Summary

On April 11, 2024, Palo Alto Networks (PAN) released a security advisory warning customers of a critical vulnerability affecting certain PAN-OS versions configured as GlobalProtect Portals or Gateways. The vulnerability, tracked as CVE-2024-3400, allows an unauthenticated attacker to execute arbitrary code on the affected device.

Although PAN has released patches for the affected PAN-OS versions, we recommend that customers practice defense-in-depth by following the mitigation steps outlined in this article.

Palo Alto Networks Unit 42 has published additional information on the exploitation of the vulnerability in the wild. You can read their blog post here:

Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400.

The organization that discovered the vulnerability being exploited in the wild, Volexity, has also published a blog post on their findings:

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

Remediation Flow Chart

The following flow chart provides a high-level overview of the vulnerability and the recommended mitigation steps:

Affected PAN-OS Versions

Mitigation Steps

Upgrade to a Patched Version

Here are all the versions that have been patched by PAN:

PAN-OS 10.2:

• 10.2.9-h1 (Released 4/14/24)
• 10.2.8-h3 (Released 4/15/24)
• 10.2.7-h8 (Released 4/15/24)
• 10.2.6-h3 (ETA: 4/16/24)
• 10.2.5-h6 (ETA: 4/16/24)
• 10.2.3-h13 (ETA: 4/17/24)
• 10.2.1-h2 (ETA: 4/17/24)
• 10.2.2-h5 (ETA: 4/18/24)
• 10.2.0-h3 (ETA: 4/18/24)
• 10.2.4-h16 (ETA: 4/19/24)

PAN-OS 11.0:

• 11.0.4-h1 (Released 4/14/24)
• 11.0.3-h10 (ETA: 4/16/24)
• 11.0.2-h4 (Released 4/16/24)
• 11.0.1-h4 (ETA: 4/17/24)
• 11.0.0-h3 (ETA: 4/18/24)

PAN-OS 11.1:

• 11.1.2-h3 (Released 4/14/24)
• 11.1.1-h1 (ETA: 4/16/24)
• 11.1.0-h3 (ETA: 4/17/24)

Install Latest Content Updates

PAN has released content update 8833-8682 that includes a signature to detect and block attempts to exploit the vulnerability. We recommend that all customers install this content update as soon as possible.

To determine if a firewall has received the content update, go to Dashboard > General Information and check the Threat version to make sure it is at least 8833-8682.

Making Sure the Content Update is Effective

The content update does not patch the vulnerability, but provides a signature to detect and block exploitation attempts. In order for this signature to be effective, the firewall must have a security policy that allows traffic to the GlobalProtect Portal or Gateway with correctly configured security profiles. We recommend that customers review the relevant security polices and their security profiles to ensure that the firewall is configured to block any attempts to exploit the vulnerability.

For many customers the interzone-default security policy will allow traffic to the GlobalProtect Portal or Gateway as the traffic is typically “outside to outside” traffic. If you are not sure which security policy is used for GlobalProtect traffic, review your logs to determine the policy that is being hit.

Customers using PAN-DB Private Cloud or a WildFire Private Cloud Appliance (WF-500) should read the official post for additional information.

Summary

On January 8th, 2024 Palo Alto Networks announced that five additional certificates that secure core services will soon expire. When these certificates expire, their respective services will be affected unless customer action is taken. Here is a summary of the certificates that will expire and the services that will be affected:

Remediation

Since there are multiple certificates expiring customers will need to take multiple actions to remediate. We recommend that all customers do ALL of the following:

1. Upgrade all devices to a hotfix listed in PAN’s announcement
2. Ensure that Device Certificates are present on ALL devices
3. Upgrade all User-ID Agents and Terminal Servers to a hotfix listed in PAN’s announcement

Additionally, PAN has provided a fix for the Panorama management certificate expiration in content update versions 8795-8489 and higher. This resolves the issue of the April 7th, 2024 Panorama certificate expiration, but customers will still need to take the above actions to remediate the other certificate expirations. Additionally, after this content update is installed, you must reboot the device in order for the Panorama cert issue to be resolved. Since this requires a reboot, we recommend that customers instead upgrade to a hotfixed version, as it takes care of all the certificate expirations in the same amount of time.

Remediation Flow Chart

Here is a simplified flow chart that applies to most customers:

Upgrading Devices

The upgrade to the fixed versions of PAN-OS is no different than any regular PAN-OS update. Consult PAN’s official forum post for the fixed version in your release train.

