To use Panorama for managing Palo Alto Networks firewalls, you must add the firewalls as managed devices and then assign them to device groups and templates. Panorama Templates allow you manage the configuration options on the Device and Network tabs on the managed firewalls. Using templates you can define a base configuration for centrally staging new firewalls and then make device-specific exceptions in configuration, if required. For example, you can use templates to define administrative access to the device, set up User-ID, manage certificates, set up the firewalls in a high availability pair, define log settings, and define server profiles on the managed firewalls.
How can I create a template?
Until you add a template on Panorama, the Device and Network tabs required to define the network set up elements and device configuration elements on the firewall will not display.
When creating templates, make sure to assign similar devices to a template. For example, group devices with a single virtual system in a one template and devices enabled for multiple virtual systems in another template, or group devices that require very similar network interface and zone configuration in a template.
How does the Palo Alto Networks Next-Generation Firewall prevent threats?
The Palo Alto Networks Next-Generation Firewall protects and defends your network from commodity threats and advanced persistent threats (APTs). The firewall’s multi-pronged detection mechanisms include a signature-based (IPS/Command and Control/Antivirus) approach, heuristics-based (bot detection) approach, sandbox-based (WildFire) approach, and Layer 7 protocol analysis-based (App-ID) approach.
To view a list of Threats and Applications that Palo Alto Networks products can identify, use the following links:
Applipedia—Provides details on the applications that Palo Alto Networks can identify.
Threat Vault—Lists threats that Palo Alto Networks products can identify. You can search by Vulnerability, Spyware, or Virus. Click the Details icon next to the ID number for more information about a threat.
When it comes to the use of technology decision making, the stakes for the business have never been higher. Investing in the right technology at the right time can very often mean direct competitive advantage to the business. Investing poorly, at the wrong time, or not at all (especially when competitors do so) can instead mean the business operates at a disadvantage relative to peers and competitors.
At the same time, the time window that organizations have to consider the options available to them is decreasing. It seems like digital trends and new technologies arise quickly and appear from seemingly out of nowhere, leaving organizations relatively little time to evaluate trends, understand the risk and rewards, and make an informed decision about investment. And, as we know, making an informed decision about value and risk tradeoffs for any technology or digital trend can be complicated. We need to consider business value added, new risks introduced (and old risks potentially mitigated), cost of the investment, possible disruption to business teams and numerous other factors.
To help with these challenges, ISACA is making a new resource available: ISACA Insights. The purpose of Insights is to identify the most impactful digital trends that organizations should consider in their strategic decision making:
Big data analytics
Mobile technologies
Cloud computing
Machine learning
Internet of Things
Massive open online courses
Social networking
Digital business models
Cybersecurity
Digital currency
Insights consists of a top 10 report describing the high level trends in business-accessible language and supplemental individual trend reports highlighting specific trends with an eye to overall organizational risk and value. Because the reports are short and business-accessible rather than technical, they are easily understood by those on either the technology or business side of the organization. They can be used as a discussion aid between business and technical teams—for example, to help business teams understand the risk impact of a particular trend or to help technical teams understand the business value drivers that might be driving interest in a particular trend or technology area.
Over the next few weeks, ISACA will be looking in depth at some of the information outlined in these reports and some of the risk, value and security implications of each of the top trends. Making a holistic decision about the risk vs. reward associated with investing in any particular trend means understanding both sides of the risk equation—the value to the business in adopting, the potential business risks associated with failing to adopt, as well as the technical risks that can be introduced when adopting these trends.
I encourage you to view the report on the top 10 trends, as well as the more in-depth reports on each of the top four trends. All are free at www.isaca.org/isaca-insights.
Ed Moyle Director of Emerging Business and Technology, ISACA
In this latest of our lightboard sessions, Joerg Sieber maps out important updates to Panorama and how you can simplify policy and device management without sacrificing good data or business productivity.
I have been negligent. The last time that I published an update to the Cybersecurity Canon Project was when we announced the 2015 inductees at Ignite back in April. Since then, we have been busy, and I am happy to announce that we are kicking off the 2016 Cybersecurity Canon inductee season in style by announcing this year’s slate of committee members. They are:
Christina Ayiotis: Co-Chair, Georgetown Cybersecurity Law Institute
Robert Clark: Cyber Law Professor at the United States Military Academy
Rick Howard: Palo Alto Networks CSO
Brian Kelly: Quinnipiac University CISO
Dawn-Marie Hutchinson: Comm Solutions Company CISO
Hannah Kuchler: Journalist, Financial Times
Neena Lakhani: Marketing Manager at Data Integration
Jon Oltsik: Sr. Principal Analyst, Enterprise Strategy Group
Dan Ragsdale: Program Chair, Cyber Center of Excellence, Texas A&M
Ben Rothke: Senior eGRC Consultant at Nettitude Group
Steve Winterfeld: Nordstrom Bank ISO
For the newbies in the crowd, a canon is a list of collected works that the applicable community has accepted as genuine. The Cybersecurity Canon project is an effort to identify all of the cybersecurity books that we, as a community of professionals, should have read by now.
We set up the project similarly to the Baseball Hall of Fame. Like the Baseball Writers’ Association of America, the cybersecurity community — that’s us — suggests titles that should be considered as candidates for induction into the Canon. They do that by writing a review of their book and making the case on why the book should be accepted as a candidate. Anybody can write a book review for his or her favorite books.
The Cybersecurity Canon Committee considers each review on merit and decides whether or not the reviewer made a strong enough case to include the book on the candidate list. If so, we add the book and the book review to the Canon page (click on the book covers to read the review).
Today, we have roughly 25 books on the candidate list, including both fiction and non-fiction. Candidate books in the non-fiction category range in topics from crime to espionage, hacktivism, warfare and technical. Candidates in the fiction category qualify if the story the author is telling contains cybersecurity elements that are true or possible. The Committee estimates that there should be at least 125 books on the candidate list at any given time. That is where you come in.
If you have a favorite book that you think everybody in our community should have read by now in order to be a complete cybersecurity professional, get cracking on that book review. This web page describes the criteria for what the committee is looking for in a book review.
Sometime at the beginning of calendar year 2016, we will open the candidate list for community voting. In other words, you get to vote on which books we induct into the Canon for 2016. So far, we have inducted these five books:
“We Are Anonymous” by Parmy Olson
“The Cuckoo’s Egg” by Clifford Stoll
“Countdown to Zero Day” by Kim Zetter
“Spam Nation” by Brian Krebs
“Winning as a CISO” by Rich Baich
Most of the authors came to Las Vegas to receive their award during a ceremony on the main stage at Ignite, the annual Palo Alto Networks customer conference. They then participated in a breakout session where committee members interviewed each on stage. It was fantastic!
The 2016 inductee season is officially underway. Please help us grow the Cybersecurity Canon project by reviewing the candidate list, sending me suggestions for other titles that should be there, and, most importantly, writing your own reviews for the books that should be on the candidate list. In the meantime, I will keep you updated throughout the year as we add more titles and get closer to opening up the voting process for 2016 selection.
