Day: January 17, 2014

It was a watershed year for mobile malware, with many high-profile organizations beinghacked. To continue our series on 2014 predictions, we asked our mobility experts for their thoughts on key mobile security topics we think you’ll be hearing more about in the new year.

1. The Mobile OS Ecosystem is Too Big for Patchwork Protection

Many in the security industry cut their teeth on securing Windows-based devices, and it’s logical that they would make assumptions about how to secure iOS and Android devices based on their experiences securing Windows.

But the mobile ecosystem is much more complicated and far-reaching than Windows. Too much of what’s being described as mobile security is based on buying add-ons for different devices running different operating systems – a scattershot model doomed to fail. Rather than focus on securing individual devices, organizations need to look for security solutions thatextend next-generation firewall policies across the full range of mobility use cases, independent of OS.

2. Mobile Security Issues Turn Security Admins’ Attention Outside the Firewall

Still too many “mobile security” solutions protect a user’s mobile device while they’re behind the corporate firewall but don’t enforce mobile security policy when users are outside it – an increasingly shortsighted approach. Facebook was hacked earlier this year, for example, when employees connected to a mobile developer’s compromised website, downloaded malware and then introduced it to Facebook’s internal servers when they were back behind the firewall. Expect to hear similar stories in 2014, and hopefully a shifting debate on how to solve these challenges.

3. “Lock it Down” Just Won’t Play

Many organizations still take a “lock it down” approach to mobile security and have put policies into effect that are so strict they eliminate the productivity and flexibility benefits of BYOD. But the mushrooming popularity of smartphones and tablets means users will find a way to use them on networks whether admins like it or not. In 2014, a majority of organizations will finally turn away from the “lock it down” approach in favor of a mobile security model that gives users some breathing room while preserving the secure enterprise network.

For more on current mobile security topics, check out Brian Tokuyoshi’s ongoing mobility series.

Palo Alto Networks Staff

One of the many principles our CEO Mark McLaughlin brought to the company, that I fully embrace, is the rule of three, which encourages you to focus and prioritize. Top 10 lists are great for late night talk shows, but realistically, a list that long becomes somewhat dilutive. With that in mind, let’s delve into what I think will be three of the more interesting firewall and next-generation network security topics for 2014.

1. The NSA revelations will catalyze a dramatic uptick in the use of SSL/encryption.

This is a tricky subject. Encryption, when used to protect networks and digital assets, is a good thing, and we fully endorse its use. Encryption, when used to bypass security or steal data, is a bad thing. Now that we know more about just how closely our government is watching us, I suspect we’ll see a spike in SSL/encryption use.

Something that there is no debate on is that attackers are using SSL – what’s commonly known as the universal firewall bypass — to hide their actions. We need only look at this year’s APT1 revelations and the Aurora attack from several years ago to confirm this. Our most recent Application Usage and Threat Report shows that about 25 percent of the 1,395 applications found on enterprise networks are capable of using SSL. We expect that to number to increase, making the challenge of how SSL is being used that much more difficult to determine.

2. We will exert more control over remote access tools.

The revelations of how commonly remote access tools such as RDP, SSH and TeamViewer are used to attack your network will force us to exert greater control over these tools.

Make no mistake, these applications provide support and development teams with powerful tools to simplify their jobs. But we know from past Verizon Data Breach reports that they are used so commonly by attackers that there are scripts readily available to find their use on your network for purposes of exploitation. The recent APT1 revelations that RDP was used in the ongoing attack further solidified this finding.

We also know that employees use these tools to mask what they’re doing on the corporate network as a means of protecting privacy. Browser plugins such as Remote Desktop and uProxy for Google Chrome will make these tools more accessible and only increase the challenge of controlling their use on the corporate network. User privacy is critically important, but users also need to understand that these applications can jeopardize the core of the business. The challenge will be how organizations can best implement controls without limiting productivity. A tough challenge but one I am hopeful that we can make progress on this coming year.

3. Cyberlockers and cloud-based filesharing will continue to grow, despite the risks.

We’ve been watching browser-based filesharing applications since 2008, when we identified a pool of roughly 10 variants in this group. As of this year, we’re tracking more than 100 variants, and according to our research an average of 13 of these applications are found on networks we analyze.