Before upgrading, we always recommend taking a configuration backup from the device from Device > Setup > Operations > Configuration Management > Export Named Configuration Snapshot and exporting the running-config.xml file. This will allow you to restore the device configuration if there is an issue with the new version.

As always, we recommend failing over an HA pair before performing an upgrade. This ensures that there is no latent issues with the secondary device that could cause an extended outage after the primary devices reboots to perform the upgrade.

Installing Device Certificates

NOTE: This may not apply to you as newer devices ship with a Device Certificate pre-installed. We still recommend reviewing all your devices to ensure that they have device certificates present.

We have observed newer generation firewalls (PA-4XX) that do not have Device Certificates pre-installed from the factory.

See PAN’s documentation:
Installing Device Certificates on Standalone Firewalls (10.2)
Installing Device Certificates on Panorama (10.2)
Installing Device Certificates on Log Collectors (10.2)

Upgrading User-ID Agents and Terminal Servers

Consult PAN’s official forum post for the fixed version of the User-ID Agent and/or Terminal Server. Download the appropriate version from the PAN Support Portal and install it on the User-ID Agent and/or Terminal Server.

After installation, make sure that the User-ID Agent and/or Terminal Server is running and firewalls/Panorama show it as connected.

On November 7th, 2023 Palo Alto Networks announced that there are two upcoming certificate expirations that may cause disruptions for customers. Despite both issues involving certificates, they are unrelated and require different actions to resolve.

The first issue affects basically all devices and is easy to remediate. The second issue affects only customers with Data Redistribution configured and involves a more complicated remediation process. This post will describe both issues and how to resolve them.

Issue #1: Content Update Certificate Expiration

Description

Internally, PAN devices verify the authenticity of content updates by checking the signature of the update against a certificate. This certificate is set to expire on December 31th, 2023. If the certificate expires, content updates will fail to install. This will cause the device to stop receiving new signatures for threats, applications, and other content. This will not affect the ability of the device to pass traffic, but it will cause the device to be unable to detect new threats and applications.

Affected Devices

Any devices that retrieve content updates from Palo Alto Networks, including Panoramas.

Resolution

There are three remediation paths for this issue:

1. Install content update version 8776-8390 or later on all your devices
2. Upgrade the PAN-OS version on all your devices to a patched version of PAN-OS
3. Install a Device Certificate on your devices (not recommended)

We recommend that customers choose option #1 and install content update 8776-8390 as this is the easiest and most straightforward option. This content update is available now and can be installed on any PAN-OS version. For customers with many firewalls we recommend using Panorama to push the content update to all devices if they are not already configured to automatically install the latest content updates.

To verify that you have the correct content update installed, you can check the Application Version on Dashboard > General Information.

Issue #2: Default Data Redistribution Certificate Expiration

Description

Data Redistribution is the umbrella term for the mechanism by which PAN devices can share user information with each other. Data Redistribution includes User-ID, IP-tags, User-tags, GlobalProtect HIP results and quarantine list entries. By default, the device to device communication uses a predefined certificate to secure these communications. This certificate is set to expire on December 31th, 2023. If the certificate expires, devices will be unable to share user information with each other, which could lead to an outage if that information is required for security policy enforcement.

Affected Devices

Any device that acts as a client or server for Data Redistribution, including Panoramas.

Resolution

There are two remediation paths for this issue:

1. Upgrade the PAN-OS version on all your devices to a patched version of PAN-OS (recommended)
2. Use custom certificates to secure the Data Redistribution communication (not recommended for customers using Panorama)

We strongly recommend that customers upgrade rather than attempt to configure custom certificates, especially for customers using Panorama. The custom certificate configuration is complex and does not scale well (see the For Panorama Customers section below for more details), in addition to making firewall onboarding more difficult. Additionally, the custom certificate configuration appears to apply to the User-ID agents as well, which means that you would need to install the same custom certificates on all your User-ID agents as well. This is not documented anywhere, but was confirmed experimentally in our lab environment.

With that caveat, below are the steps to configure custom certificates for Data Redistribution. PAN also publishes a guide to configuring custom certificates, though it is geared towards securing device to Panorama communication.

Client vs. Server

Note: This guide shows the steps for both the client and server side of the communication as devices are typically both at once. If you know a device will only be a client or server you can skip the steps for the other role. Each section is labeled with the role it applies to.

