Companies pay a high price for assuming existing safeguards will prevent a data breach. According to a CB Insights article, Cybersecurity Startups Have Raised $7.3 Billion Over 1,028 Deals, a litany of high-profile security breaches impacting both the private and public sector have made cybersecurity start-ups an increasingly hot area for investment. Since 2010, deals and dollars increased steadily growing by more than 100 percent in both areas. Funding in 2014 broke the US $2 billion barrier for the first time, while deals continued their steady ascent, growing 4.3 percent from 2013 to 269 deals.
The importance of online security and the necessity of companies and individuals to avoid business practices that leave their information vulnerable are in the news several times a week, if not daily. Apple’s Tim Cook, the CEO of the first US company in the world to reach a market capitalization of US $700 billion, spoke recently at the White House Summit on Cybersecurity and Consumer Protection at Stanford University, highlighting that this problem is a concern for even some of the largest players in the market.
The rise of the mobile workforce and the movement to cloud technologies open up more opportunities than ever for hackers, competitors and other potential criminals to access sensitive data surreptitiously. In 2013, more than 13 million Americans were victims of identity theft, now one of America’s fastest growing crimes. The average annualized cost of cybercrime for U.S. companies was US $12.7 million in 2014, up from US $11.6 million the year before, according to the Ponemon Institute.
What should be of particular concern to company CFOs is that the hackers are becoming as skilled as the employees whose job it is to safeguard precious information. They are doing everything they can do to breach virtual protections in place and utilize the gathered data for illegal gains. Cyberattacks happen across all industries and to companies of all sizes, making it important for every organization to create and implement an effective risk strategy.
CFOs can apply a simple yet effective, three-step approach to digital risk mitigation, as noted in Armanino’s recent article. By creating strong internal controls, maintaining open communication across departments and investing in cyberinsurance, CFOs will be well-positioned to adapt to new threats and reduce their company’s digital risk on an ongoing basis.
It is the CFO’s responsibility to keep cybersecurity issues top-of-mind for the executive team, which is always dealing with several priorities vying for the same resources. It is imperative to ensure your company does not lose sight of the fact that digital risk needs to be addressed on an ongoing basis, lest they become part of the growing cost of managing the unfortunate outcome. Keeping in mind hackers’ growing sophistication, the key to warding off their unwelcomed infiltration is to create a culture where cybersecurity is a consistent part of the boardroom discussion.
Jeremy Sucharski, CISA, CRISC
Partner-in-Charge of Armanino’s Governance, Risk and Compliance (GRC) Practice
Thanks for following along during an action-packed opening day at Ignite 2015!
Today’s kickoff general session featured members of our executive team discussing the importance of an enterprise security platform and many of the ways we’re expanding and enhancing what Palo Alto Networks can offer. Watch below to hear from our executives and Ignite attendees about today’s announcements and what they mean for our partners and customers:
Advanced threats are prevalent, growing in volume and sophistication. And cyber criminals have easier, cheaper access to the tools of the cyber crime trade. That means legacy security technologies can no longer keep up, and that organizations need to think beyond detection and remediation to a security posture focused on prevention.
“We need to increase the cost of an attack to the point where an attack can only be successful once,” said Mark McLaughlin, Palo Alto Networks President and CEO. “It is impossible to keep up with the threat if the only answer is to clean up after the fact.”
Here’s a look at today’s announcements:
AutoFocus: Actionable Cyber Threat Intelligence Like You’ve Never Seen Before
There’s much more to come as we head into the final day of Ignite. Watch this space and keep track of our social channels for real-time updates and scenes from the session rooms and exhibit halls. We will also continue to add to our official Ignite 2015 Facebook gallery, which you can view here. And if you haven’t had a chance, check out our official contests and get in the game!
Below are more scenes and social discussion from the scene here in Las Vegas, including Mark McLaughlin, Palo Alto Networks founder and CTO Nir Zuk, and Palo Alto Networks CSO Rick Howard, who presented Cybesecurity Canon honors to Brian Krebs, Kim Zetter and Rich Baich.
Existing endpoint security approaches that rely on malware identification can’t prevent sophisticated zero-day attacks because they don’t identify and utilize known malicious signatures, strings, or behaviors. As a result, compromised endpoints must await detection and remediation.
