Best Practices Implementing Zero Trust with Palo Alto Networks
Updated on
Jan 27, 2024
Focus
Download PDF
Updated on
Jan 27, 2024
Focus
- Home
- Best Practices
- Best Practices Implementing Zero Trust with Palo Alto Networks
- Zero Trust Best Practices
- How Do I Start My Zero Trust Implementation?
Download PDF
How Do I Start My Zero Trust Implementation?
Table of Contents
This topic answers the fundamental question for any deploymentactivity: “Where do I start?”
Education and collaboration begin thejourney to a Zero Trust enterprise. Stakeholders who identify what’svaluable to your business and who architect how to protect it needto understand Zero Trust concepts, principles, and goals.
Create a cross-functional team of business leaders (businessand technical decision makers), IT, information security, infrastructure,application developers, and other stakeholders. The team definesand identifies each attack surface and its users, applications,and infrastructure, with the greatest focus on the most critical assets.This includes understanding which applications access critical data,which users access those applications, the data that you’re protecting,and the user devices and infrastructure, including IoT devices.
The cross-functional team prioritizes what to protect based onyour business, and researches, plans, and implements the Zero Truststrategy. The team remains involved in maintaining the deploymentas the business changes. Business leaders can speak to desired businessoutcomes, compliance requirements, and the value of business assets.
When you gain a basic understanding of Zero Trust from Palo Alto Networks Zero Trust website andthis document, and have an idea of your goals, you can:
Leverage the Palo Alto Networks Zero Trust Advisory Service,which guides you through:
A vendor-agnostic Zero Trustarchitecture and strategy, including a roadmap to take your enterprisefrom its current security state to a Zero Trust state.
Zero Trust policy design and implementation, where you designand implement a Zero Trust security policy.
Monitoring, maintaining, and enhancing your Zero Trust securitypolicy.
This best practices document includes Zero Trust Resources, whichprovides links to Zero Trust, best practices, and other resourcesto help you reach your Zero Trust goals.
The Zero Trust Reference ArchitectureGuide contains more specific details about Zero Trust implementation.
Follow The Five Steps to Approaching Zero Trust to createyour Zero Trust enterprise and secure users, applications, and infrastructureacross all four validation points (identity, device/workload, access,and transaction).
Start the transition with your most critical business assetsto protect them first with Zero Trust. Move from the highest priorityassets to the lowest priority assets until your enterprise is protected.
Asthe importance of applications diminishes, you can be less aggressivewith protection. For example, you don’t need to apply the same protectionto a chat app as you need to apply to business-critical apps. Collaborationwith business leaders helps determine which applications are themost critical to protect.
Palo Alto Networks offers a comprehensive platform of tightlyintegrated tools that enable you to plan, architect, prepare for,and implement Zero Trust to apply consistent security policy toevery part of your enterprise, for every use case, everywhere.
Capability | Platform Tools |
---|---|
Network Security Platform Next-Generation Firewalls (Securitypolicy and access enforcement for all use cases) |
|
Cloud Native Security Platform |
|
Managed Endpoint Protection |
|
Unmanaged Endpoint Protection |
|
Centralized Management (all usecases) |
|
Identity (all use cases) |
|
Application Visibility and Control (alluse cases) |
|
Threat Prevention and Cloud-Delivered SecurityServices (all use cases) | To inspect and prevent threats inencrypted traffic, you must decrypt the traffic or the firewallcan’t inspect the payload. You must also configure threat profiles(Vulnerability Protection, Antivirus, Anti-Spyware, File Blocking,DLP, WildFire, and URL Filtering) and attach them to Security policyrules.
|
Security Policy Control and Automation (alluse cases) | In addition to granular Security policyrules that enable you to control layer 7 traffic by source (user,IP address, zone, device), destination (IP address, zone, device),application, service, and URL category:
|
Consulting and Transformation Services |
|
Prisma Access
"); adBlockNotification.append($("Thanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application.")); let adBlockNotificationClose = $("x"); adBlockNotification.prepend(adBlockNotificationClose) $('body').append(adBlockNotification); setTimeout(function(e) { adBlockNotification.addClass('open'); }, 10); adBlockNotificationClose.on('click', function(e) { adBlockNotification.removeClass('open'); }) } }, 5000)
Recommended For You
{{ if(( raw.pantechdoctype != "techdocsAuthoredContentPage" && raw.objecttype != "Knowledge" && raw.pancommonsourcename != "TD pan.dev Docs")) { }} {{ if (raw.panbooktype) { }} {{ if (raw.panbooktype.indexOf('PANW Yellow Theme') != -1){ }}
{{ } else if (raw.panbooktype.indexOf('PANW Green Theme') != -1){ }}
{{ } else if (raw.panbooktype.indexOf('PANW Blue Theme') != -1){ }}
{{ } else { }}
{{ } }} {{ } else { }}
{{ } }} {{ } else { }} {{ if (raw.pantechdoctype == "pdf"){ }}
{{ } else if (raw.objecttype == "Knowledge") { }}
{{ } else if (raw.pancommonsourcename == "TD pan.dev Docs") { }}
{{ } else if (raw.pancommonsourcename == "LIVEcommunity Public") { }}
{{ } else { }}
{{ } }} {{ } }}
{{ if (raw.pancommonsourcename == "LIVEcommunity Public") { }}
{{ if (raw.pantechdoctype == "pdf"){ }}
{{ } }}
{{ } else { }}
{{ if (raw.pantechdoctype == "pdf"){ }}
{{ } }}
{{ } }}
{{ if (raw.pancommonsourcename != "TD pan.dev Docs"){ }} {{ if (raw.pandevdocsosversion){ }} {{ } else { }} {{ if ((_.size(raw.panosversion)>0) && !(_.isNull(raw.panconversationid )) && (!(_.isEmpty(raw.panconversationid ))) && !(_.isNull(raw.otherversions ))) { }} (See other versions) {{ } }} {{ } }} {{ } }}
{{ } }}{{ if (raw.pantechdoctype == "bookDetailPage"){ }}
{{ } }}{{ if (raw.pantechdoctype == "bookLandingPage"){ }}
{{ } }}{{ if (raw.pantechdoctype == "productLanding"){ }}
{{ } }}{{ if (raw.pantechdoctype == "techdocsAuthoredContentPage"){ }}
{{ } }}{{ if (raw.pantechdoctype == "pdf"){ }}
{{ } }}