Focus

Decryption Best Practices

Table of Contents

Decryption Best Practices

Shine a light on the darkness of encrypted traffic so you can reveal what’s really coming into and leaving your network and inspect that traffic for threats.

You can’t protect your network against threats you can’t see. Gartner predicts that through 2019, more than 80 percent of enterprise web traffic will be encrypted, and more than 50 percent of new malware campaigns will use various forms of encryption. Decrypt that traffic to protect your network against hidden threats.

This document is a streamlined checklist of pre-deployment, deployment, and post-deployment best practices that you can follow to implement decryption. Each section includes links to detailed information in the PAN-OS Admin Guide, including how to configure Decryption policy rules and profiles.

In addition, use the on-demand BPA report in the Strata Cloud Manager to identify areas to improve security, use the Adoption Summary to identify gaps in security capability adoption, and visit the Best Practices Documentation Portal, which provides specific planning, deployment, and maintenance best practices steps for a variety of features, capabilities, and security goals, including:

Security policy (includes Security policy rule construction, rulebase order and hygiene, the App-ID Cloud Engine (ACE), Policy Optimizer, SaaS Policy Recommendation, and IoT Policy Recommendation)
Zero Trust (how to lock down your network)
DoS & Zone Protection (including Packet Buffer Protection)
Administrative Access (protect access to firewalls and management devices)
IoT Best Practices
WildFire Deployment Best Practices
Best Practices for Applications and Threats Content Updates

Also ensure that you have the proper subscriptions to support your network security, including Advanced Threat Prevention, DNS Security, Advanced URL Filtering, IoT Security, GlobalProtect, SaaS Security, etc.

Plan Your SSL Decryption Best Practice Deployment