Manage your Palo Alto Network NGFW Policies with App-ID, Content-ID, User-ID, and more with Tufin
Today, enterprises are increasingly turning to Next-Generation Firewall (NGFW) features with the goal of moving toward a more proactive user and application-aware approach to enterprise security. A long-term Palo Alto Networks partner, Tufin provides some of the industry’s best support for PanOS and Panorama security policy management, namely NGFW feature support within these products. In addition to our PanOS and Panorama support, Tufin is a founding member of the Palo Alto Networks Fuel User Group, a user-led, non-profit group exclusively for PAN customers interested in advancing their knowledge of information security, primarily in the cloud.
Let’s take a look at some of the most common Palo Alto Networks NGFW features and how they can be managed from the Tufin Orchestration Suite to enhance enterprise networks’ security posture.
Role of App-ID in access management
Palo Alto Networks uses multiple techniques, including application signatures, decryption, protocol decoding, and heuristics, to identify applications, and application functions. These applications and application functions are identified by their App-ID, allowing security admins to create granular application-aware security policies, transition to a positive enforcement model, and apply extra scrutiny to unknown traffic.
Tufin SecureTrack provides complete visibility into App-IDs and their use within the enterprise’s security policies, including support for custom applications. Admins can quickly identify where App-IDs are used within the entire policy base, and immediately identify potential compliance violations via the Unified Security Policy. SecureTrack can also display “last hit for App-ID” information per-policy, enabling security admins to identify App-IDs which may no longer be required for a particular policy, and may indicate overly permissive access.
User-centric security policy management
With an increasingly distributed and mobile workforce, traditional methods of identifying users, such as by IP address, are no longer effective. Palo Alto Networks gathers information from various sources including, VPNs, WLAN controllers, captive portals, directory servers, proxies and more, to generate a User-ID, which can be used to uniquely identify a user as they traverse physical and network locations.
As with App-IDs, SecureTrack provides complete visibility into User-IDs and their use within the enterprise’s security policies. SecureTrack allows admins to visualize security policies that apply to individual User-IDs, painting a picture of the user’s effective access across the entire enterprise network, inclusive of legacy devices, regardless of the user’s location.
Below is an example of the ability to see policies based on UserID (admin):
Today, enterprises are increasingly turning to Next-Generation Firewall (NGFW) features with the goal of moving toward a more proactive user and application-aware approach to enterprise security. A long-term Palo Alto Networks partner, Tufin provides some of the industry’s best support for PanOS and Panorama security policy management, namely NGFW feature support within these products. In addition to our PanOS and Panorama support, Tufin is a founding member of the Palo Alto Networks Fuel User Group, a user-led, non-profit group exclusively for PAN customers interested in advancing their knowledge of information security, primarily in the cloud.
Let’s take a look at some of the most common Palo Alto Networks NGFW features and how they can be managed from the Tufin Orchestration Suite to enhance enterprise networks’ security posture.
Role of App-ID in access management
Palo Alto Networks uses multiple techniques, including application signatures, decryption, protocol decoding, and heuristics, to identify applications, and application functions. These applications and application functions are identified by their App-ID, allowing security admins to create granular application-aware security policies, transition to a positive enforcement model, and apply extra scrutiny to unknown traffic.
Tufin SecureTrack provides complete visibility into App-IDs and their use within the enterprise’s security policies, including support for custom applications. Admins can quickly identify where App-IDs are used within the entire policy base, and immediately identify potential compliance violations via the Unified Security Policy. SecureTrack can also display “last hit for App-ID” information per-policy, enabling security admins to identify App-IDs which may no longer be required for a particular policy, and may indicate overly permissive access.
User-centric security policy management
With an increasingly distributed and mobile workforce, traditional methods of identifying users, such as by IP address, are no longer effective. Palo Alto Networks gathers information from various sources including, VPNs, WLAN controllers, captive portals, directory servers, proxies and more, to generate a User-ID, which can be used to uniquely identify a user as they traverse physical and network locations.
As with App-IDs, SecureTrack provides complete visibility into User-IDs and their use within the enterprise’s security policies. SecureTrack allows admins to visualize security policies that apply to individual User-IDs, painting a picture of the user’s effective access across the entire enterprise network, inclusive of legacy devices, regardless of the user’s location.
Below is an example of the ability to see policies based on UserID (admin):
*** This is a Security Bloggers Network syndicated blog from Tufin - Cybersecurity & Agility with Network Security Policy Orchestration authored by John Moran. Read the original post at: https://www.tufin.com/node/3284