For Panorama Customers

We don’t recommend that customers use custom certificates to secure Data Redistribution if they are using Panorama. This is because if you enable custom certificates on Panorama there is no option to enable it only for data redistribution. This means that you’ll have to use the custom certs for communication with Panorama, which could cause an outage if you have not installed the new certificates on all your devices. If you are using Panorama we recommend that you upgrade all your devices to a patched version of PAN-OS instead.

Additionally, you can not push the configuration option to enable custom certs for the Panorama configuration from a Panorama template. This means that you’d have to create a local override on each Panorama managed firewall in order to deal with the fact that custom certs on Panorama for Data Redistribution force custom certs for the Panorama management connection. Since this solution doesn’t scale well we recommend that you upgrade all your devices to a patched version of PAN-OS instead.

Note: On a Panorama everything that would be on the Device tab is on the Panorama tab instead.

Prerequisites

• The public key to a CA certificate that you will use to validate the certificates of other devices. This certificate must be in PEM or PKCS12 format.
• The private key to a certificate signed by the above CA that you will use to encrypt communications between devices. This certificate must be in PEM or PKCS12 format.

We recommend that customers use their existing PKI (typically Active Directory Certificate Services) to manage all their internal certificates, however you could generate both of these certificates on a PAN device if you do not have a PKI in place already.

1: Import the certificates (Client & Server)

On Device > Certificate Management > Certificates click Import and import the CA certificate. If you do not have an existing CA certificate you can generate one on the device here. Make sure to export this CA certificate and install it on all your devices so they can validate each other’s certificates.

On Device > Certificate Management > Certificates click Import and import the certificate with the private key. If you’re using PEM formatted cert be sure to check Import Private Key. If the certificate is password protected you will need to enter the password here.

Note: if the cert is not password protected you will still need to provide a password here, but it will not be used.

If you do not have an existing certificate you can generate one signed by the CA you created earlier on the device here. Make sure to export this certificate and install it on all your devices so they can encrypt communications with each other.

2: Configure a Certificate Profile (Client and Server)

On Device > Certificate Management > Certificate Profile click Add and create a new profile. Give it a name and select the CA certificate you imported earlier.

Enable Block sessions with expired Certificates Click OK to save the profile.

3: Configure an SSL/TLS Service Profile (Server)

On Device > Certificate Management > SSL/TLS Service Profile click Add and create a new profile. Give it a name and select the certificate with the private key you imported earlier.

Set the Min Version to TLSv1.2 and leave the Max Version set to Max. Click OK to save the profile.

4: Enable Secure Data Redistribution (Client)

On Device > Setup > Management click the gear icon at the top right of the Secure Communication Settings section. Under Secure Client Communications > Custom Certificate Settings > Certificate Type select Local from the dropdown.

Then select the certificate with the private key you imported earlier from the Certificate dropdown. Select the certificate profile you created earlier from the Certificate Profile dropdown. Check the box for Data Redistribution and click OK to save the settings.

5: Enable Secure Data Redistribution (Server)

On Device > Setup > Management click the gear icon at the top right of the Secure Communication Settings section. Under Customize Secure Server Communication select the SSL/TLS service profile you created earlier from the SSL/TLS Service Profile dropdown.

Then select the appropriate Certificate Profile that you created earlier. Check the box for Data Redistribution and click OK to save the settings.

6: Commit the configuration changes (Client and Server)

Warning: Once you commit these changes the devices will begin to use the new certificates. If you have not installed the new certificates on all your devices you may cause an outage. Redistributed User-ID entries should be cached, so quickly committing on both the client and the server should cause User-ID latency, but not an outage.

Commit the configuration changes to the device. If you are using Panorama you will need to push the changes to the devices.

Addendum: Checking a Data Redistribution Servers Certificate

If you have have openssl installed (typically installed by default on most Linux distros and OSX) you can check the expiration date of the Data Redistribution server certificate with the following command:

openssl s_client -showcerts -connect firewall.example.com:5007 2>&1 | grep NotAfter

Note that we’ve redirected STDERR to STDOUT with 2>&1 to keep the output clean. Replace firewall.example.com with the hostname or IP address of your firewall.

This should produce output similar to the following:

   v:NotBefore: Feb  1 07:30:33 2023 GMT; NotAfter: Jan  1 07:30:33 2032 GMT

Here we can see that the certificate in use on this data redistribution server doesn’t expire until 2032, so it is not affected by issue #2.

