Unknown network traffic and the increasing volume of cyber threats carry enormous risks for organizations. The ability to detect unknown threats systematically, alert administrators effectively and prevent a successful attack defines the effectiveness of your security deployment.
While many security deployments, including unified threat management (UTM) appliances, can detect unknown threats, there are vast differences in the ways security deployments handle unknown traffic and threats to protect their customers — especially when it comes to making administrators aware of critical threats.
Most security teams are overwhelmed with the amount of data produced by security deployments. Having so many alerts means critical information is frequently hidden in mountains of less important data. As a result, it often takes too long to respond to alerts on critical threats.
Here are key questions to ask of your security deployments to determine its effectiveness in handling unknown threats:
- How is unknown traffic determined, and analyzed?
The Palo Alto Networks Next-Generation Security Platform is able to identify all applications, connect them with user names and analyze content. These three critical pieces of information provide powerful information to set effective security policy and prevent attacks.
- How does the network protect against unknown threats?
Palo Alto Networks WildFire is used to analyze unknown traffic and threats to provide categorization and protection – analysis that makes it one of the most powerful methods of detecting unknown threats. Every week, WildFire analyzes more than 20 million malware samples and identifies more than 200,000 unique new threats. These updates are protecting many customers within 15 minutes of detection.
- How is critical threat information prioritized and displayed?
Automated confirmation of compromised hosts across your entire network of Palo Alto Networks Next-Generation Firewalls happens with the automated correlation engine that can make logical connections between indicators of compromise. The automated correlation engine alerts administrators immediately if a compromised host has been detected. This significantly reduces the need for manual data mining to discover critical threats manually.
Actionable network and threat information is displayed in a highly visual, interactive and customizable user interface, called the ACC (Application Command Center) that enables the user to get answers to critical questions with just a few clicks for quick response.
Click here to learn more about the Palo Alto Networks Next Generation Security Platform or the ACC.
[Palo Alto Networks Blog]