//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Guest Post: When There is No Magic Box, Try the Magic Sauce for Near 100 Percent Security


PANW-New-Logo-3

We are pleased to welcome guest blogger Lars Meyer of Consigas. Based in Dublin, Ireland, Consigas is a Palo Alto Networks Elite Authorized Training Center that specializes in consultancy and virtual training.

The whitepaper from the SANS Institute “Beating the IPS” shows that any Intrusion Prevention System from any vendor can be evaded. The same is true for any other threat prevention techniques from classic AntiVirus to newer technologies like Sandboxing as none of them provide total security on their own.

The good news is that hackers face exactly the same challengeas there isn’t a single attack technique that allows them to accomplish their final objective, of exfiltrating data or taking control of IT resources for criminal activity. Nowadays an attack is a sophisticated, stealthy and continuous process, compromised of a chain of multiple steps that an attacker has to successfully go through in order to accomplish his goal.

To achieve 100 percent security is not possible, but that’s not an issue as long as you keep your IT infrastructure defendable. A good analogy is the human immune system. A healthy lifestyle will keep us fit, but it doesn’t provide total protection from viral infections. However being sick isn’t the end of the world as long as the body is able, or with medical intervention,enabled to effectively defend itself and mitigate the impact of the infection. There is however a big difference between humans and an IT system. We know when we feel sick and we instinctively know when to go to the doctor. Getting this level of insight into an IT infrastructure is difficult, and at the same time there isn’t such a thing as a magic box which instinctively protects your network all on its own.

The solution is what I like to call the magic sauce, which is to put the right combination of threat prevention techniques together to make it close to impossible for an attacker to evade all of them. Palo Alto Networks Next-Generation Firewall isn’t a magic box either, but you can do magic with it if you use it in the right way, along with the other key components of the Palo Alto Networks security platform, including the Threat Intelligence Cloud and Advanced Endpoint Protection, and leverage its full potential.

For more information check out our Consigas blog post “Network Security Best Practices for Palo Alto Networks Next-Generation Firewalls” where we go through every single step of the Cyber Kill Chain to explain the most common attack techniques to infiltrate both data centers and end-user devices as well as the best practices to mitigate the attack.

[Palo Alto Networks Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 113,167 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,953 other followers

Twitter Updates

Archives

September 2015
M T W T F S S
« Aug   Oct »
 123456
78910111213
14151617181920
21222324252627
282930  
%d bloggers like this: