SECHealth for Firewalls Service

Get out of fire-fighting mode and become more strategic, by hardening your firewall deployment and automating ongoing tasks, so you can focus on higher-level cybersecurity initiatives. Adhere to best practices, based on Palo Alto Networks’ Iron Skillet security policies, to protect resources and operations with a consistent security stance across environments. Create a preventative security posture with a healthy firewall deployment that takes full advantage of advanced firewall capabilities.

Eliminate Time-Consuming, Error-Prone Manual Firewall Tasks

SECHealth for Firewalls revolutionizes the way you manage your firewall, making it easy for you to complete daily administrative tasks and quickly address issues to keep your Palo Alto Networks Firewall healthy. SECHealth for Firewalls automates the ongoing monitoring, troubleshooting and administrative tasks you need to keep your security in force and start taking advantage of advanced security capabilities.

With SECHealth for Firewalls, you can ensure your implementation follows best practice recommendations from Palo Alto Networks, using the Iron Skillet Best Practice Rules and Profiles, with continuous monitoring, rule clean up, troubleshooting and remediation that keeps your security in force.

SD SEC Triangle-02

trengthen security

  • Proactively detect and alert on firewall configuration issues that pose a risk, such as rules written too broadly, duplicative or conflicting rules and policies.
  • Successfully migrate and start to use advanced next-generation firewall features, like Palo Alto Networks APP-ID, Threat Profiles, etc.
  • Create a preventative security posture that conforms to best-practices.

nsure simple, efficient operations

  • Automate manual tasks to ensure they are done correctly, without error, including multi-policy editing, to prevent connectivity, VPN or other firewall issues.
  • Automate root cause analysis to accelerate troubleshooting and issue resolution.
  • Achieve operational stability, across environments, including the cloud.

onduct regular health checks of your Firewalls

  • Continuously monitor the health of the firewall, based on a variety of parameters.
  • Provide ongoing resource telemetry and visualizations of firewall, VPN and remote access topologies.
  • Quickly and easily understand policy priorities, eliminate sprawl, and maintain best practices to ensure the continuous, secure operations of your firewall.

Take Advantage of Playbooks – Alert, Troubleshoot and Remediate

SecureDynamics SECHealth for Firewalls’ Playbooks are drag and drop tools that use Palo Alto Networks CLI commands to query the firewall. They allow the administrator to write complex Playbooks without having to learn CLI commands. With a few clicks, administrators can create Playbooks to alert, troubleshoot or remediate firewall and associated network or VPN issues. They can be scheduled to run daily, hourly or on a sleep timer, and only alert when issues are identified, so you can quickly and efficiently remediate any issues.

Rule Cleanup – Get Rid of Rule Sprawl

SECHealth for Firewalls saves administrators the time and effort typically associated with trying to review and reconcile rules across multiple firewalls. With the SECHealth service, administrators can quickly and efficiently review all firewall rules, convert them to App-ID rules, merge duplicate and shadow rules, and ensure best practices, such as logging and security profiles, are applied.  This enables SECHealth for Firewalls to streamline a variety of traditionally cumbersome tasks, such as finding existing rules across multiple firewalls managed by Panorama, or tracing a rule in a specific firewall or across all the firewalls. The Service’s multi-edit functionality also helps facilitate faster rule cleanup and dramatically reduce rule sprawl to improve the overall security posture of the firewall deployment.

How SECHealth for Firewalls Works

SECHealth for Firewalls is a cloud-based service that connects to an organization’s firewalls via an on-premises collector agent, VPN or the firewall management interface. Admins or managed service provider teams can access the service via a self-service portal. The service is complementary to Palo Alto Networks Panorama and migration tool.