In many cases, there is no business use case for this many variants. Hotfile, for example, was found on 30 percent of the 3,000+ networks we analyzed and it was just fined $80 million for copyright violations. Is this an application that belongs on your network?

I firmly believe there is business value for some of these applications (we use them here at Palo Alto Networks), but they do present business and security risks if they’re used too casually. The risks will continue to escalate as the vendors try to broaden their appeal to users and differentiate themselves by adding premium, always-on, always-synched features.

Thanks for reading.

Matt Keil

Here are my 2014 predictions on what I think will be the trendsetters in cyber security.

1. Securing the mobile device will be inextricably linked to securing the network

With freedom of choice comes risk.  Megatrends like BYOD and the rise of the mobile workforce are providing fertile ground for cyber criminals and nation states looking to capitalize on devices operating over unprotected networks.  The scales have historically been tipped against us, leaving enterprises vulnerable to a new breed of advanced threats targeting mobile devices.  In 2014, threat intelligence gained within the enterprise network will offer new defense capabilities for mobile devices operating outside protected networks.  And intelligence gained by mobile devices will offer new signature capabilities to further strengthen enterprise networks.

2. Cloud will get a security makeover

Innovations in network virtualization are enabling automation and transparent network insertion of next-generation security services into the cloud, and this is an area where Palo Alto Networks leads.  Security has remained one of the greatest barriers preventing cloud computing from reaching its full potential, and in our recent Cloud Computing & Security survey, about 60 percent of respondents told us that delays in applying security have a negative impact on their operational efficiency. In 2014 next-generation network security and network virtualization will come together to form a new paradigm for cloud security.

3. Detection times will decrease in 2014

This may be a controversial prediction amongst those who prefer to prey on fear, but expect breach detection times to decrease in 2014.  Enterprise security has undergone a massive transformation since the introduction of the Next-Generation Firewall (NGFW).  This has long since moved from an emerging technology to one that’s universally deployed.  Newer, advanced security services are enabling enterprises to gain new advantages in detecting unknown threats, and gather that information into a  threat intelligence cloud that’s developing an impressively high IQ.  In other words…the vision is working.  The net result will be a measurable reduction in the time it takes to detect a breach.

Scott Gainey

The tail end of 2013, and right into the New Year, has kept enterprise security teams working around the clock. Stealthy, persistent attacks have compromised tens of millions of customer records, often lurking in networks for extended periods of time to accomplish their mission. When it comes to these advanced attacks, one thing is clear: security teams require visibility into all traffic flowing over their network, irrespective of common evasions like port-hopping or hiding in SSL encryption.

With the new features in PAN-OS 6.0, Palo Alto Networks is delivering a breakthrough release for WildFire, extending our malware detection capabilities to more file types, discovering zero-day exploits, and simplifying the job of security and IR teams with granular malware intelligence.

WildFire now provides:

• Extended threat detection across all common file types, including: Adobe PDF, Microsoft Office documents, Java, Zip files, and Android APKs. WildFire goes a step further across all these files, deeply analyzing them for high-risk embedded content such as Adobe Flash files, images, and Javascript.
• Discovery of zero-day exploits across common applications and operating systems (OSs). This signature-less capability takes threat detection earlier in the cyber-kill chain, often identifying and preventing exploits from delivering malware.
• New OSs in the WildFire cloud-based virtual analysis environment, to identify malware and exploits for both Windows XP and Windows 7. Unlike other solutions, threats are detected across both OSs in parallel, ensuring environment-aware threats are found and blocked.
• Simplified identification and remediation of infected systems with new Indicators of Compromise (IOCs) such as detailing out changes to system files, registry modifications, and the actual behavior of malware across different operating systems.
• Providing the original malicious file and full packet captures (PCAPs) of malware as it executes, for further analysis or development of custom protections.

These new features build on the native classification of all traffic within our Enterprise Security Platform, which includes visibility into nearly 400 applications that can transfer files, regardless of ports or encryption. Unlike other APT solutions, WildFire is built to understand threats based on how they truly operate, with the context of the applications used to deliver them, using a single integrated platform.

You can learn more about our new capabilities in the WildFire datasheet or PAN-OS 6.0 release notes. And take a minute to watch this short video covering new WildFire features.

[Source: Scott Simkin]