The speed and sophistication of modern cyberattacks mean security teams need tools that can keep up, from monitoring all aspects of the network, to maintaining security on a vast number of network-connected endpoints, and using actionable threat intelligence to detect and prevent new threats. With that in mind, today we’re announcing a strategic alliance with Tanium that will help security teams accelerate the process of threat detection and response with new levels of effectiveness, accuracy and speed.
Specifically, Tanium will integrate with Palo Alto Networks WildFire, receiving malicious indicators identified by WildFire to automatically assess every endpoint across an organization, confirm active cyber attacks as well as what systems are affected, and remediate those attacks — all within a matter of seconds. What’s more, the information that’s then provided by Tanium back to the Palo Alto Networks next-generation security platform means intelligence is shared among integrated systems, providing consistently better protection for an organization’s network and endpoints and preventing future attacks.
Palo Alto Networks and Tanium are at Black Hat USA 2015 in Las Vegas this week and will be showcasing our integrated solution. Come by Booth 119 (Palo Alto Networks) and Booth 1248 (Tanium) and see how we’re changing the economics of cyber attacks.
To GAP instructor John Sands, the next generation is everything. He has dedicated his career to teaching and creating programs that fill the cybersecurity education gap that persists today. His work has propelled the cybersecurity field forward by decades.
In addition to his role as GAP instructor, Sands is also the department chair for Computer Integrated Technologies at Moraine Valley Community College and co-founder for the National Center for Systems Security and Information Assurance (CSSIA), a GAP member since 2014. Early in his career, he recognized that schools and universities were lacking cybersecurity programs, let alone offering programs that could produce students who are equipped to meet the dynamic cybersecurity needs of the real world.
Nearly 20 years ago, Sands and his colleagues conducted studies to find out what was preventing schools from adopting security programs. They applied those findings to the curriculum at CSSIA and implemented hands-on labs throughout the program, and today, over 250 schools have duplicated their model. “To see the impact of our program is profound,” he reflects.
Despite all his impressive strategic work at the program level, he still loves teaching. “I love watching the first time students recognize what can be done with the tools (such as penetration testing) to their systems. Most people have no idea as to the level of risk we’re actually at. To take over a machine and interpret the data and do forensics helps students appreciate the seriousness of the situation. Once students grasp that, their whole approach to the class changes.”
A vocal ambassador for experiential learning, Sands has made it a priority to incorporate this element into his programs. He is a believer in the blended education-certification approach and talks to students constantly about the benefits of this holistic view. His is also a big advocate of outside measures that validate skills and of common benchmarks that students must live up to. He feels these things better prepare students for real jobs and gives them an advantage in the workplace.”
Regarding advice for the next generation, Sands teaches an orientation course in which he exposes students to all of the kinds of jobs that exist and the requirements for each, and he believes this kind of introduction to the field is essential. Most organizations want practitioners who can hit the ground running, so he counsels students to get experience in their classes. He says, “You need to be able to do things – not just talk about them. You also need to be able to demonstrate your knowledge.”
At CSSIA, they conduct a third-year student survey, and many students report that the key to their success is the amount of hands-on experience they leave the program with.
Sands asserts, “This is an extremely important field to get into. This is an important message to get out, especially to high school students. The opportunities in this field are just as good as in the medical and legal fields, and while there are many more lawyers than jobs, information security is suffering from a dire shortage of qualified professionals. We need bright minds to help protect our critical assets.”
So, what’s left for someone so driven and accomplished to do? A member of the U.S. Navy for six years, John is passionate about reaching out to underrepresented groups in the industry, especially veterans. He has created a one-year intensive program for veterans returning from Iraq and Afghanistan. They work with local companies, such as Cisco and Linux, who offer free vouchers for exams and guarantee jobs after veterans complete the program.
Sands comments, “If we just invest in veterans, the profession will benefit immensely. They bring so much to the table. I am amazed by how quickly we’ve been able to bring them through advanced training. We work closely with the Illinois Department of Veterans Affairs, which provides additional services to help veterans transition to a civilian career. It’s my favorite project.”
Through the Global Academic Program (GAP), (ISC)²® collaborates with an ever-expanding network of university partners to establish a joint framework for delivering essential skills to support the growth of a qualified information security workforce. For more information on the (ISC)2 Global Academic Program, please visit https://www.isc2.org/global-academic-program/default.aspx.
On July 31, the FDA issued an alert advising healthcare facilities to stop using Hospira’s Symbiq drug infusion pump due to a security vulnerability. Infusion pumps are used by medical facilities to automatically administer doses of medication to patients based on the amount specified by the caretaker. The vulnerability allows an attacker to change the doses of prescribed medicine and impact patient safety.
Multiple Hospira products have been in the hot seat this year due to similar security vulnerabilities. The US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued four different alerts for Hospira products this year, including their Symbiq, MedNet, Lifecare PCA, Plum A+ devices.
