Palo Alto Networks Brings Next-Generation Security to the Cloud

Protects Private, Hybrid and Now Public Cloud-Computing Environments from Today’s Advanced Cyber Threats

Palo Alto Networks
Santa Clara, CA , Oct 14, 2014 at 5:00:00 AM

 

Santa Clara, Calif., October 14, 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, today extended its leadership in security services for private, hybrid and public cloud with the latest release of its virtual firewall series (VM-Series).Enterprises are keen to take advantage of the agility, scalability and cost benefits of cloud-based virtual data centers (VDCs) by building their own private cloud, purchasing public cloud services from providers, or adopting a hybrid cloud approach. Most enterprises are ultimately aiming for the portability of both the application and security policies, regardless of where the application is deployed.However, when it comes to security, most public cloud environments are based on inconsistent network architectures common in traditional data centers and still rely on legacy security technologies – such as stateful inspection and port-based firewalls – that aren’t capable of securing public cloud or hosted VDCs against sophisticated cyber threats.The latest Palo Alto Networks VM-Series release gives organizations the ability to realize the full agility and flexibility promises of cloud; to detect and prevent known and unknown cyber threats before they compromise their VDCs; and to choose the public, private or hybrid deployment architecture without compromising security.Palo Alto Networks also is working with VMware to extend the companies’ unique, integrated security and network virtualization capabilities to hybrid cloud environments, enabling customers to apply the same rich security policies across their private and public infrastructure with a consistent approach to security whether the application is virtual, physical, on-premise or off-premise. Today, Palo Alto Networks and VMware are delivering a solution that includes the Palo Alto Networks VM-1000-HV designed specifically for VMware NSX™ interoperability. Customers also can deploy the Palo Alto Networks VM-series with their instances of VMware vCloud® Air™, an enterprise-grade public cloud service.In 2015, Palo Alto Networks and VMware expect to deliver new multi-tenant next-generation firewall as-a-service capabilities in VMware vCloud Air based on the Palo Alto Networks VM-1000-HV integration with VMware NSX.

QUOTES

  • “VMware and Palo Alto Networks are delivering on the vision of hybrid cloud, which is to design applications once, secure once, and deploy anywhere without compromise. Through our partnership, we are combining best-in-class security with the software-defined data center architecture to meet customers’ business requirements for improved security and advanced threat protection.”

— Scott Collison, Vice President, Common Platforms, vCloud Air, VMware

  • “The latest release of our VM-Series was specifically designed with the cloud in mind.  It provides consistent automated protection for cloud computing environments so organizations can take advantage of the productivity and cost benefits provided by the cloud without compromising security.  It delivers the freedom to deploy new applications and virtual machines and remain confident their VDCs are protected by next-generation firewall and threat prevention technology.”

— Lee Klarich, senior vice president of Product Management, Palo Alto Networks

The new release of the Palo Alto Networks VM-Series also gives organizations the flexibility to maintain next-generation security across a number of cloud service providers with support for cloud infrastructure providers like Amazon Web Services (AWS), and support for Kernel-based Virtual machine (KVM), a popular open source hypervisor used in public cloud computing environments.

Availability

The latest release of the Palo Alto Networks VM-Series is expected to be available by the end of October including support for AWS and KVM.  Palo Alto Networks customers with active maintenance agreements can obtain the software by accessing the support portal. The Palo Alto Networks VM-1000-HV is expected to be available in vCloud Air in the first half of calendar year 2015.

For more information about the Palo Alto Networks VM-Series, please visit:

https://www.paloaltonetworks.com/products/platforms/virtualized-firewalls/vm-series/overview.html.


About Palo Alto Networks

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats.  Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content.  Find out more atwww.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. VMware, VMware NSX and VMware vCloud Air are registered trademarks or trademarks of VMware, Inc. in the United States and other jurisdictions. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. The use of the word “partner” or “partnership” does not imply a legal partnership relationship between VMware and any other company.

Media Contacts:
Jennifer Jasper Smith
Head of Corporate Communications
Palo Alto Networks
408-638-3280
jjsmith@paloaltonetworks.com

Bob Nelson
Voce Communications
408-201-2402
bnelson@vocecomm.com

[Source: Palo Alto Networks]

Cybersecurity Month is here—and so is ISACA’s new cybersecurity certificate

October is Cybersecurity Month, and ISACA is proud to be a champion of two of these initiatives:

Cybersecurity Month—along with the latest breach headlines dominating the news—reminds us how critical it is for our enterprises and individuals to be at the top of their games when it comes to security. We all have important roles to play, regardless of whether the word “security” is in our job titles. For some ideas on how to get involved this month, view this video.

Many exciting things are happening at ISACA during Cybersecurity Month. For instance, last Monday marked the launch of the new Cybersecurity Fundamentals Certificate. Intended for university students and recent graduates, entry-level security professionals, and those seeking a career change, the certificate is knowledge-based and requires passing a proctored online exam.

The Cybersecurity Fundamentals Certificate is aligned with the NICE framework and tests for foundational cybersecurity knowledge in four areas:

  • Cybersecurity architecture principles
  • Cybersecurity of networks, systems, applications and data
  • The security implications of emerging technology adoption
  • Incident response

Candidates with a proven level of cybersecurity knowledge are in strong demand worldwide, given today’s global cybersecurity skills crisis. This certificate will help organizations quickly identify candidates with a foundational level of cybersecurity knowledge, while helping the most qualified job seekers distinguish themselves.

The Cybersecurity Fundamentals Certificate is the latest resource from ISACA’s Cybersecurity Nexus (CSX). Through CSX, our mission is to offer cybersecurity resources for professionals at every level of their careers.

