CDO enables you to evaluate the outcome of policy rules, on top of secure and scalable orchestration of policies, providing a simple visualization for more accurate policy analysis and an immediate, actionable pivot to root cause, all in a single pane from the cloud. The Hit Rates feature enables you to:
Eliminate obsolete and never-matched policy rules, increasing security posture.
Optimize firewall performance by instantly identifying bottlenecks as well as ensuring correct and efficient prioritization is enforced (for example, most triggered policy rule is prioritized higher).
Maintain a history of Hit Rates information, even upon device or policy rule reset, for a configured data retention period (1 year).
Strengthen validation of suspected shadow and unused rules based on actionable information. Removing doubt about update or delete.
Visualize policy rule usage in the context of the entire policy, leveraging predefined time intervals (day, week, month, year) and scale of actual hits (zero, >100, >100k, etc.) to evaluate impact on packets traversing the network.