreet Kaur, Adam Hils, and John Watts, Technology Insight for Network Security Policy Management, Gartner, February 21, 2019, https://www.gartner.com/en/documents/3902564/technology-insight-for-network-security-policy-managemen. 2. Thomas Alsop, “Average cost per hour of enterprise server downtime worldwide 2019,” Statistica, December 7, 2020, https://www.statista.com/statistics/753938/worldwide-enterprise-server-hourly-downtime-cost/. 3. Cost of Data Center Outages 2016, Ponemon Institute, January 2016, https://www.vertiv.com/globalassets/documents/reports/2016-cost-of-data-center-outages-11-11_51190_1.pdf.
Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
2
mination.4 “AIOps platforms analyze telemetry and event streams to transform data into meaningful patterns and enable proactive responses that reduce toil and overhead.”5
AIOps Enables IT Operations Teams to Respond More Quickly with a Lot Less Effort By replacing multiple separate, manual IT operations tools with a single, intelligent, and automated IT operations platform, AIOps enables IT operations teams to respond more quickly—even proactively— to slowdowns and outages, with a lot less effort. AIOps bridges the gap between an increasingly diverse, dynamic, and difficult-to-monitor IT landscape, on the one hand, and user expectations for little or no interruption in application performance and availability, on the other. Most experts consider AIOps to be the future of IT operations management. Enterprises adopt AIOps platforms to use them as a force multiplier for monitoring tools. Today, AIOps platform offerings have split into two approaches—domain-agnostic and domain-centric solutions.
AIOps for NGFW: The Future of Network Security Operations Palo Alto Networks introduces the industry’s first domain-centric AIOps for NGFW that redefines firewall operational experience by predicting, interpreting, and resolving problems before they become business-impacting. AIOps for NGFW enables security teams to continuously improve security posture by optimizing configuration to their dynamic environment based on best practices and configuration recommendations. It also empowers network security operations teams to become proactive with ML-powered anomaly detection and actionable insights into the health and performance of the entire deployment. AIOps for NGFW proactively addresses the top operational challenges of today, like misconfigurations, human errors, compliance with best practices, resource usage, hardware and software failures, and more.
Figure 2: Improve your overall security and avoid preventable disruptions with AIOps for NGFW
4. “AIOps (Artificial Intelligence for IT Operations),” Gartner Glossary, Gartner, accessed February 23, 2022, https://www.gartner.com/en/information-technology/glossary/aiops-artificial-intelligence-operations. 5. Gregory Murray, Solution Criteria for AIOps Platforms, Gartner, May 27, 2021, https://www.gartner.com/en/documents/4002020/solution-criteria-for-aiops-platforms.
Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
3
Business Benefits • Maximum security: With telemetry from over 100,000+ NGFWs, AIOps continuously recommends best practices to improve your overall security. • Minimum downtime: Avoid preventable disruptions and reduce downtime. AIOps uses machine learning to predict up to 51% of disruptions to your NGFWs (based on support case analysis of a focused customer) before they impact you. • Gain confidence: Assess the security and health of your network and the impact of your future deployment options with proactive insights and gain confidence in your network stability. • Save time: Reduces time to detect network security gaps by up to 99%. • Unprecedented visibility: Get a unified view into the activity seen in your organization across applications, threats, networks, users, and security subscriptions. • Higher return on investment (ROI): Save tens of thousands of dollars by automatically detecting security gaps in your network.