Our Advanced Endpoint Protection solution,Traps, takes a different approach that prevents advanced attacks originating from executables, data files, or network-based exploits—both known and unknown—before malicious activity can cause harm to the endpoints in your organization.
Here are some of the exciting new features in Traps 3.2, which we officially announced this week, as well as technical resources to help you learn more about Advanced Endpoint Protection.
New and Improved Protection Modules
Our unique focus on exploit and malware technique prevention is the center of our Advanced Endpoint Protection solution, intercepting the attacker at the core of the attack and preventing patient zero. While preventing just one technique would thwart the entire threat, our team continues to develop new prevention modules to prepare for the unthinkable, adding four more modules to the long list of inimitable protection.
This feature bridges the gap between endpoint and network security intelligence by enabling you to automatically submit unknown executable files from the ESM (Endpoint Security Manager) to WildFire for further analysis.
A powerful feature that gives the administrator the ability to import local hashes in the ESM and control the global verdicts on their local network, without impacting the global WildFire verdict.
Improvements in scalability and speed enable the Advanced Endpoint Protection solution to support large deployments, with extended support for 50K Traps agents per ESM and multiple ESM Server support.
Want to apply execution restrictions on your endpoints but fear it will limit your work process? You can now configure restriction whitelists to control your global policies more granularly and to increase business flexibility without the security risk.
To provide greater clarity into WildFire hash verdicts, you can now view reports for any executable file that WildFire has previously analyzed. The WildFire report, which is available in PDF format, includes information that you can use to further analyze and manage a WildFire verdict.
Traps prevention kicked in and you want to know more? This forensic feature provides secondary analysis of a Traps security event, by automatically analyzing the memory records to extract data and scan for traces of malicious activity, such as Heap Spray and ROP chains.
You can now customize the title, footer, and display image for prevention and notification pop-ups that Traps displays when a security event occurs on the endpoint. Traps displays prevention messages when a file or process violates a security policy and the termination behavior is configured to block the file. Traps displays notification messages when the notify behavior is configured to alert the user.
Traps Localization
The Traps Console is available in 7 languages; English, German, French, Spanish, Japanese, Chinese Simplified, and Chinese Traditional.
Traps is one of the few products that can protect all applications across nearly every Windows-based platform, both virtual and physical, and even those that no longer have continued support. Traps is now also supported on Windows Vista and Windows Server 2008 and on non-English Windows Operating Systems.
You can now integrate your Syslog server with Splunk, a third-party monitoring tool, which you can use to analyze log data. Find the Palo Alto Networks Splunk app that now supports Traps athttps://apps.splunk.com/app/491/.
Want More?
Here are a few resources to add to your Advanced Endpoint Protection 3.2 reading list!
New Features Guide: Your go-to resource for all the new features in 3.2.
Administrator’s Guide: Contains installation procedures and configuration workflows to get you up and running quickly.
Release Notes: Provides important information about the Advanced Endpoint Protection 3.2 software including known issues and limitations.
Pro tip: On the documentation search, use the OS Version > 3.2 facet to filter results for only documentation about Advanced Endpoint Protection 3.2.
VMware has been at the forefront of disruption in the datacenter, changing the notion of what it means to build the infrastructure that supports tomorrow’s applications and workloads. We’re very proud to work very closely with VMware to deliver the necessary security for the dynamic, virtualized data center.
But VMware is also a driving force for change in mobile computing, with its AirWatch technology providing the means for organizations to manage applications and data on both corporate and BYOD smartphones and tablets. Palo Alto Networks and VMware are proud to announce an expansion of our relationship to address the security requirements for mobile computing.
Users expect to access applications (both internal and in the cloud) at any time, and this introduces complexities to an organization that must make access secure. There are many concerns, including the use of mobile devices in an unsafe manner, the ongoing risk of exploits and malicious content, and the potential that a user may bring an infected device to work and expose the corporate network.
The new integrated capabilities between AirWatch and Palo Alto Networks address these needs by providing a tight link between the device state, security policy on what it can access, and threat intelligence on dangerous content.
