Prisma SASE : Enable ADEM

re  Prisma SASE : Enable ADEM 

Prisma Access SASE ADEM tool offers immediate insight into your Prisma Access mobile workforce and remote networks connected via Prisma SD-WAN. As an add-on to Prisma Access, ADEM delivers comprehensive analytics, including CPU and memory usage, as well as Wi-Fi and local network monitoring. 

How to Enable ADEM ?

From the Strata Cloud Manager user interface, GlobalProtect App Settings configuration and enable Autonomous DEM.

Apply Security Rule for ADEM

Make sure you have security policy rules required to allow the GlobalProtect app to connect to the ADEM service and run the synthetic tests. To do so, you must add the ADEM URLs to make the endpoints register to the ADEM portal.

ADEM Certificate Renewal

The GlobalProtect log collection certificate is required in order for the endpoint to communicate with the ADEM portal. So, when the certificate expires, communication to the portal from the endpoint is lost. 

This results in data loss, since the metrics collected on the endpoint do not reach the portal and hence do not show up on the portal. Be sure to renew your GlobalProtect log collection certificate before it expires. Follow these steps to renew the certificate.

ADEM Activity Insights

Activity Insights gives you an in-depth view of your network activities across Prisma Access and NGFW deployments. This view unifies your network data such as network traffic, application usage, threats, and user activities in one place. Activity Insights provides visualization, monitoring, and reporting capabilities to you carry out your tasks  easily. Once you have identified the areas that need your focus with the Strata Cloud Manager Command Center, use the context links to navigate to Activity Insights or other dashboards for further analysis.

What does Activity Insights show you?

Activity Insights shows aggregated data per Strata Logging Service tenant deployed in Prisma Access and NGFW environments. You can filter the data for a specific deployment. Activity Insights has different tabs. Each of these tabs provides a unified view of network data in relation to applications, users, threats, URLs, and network usage.

• Overview - shows the data for applications, threats, users, URLs, and sessions with the maximum number of activities involved within the selected time range. Glance through this view to quickly identify any irregularities within your network and then delve deeper to examine the activities that require investigation.
• Applications- overview of all the application usage in the network, including data transfer, application risks and ADEM capabilities to monitor application experience.
• SD-WAN Applications- view the performance of Prisma SD-WAN applications with details on health score over a time range, transaction statistics, and bandwidth utilization metrics.
• Threats- provides a holistic view of all threats that the Palo Alto Networks security services detected and blocked in your network.
• Users- provides deeper insights into a user’s traffic and activities, including ADEM’s capabilities to monitor user experience.
• URLs- shows the URLs accessed in your network, how many of them are malicious, users and applications accessing the URLs, rules allowing the URLs in your network, and enforcement by your security services.
• Rules- gives insights on the security policy rules permitting the traffic generated by users and applications, threats detected in the traffic sessions, and URLs impacting the rule.
• Regions- shows the network traffic details in relation to applications, users, threats, and URLs.

Prisma Access Dashboard 

The Prisma Access Dashboard is a centralized interface within Palo Alto Networks' Prisma Access platform. It provides a unified view of the performance, security, and operational health of your organization's cloud-delivered networking and security services.

Key Features of the Prisma Access Dashboard

Visibility into Network and Security Posture:

• Displays critical metrics related to network performance, application usage, and security incidents.
• Provides an overview of traffic distribution, user activity, and policy enforcement.

User Experience Insights:

• Shows the overall experience scores for users accessing applications.
• Highlights factors affecting performance, such as network latency, application response times, and endpoint health.

Application Performance Monitoring:

• Provides real-time insights into application usage, performance trends, and potential bottlenecks.
• Integrates with ADEM (Autonomous Digital Experience Management) for deeper application-level monitoring.

Threat and Incident Reporting:

• Summarizes detected threats, including malware, phishing attempts, and anomalous behavior.
• Allows for quick triage and mitigation of security incidents.

Synthetic Testing:

• Facilitates proactive monitoring of application availability and network paths through synthetic tests.
• Identifies potential issues before they impact users.

Customizable Widgets and Reports:

• Users can configure the dashboard to display key metrics most relevant to their organization's needs.
• Includes reporting tools for historical analysis and trend visualization.

More to look into :

• Prisma Access : What is Remote Networks (RN) ?
• Prisma Access : What is Service Connections (SC) ?
• Prisma Access : What is Mobile User (MU) ?
• Prisma SSE- How to enable Global Protect ?