How does the Palo Alto Networks Next-Generation Firewall prevent threats?
The Palo Alto Networks Next-Generation Firewall protects and defends your network from commodity threats and advanced persistent threats (APTs). The firewall’s multi-pronged detection mechanisms include a signature-based (IPS/Command and Control/Antivirus) approach, heuristics-based (bot detection) approach, sandbox-based (WildFire) approach, and Layer 7 protocol analysis-based (App-ID) approach.
To view a list of Threats and Applications that Palo Alto Networks products can identify, use the following links:
Applipedia—Provides details on the applications that Palo Alto Networks can identify.
Threat Vault—Lists threats that Palo Alto Networks products can identify. You can search by Vulnerability, Spyware, or Virus. Click the Details icon next to the ID number for more information about a threat.
When it comes to the use of technology decision making, the stakes for the business have never been higher. Investing in the right technology at the right time can very often mean direct competitive advantage to the business. Investing poorly, at the wrong time, or not at all (especially when competitors do so) can instead mean the business operates at a disadvantage relative to peers and competitors.
At the same time, the time window that organizations have to consider the options available to them is decreasing. It seems like digital trends and new technologies arise quickly and appear from seemingly out of nowhere, leaving organizations relatively little time to evaluate trends, understand the risk and rewards, and make an informed decision about investment. And, as we know, making an informed decision about value and risk tradeoffs for any technology or digital trend can be complicated. We need to consider business value added, new risks introduced (and old risks potentially mitigated), cost of the investment, possible disruption to business teams and numerous other factors.
To help with these challenges, ISACA is making a new resource available: ISACA Insights. The purpose of Insights is to identify the most impactful digital trends that organizations should consider in their strategic decision making:
Big data analytics
Mobile technologies
Cloud computing
Machine learning
Internet of Things
Massive open online courses
Social networking
Digital business models
Cybersecurity
Digital currency
Insights consists of a top 10 report describing the high level trends in business-accessible language and supplemental individual trend reports highlighting specific trends with an eye to overall organizational risk and value. Because the reports are short and business-accessible rather than technical, they are easily understood by those on either the technology or business side of the organization. They can be used as a discussion aid between business and technical teams—for example, to help business teams understand the risk impact of a particular trend or to help technical teams understand the business value drivers that might be driving interest in a particular trend or technology area.
Over the next few weeks, ISACA will be looking in depth at some of the information outlined in these reports and some of the risk, value and security implications of each of the top trends. Making a holistic decision about the risk vs. reward associated with investing in any particular trend means understanding both sides of the risk equation—the value to the business in adopting, the potential business risks associated with failing to adopt, as well as the technical risks that can be introduced when adopting these trends.
I encourage you to view the report on the top 10 trends, as well as the more in-depth reports on each of the top four trends. All are free at www.isaca.org/isaca-insights.
Ed Moyle Director of Emerging Business and Technology, ISACA
In this latest of our lightboard sessions, Joerg Sieber maps out important updates to Panorama and how you can simplify policy and device management without sacrificing good data or business productivity.
I have been negligent. The last time that I published an update to the Cybersecurity Canon Project was when we announced the 2015 inductees at Ignite back in April. Since then, we have been busy, and I am happy to announce that we are kicking off the 2016 Cybersecurity Canon inductee season in style by announcing this year’s slate of committee members. They are:
Christina Ayiotis: Co-Chair, Georgetown Cybersecurity Law Institute
Robert Clark: Cyber Law Professor at the United States Military Academy
Rick Howard: Palo Alto Networks CSO
Brian Kelly: Quinnipiac University CISO
Dawn-Marie Hutchinson: Comm Solutions Company CISO
Hannah Kuchler: Journalist, Financial Times
Neena Lakhani: Marketing Manager at Data Integration
Jon Oltsik: Sr. Principal Analyst, Enterprise Strategy Group
Dan Ragsdale: Program Chair, Cyber Center of Excellence, Texas A&M
Ben Rothke: Senior eGRC Consultant at Nettitude Group
Steve Winterfeld: Nordstrom Bank ISO
For the newbies in the crowd, a canon is a list of collected works that the applicable community has accepted as genuine. The Cybersecurity Canon project is an effort to identify all of the cybersecurity books that we, as a community of professionals, should have read by now.
