* [Blog](https://www.paloaltonetworks.com.au/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/) * [Security Platform](https://www.paloaltonetworks.com.au/blog/category/security-platform/) * Setting Expectations for ... # Setting Expectations for Prevention Readiness: Measuring Prevention Capabilities [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2016%2F11%2Fsetting-expectations-prevention-readiness-measuring-prevention-capabilities%2F) [](https://twitter.com/share?text=Setting+Expectations+for+Prevention+Readiness%3A+Measuring+Prevention+Capabilities&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2016%2F11%2Fsetting-expectations-prevention-readiness-measuring-prevention-capabilities%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2016%2F11%2Fsetting-expectations-prevention-readiness-measuring-prevention-capabilities%2F&title=Setting+Expectations+for+Prevention+Readiness%3A+Measuring+Prevention+Capabilities&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2016/11/setting-expectations-prevention-readiness-measuring-prevention-capabilities/&ts=markdown) \[\](mailto:?subject=Setting Expectations for Prevention Readiness: Measuring Prevention Capabilities) Link copied By [Tim Treat](https://www.paloaltonetworks.com/blog/author/tim-treat/?ts=markdown "Posts by Tim Treat") and [Nate Bitting](https://www.paloaltonetworks.com/blog/author/nate-bitting/?ts=markdown "Posts by Nate Bitting") Nov 16, 2016 6 minutes [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [IT](https://www.paloaltonetworks.com/blog/tag/it/?ts=markdown) [Leadership](https://www.paloaltonetworks.com/blog/tag/leadership/?ts=markdown) [Panorama](https://www.paloaltonetworks.com/blog/tag/panorama/?ts=markdown) [Prevention Readiness](https://www.paloaltonetworks.com/blog/tag/prevention-readiness/?ts=markdown) Any organization that's serious about preventing successful cyberattacks must be able to measure their prevention readiness, and this blog explains how we do that. The metrics ensure that leadership has confidence that the enterprise is operating as intended, with the modern capabilities required to prevent successful attacks. The measurements we use are deliberate and intended to meet a rigorous standard, required to know yourself and know the enemy. Let's review what General Sun Tzu said best in 500 B.C. His words are still true today in the cyber domain. *"**Know the enemy** and **know yourself**; in a hundred battles, you will never be defeated. When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are sure to be defeated in every battle."* ### **Knowing You Are Properly Configured: Panorama Configuration Heat Maps** One thing we learned the more we performed our [prevention posture assessment](https://www.paloaltonetworks.com/blog/2016/11/setting-expectations-prevention-readiness-prevention-posture-assessment/) was a need to provide "factual" data to back up our prevention assessment assertions. For this reason, we created a family of Panorama configuration-parser heat maps intended to do exactly that. The following heat maps provide different visual representations of actual prevention capability configurations on the Palo Alto Networks Next-Generation Security Platform. Together, they help us measure the extensible configuration for all [areas of architecture we previously explained](https://www.paloaltonetworks.com/blog/2016/11/setting-expectations-prevention-readiness-prevention-posture-assessment/). Figure 1 shows a view of capabilities and their configurations based on device group. Notice that we list the prevention platform capabilities across the top. The capability configuration adoption is provided below each capability. All of these configurations are based on "enable allow" rules configured on the platform, along with profiles that are activated on the rules. Don't be discouraged by the color-coding. "Red" does not mean bad. Our goal with the heat maps is to determine if the IT and security teams configured the platform as intended. The color code can be of your choosing, and we ask customers to change it often to suit their needs. This is a high-level heat map because it is limited to the device's overall configuration without any detailed understanding of individual rules and capability profiles. However, it is still powerful because it helps IT and security professionals collaborate on how they are using the platform to protect and control their perimeter locations and data center locations. [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_1.png) [![readiness\_3\_1](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_1.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_1.png) *Figure 1: Prevention capability adoption by device group example* The second heat map, in Figure 2, gets much more granular in the platform configuration by showing specific zones. In fact, we noticed from practice, that most organizations have an intent of providing full protection and control for internet access points, but don't really consider enabling protection on internal traffic. This trend is clear in the zone example. From a prevention readiness perspective, we reiterate that it isn't enough just to protect perimeter rules. Going through the capabilities using this view allows us to manage expectations with new customers and existing customers about making sure we confirm that the platform is configured and operating as intended in all zones. This builds confidence that customers get the most prevention capability possible from their investment, and it ensures we build continuous operational rigor around reporting prevention readiness. [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_2.png) [![readiness\_3\_2](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_2.