Details
Ensure that all files traversing the firewall are inspected by WildFire by setting a Wildfire file blocking profile on all security policies.
Rationale:
Traffic matching security policies that do not include a WildFire file blocking profile will not utilize WildFire for file analysis. Wildfire analysis is one of the key security measures available on this platform. Without Wildfire analysis enabled, inbound malware can only be analyzed by signature – which industry wide is roughly 40-60% effective. In a targeted attack, the success of signature-based-only analysis drops even further.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To Set File Blocking Profile:
Navigate to Objects > Security Profiles > WildFire Analysis Profile.
Create a WildFire profile that has ‘Application Any’, ‘File Types Any’, and ‘Direction Both’
To Set WildFire Analysis Rules:
Navigate to Policies > Security > Security Policy Rule > Actions > Profile Setting > WildFire Analysis for each rule were the action is Allow and set a WildFire Analysis profile.
Default Value:
Not Configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Palo_Alto.