Key Capabilities Strengthen Security Posture Reduce the attack surface and strengthen security posture with built-in best practices and configuration recommendations customized to your unique deployment. Best-practice recommendations are based on industry standards, security policy context, and advanced telemetry data collected from all Palo Alto Networks firewalls. Get complete coverage for detecting security gaps in security profiles for antivirus, antispyware, vulnerability protection, file blocking, URL filtering, and sandboxing with WildFire® based on Palo Alto Networks best practices. Today
With AIOps for NGFW
Unsecure compromised domain (Website with invalid cert)
Unsecured compromised domain (website with invalid cert)
Mike (NetSec Admin) User
Misconfigured
User
User downloads a file with “malware”
User’s desktop
Mike does not apply decryption profile for government and healthcare websites in the decryption rule
User browses a compromised website under “healthcare” category and is urged to install a “security update”
When installed, the executable delivers a malware (Trojan) that tampers with users running processes
User’s desktop
Mike does not apply decryption profile for government and healthcare websites in the decryption rule
Mike receives an alert “No decryption profile attached to decryption policy rule”
Clicks the alert, finds the impacted Decryption policy rule and applies remediation steps
Figure 3: Utilize existing security functionality while implementing security best practices in real time (Scenario: installation of malware averted) For example, suppose you want a policy-based decryption exclusion for all traffic that contains PII. You create a decryption policy rule that matches the criteria and set the option to “No Decrypt.” However, you fail to attach a decryption profile to this rule. This rule is possibly vulnerable to untrusted certificate issuers. AIOps for NGFW will alert you to this and recommend that a decryption profile be attached to the policy to guard against expired certificates and untrusted certificates.
Proactively Resolve Firewall Disruptions Gain insights across your deployment and reduce NGFW downtime with proactive insights to maintain optimal firewall health and performance and keep your NGFWs running smoothly. AIOps can intelligently predict firewall health, performance, and capacity problems seven days in advance based on machine learning (ML) powered by telemetry data and provides actionable insights to resolve the predicted disruptions.
Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
4
Today
With AIOps for NGFW
Get alerted about hardware, software, memory depletion, high processing activity, and more via email or in-app. How do I make sure availability or performance is not disrupted when my peers write new rules?
How is my network health at this time?
Get step-by-step recommendations to resolve alerts on your own.
I want to know the root cause of the symptom. I wish I could get ahead of issues and fix them before they disrupt my network.
I wish someone could warn me about network disruptors before things go wrong and tell me how to improve my network health.
Easy, one-click support ticket creation.
Figure 4: Maintain optimal firewall health and performance with proactive ML-powered predictions For example, a sudden addition of hundreds of new users as part of company expansion combined with the introduction of new applications results in a significantly high network processing activity, resulting in firewalls dropping traffic and slowing down the network. In these situations, security teams often struggle to cite the reason for failure. AIOps for NGFW saves time in problem discovery and helps address the issue ahead of time. It forecasts high utilization of firewall computing in the next seven days and sends an email alerting the concerned team. The alert cites the reasons for the potential issue with step-by-step recommendations either in the form of CLI commands or technical documentation links to remediate the issue. The predictive analytics capability gives the team a runway to prevent firewall disruptions before they become a problem and develops an effective strategy to optimize their usage. If the security teams cannot resolve the issue independently, they can also seamlessly create an in-app support ticket and connect with the Palo Alto Networks support team to address the issue. With AIOps for NGFW
Today
Mike
Mike
AIOps forecasts high utilization of firewall computing in the next 7 days and sends an email alerting Mike
Existing monitoring solutions would have alerted Mike after the firewall reaches a critical threshold, without citing the reason of failure.
New users added due to company expansion, combined with new app result in more network traffic processing
Firewall starts to drop packets at peak times
Network slows down affecting the business
Mike is under pressure to bring the business back and struggles to find the reason
New users added due to company expansion, combined with new app result in more network traffic processing
Mike receives an alert forecasting high processing activity with details of issue
Clicks the alert, finds the contributing events and remediation steps
Mike gets a chance to prevent the issue before it becomes a problem
Figure 5: Proactively resolve firewall disruptions up to seven days in advance (Scenario: leverage forecast-based alert with remediation recommendations to proactively address a latency issue)
Unprecedented and Unified Security Visibility Get a comprehensive view of the activity seen in your organization across applications, threats, networks, users, and security subscriptions (e.g., URL Filtering, DNS Security, Data Loss Prevention and WildFire) in one place. The “Activity” tab lets you know how you use your security services and drills down into the details of threats in addition to understanding usage patterns across users, apps, and networks. The rich and interactive dashboards provide the ability to explore data to the lowest possible level of detail—i.e., logs for troubleshooting, investigation, compliance, and other purposes. Furthermore, customers will also be able to download, share, and schedule offline PDF reports of the dashboards.
Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
5
Figure 6: Unified view into activity seen in your organization across applications, threats, networks, users, and security subscriptions
Zero In on the Device That Needs the Most Attention Do you know where to start? You want to optimize your time and focus your attention on parts of your deployment that will give you the maximum benefit—all other things being equal. AIOps for NGFW inherently combines the criticality, nature and source of the anomaly/failure and the number of issues seen on the device for both the health and security posture of the device. The device and alert that need attention first are surfaced for immediate attention, and you are led to find solutions that will improve the grade of the device.
Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
6
Figure 7: Grading and scoring allow you to prioritize which devices need immediate attention
Alert-Driven Workflow to Remediate Issues AIOps for NGFW can send out notifications through email and ServiceNow® that are customizable to ensure the admin gets notified and takes the necessary action. The “Alerts” tab is a single place to look at all security and network health alerts. Alerts can be grouped by Software version, Model, Alert name, Hostname, Alert Category, Event Type, and Alert Status. Filtering and grouping capabilities are available in the Alerts list to improve the understanding of the nature and scale of the issues and help focus on specific devices and issues of interest. For example, grouping by “Alert category” helps find best-practice checks concerning critical security controls, views critical alerts, and measures security efficacy. Alerts could also be viewed by software version to find the version with the highest critical alerts or software known issues to fix them at once.
Figure 8: Active alerts on network operations issues with details for easy troubleshooting, along with remediation recommendations
Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
7
How AIOps for NGFW Works AIOps for NGFW is a cloud-based module and relies on telemetry data from hardware firewalls (PA-Series), software firewalls (VM-Series), and our management platform (Panorama™). The data moves to our AIOps cloud, where we apply machine learning algorithms to produce recommendations and detect anomalies. AIOps for NGFW is fully powered by PAN-OS® telemetry. It is easy to deploy and requires no new product to be installed. AIOps for NGFWs ML-powered prediction and anomaly detection
Get best-practice recommendations that are easy to deploy
Guided best-practice recommendations Telemetry data
AIOps for NGFWs
Simplified support ticket creation
Gain insights across your deployment to maximize return on investment
Proactive health and security posture alerts
NGFWs (Hardware, VM, Panorama)
Predict firewall health, performance and capacity disruptions
Config hygiene assessments and recommendations Security efficacy reports and visualizations Cloud-delivered application
Figure 9: AIOps for NGFW enhances firewall operational experience with comprehensive visibility to elevate security posture and proactively maintain deployment health
Availability AIOps for NGFW is available as Free and Premium (paid) subscriptions. The Free version includes security configuration assessment and visibility for system health, which enriches the operator’s understanding of their firewall deployment and provides customers security posture improvements. Premium AIOps for NGFW provides customers security visualizations, threat insights, and operational health analytics, ensuring full utilization and maximum security outcome from Palo Alto Networks NGFWs. Strengthen security posture Complete coverage in detecting security gaps
Proactively resolve firewall disruptions
Detect and prevent firewall health problems
Optimize your security investment
Security and health alert notifications Know when something needs attention
for all firewall and AIOps for NGFW queries
Understand gaps in configuration best practices
Detect hardware and software system issues
Analyze network traffic logs
Alerts via email
Web support via LIVEcommunity
Get recommendations to close security gaps and improve posture
Detected by heuristic and threshold-based algorithms
Ranking of devices based on overall health
Alerts via integration with ServiceNow
Easy, one-click support ticket creation for system issues
Predict operational outcomes using advanced AI/ML
DNS Security dashboard
Know about traffic and configuration unique to you
Engagement and support
Easy, one-click support ticket creation for operational issues
Application usage and user activity dashboards and reports Indicators of compromise (IoC) dashboard Ransomware and unknown malware dashboard Available in Free version
Available in Premium (paid version)
Requires CDL license
With corresponding security subscription
Figure 10: Features available in the free and premium versions of AIOps for NGFW (refer to TechDocs for product feature descriptions in both tiers). Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
8
Operational Benefits • Address the top network operational challenges: Misconfigurations, human errors, compliance with best practices, resource usage, hardware and software failures, manual, repetitive, and time-consuming processes, configuration limitations, memory depletion, logging issues, and more. • Configuration Best Practices Assessment: Assesses the firewall’s configuration daily and identifies gaps concerning best practices. Provides workflows to ensure an always-optimal security posture that keeps up with a changing threat and network landscape. • Visibility into system health: Provides easy access to runtime and historical telemetry data from firewalls and detects system issues. • Specific and prescriptive remediation guidance: In-app, step-by-step recommendations and CLI commands to resolve alerts on your own. • Analytics for operational health: Uses ML-driven techniques for predictive insights and performs root cause analysis. • Security visualization and threat insights: Provides a comprehensive view of threats across firewalls, security subscriptions, and network traffic. • Save time: Reduces time to resolution through easy-to-use alert notification workflows. • Easy deployment: No new product to install. Just switch on telemetry.
