Firewall Health as a Service

SecureDynamics’ SECHealth for Firewalls is a cloud-based, SaaS service that simplifies and automates ongoing administrative tasks to drastically reduce the time and resources required to resolve complex operational issues and maintain a healthy firewall. With SECHealth for Firewalls, you can ensure your implementation follows Iron Skillet best practice recommendations from Palo Alto Networks, with continuous monitoring, policy clean up, troubleshooting and remediation capabilities that help you keep your security in force. You can:

  • Get out of fire-fighting mode and become more strategic, by hardening your firewall deployment and automating ongoing tasks, so you can focus on higher-level cybersecurity initiatives..
  • Adhere to best-practices as you establish and update your policies to effectively protect your resources and operations with a consistent security stance across environments.
  • Create a preventative security posture with a healthy firewall deployment that takes full advantage of advanced firewall capabilities.
  • Manage all the Policies of your Panorama connected devices.
  • Eliminate policy sprawl and ensure policies are being implmented at the right level to make them most effective.
  • Skillets (templates) can be applied to a single firewall or across multiple firewalls connected via Panorama to accelerate deploments.

 

Streamline policy management

The SECHealth Policy Advisor allows administrators to review all their policies across all their firewalls, either directly or via their Panorama management device. More importantly, it will determine whether a new policy should be added or conflicts with an existing policy, by doing a Duplicate/Merge/Shadow analysis. If there is no potential conflict, the Advisor will suggest the ideal location of the new policy. This Advisor works well for an admin managing a pair of firewalls and scales to a team managing 5,10 or 50 firewalls.

Uttimately, SECHealth for Firewalls saves administrators time, facilitating faster policy clean up and multi-policy updates and edits. Administrators can review all their firewall policies to identify and efficiently delete or merge duplicate and shadow rules. It also ensures that best practices, such as logging, security profiles are applied to all policies.
 

Review and remediate Issues with Palo Alto Networks Best Practices Assessment (BPA)

To reduce the attack surface, increase visibility into network traffic, prevent known and unknown attacks, and protect what’s most valuable, SECHealth for Firewalls provides the best practices assessment report developed by Palo Alto Networks with one click. The BPA reviews the state of the Palo Alto Networks firewalls and provides recommendation on configurations and feature adoption, as well as best practices recommendation. SECHealth for Firewalls can remediate certain issues identified by the BPA with the click of a button. The result — a well configured firewall and the adoption of recommended best practices.
 

Alert, troubleshoot and remediate with Playbooks

Playbooks are drag and drop tools that use Palo Alto Networks CLI commands to query the Firewall. They allow you to write complex playbooks without having to learn CLI commands, enabling you to create playbooks to alert, troubleshoot or remediate the firewall and any associated network or VPN issues with a few point and clicks. Multiple CLI commands can be chained together, and you can use conditional statements to test scenarios. You can get alerts via email or text and also auto-remediate if needed. Playbooks can be scheduled to run daily, hourly or on a sleep timer to allow you to focus on other tasks.
 

Monitor firewalls for misconfigurations, out of sync parameters, and security advisories

The SECHealth Dashboard allows you monitor your firewall operations, so it is easy to spot and address any potential issues. The Dashboard will display configuration issues that could potentially allow for a breach and identify when subscriptions are out of date or if there are any Palo Alto Networks Security Advisories specific to their version of the firewall. It monitors over 50 parameters and displays the information in three main sections:

  • A graphical view of alerts, packet drops and incomplete sessions.
  • A summary of Configuration alerts, Playbook alerts as well as Security Advisories
  • A table with firewall status and metrics per firewall

If the firewalls are setup as a High Availability pair, the dashboard will show the condition of both members of that pair.
 

Increase the value of your security deployment

SECHealth keeps your security deployment healthy by:

  • Streamlining Firewall Configuration Management with real time updates
  • Dramatically reducing time to do Policy Management with or without Panorama by complementing the functionality of the Policy Manager in PAN-OS 9.x
  • Troubleshooting Firewall, and Network issues to ensure a healthy deployment with minimal downtime and alerting if there are issues prior to a catastrophic failure.
  • Adhering to best practices for the best security posture