There is further a reverse proxy you can set in front of your PRTG installation - this allows you to pre-filter the incoming traffic a bit.
As for security - you should do a few things:
- use an external IP from your range (if possible) that you haven't use before for WEB
- put a reverse proxy in place in the DMZ
- make sure only the specific URL for PRTG gets through
- use a certificate on the webserver - encrypted traffic only - this is hopefully already in place
- chose a secure URL - something like WELOVEPRTG.COMPANY.COM - something not to obivous
- LDAP login for regular user accounts in a specific group only
This list can go on with a view special settings - but for the most part this is what you should do... In theory you might be able to alter the PORT as well to go away for 443 - but now it becomes a bit more complicated...
PRTG overs a cloud solution as well - there it is their responsibility to avoid the issue and make sure it is secure - depending on your needs probably just another way to go..