Table 1: Palo Alto Networks AIOps for NGFW: Features and Capabilities Features
Capabilities
Detection and understanding of security gaps specific to configuration best practices.
Know about traffic and configuration unique to your environment with interactive dashboards to analyze your network traffic logs,a application usage, user activity, DNS Security, indicators of compromise (IoC), ransomware, and an unknown malware dashboard to optimize your security investment.b
Strengthen security posture with step-by-step recommendations in the form of instructions or CLI commands to close security gaps.
Know when something needs attention with security and health alert notifications via email or your ticketing system with ServiceNow integration.
Proactively resolve firewall disruptions by detecting and preventing firewall health problems, including hardware and software system issues, resource usage, logging, and dynamic content configuration limits.
Easy, one-click support ticket creation for system and operational issues.
Detect and predict operational outcomes using anomaly detection, threshold-based algorithms, and advanced AI/ML forecasting.
Easy deployment with no new product to install. Just switch on telemetry.
a
Requires CDL license to analyze network traffic logs, application usage, and user activity dashboards.
b
Requires corresponding security subscriptions for DNS Security, indicators of compromise (IoC), ransomware, and unknown malware dashboards.
Strata by Palo Alto Networks | AIOps for NGFW | Solution Brief
9
Table 2: Palo Alto Networks AIOps for NGFW: Privacy, Versions and Requirements Privacy with Threat Prevention Subscription Trust and Privacy
Palo Alto Networks has strict privacy and security controls in place to prevent unauthorized access to sensitive or personally identifiable information. We apply industry-standard best practices for security and confidentiality. You can find further information in our AIOps Telemetry privacy datasheet.
Versions and Requirements Requirements
To use the Palo Alto Networks AIOps for NGFW subscription, you will need: • Palo Alto Networks ML-Powered NGFWs running PAN-OS 10.0 or later • telemetry-enabled
AIOps Cloud App Support
Hosted in US-central, and deployment is accessible globally.
Data Storage
The telemetry data can be stored in CDLs in any supported geographies. User must agree on transfer of data from regional CDL during activation workflow.
Availability and Licensing
AIOps for NGFW is available as a separate app through the Palo Alto Networks Apps Hub. The free version of AIOps does not require a license. The premium version requires a standalone license, delivered as an integrated, cloud-based subscription for Palo Alto Networks ML-Powered NGFWs. Refer to TechDocs for the complete list of features.
Supported NGFWs
All models of PA-Series firewalls, VM-Series firewalls, and Panorama.
To learn more, check out the following resources: • AIOps for NGFW TechDocs • AIOps for NGFW Getting Started • AIOps for NGFW Login Page • AIOps for NGFW LIVEcommunity to ask questions • Best Practice Assessment: This complimentary assessment helps you maximize the capabilities of your NGFW, such as identity-based security controls, to prevent successful cyberattacks.
3000 Tannery Way
Santa Clara, CA 95054 Main: +1.408.753.4000 Sales: +1.866.320.4788
Support: +1.866.898.9087 www.paloaltonetworks.com
© 2022 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. strata_sb_aiops-for-ngfw_030322