You Bought an NGFW-Now Use It: Practical Security Patterns for Palo Alto Networks Firewalls

Location:
Alvarado B Breakout

Date:
Wednesday February 25th, 2026

Time:
2:30 - 3:15 PM MST

Most K-12 districts have already invested in next-generation firewalls, but many still run them like traditional firewalls—broad outbound access, little or no decryption, and weak identity-based enforcement. This session uses Palo Alto Networks firewalls to show how those gaps translate into real risk, and what “using the NGFW you already own” looks like in practice.

We’ll cover field-tested patterns for policy design, security profile enforcement, and identity/device context—plus how to regain visibility into encrypted traffic where today’s threats actually occur.

Attendees will also receive a firewall security scorecard to objectively assess their Palo Alto firewall posture and identify the highest-impact improvements to prioritize.

Download the slide deck

CITE 2025

Palo Alto Networks Advanced Troubleshooting

Location:
Ballroom A9

Date:
Thursday, November 20th 2025

Time:
1:00pm - 1:45pm PST

Dive into practical, real-world techniques for diagnosing and resolving common issues in Palo Alto Networks environments. This session covers how to uncover silent drops, interpret traffic and threat logs, use packet captures effectively, and apply key CLI tools for troubleshooting authentication, routing, VPN, and HA failover problems. Learn actionable tips and tricks to keep your deployments running smoothly and efficiently.

Download the slide deck

Product Showcase: Falco

Location:
Meeting Room 1 & 2

Date:
Wednesday, November 19th, 2025

Time:
9:30am - 9:50am PST

Managing a Palo Alto Networks firewall in an education environment is no small task. Over time, configuration drift, exceptions, and staff changes can quietly weaken even the best security posture. In this 20-minute product showcase, learn how Falco, Digital Scepter’s automated firewall auditing platform, helps schools, districts, and higher-ed institutions stay ahead of misconfigurations, vulnerabilities, and regressions—without adding to your team’s workload.

See a live demo of Falco’s weekly firewall health report, discover easy wins for improving security posture, and walk away with access to a free Falco firewall scorecard for your organization.

The Definitive Guide to Zero Trust

Location:
Meeting Room 10

Date:
Tuesday, November 18th, 2025

Time:
8:00am - 8:45am PST

Zero Trust isn’t a new security philosophy—it’s the modern enforcement of principles IT has always relied on: authentication, authorization, and least privilege. In this session, we’ll trace how those fundamentals evolved from traditional network zones and VPNs to today’s identity-driven, cloud-enforced models. Using real K-12 examples, we’ll explore how Google’s BeyondCorp and the NIST framework influence practical campus network designs, from segmented firewalls and 802.1X authentication to cloud-delivered Zero Trust solutions like Cloudflare Access and enterprise browsers. You’ll learn how to blend on-prem NGFWs with SaaS access control, map user roles (students, staff, faculty, parents) to the right access tiers, and prepare your network for a hybrid future.

Download the slide deck

Past Events

Palo Alto Networks Zero-Trust Best Practices at Clovis Unified School District

Location:
Clovis Unified School District, 1670 David E Cook Way, Clovis, CA 93611

Date:
Tuesday, April 29th, 2025

Time:
10:00am - 2:00pm PDT

Join Digital Scepter and Clovis USD for a deep-dive into the latest features of Palo Alto Networks NGFW. We’ll demonstrate best practices that you can use to immediately improve your security posture and get more from your firewalls.

Agenda:

• How to set up Palo Alto Networks’s advanced security subscriptions.
• What’s new in PAN-OS 11
• Zero Trust Roadmap
• Details on setting up Inbound SSL decryption and Forward Proxy SSL Decryption
• Other best practices you can implement right away

Download the slide deck

Palo Alto Networks Zero-Trust Best Practices at Citrus College

Location:
Citrus College, 1000 W Foothill Blvd, Room IS 107, Glendora, CA, 91741

Date:
Tuesday, April 15th, 2025

Time:
10:00am - 2:00pm PDT

Join Digital Scepter and Citrus College for a deep-dive into the latest features of Palo Alto Networks NGFW. We’ll demonstrate best practices that you can use to immediately improve your security posture and get more from your firewalls.

