6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is available

Information

Enable 'Inline Cloud Analysis' on Vulnerability Protection profiles to combat zero-day threats.

Rationale:

Starting from PanOS 11, Palo Alto Networks now operates new inline deep learning detection engines in the Advanced Threat Prevention cloud to analyze traffic for command injection and SQL injection vulnerabilities in real-time to protect users against zero-day threats. By operating cloud-based detection engines, you can access a wide array of detection mechanisms that are updated and deployed automatically without requiring the user to download update packages or operate process intensive, firewall-based analyzers which can sap resources.

It is recommended to set the action as 'alert' during initial deployment and monitor it's false positive, configure the exclusion URL and IP before moving to 'reset-both' action.

Solution

Navigate to Objects > Security Profiles > Vulnerability Protection
Go to Inline Cloud Analysis tab. Tick the checkbox for Enable cloud inline analysis. Verify that all Model action is set as alert.
Note that, firewall device certificate is used to authenticate to the Advanced Threat Prevention inline cloud analysis service. This step is required before 'Inline Cloud Analysis' can be used. Refer to reference for detailed guide.

Default Value:

Not Configured

See Also

https://workbench.cisecurity.org/benchmarks/13792

Item Details

Category: RISK ASSESSMENT

References: 800-53|RA-5, CSCv7|3.1, CSCv7|3.2

Plugin: Palo_Alto

Control ID: 610544bf8146825fcfb7758d322d9077232b0bb9739132efbdaec831f6a0a5f9