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_2.png) *Figure 2: Prevention capability adoption by zone example* Our third heat map, in Figure 3, is based on tagging, and this is where things get really interesting. If you use tagging, you'll like this view as a complement to the other heat maps. If you don't use tagging, reach out to one of our representatives and work with them to build and implement a tagging strategy. It will be well worth your time to make sure you're doing all you can to fully use the platform prevention capabilities. [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_3.png) [![readiness\_3\_3](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_3.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_3.png) *Figure 3: Prevention capability adoption by tagging example* The configuration heat maps are intended to be simple so we can regularly communicate prevention readiness in a consistent manner. This way, we build confidence that we're doing everything we can to take away an attacker's ability to use known vectors, techniques, and tools. ### **Metrics to Build IT and Security Leadership Confidence** Our passion and dedication to prevention is paramount at Palo Alto Networks. As such, we know it is important to build IT and security leaders' confidence that their enterprise is operating as intended and with a high degree of prevention readiness. During our journey, we found some that metrics really hit home as leading indicators for knowing yourself and ensuring the enterprise is operating as intended. In Figure 4, we show these metrics because they are important to understand for a couple of reasons. [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_4.png) [![readiness\_3\_4](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_4.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/11/Readiness_3_4.png) *Figure 4: Building IT and security leadership confidence* First, all these indicators focus on the data center, cloud and SaaS area of architecture. This is intentional for the following reasons: * We reinforce an attitude of inside-out thinking and prioritization. * Every goal we achieve here is extensible to other areas of the architecture. * All these items typically end up on the short list of customer priorities. * It helps us keep things simple and prioritize efforts. Second, all of the metrics in Figure 4 are easy for us to measure. Usually, we'll focus on unknown UDP, unknown TCP, and unexpected applications operating on non-standard ports. In addition, we'll compile a list of all SaaS applications and check them against your existing governance policy for SaaS. If you don't have a governance policy, we'll work with you to establish one. ### **Wrapping Things Up** Our representatives and partners are here to make prevention a reality across architecture. Prevention is in our DNA. Be sure to work with our advisors soon. They have tools to get you to the best prevention readiness possible, and we promise to continue to innovate and iterate on these tools in the future. These tools are all complimentary added-value items and part of our commitment to prevent successful attacks. Have you asked for Panorama configuration heat maps yet? If you're an existing Panorama customer, why not? If you're a potential customer, request them soon. The only cost is some time for your team, but it will be time well spent, as professionals and leaders. *** ** * ** *** ## Related Blogs ### [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### How Palo Alto Networks is Setting Expectations for Prevention Readiness](https://www.paloaltonetworks.com.au/blog/2016/11/palo-alto-networks-setting-expectations-prevention-readiness/) ### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown) [#### Customer Spotlight: Telkom Indonesia Protects Expansion Plans With Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/2017/11/customer-spotlight-telkom-indonesia-protects-expansion-plans-palo-alto-networks/) ### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### Customer Spotlight: Domain Group Keeps the Presses Rolling With Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/2017/09/customer-spotlight-domain-group-keeps-presses-rolling-palo-alto-networks/) ### [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### PAN-OS 8.0: Three New Features in Panorama That Will Make Your Job Easier](https://www.paloaltonetworks.com.au/blog/2017/02/pan-os-8-0-three-new-features-panorama-will-make-job-easier/) ### [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### Setting Expectations for Prevention Readiness: The Prevention-Posture Assessment](https://www.paloaltonetworks.com.au/blog/2016/11/setting-expectations-prevention-readiness-prevention-posture-assessment/) ### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown) [#### Security Operations Under Fire Inside Black Hat's NOC](https://www.paloaltonetworks.com.au/blog/2025/09/security-operations-inside-black-hats-noc/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language