Palo Alto Networks firewall security auditing
Firewalls are an important line of defense against malicious attack attempts on an organization's network. By blocking various attack types, firewalls allow network communications to continue seamlessly. But it is also important to take stock and understand what attacks are attempted on a network and who is trying to disrupt the network. This can be done by auditing security logs, which provide information on all attack attempts and aid in security-related decision making. EventLog Analyzer helps organizations efficiently audit security logs and take steps to improve network security.
Since Palo Alto Networks firewalls are equipped to deal with specific attack types, auditing their security logs provides detailed information about these attacks. Some scenarios in which auditing Palo Alto Networks security logs are useful include:
- When users need to identify highly targeted devices that are attacked repeatedly. This may necessitate tightening security measures for the host, such as encrypting the host data, or backing up device data more frequently.
- When users need to extract information about specific attack attempts. For instance, admins can identify a denial of service attack, where the attacker tries to flood a server with requests, and block the source from future attack attempts.
- When users need to review threats detected by the Palo Alto Networks Wildfire environment to discover and keep pace with the latest threats.
- When users need to monitor which blocked sites employees are attempting to access using URL filtering logs.
- When users need to identify trends to develop a deeper understanding of the pattern of attacks that an organization faces.
Palo Alto Networks firewall security auditing reports
Two groups of security auditing reports are available: system event reports and threat reports. System event reports detail the various software packages that are installed or upgraded on the firewall.
Threat reports provide information regarding various security-related dangers to the network. Specifically, threat reports include:
- An overview report that presents a summary of the various threats averted.
- A trend report that describes threat trends over time.
- Top N reports, which identify the source or destination devices which are the most frequent cause (or target) of attacks.
- Various threat-specific security reports, namely: flood attack detection, spyware download detection, Wildfire signature feed, and vulnerability exploit detection.
Package Installed | Package Upgraded | Possible Attacks | Critical Attacks | Top Attacks based on Source | Top Attacks based on Destination | Attacks Trend Scan Detection | Flood Detection | URL Filtering Log | Spyware Phone Home Detection | Spyware Download Detection | Vulnerability Exploit Detection | Filetype Detection | Data Filtering Detection | Virus Detection | Wildfire Signature Feed | DNS Botnet Signatures
EventLog Analyzer efficiently analyzes, reports, and alerts on Palo Alto Networks security logs, ensuring that no attack attempts are missed and the network is constantly protected.