Among the resources also coming this month are:

  • Two free webinars:
    • Why Implement the NICE Cybersecurity Workforce Framework? (View archive here).
    • Data-centric Audit and Protection: Reducing Risk and Improving Security Posture (Register here for the 28 October event).
  • A cybersecurity Twitter chat on 22 October with ISACA International Vice President Ramsés Gallego (@RamsesGallego) and me (@RobertEStroud), along with @ISACANews.
  • Two cybersecurity training courses:
    • Implementing the NIST Cybersecurity Framework Using COBIT 5
    • COBIT 5 for Security Assessors
  • Cybersecurity Teaching Materials
  • Cybersecurity Student Handbook

And our cybersecurity plans don’t end in October. In November, we’ll host the Information Security and Risk Management Conference in Las Vegas. In 2015, we’ll launch a cybersecurity certification.

I encourage you to take advantage of these opportunities, and I also encourage you to make a commitment to choose one thing to do to commemorate Cybersecurity Month. Will you review your security policies at work? Give a talk to a local university class? Read a security publication? Begin studying for a security credential?

Knowledge is power—and we need as much of it as we can get to stay ahead of the increasingly complex cybersecurity threats.

Robert E Stroud, CGEIT, CRISC
2014-2015 ISACA International President

[Source: ISACA]

Designing a Quality Management Approach to Cybersecurity

Designing a quality management approach to cybersecurity starts with two sets of security standards, (1) the manufacturer and (2) the organization.

The manufacturer standards should include the mitigation of security vulnerabilities, (OWASP, CVE), based on a specific configuration within a defined architecture. There are only so many situations in which a network device firewall, router, switch, server, desktop, laptop, handheld can be deployed. The software, enterprise resource planning (ERP), utilities, apps, etc., should also be tested for security vulnerabilities before they are released.

We need to weed out the technologists who insist on flying by the seat of their pants. They can expose the organization to unnecessary reputational risks and potential financial and strategic risks. By not documenting security standards, the organization will be not be able to produce consistent outputs. It is impossible to manage quality when nothing is documented; it cannot be validated or verified.

The organization’s security standards need to define how a network device will be implemented. This usually means that only a select list of manufacturers and products that have been tested and meet the organization’s requirements can be purchased. This also means that the security architecture needs to be documented based on those specifications and business requirements. These specifications need to be meaningful, because they will be tested, verified and validated.

Each device or software product needs to have its security standards documented—again, these need to be meaningful. A risk assessment could help to identify what needs to be documented. I also recommend adopting the ISO 9001 approach to product realization. To be effective, security standards need to be consistently documented in a manner that includes specifications. These specifications are grouped as follows:

  • Design—how the device or software fits into the architecture; i.e., internal facing
  • Installation—how the device or software will be installed; i.e., configuration
  • Operations—how the device or software will be used; i.e., standard operating procedure
  • Performance—how should the device or software function; i.e., response times, look, feel, etc.

In quality management, we refer to these specifications as qualifications because they get tested and verified before release. We also call them design qualification (DQ), installation qualification (IQ), operations qualification (OQ) and performance qualification (PQ). These specifications need to be considered as part of the enterprise security architecture during any custom software development or major changes. Rule number one is “No surprises!” The secure software development methodology needs to include specifications for design that eliminate all known vulnerabilities and any organizational attack vectors that are unique to the organization. Any changes need to be retested during the quality assurance (QA) and user acceptance testing phase of development. The QA team needs to include a member from the software side and the technology side.

The results are a fully integrated, seamless approach to managing security vulnerabilities and shutting down those attack vectors. The time spent upfront will save time on the back end, so that management can focus resources on problem management and security events and incidents to gather additional intelligence. The additional benefit is that the security team can more easily detect potential security events and incidents more rapidly.

Organizations should not have to pay out of their own pockets to fix security defects that the manufacturer could have fixed for everyone by adopting a similar quality management approach. If the developer or manufacturer was facilitating this level of testing, it should be able to provide the security standards.
Organizations that purchase products that have known vulnerabilities/defects, nullify their warranties. This increases the organizations’ exposure and liabilities, which means that they will need to carry more insurance and pay for it out of their pockets, further increasing operational costs and lowering revenue because the cost of doing business just got more expensive.

Mark E.S. Bernard, CGEIT, CISA, CISM, CRISC, CISSP, ISO 27001 Lead Auditor

[Source: ISACA]

What Can We Learn from New Data On Advanced Persistent Threats?

ISMG’s recent Advanced Persistent Threats Survey, sponsored by Palo Alto Networks, reviews the current advanced threat and APT landscape as well as where traditional security solutions fall short.

Here is what jumps out about APT findings based on ISMG data:

It’s Time to Target the Kill Chain

ISMG’s report covers key trends informing those results as well as how to put those results to work. Our CSO Rick Howard is also interviewed about how organizations should approach 2015 survey investments.

Background on the Survey

The survey was developed by the editorial staff of Information Security Media Group, with the assistance of members of ISMG’s boards of advisers, which include leading information security, IT and risk experts.

This survey was conducted online during the spring of 2014. Key characteristics of the respondent base:

  • 64 percent are from the U.S.
  • 56 percent of respondent organizations employ 500 or fewer employees
  • 44 percent employ between 500 and 10,000+ employees

Top responding industries are:

  • Banking/financial services – 57 percent
  • Technology – 8 percent
  • Professional services – 7 percent

Learn more about APTs and threat prevention

[Source: Palo Alto Networks Research Center]

English
Exit mobile version