Christmas is a period when many people are off work, and some are a bit deep into the holiday season. That can mean fewer eyes on logs, alerts, and anomalies. That is exactly when attackers like to test your defenses.
So here is a simple reminder: Run a best practice assessment (BPA) on your Palo Alto Networks firewall now, and make sure the expensive, capable box is actually being used.
I am sharing my BPA screenshots too. My score is OK, but it is worth saying this is easier in a smaller environment. In my home lab I run 22 VLANs, around 100 devices, and 162 security rules, which means fewer dependencies and less legacy to clean up than in a large enterprise.
 |
| Feature adoption |
 |
| Best practices |
The point still stands: Aim for at least 80% on both Feature adoption and Best practices. If your numbers are low right now, it could be exactly your organization that gets hit over Christmas.
Quick wins to do before the holidays on a PA firewall
-
Ensure security profiles are attached to all security rules.
-
Confirm logging is enabled for all security rules.
Patch and reboot
This is a general tip, not PA-specific, and it is a simple example of how small steps can meaningfully improve security. Patch the things you have been postponing. If your PC is sitting there asking for a restart, do it. That “restart required” message is often the final step of a security update. It feels small, but imagine if that one reboot is the little thing that actually saves Christmas, and lets everyone enjoy the holidays instead of firefighting in the days after.
Wishing you a peaceful, secure, and attack-free Christmas.
 |