Gartner has just released its latest Magic Quadrant for Enterprise Network Firewalls and once again named Palo Alto Networks a Leader. This marks the fourth consecutive year that Palo Alto Networks has been named a Leader, a designation shared only with Check Point. All other vendors were named either Challengers or Niche Players in Gartner’s four-quadrant system. I invite you to download the report at http://connect.paloaltonetworks.com/gartner-mq-2015.
At Palo Alto Networks we have maintained a steadfast commitment to innovation. Just recently we introduced a disruptive new endpoint protection technology named Traps, and a new cyberthreat intelligence service named AutoFocus. These new innovations are not only a testament to that commitment, they’re proof points in our continued ability to execute. We believe this record of innovation and execution has moved Palo Alto Networks further along the x-axis within Leaders quadrant.
DISCLAIMER: This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available from Palo Alto Networks at http://connect.paloaltonetworks.com/gartner-mq-2015. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Thanks to everyone who’s joined us so far at RSA 2015. It’s been a lot of fun, and we’ve still got another day!
Palo Alto Networks cybersecurity experts – ranging from Nir Zuk and Rick Howard, to Ryan Olson and Scott Simkin, and many more – have been showcasing the importance of prevention. It’s not sufficient to simply detect and remediate; we help our customers protect their networks and make the cost of attack prohibitively high for cybercriminals.
This week has been busy for Palo Alto Networks at RSA, with breakout sessions from Rick Howard, Ryan Gillis, and Ryan Olson, focusing on the role of the CISO, cybersecurity legislation, and building a threat intel team. At the booth, we’ve had a packed house for sessions on mobile security, advanced attacks, endpoint protection, and more. And we capped it all off by treating our customers to the hottest after party at RSA last night.
The excitement continued today, with attendees packing our booth for hands-on demos of the Palo Alto Networks enterprise security platform, which enables organizations to prevent attacks before they occur. Presentations from our experts and partners continued to drive crowds to the booth. In fact, Nir’s presentation was so popular we added two encore presentations this afternoon.
Here’s a look at some of the action so far. And remember, stop by our booth (N4120) tomorrow for more presentations, giveaways, hands-on demos, and more!
Recently, ISACA announced the release of its free “Overview of Digital Forensics” white paper to illustrate the role of digital forensics as it relates to cybersecurity. Organizations need to discuss the role of digital forensics, even to those in non-technical roles. Without holistic consideration, there will not be data to utilize in a cybersecurity investigation.
Digital forensics is used in conjunction with other business areas to investigate issues such as insider threats. In 2014, insider threats composed up to 35 percent of information security incidents. Digital forensics and compliance becomes increasingly difficult if IT policies are not practiced as suggested under ISO 27001:2013 or NIST 800-53.
As mentioned in the white paper: In 2013, US President Barack Obama issued Executive Order (EO) 13636 to improve critical infrastructure cybersecurity. The National Institute of Standards and Technology (NIST) spearheaded this framework, along with international partnerships. ISACA’s COBIT 5 framework aids businesses in managing their systems, following the values embedded within the Cybersecurity Framework (CSF). This is another way to support digital forensics investigators.
Investigators also benefit from information sharing, especially indicators of compromise. These can be collected by network traffic, memory images, and from other host-based forensic methods. This “is the lifeblood of effective cyber defense and response. Pulling together this information allows defenders to identify anomalies or patterns and recognize dangerous activity before it can do significant damage,” as stated by the US Department of Homeland Security.
Below are a few tips on how everyone within a business can help defend against significant damage and help investigators.
Tip 1 : Enable logging and network monitoring. Network traffic logs are critical during a breach. If an endpoint appliance breaks, hopefully that company still has monitoring in place.
Tip 2 : Establish and follow through with record retention. The US State Department was in the news recently for a recent record policy mishap. No business wants to see its name in the news for either not having a policy or failing to comply with established procedures. Human resource (HR) record retention policies should be in place so that when needed, HR complaints and whistleblower allegations may be pulled. Always be court ready. Email servers should have backups and a deletion policy in anticipation of Freedom of Information Act (FOIA) or electronic discovery requests. For instance, any email deleted on a user’s machine should still be recoverable on the mail server, regardless of the host facility. Exchange servers have default settings that can be modified to fit the needs of an organization. Gmail and other business applications have similar settings as well.
Tip 3 :Establish standard operating procedures and images. Without standard baseline images for end-user systems (e.g., laptops, desktops, servers, mobile devices), digital forensic investigators may not recover security event logs. Security event logging does not occur by default, so this needs to be turned on by administrators. VPN and system event logs are helpful to determine a series of events, but every little bit counts towards a successful investigation. TSA-13-1004-SG from the US National Security Administration(NSA) dives into this topic in more detail.
