Dynamic Policy Updates
Automation features provide significant value in environments where rapid change is common. VM-Monitoring collects workload attributes (i.e., OS, location, application, user-defined) from the workload resource management tool and stores them as tags in PAN-OS®, which uses them to create Dynamic Address Groups.
The security policy uses the Dynamic Address Group as a core element, updating it in real-time as workloads change or when a security incident occurs, which, in turn, drives a security policy update. The result is faster and more accurate security policy updates in response to changes in the environment.