We set up the project similarly to the Baseball Hall of Fame. Like the Baseball Writers’ Association of America, the cybersecurity community — that’s us — suggests titles that should be considered as candidates for induction into the Canon. They do that by writing a review of their book and making the case on why the book should be accepted as a candidate. Anybody can write a book review for his or her favorite books.
The Cybersecurity Canon Committee considers each review on merit and decides whether or not the reviewer made a strong enough case to include the book on the candidate list. If so, we add the book and the book review to the Canon page (click on the book covers to read the review).
Today, we have roughly 25 books on the candidate list, including both fiction and non-fiction. Candidate books in the non-fiction category range in topics from crime to espionage, hacktivism, warfare and technical. Candidates in the fiction category qualify if the story the author is telling contains cybersecurity elements that are true or possible. The Committee estimates that there should be at least 125 books on the candidate list at any given time. That is where you come in.
If you have a favorite book that you think everybody in our community should have read by now in order to be a complete cybersecurity professional, get cracking on that book review. This web page describes the criteria for what the committee is looking for in a book review.
Sometime at the beginning of calendar year 2016, we will open the candidate list for community voting. In other words, you get to vote on which books we induct into the Canon for 2016. So far, we have inducted these five books:
“We Are Anonymous” by Parmy Olson
“The Cuckoo’s Egg” by Clifford Stoll
“Countdown to Zero Day” by Kim Zetter
“Spam Nation” by Brian Krebs
“Winning as a CISO” by Rich Baich
Most of the authors came to Las Vegas to receive their award during a ceremony on the main stage at Ignite, the annual Palo Alto Networks customer conference. They then participated in a breakout session where committee members interviewed each on stage. It was fantastic!
The 2016 inductee season is officially underway. Please help us grow the Cybersecurity Canon project by reviewing the candidate list, sending me suggestions for other titles that should be there, and, most importantly, writing your own reviews for the books that should be on the candidate list. In the meantime, I will keep you updated throughout the year as we add more titles and get closer to opening up the voting process for 2016 selection.
As more organizations incorporate Amazon Web Services (AWS) into their data center architectures, the value of immediate access to complete computing environments becomes apparent. In a matter of a few minutes, AWS customers can scale their data centers to address seasonal spikes in computing demand driven by the nature of their business, while preserving the agility and resiliency they sought when choosing AWS in the first place.
Security has to keep up. That’s why our VM-Series for AWS can be deployed on-demand with your new AWS projects.
VM-Series for AWS Usage-based Licensing
Our recently released PAN-OS 7.0 introduced the ability to select and purchase a predefined VM-Series for AWS bundle directly from AWS on either an hourly or annual subscription basis. AWS users can choose from two bundles, both of which include a VM-300 firewall, subscriptions and support as shown in the table below. (Note that the VM-Series for AWS bring-your-own-license model is also still available.) See descriptions of the available bundles here.
But Wait, There’s More!
The new licensing model allows us to take advantage of the AWS Free Trial and Test Drive programs, which enable you to gain hands-on experience with the Palo Alto Networks VM-Series firewall in an AWS environment.
Free Trial: Select from one of the two available bundles and deploy them in your AWS account for 15 days. At the end of the 15-day period, you can choose to continue with a usage-based subscription (hourly or annual) or select the BYOL option and chose the options that best fit your needs. You can launch a Free Trial here.
Test Drive: Available as of June 29, the VM-Series for AWS Test Drive provides you with a guide tour of the VM-Series though the use of hands-on lab exercises. Lasting roughly an hour, the Test Drive allows you to build policies, troubleshoot, execute a simulated attack than is then blocked and perform forensics. You can take a Test Drive here. Once your Test Drive is complete, you can chose which licensing option, BYOL or usage-based best fits your needs.
Both of these AWS programs allow you to gain hands-on experience with the rich set of features that the VM-Series for AWS provides.
See us at upcoming AWS Summits
As they say at Apple, One. More. Thing. We’ll be participating in some of the upcoming AWS Summits this week and next week so come see Palo Alto Networks if you want to hear more about how we can help you protect your AWS environment with our next-generation firewall functionality including:
