1. F a c t S h e e t
could identify a potential security risk in message logs and trigger
an update to that user’s profile on the Palo Alto Networks firewall,
resulting in an automated, improved security posture.
All security-relevant data can be searched and analyzed from one
place in Splunk—catching attackers and malicious insiders who
may have previously gone undetected. Splunk software can be
deployed without requiring custom parsers or connectors and the
Splunk App for Palo Alto Networks and its content are available at
no additional cost. You can extend the App for Palo Alto Networks
by creating your own dashboards, visualizations and alerts to match
the specific use case as needed.
Palo Alto Networks Next-Generation Firewall
and Splunk
The Splunk App for Palo Alto Networks also fully supports the
virtualization capabilities available in the Palo Alto Networks
firewall. The user is provided an aggregate view of metrics
across all virtualized firewalls, but can choose to view one or
a subset of all virtualized firewalls. In this way, the security of
business services can be tracked and monitored over time.
The following visualizations and reports are available in the
Splunk App for Palo Alto Networks. Each visualization or report
can be clicked on to see the Palo Alto Networks data fueling
the dashboard graphic:
Palo Alto Networks Overview
Geographic overview of threats and event types – A geographic
view of threats shown on a world map (Splunk Google Maps App
or amMap App required). Includes a real-time presentation of
events flowing through the firewall shown by event type.
Traffic and Web Activity Dashboards
Selecting any combination of the following data elements can alter
dashboard views: Source IP, Destination IP, Destination port, Action,
Source user, and/or App.
Palo Alto Networks next-generation firewalls enhance network
security and enable enterprises to look beyond IP addresses
and packets. These innovative firewalls let you see and control
applications, user behaviors and content using three unique
identification technologies: App-ID, User-ID and Content-ID. The
Palo Alto Networks identification technologies enable you to
create business-relevant and application-based security policies.
This approach goes beyond the traditional “all-or-nothing”
method offered by traditional port-blocking firewalls used in
many security infrastructures.
Palo Alto Networks firewalls integrate IPS and firewall
capabilities and use signature heuristics to identify particular
application risks and threats. They also integrate with LDAP or
Active Directory and can dynamically link IP addresses to users
and groups that access your network.
Palo Alto Networks firewalls also support virtual firewall
instances on a single pair of firewalls (for high availability). This
allows for network segmentation for departmental services that
apply specific customized policies per business service. The
departmental chargeback services model is fully supported.
Why Splunk for Palo Alto Networks?
Splunk offers Palo Alto Networks firewall users a massively
scalable real-time IT data engine. The Splunk App for Palo Alto
Networks gives you pre-defined content with key performance
indicators (KPIs) and long-term trending. In addition to robust
reporting, Splunk supports the collection of terabytes of data per
day in real time.
Splunk software extends Palo Alto Networks’ situational awareness
capabilities with real-time continuous monitoring and trending.
Using data from Palo Alto Networks, Splunk can be set for a specific
risk threshold and monitor for variances based on time-of-day, day-
of-the week or over a year’s worth of data. Palo Alto Networks’ URL
filtering capabilities are enhanced by Splunk’s ability to perform
long-term trending and provide business-level reports as needed.
There are numerous immediate benefits to deploying the Splunk
App for Palo Alto Networks. The App delivers advanced security
reporting and analysis. Security analysts, network administrators
and architects can now leverage application and user visibility at
an unprecedented scale and rate. Security administrators can drill
down into Palo Alto Networks data in one or two clicks, allowing
them to investigate incidents in minutes instead of hours or days.
In addition, human resource departments can leverage dashboards
and reports in Splunk to track security compliance.
The Splunk App for Palo Alto Networks also includes custom
commands to enable Splunk searches to automatically change
configurations on Palo Alto Networks firewalls. For example, an
administrator analyzing data in Splunk from an Exchange server
Maximizing Network and Application Security, Visibility and Control
Splunk® App for Palo Alto Networks