6.5 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet

Information

Create one or more anti-spyware profiles and collectively apply them to all security policies permitting traffic to the Internet. The anti-spyware profiles may be applied to the security policies directly or through a profile group.

Rationale:

By applying secure anti-spyware profiles to all applicable traffic, the threat of sensitive data exfiltration or command-and-control traffic successfully passing through the firewall is greatly reduced. Anti-spyware profiles are not restricted to particular protocols like antivirus profiles, so anti-spyware profiles should be applied to all security policies permitting traffic to the Internet. Assigning an anti-spyware profile to each trusted zone will quickly and easily identify trusted hosts that have been infected with spyware, by identifying the infection from their outbound network traffic. In addition, that outbound network traffic will be blocked by the profile.

Solution

Navigate to Objects > Security Profiles > Anti-Spyware.
Also navigate to Policies > Security.
Set one or more anti-spyware profiles to collectively apply to all inside to outside traffic from any address to any address and any application and service.

Default Value:

Not Configured

See Also

https://workbench.cisecurity.org/benchmarks/17915

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.3

Plugin: Palo_Alto

Control ID: 43a22afbbd2b1fff17ba5805142e8b231b3d5dfffaf0f593901825dcc07f9a19