Improved visibility into application usage based on users gives you a more relevant picture of network activity.
Tying user and group information to the security policies allows you to control application usage while reducing the administrative effort associated with end-user moves, adds and changes.
If a security incident occurs, forensics analysis and reporting based on user information provides a more complete picture of the incident.
User and group information must be directly integrated into the technology platforms that secure modern organizations. Knowing who is using the applications on your network, and who may have transmitted a threat or is transferring files, strengthens security policies and reduces incident response times. User-ID, a standard feature on Palo Alto Networks next-generation firewalls, enables you to leverage user information stored in a wide range of repositories.
Visibility into a User’s Application Activity
Visibility into the application activity at a user level, not just an IP address level, allows you to more effectively enable the applications traversing the network. You can align application usage with business requirements and, if appropriate, inform users that they are in violation of policy, or even block their application usage outright.
User-Based Policy Control
Policies can be defined to safely enable applications based on users or groups of users, in either outbound or inbound directions, for example, allow only the IT department to use tools such as SSH, telnet, and FTP on standard ports. With User-ID, policy follows the users no matter where they go – headquarters, branch office or at home – and whatever device they may use.
User-Based Analysis, Reporting and Forensics
Informative reports on user activities can be generated using any one of the pre-defined reports or by creating a custom report.
Neutralizing Credential Theft
User-ID integrates with identity and authentication frameworks, which enables precise access control through policy-based multi-factor authentication. This disrupts the use of stolen credentials. Learn more here.