Agenda:

• How to set up Palo Alto Networks’s advanced security subscriptions.
• What’s new in PAN-OS 11
• Zero Trust Roadmap
• Details on setting up Inbound SSL decryption and Forward Proxy SSL Decryption
• Other best practices you can implement right away

Download the slide deck

CITE 2024 Presentations

Decryption Blueprint: Building a Two-Tier CA for SSL Inspection (PDF)

With these slides, you will learn how to build and deploy a secure, scalable two-tier Certificate Authority (CA) infrastructure. You’ll explore the configuration of both root and subordinate CAs, manage certificate lifecycles, and implement best practices for securing your PKI environment. Additionally, you’ll delve into SSL/TLS decryption using Palo Alto Networks Firewalls, gaining the skills to secure encrypted traffic and enhance network visibility. The course will guide you through integrating your CA with a Palo Alto firewall to enable SSL decryption, configuring decryption policies, and troubleshooting common issues. By the end, you will have the expertise to deploy a robust CA environment and ensure SSL decryption for secure network communications.

Key Learning Objectives: • Understand Public Key Infrastructure (PKI) concepts and two-tier CA architecture • Build and configure a Root and Subordinate Certificate Authority • Manage certificates, revocations, and certificate enrollment • Enable SSL decryption on Palo Alto Networks Firewalls using custom certificates • Configure decryption policies and best practices to secure encrypted traffic

Download the slide deck

Implementing Zero Trust Security Architecture (PDF)

In an era where traditional security models are no longer sufficient to protect against increasingly sophisticated cyber threats, the Zero-Trust security framework has emerged as a pivotal approach to safeguarding digital assets. This presentation will delve into how Palo Alto Networks enables and enhances Zero-Trust security through its comprehensive suite of solutions. We will start by exploring the core principles of the Zero-Trust model, which asserts that no user, device, or network segment should be trusted by default, regardless of their location. The principle of “never trust, always verify” will be examined in detail, including its impact on organizational security posture. The presentation will then transition into the specific features and capabilities offered by Palo Alto Networks to support a Zero-Trust architecture. Key topics will include:

1. Identity and Access Management: Leveraging Palo Alto Networks’ capabilities to enforce strict authentication and authorization policies.
2. Network Segmentation and Micro-Segmentation: Implementing granular controls to segment and protect network traffic within and across organizational boundaries.
3. Continuous Monitoring and Threat Detection: Utilizing Palo Alto Networks’ advanced threat detection and response tools to maintain visibility and control over network activity.
4. Integration and Automation: How to integrate Zero-Trust principles with existing security infrastructure and automate enforcement to streamline operations and enhance security posture. Attendees will gain a comprehensive understanding of how to design, configure, and deploy Zero-Trust security using Palo Alto Networks’ tools, ensuring robust protection against internal and external threats. We will also provide practical examples and best practices for effective implementation, along with a Q&A session to address specific queries and challenges faced by organizations in their Zero-Trust journey.

Download the slide deck

Palo Alto Networks Zero-Trust Best Practices at Tahoe Truckee Unified School District

Location:
Tahoe Truckee Unified School District 11603 Donner Pass Rd Truckee, CA 96161, USA

Date:
Wednesday May 1st, 2024

Time:
10:00am - 2:00pm PDT

Join Digital Scepter for a deep-dive into the latest features of Palo Alto Networks NGFW. We’ll demonstrate best practices that you can use to immediately improve your security posture and get more from your firewalls.

Agenda:

• What is new about the Advanced security subscriptions?
• How to set up Palo Alto Networks’s advanced security subscriptions.
• What’s new in PAN-OS 11?
• Zero Trust Roadmap
• Details on setting up Inbound SSL decryption and Forward Proxy SSL Decryption
• Other best practices you can implement right away

Download the slide deck

Palo Alto Networks Zero-Trust Best Practices at Sacramento County Office of Education

Location:
Sacramento County Office of Education 10474 Mather Blvd. Mather CA 95655

Date:
Wednesday April 17th, 2024

Time:
9:00am - 1:00pm PDT

Join Digital Scepter for a deep-dive into the latest features of Palo Alto Networks NGFW. We’ll demonstrate best practices that you can use to immediately improve your security posture and get more from your firewalls.

Agenda:

• What is new about the Advanced security subscriptions?
• How to set up Palo Alto Networks’s advanced security subscriptions.
• What’s new in PAN-OS 11?
• Zero Trust Roadmap
• Details on setting up Inbound SSL decryption and Forward Proxy SSL Decryption
• Other best practices you can implement right away

Palo Alto Networks Zero-Trust Best Practices at San Bernardino County Superintendent of Schools

Location:
San Bernardino County Superintendent of Schools
West End Educational Service Center 8265 Aspen Avenue Rancho Cucamonga, CA 91730

Date:
Wednesday February 14th, 2024

Time:
10:00am - 2:00pm PDT

Join Digital Scepter for a deep-dive into the latest features of Palo Alto Networks NGFW. We’ll demonstrate best practices that you can use to immediately improve your security posture and get more from your firewalls.