There are three key integration points between AirWatch and Palo Alto Networks technology:
Malware Detection: Palo Alto Networks WildFire identifies known and previously unknown mobile malware. By integrating the intelligence provided by WildFire with AirWatch, joint customers can identify infected applications and take immediate and automated action for security and containment, such as creating an application blacklist.
Network Protection: Organizations need to make sure only approved devices are used with sensitive applications and networks. AirWatch integration with Palo Alto Networks GlobalProtect HIP (Host Information Profile) provides a direct tie between information about the mobile device, its configuration and what data and applications the device can access.
VPN and Network Security: Palo Alto Networks GlobalProtect provides a secure connection between AirWatch managed mobile devices and the Palo Alto Networks Next-Generation Firewall at the device or application level utilizing per-app VPN. This ensures there is consistent inspection of traffic and enforcement of network security policy for threat prevention, wherever the user goes.
These capabilities open the doors to new possibilities, for they allow organizations to support mobile computing and make it safe by providing the necessary security to address risk. Together with AirWatch we deliver true protection for mobile devices by addressing security at multiple levels: device security, network security, and application security.
Trying to find advanced, targeted attacks can be an exercise in frustration, akin to finding a needle in a haystack. With so many potential threats traversing your network, how do you know which ones to pay attention to – and what actions to take to prevent damage?
It’s a challenge faced by security practitioners each day, who are overwhelmed by security data and alerts from a variety of intelligence sources and third-party contributions. The problem isn’t a lack of data, but finding the events important to your organization, often in the intelligence you already have available. No one wants an attack to pass through, but there are simply too many “alerts” to follow up on.
At Palo Alto Networks we have been working with our customers to answer this challenge, and like everything we do, we envisioned how we could approach it differently. We weren’t going to introduce “yet another” threat intelligence service that only adds to the problem. We sought to transform the industry by solving the critical question of how you focus limited security resources on the unique attacks, from the hundreds of alerts you receive today. And then, how do you turn those prioritized indicators into real, actionable cybersecurity intelligence – not just a data dump from which you can’t draw real conclusions?
We are excited to bring you an answer. Today at Ignite 2015 in Las Vegas, Palo Alto Networks officially announced AutoFocus: an innovative cyber threat intelligence service that provides prioritized, actionable intelligence on the attacks an organization must respond to. Using AutoFocus, you receive intelligence in a context specific to your network and industry, including the unique threats targeting you or your industry, information on adversaries and how attacks fit into campaigns, with the tools to quickly investigate related indicators.
What do you gain with AutoFocus? True threat intelligence, which we define as the ability to take a more proactive and timely stance against advanced attacks to shut them down before attackers can achieve their ultimate objectives, and understand how to prevent them in the future.
How AutoFocus works
The AutoFocus service gives security practitioners access to intelligence derived from an ever-expanding ecosystem of the service’s users. Through this approach, it provides:
Priority alerts — Prioritized alerts of targeted, advanced attacks based on statistical analysis, human intelligence from Unit 42, and tagged indicators from a customer’s own network, as well as a global community of security experts using the AutoFocus service.
Attack context — Web-based dashboard providing the tools to quickly investigate the context of attacks, adversaries and campaigns, and distinguish targeted attacks from commodity malware.
High-fidelity threat intelligence — Analysis across millions of samples and billions of file artifacts from a rapidly growing pool of over 5,000 global enterprises, service providers and government organizations routinely targeted by advanced, customized attacks.
This is a true advantage in the cybersecurity battle, sourced from the collective insight of all users. It’s not just you against advanced attacks — it is all of us working together in a highly coordinated manner.
Palo Alto Networks is now accepting applications from current customers interested in evaluating AutoFocus through a limited-time Community Access program. We invite you to learn more about AutoFocus, and submit an application for Community Access, by visitingwww.paloaltonetworks.com/autofocus. General availability of AutoFocus, including full details on subscription pricing, will be in the second half of 2015.
AutoFocus is one of our big announcements this week at Ignite 2015 in Las Vegas. Follow along over the next few days to learn more about all our Ignite news, from the launch of Traps 3.2 to the latest milestone in our integration with VMware and this year’s honorees in the Cybersecurity Canon.