According to Billy Rios, the security researcher who discovered the vulnerability in one of Hospira’s devices, the pumps connect to the hospital network to download drug libraries used to control the upper and lower limits that the machine can safely deliver. The design flaw is rooted in the fact that the pump does not authenticate communications sent to it. This means that anyone with access to the same hospital network could potentially change the libraries and change the effective doses of medicine administered to the patient.
The ICS-CERT team has advised facilities to perform a risk assessment to determine the impact, and then mitigate the issue by either unplugging the impacted devices or, if they are absolutely necessary, change the default passwords on the devices and use a firewall to selectively monitor and/or block access.
Discoveries like these raise the question of what other medical devices that connect to hospital networks — and patients — are vulnerable to similar attacks. Is the firmware on all those devices up to date? Often medical devices are delivered to hospitals with accompanying vendor-provided Windows machines. Are those all up to date with security patches? Who is managing them? Many hospitals have thousands of medical devices and are now realizing that no one is keeping them up to date.
C-level leadership at healthcare organizations should ask their teams to develop shorter-term tactical and longer-term strategic plans to address the cyber security risks that medical devices present. Strong patch management processes that include medical devices, and network segmentation are the two core elements to the solution. A network segment that is dedicated specifically to medical devices can mitigate the risk of vulnerabilities and zero-days that have not been discovered yet.
Healthcare providers should focus on the following steps to address the cybersecurity risks that medical devices present:
Inventory all medical devices
Build an inventory of all medical devices
Determine which medical device connect to the network (wired or wirelessly)
Determine the business and IT owners for each medical device, and if they’re “unowned,” assign owners
Determine the patch management plan for medical devices
Decide which team is on point to update the medical devices (internal IT vs. a vendor)
Assess network architecture for medical devices
Create a dedicated medical device segment
Ensure the medical device segment is configured to block both inbound and outbound connections (unless specifically allowed)
Develop a plan to migrate medical devices to the medical device segment
This four-step plan could take months to execute, given the size and breadth of many healthcare organizations that have thousands of medical devices across many departments. But the most dangerous risks are those that we don’t yet know about or understand.
Healthcare providers: Assign some staff to wrap their heads around the security risks of medical devices in your environment and develop a plan to mitigate. Your patients will thank you.
Read more about how Palo Alto Networks can help protect healthcare organizations.
Want to keep up with the latest details of the Cybersecurity Canon? Follow @CyberSecCanon on Twitter and “like” the Canon Facebook page to read book reviews, find out what books are nominated, see what our committee members are up to, and more!
Also, don’t forget, we want to hear from you. Click here for more information on how you can be involved with the Canon and nominate your favorite cybersecurity book for inclusion in the candidate list.
Most security vendors talk about how their products are “business enablers,” rather than simply a line item in the budget. This is an admirable goal, but making claims is easy – delivering on them is what counts. The Palo Alto Networks customer count continues to soar to a large extent because of the business value that our solution delivers. Many customers prefer not to publically discuss which products and services they deploy, and that is sometimes the case with cloud providers as well. One such example of how the Palo Alto Networks Security Platform truly serves as a business enabler is worth noting because it is such a great illustration of the value we bring to the cloud.
A regional service provider in Asia Pacific asked for help enabling a new cloud services business they were launching. They had been providing traditional premises-based services, network connectivity, unified communications and hosting to their mid-market customer base. They had a strategic goal to become a cloud-based integrator. This would make their customers’ networks and operations more effective, improve performance, lower costs, and decrease the time to market for more products and services. In short, it would drive new revenue streams by improving business efficiencies for their customers. It would keep them competitive.
Security was a critical success factor for the initiative. Customers are understandably cautious about moving business-critical functions to a cloud service because of security concerns. They have plenty of questions and need lots of assurance. One of the main differentiators that our platform offered was the in-depth visibility and control the provider could offer their customers. This became a big selling point – customers would actually get a higher level of security by moving over to the cloud than they had with their legacy premises-based products.
The other key differentiator, that was a huge business benefit to both the Service Provider and their customers, was the ability to offer complete security services (e.g., URL, threat prevention, and remote access VPN), and the ability to use Panorama to onboard customers quickly and efficiently. Time to revenue is key in this business and our platform and management framework excelled in that respect.
The Bottom Line
Palo Alto Networks delivered everything the customer had hoped for when it made us a key element of their cloud business. In the words of the customer, “We got a complete platform in Palo Alto Networks, which is strategically very important to us, and it’s delivered in all the areas needed. We’ve gotten visibility into threats at the app level, and to see what users are doing. The fact that everything is integrated into one platform with one reporting interface – and that we can scale and onboard customers without any impact on performance, or the need for more overhead – is simply fantastic.”