As for the term cybersecurity, it is one of those multifaceted, sexy buzz words. It is appealing to both the bad guys and the defenders, but it is as broad as it is vague. Maybe you are interested in cybersecurity, but do not know where to begin. It is difficult to narrow down the breadth of information out there. You can start with an ISACA course or begin reading up on a topic of interest, beginning in the weeds then working your way out of the trenches. Some material you might find helpful includes:
Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization by Eric Cole Syngress Publishing (c) 2013 ISBN: 9781597499491
Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide by Laura Chappell (Author), Gerald Combs (Foreword) 2010 ISBN-13: 978-1893939998
Hacking Exposed 6: Network Security Secrets and Solutions by Stuart McClure, Joel Scambray and George Kurtz McGraw-Hill/Osborne (c) 2009 9780071613743
Handbook of Digital Forensics and Investigation by Eoghan Casey et al., Academic Press (c) 2010 9780123742674
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig, No Starch Press (c) 2012 9781593272906
Malware Analyst’s Cookbook: Tools and Techniques for Fighting Malicious Code by Michael Hale Ligh, Steven Adair, Blake Hartstein and Matthew Richard, John Wiley & Sons (c) 2011 9780470613030
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory by Michael Hale-Ligh, Andrew Case, Jamie Levy and Aaron Walters, John Wiley & Sons (c) 2014 9781118825099
You have seen cybersecurity in the news. PricewaterhouseCoopers’ Game of Threats illustrates it through gamification. Hackers expose it as an illustrious career path for a get rich quick scheme. We no longer question if an insider will steal data or an outsider will breach a network, but rather, when.
Businesses need to prepare themselves for battle, arming themselves with knowledge of how security works, training their team to understand threats in a realistic manner, and grabbing weapons to protect their information and reputation. Imagine the “battlefield” like a game of DotA or Magic the Gathering. The attacks do not stop. If businesses do not prepare beforehand, by investing and maintaining these weapons, they may not make it out alive.
Cyber Defense Magazine has named the Palo Alto Networks enterprise security platform as Best Enterprise Security Solution Product for 2015.
The representatives from the magazine stopped by the Palo Alto Networks booth, #N4120, atRSA 2015 to deliver the award.
Cyber Defense Magazine recognizes companies for their unique and compelling value proposition for their product and service. The natively integrated Palo Alto Networks enterprise security platform brings network, cloud and endpoint security into a common architecture, with complete visibility and control, ensuring organizations can detect and prevent attacks. This next-generation enterprise platform streamlines day-to-day operations and boosts security efficacy, and the one-of-a-kind, multi-layered defense model prevents threats at each stage of the attack kill chain. For more information on our award-winning Enterprise Security Platform, click here.
NSS Labs just released its latest Next-Generation Intrusion Prevention System (NGIPS) Test Report. As expected, the report recognizes the Palo Alto Networks Intrusion Prevention System (IPS) service for its strong security efficacy. Here’s a nice quote from Mr. Vikram Phatak, the CEO of NSS Labs.
“Exploits being used by Threat Actors in active campaigns are the most likely source of compromise that enterprises face every day. The Palo Alto Networks PA-5020 was the only product that blocked 100% of these live exploits during our test, and 98.8% against all exploits, earning a recommendation by NSS Labs for security effectiveness.”
There’s a lot of deep-level technical security information inside the report but I wanted to pull out a few highlights to give you a taste of what’s included. Of course I invite anyone to read through the detailed report, which is posted at http://go.paloaltonetworks.com/nss. And, as an aside, if you want to read a primer on how bad guys attempt to sneak past IPS systems, the NSS Report is an excellent starting point.
The NSS Labs NGIPS Test Report focuses on five specific areas – security effectiveness, performance, stability and reliability, management and configuration, and total cost of ownership. As Mr. Phatak points out in his quote, Palo Alto Networks has achieved an overall exploit block rate of 98.8%.
NSS Labs employs a number of tests in order to evaluate a product’s overall exploit block rate. The first grouping of tests taps into a library of over 1800 exploits that exercise different attack vectors, impact types, and older exploits to make sure vendors don’t age out signatures in order to preserve performance levels. For this first grouping of tests Palo Alto Networks successfully blocked 1852 of 1898 exploits to achieve an overall rate of 97.6%.
The next group of tests produced some results that I am particularly proud of. Mr. Phatak makes a reference to a live exploit test in his quote. This is a very interesting exercise that focuses on active threats and attack methods discovered by the NSS global threat intelligence network over the course of many months during the test window for the overall NGIPS evaluation of the Palo Alto Networks IPS service. In other words, these are exploits that each vendor must block without any prior testing or planning. During this time window, the NSS researchers hurled 613 previously unknown exploit at the Palo Alto Networks IPS service and the service blocked all 613. Palo Alto Networks is the only company that achieved a 100% block rate.
Other highlights include performance where the PA-5020 delivered 2.97 Gbps of NGIPS throughput, nearly 50% above our documented rate of 2 Gbps. And we cruised through all resistance to evasion, stability and reliability, and application control tests.
As a CSO, I look at these results as a strong testament to my long-held belief that prevention isn’t futile. With the right approach across people, process and technology, organizations can in fact prevent the bulk of advanced threats. While the focus of this particular evaluation is on our own IPS’s ability to block known exploits — which we clearly excel at – it is but one element of preventing known and unknown attacks down the attack life cycle that also includes stopping the delivery and installation of malware through malicious domains and URLs and foiling the establishment of command and control activity channels. This latest NSS NGIPS Test Report validates a key and essential component to the Palo Alto Networks system of systems approach and I am very proud.
