Hit Rates

CDO enables you to evaluate the outcome of policy rules, on top of secure and scalable orchestration of policies, providing a simple visualization for more accurate policy analysis and an immediate, actionable pivot to root cause, all in a single pane from the cloud. The Hit Rates feature enables you to:

  • Eliminate obsolete and never-matched policy rules, increasing security posture.

  • Optimize firewall performance by instantly identifying bottlenecks as well as ensuring correct and efficient prioritization is enforced (for example, most triggered policy rule is prioritized higher).

  • Maintain a history of Hit Rates information, even upon device or policy rule reset, for a configured data retention period (1 year).

  • Strengthen validation of suspected shadow and unused rules based on actionable information. Removing doubt about update or delete.

  • Visualize policy rule usage in the context of the entire policy, leveraging predefined time intervals (day, week, month, year) and scale of actual hits (zero, >100, >100k, etc.) to evaluate impact on packets traversing the network.