The SE has demonstrated an NGFW managed by SCM, and the CISO now wants the POV to show progress toward industry standards (e.g., CSC) and verify effective use of purchased features (e.g., CDSS subscriptions like Advanced Threat Prevention). The SE must ensure the POV delivers measurable evidence during the testing timeline. Let’s evaluate the options.
Step 1: Understand the CISO’s Request
Industry Standards (e.g., CSC): The Center for Internet Security’s Critical Security Controls (e.g., CSC 1: Inventory of Devices, CSC 4: Secure Configuration) require visibility, threat prevention, and policy enforcement, which NGFW and SCM can address.
Feature Utilization: Confirm that licensed functionalities (e.g., App-ID, Threat Prevention, URL Filtering) are active and effective.
POV Goal: Provide verifiable progress and utilization metrics within the testing timeline.
[Reference: Strata Cloud Manager Overview (docs.paloaltonetworks.com/strata-cloud-manager); CIS Critical Security Controls (www.cisecurity.org/controls)., Step 2: Define SCM Capabilities, Strata Cloud Manager (SCM): A cloud-based management platform for Palo Alto NGFWs, offering dashboards (e.g., Best Practices, Feature Adoption) and custom reporting to monitor security posture, policy compliance, and subscription usage., Security Lifecycle Review (SLR): A report generated via the Customer Support Portal (not SCM) analyzing traffic logs for security gaps, not real-time POV progress., Dashboards and Reports: SCM provides prebuilt and customizable views for real-time insights into policy effectiveness and feature adoption., Reference: SCM Dashboards and Reports (docs.paloaltonetworks.com/strata-cloud-manager/dashboards-and-reports)., Step 3: Evaluate Each Option, A. Near the end, pull a Security Lifecycle Review (SLR) in the POV and create a report for the customer., Description: The SLR analyzes 7-30 days of traffic logs, providing a retrospective security posture assessment (e.g., threats blocked, policy gaps)., Process: Near POV end, upload logs to the Customer Support Portal (Support > Security Lifecycle Review), generate, and share the report., Limitations: , SLR is a point-in-time analysis, not a real-time progress tracker during the POV timeline., Requires post-POV log collection, delaying feedback., Doesn’t directly show feature utilization progress or CSC alignment in SCM., Fit: Misses the “during the POV timeline” requirement; better for post-POV analysis., Reference: Security Lifecycle Review Guide (support.paloaltonetworks.com, requires login)., B. At the beginning, work with the customer to create custom dashboards and reports for any information required, so reports can be pulled as needed by the customer., Description: SCM allows custom dashboards and reports (Monitor > Dashboards or Reports) tailored to metrics like policy compliance (CSC alignment) and feature usage (e.g., Threat Prevention hits)., Process: , At POV start, collaborate with the CISO to define metrics (e.g., “Threats blocked by ATP” for CSC 6, “App-ID usage” for feature adoption)., Configure custom dashboards in SCM (Dashboards > Add Dashboard > Custom)., Set up scheduled or on-demand reports (Reports > Custom Reports)., Enable the customer to monitor progress throughout the POV., Benefits: , Real-time visibility into policy effectiveness and feature use during the timeline., Aligns with CSC (e.g., blocked malware events) and shows subscription ROI., Empowers the customer to verify results independently., Fit: Meets the CISO’s request fully within the POV timeline., Reference: SCM Custom Dashboards (docs.paloaltonetworks.com/strata-cloud-manager/dashboards-and-reports/custom-dashboards)., C. Near the end, the customer pulls information from these SCM dashboards: Best Practices, CDSS Adoption, and NGFW Feature Adoption., Description: SCM provides prebuilt dashboards: , Best Practices: Assesses policy alignment with security standards., CDSS Adoption: Tracks subscription usage (e.g., ATP, URL Filtering)., NGFW Feature Adoption: Monitors features like App-ID or User-ID., Limitations: , Waiting until “near the end” delays visibility, missing ongoing progress tracking., Prebuilt dashboards may not fully align with CSC or specific customer needs without customization., Fit: Useful but incomplete; lacks proactive setup and real-time monitoring throughout the POV., Reference: SCM Prebuilt Dashboards (docs.paloaltonetworks.com/strata-cloud-manager/dashboards-and-reports/prebuilt-dashboards)., D. At the beginning, use PANhandler golden images that are designed to align to compliance and to turning on the features for the CDSS subscription being tested., Description: PANhandler is a tool for managing Skillets (configuration templates), including “golden images” for compliance (e.g., NIST, CIS benchmarks)., Process: Apply a Skillet at POV start to configure the NGFW with compliance settings and CDSS features., Limitations: , Configures the NGFW but doesn’t verify progress or utilization during the POV., No reporting or dashboard integration for the CISO to track results., Fit: Sets up the environment but doesn’t meet the verification requirement., Reference: PANhandler Skillets (github.com/PaloAltoNetworks/panhandler)., Step 4: Select the Best Approach, B is the strongest choice: , Proactive: Starts at the beginning, ensuring metrics are tracked throughout the POV., Customizable: Tailors dashboards/reports to CSC (e.g., threat detection for CSC 6) and feature use (e.g., ATP events)., Verifiable: Enables the customer to pull reports as needed, meeting the CISO’s request within the timeline., Why not A, C, or D? , A: SLR is retrospective, not real-time, missing the “during” aspect., C: Prebuilt dashboards are helpful but delayed and less flexible than custom options., D: Golden images configure but don’t verify progress or utilization., Step 5: Verification with Palo Alto Documentation, SCM Custom Dashboards: Supports real-time, tailored monitoring (SCM Docs)., SLR: Post-analysis tool, not POV-progressive (Support Portal Docs)., Prebuilt Dashboards: Limited customization (SCM Docs)., PANhandler: Configuration-focused, not reporting-focused (PANhandler Docs)., Thus, the verified answer is B., , , , ]