Agenda:

• What is new about the Advanced security subscriptions?
• How to set up Palo Alto Networks’s advanced security subscriptions.
• What’s new in PAN-OS 11?
• Zero Trust Roadmap
• Details on setting up Inbound SSL decryption and Forward Proxy SSL Decryption
• Other best practices you can implement right away

Download the slide deck

Click Here to download the slides

Active-Active or Active-Passive High Availability

If you can pony up and get the second device for HA, you can greatly minimize downtime. There’s no additional discount for the second device in an HA pair and you’ll also needs to purchase support (see below) for both devices in the HA pair. There are HA SKUs for subscriptions that do provide a discount compared to buying two separate subscriptions.

Approximate Down Time: None (with a single failure)

Onsite Spare

The next best alternative is a cold spare. They are typically discounted 50-60% from list price. You don’t need to buy support. In the event of a primary device failure, you open a ticket and transfer your licenses, then upgrade the software and import your config (you had a back up right?). Another option is to use your legacy device as a cold or warm backup.

Approximate Down Time: Two hours

4-hour Support

This option is offered in most areas, but not all, so check with your rep. If your primary device fails, a replacement will be delivered within four hours. You have to add time to open the ticket, process the RMA, update and config.

Approximate Down Time: Seven hours

Premium Support

This is 24x7 phone support like the option above, but after processing an RMA, you get your replacement the next day.

Approximate Down Time: 30 hours

Standard Support

This is 8x5 phone support and you have to return your device to the factory before they ship you a replacement. Not recommended.

Approximate Down Time: 72 hours

How do you choose the right kind of perimeter protection solution for your unique business needs? Where should you focus your budget and attention to improve security dramatically, at a cost that makes sense for you? Learning which technology and policies you need to implement on your network is a process that begins with accurately assessing your existing network infrastructure.

At Digital Scepter, we encourage every organization to have a detailed breakdown of their network. Across hardware and software, creating an asset list is the first step in better understanding the security needs of your network, what you are doing to meet these demands, and how you can improve your network to keep your mission-critical or confidential data safe.

Understand your network by creating an asset list

Ask any network administrator, and they will readily admit that modern corporate networks can be incredibly difficult to monitor. More and more hardware devices are being added to networks, and these devices are performing a number of different network functions, sometimes across wide and diverse geographical areas.

In the case of devices operated by your end-users, such as employees, software technology advances are growing rapidly, which can make the devices hard to monitor accurately. In addition, with the advent of cutting-edge technologies such as effective cloud storage, the location of your most important data is becoming increasingly distributed over multiple locations.

Creating an asset list is a task that essentially can be divided into three parts – hardware, software, and data.

Hardware

Look at your network topography and list every single hardware device you can find. This should include infrastructure devices such as routers, switches, and bridges, as well as every single node including mobile devices that connect to your network externally. Also, be sure to include your existing security devices, such as network firewalls or other perimeter protection devices.

Ultimately, if the hardware device is connecting directly to your network by any means, you should list it as part of your asset list.

Software

Examine the software that runs on your network. Some of the most commonly used applications will be ones that you have deployed on end-user machines, and listing each of these regularly used tools is relatively simple. You should take the time to understand which applications are being used, and also how they are being used. What do your users actually do with their web browsers? How are they sharing files via email?

Data

Finally, every asset list should cover the most important asset of every network: your data. Modern organizations thrive on their data and it is important to make a list detailing where your data is stored, the type of databases that this information is contained in, and whether the given data is highly confidential, of a personal nature, or contains payment and credit card information.

Determining the nature of the data is essential to determine if compliance and regulatory requirements need to be followed (e.g. HIPAA, PCI, Sarbanes-Oxley, Gramm-Leach-Bliley, etc.) Start now by taking the opportunity to create an asset list for your network. Consolidate your information on hardware, software, and data to fully understand your current security position.

Equipped with your asset list, it should be clearer than ever how crucial it is to implement robust and dependable network security solutions in order to keep your assets safe. The threats to your network are growing increasingly sophisticated – from complex network attacks to new methods for employees to circumvent your acceptable use policies. Does your asset list assure you that your network security can meet the very latest standards?

Click Here to download the slides