Day: June 9, 2015

Every vendor coming to market with a new security solution claims to provide better security, but none seems to solve the complexity created by multiple, independent point products that neither fully integrate nor work together in an automated way.

Combine that with enormous amounts of largely uncorrelated data – impossible to fully sift through, hampering response times — and you have operational gaps between where most organizations are and where they need to be.

Today, we’re announcing key updates to the Palo Alto Networks Security Platform intended to bridge these gaps, which we view as the following:

• First, there’s the gap between when a security alert is received and when action is taken. Organizations are inundated with data, but the data deluge won’t help if they can’t easily determine what’s minor from what’s major. The Target breach is a perfect example: the company had the data it needed to take action but it was hidden in mountains of other information. According to a recent Ernst & Young study, 33 percent of all companies are not even aware of how long it takes their organization to organize a response to a threat.
• A second gap is between what’s known and unknown. As the threat landscape grows increasingly complex, we are facing a growing number of unknown threats, and many security teams are struggling to keep pace. Discovering these threats quickly is crucial, but once discovered, security professionals also need to be able to quickly differentiate between the critical and the non-critical. The 2015 Verizon DBIR report found that 75 percent of all attacks spread from victim 0 to victim 1 within 24 hours. This is largely due to the slow detection rate of unknown threats.
• A third gap is between the idea of security and the implementation of security to prevent breaches. Networks are growing fast and complexity is increasing. Many companies have huge numbers of policies, many of them outdated, because the complexity of provisioning and managing a security network simply has become too overwhelming. According to AlgoSec, 64 percent of all organizations are consumed with complex security policies, reducing the effectiveness of operations. Streamlining the management process is a priority in closing this gap.

With new enhancements to PAN-OS 7.0, the Palo Alto Networks Security Platform helps close these operational gaps. All security teams should be able to quickly identify and take preventative action on threats of all kinds in various stages of the attack lifecycle and across any network segment, and that’s what our platform achieves.

Here are some of the enhancements we’ve made in PAN-OS 7.0:

• We are reducing response times from alert to action with visual and actionable data in the Application Command Center (ACC). Easy-to-use, interactive and customizable widgets enable customers to get to the bottom of an alert with just a few clicks.
• We are closing the gap of the unknown to known through discovery, by introducing automated multi-version application analysis in WildFire. And with the addition of malware classification by threat level, teams can better prioritize their threat response for quick preventative action when needed.
• Our new Automated Correlation Engine identifies and prevents compromised hosts in an organization’s network by correlating patterns to pinpoint malicious activity.
• We are closing the gap from policy to implementation with new streamlined management capabilities within Panorama. Template stacking and device hierarchy groups allow for the creation of security policies and device configurations that can be easily and appropriately applied to many next-generation firewall instances, physical or virtual, reducing the chances for human error and gaps in the policy or configuration.

There are many more enhancements in this release which focus on closing these operational gaps and helping you improve operations and security throughout your network. Watch this space over the next few days as we look at these enhancements in details.

For more information on PAN-OS 7.0, head to our resources page: http://go.paloaltonetworks.com/panos7

Joerg Sieber

[Palo Alto Networks Blog]

2011 was a watershed year for cyber attacks. RSA was hit in March, Lockheed Martin in May, and Lulzsec went on their rampage through Sony, Fox, PBS, Nintendo and even the CIA. It was also the year that the U.S. Government proposed a new approach to dealing with cyber threats that received little attention at the time, but has come to revolutionize how we tackle this problem today.

When we think about U.S. Government efforts in cybersecurity today, we often conflate these with ongoing efforts to reform the National Security Agency’s surveillance authorities. But we have long taken an approach to this problem that is more collaborative than confrontational. The Department of Homeland Security and MITRE’s 2011 Enabling Distributed Security in Cyberspace was the first official document to call for building an “ecosystem” in cybersecurity today. Rather than focus on the security of individual organizations, the proposed idea was that we should work as a community to address threats as they arose. By inoculating the community to these threats, we would only have to suffer the disease once before we all grew stronger.

DHS noted later that several principals defined achieving a secure ecosystem:

• Understanding of IT risks,
• Use of best practices,
• Validated identities,
• Interoperable technology, and
• Machine-to-machine threat information sharing.

To be honest, these principals were fantasies in 2011. Risks were poorly understood as low-level defacement by groups such as Anonymous received the same attention as incidents like the RSA breach.  Best practices were spread out over a range of competing technical standards that were meaningless to some industries and unpractical to others. Personal identifying information was scattered around every online vendor or cat video website you could visit. Security technology was a bolt-on model, not designed to intelligently manage itself or grow to new threats. And information sharing, not to mention machine-to-machine interaction, was largely done quietly in personal trust groups to stay out of the weary gaze of company lawyers who probably would not have approved.

I’d like to say that in 2015 the landscape is vastly different, but we have been too slow to achieve the vision of a secure cyber ecosystem. We have some of the principals in place here and there, but have yet to achieve the critical mass necessary to drain the swamp of low-level cyber threats and enable us to focus our energy on fighting the actual diseases.

Many of these goals, such as better understanding risks and following best practices, are finally getting some traction, but they require long-term cultural changes that will be realized over time. We can hope that one day, writing unsecure code will be as scorned as smoking at a daycare center, but today we have an opportunity to make big strides in interoperability and peer information sharing.

The “theory” goes like this. As Moore’s Law drives down the cost of computing power, cyber attacks will rise in number. And since the threat is asymmetric, an attacker only has to be right once to breach your system and cost you money, time and reputation. But automated technology that is natively integrated can change the economics of this fight.

Much of the cyber threat we face today is noise that can confound and distract human users. Automation helps clear away this noise and focuses humans on the most significant threats. Integrated systems that were built to work together can also be linked to information sharing repositories, like our WildFire Threat Intelligence Cloud. Large threat data sets makes them significantly more powerful as they learn to take action from attacks observed against other partners, building an almost biological response.

Beyond the new technology available to us today, our best chance of building this ecosystem is in the growing and enthusiastic response from members of commercial industries who are joining threat information sharing and analysis organizations. A recent Presidential Executive Order and guidance from the U.S. Department of Justice have given new life to these efforts. Even companies not in the security space, like Nike and Safeway, are joining together in groups like the Retail Cyber Intelligence Sharing Center. If we can link these trusted communities together to share cyber threat information in real time using standardized methods, the ability of everyone to detect and prevent cyberattacks strengthens exponentially. You can see an example of how Palo Alto Networks is proactively taking action by following the work we do sharing threat information with other major security vendors as part of the Cyber Threat Alliance.

The trust inherent in information sharing can be hard to earn, but we have to be willing to take action and drive collaboration when we can. Cultural changes required for the wide adoption of best practices and risk mitigation strategies will come slowly. However, we have an opportunity today to accelerate our ability to clear the weeds and strengthen our cyber ecosystem. By building bridges to increase information sharing and investing in the best technology available, we can keep humans focused on the endgame of, “a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future.”[1] We have already waited long enough.

 

[1] Enabling Distributed Security in Cyberspace, Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action, U.S. Department of Homeland Security, 2011,http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf

Davis Hake

[Palo Alto Networks Blog]