Day: July 6, 2016

Posted on

NSS Labs Releases Data Center IPS Report – Recommends Palo Alto Networks

It’s exciting when we’re recognized in the market as the security vendor customers can count on to protect their users and their data. Now, we have a third-party report that publicly corroborates whatour customers have been saying: that Palo Alto Networks is effective when it comes to protecting the data center.

Today, NSS Labs published results from their 2016 Data Center Intrusion Prevention Systems (DCIPS) group test, and granted Palo Alto Networks their “recommended” rating. Most notable within our results report:

  • 100% effectiveness rating against all evasion techniques tested
  • 94.2% overall exploit block rate
  • Only 3 false positive triggers

I invite you to read through our report, and more importantly, look through the configurations used during this test.

NSS Labs’ test rules allow vendors to configure their devices before the test but not during, which means that vendors must configure products to account for both performance and security, as this is the typical balance most customers must make when deploying security products in the data center. We configured our PA-7050 for this test using the defaults that a large portion of our customers use every day to protect their applications, users, and data. We encourage you to review our test configurations so you can see for yourself how our PA-7050 managed to achieve 94.2 percent security effectiveness and 30 Gbps, and compare them to the test configurations of other vendors who participated for complete context behind the comparative results of this test.

Protecting the data center is not new for us – we’ve been protecting data centers around the world from threats for the better part of a decade by addressing multiple stages within the attack lifecycle. Today we have the PA-7000 Series NGFW: two massive chassis that address the increased traffic throughput requirements of large data centers and service providers without sacrificing security.

How do we accomplish this? We take advantage of every opportunity to identify and stop an attack in as few traffic scans as possible.

Exploitation makes up one stage of the attack lifecycle. As our security score shows, we do a great job blocking exploits at the network level. But we’re also excellent at blocking subsequent attack stages, such as malware installation and command-and-control (C2). What you may not know is that anti-malware and C2 protection is grouped in with our platform’s IPS capabilities, so our performance results on this test are indicative of security beyond the exploit stage against which it was tested. Along with exploits, our platform blocks malware and C2 communication without additional performance degradation, software, or appliances. This approach has been one of the driving forces behind Palo Alto Networks success in protecting the data center.

Attack surface reduction through complete visibility into the applications that comprise data center traffic and the ability to granularly control which applications you want to allow and what kind of content they’re allowed to bring into and out of the data center is critical in keeping threats at bay. When you combine this with identifiable users – not just IP addresses, but actual user names – you further limit the opportunity attackers have to infiltrate your data center by allowing only certain users and user groups to access certain data via certain applications. While the focus of this particular test is on our IPS’s ability to block known exploits – which we clearly do well – and not on attack surface reduction, Palo Alto Networks has long known that reducing the attack surface through these mechanisms is the first step in effectively securing data center assets.

This latest NSS Labs DCIPS test report validates not only that blocking attacks at the exploit stage is an important tactic in preventing them, but also that our prevention technology stands up tall against data center threats and traffic loads. We hope that in sharing our test configurations, we can provide valuable information to practitioners that will help them achieve a similarly strong preventive stance against evasions and exploits in their data centers.

Read the full NSS Labs DCIPS test report.

[Palo Alto Networks Research Center]

Posted on

Life (and Your Career) Is Not a Spectator Sport

Jackie Robinson, the world-famous baseball star, once said, “Life is not a spectator sport. If you’re going to spend your whole life in the grandstand just watching what goes on, in my opinion, you’re wasting your life.”

Your career and mine may not have the cultural significance that Jackie’s did, but how many of us accidently, or metaphorically, spend our lives or careers in the comfort zone of the grandstands? Watching and waiting for something to happen. We turn and talk to our fellow grandstanders about what “woulda, shoulda, coulda” been. They silently concur and resume watching, waiting.

“And then one day you find ten years have got behind you. No one told you when to run, you missed the starting gun.” –“Time” from the 1973 album Dark Side of the Moon by Pink Floyd

Some of the best, most rewarding things in our lives and our careers come in unexpected ways. We are taught that success and winning are everything. However, which one of two equally talented individuals learns more and works harder to improve:  the person who makes the game-winning play or the person who fails? The winner is carried off on teammates’ shoulders. The non-winner walks alone. The winner may have been skilled, a good guesser or simply lucky, but the “learning moment” is lost in the jubilation. The driven non-winner will be reviewing video, talking to coaches and working on being better.

“Champions aren’t made in gyms. Champions are made from something they have deep inside them-a desire, a dream, a vision. They have to have the skill, and the will. But the will must be stronger than the skill.” –Muhammad Ali

My point is this:  Who do you think comes back stronger? Which one steps out of the grandstand and pushes harder? Delivers more? My second and more important point:  which one are you? Do you join an organization or company and then metaphorically sit in the safety of the grandstands? Or do you actively jump in with both feet and participate by stepping out of your comfort zone?

And Now, a Short, But Related Story
I joined ISACA because a friend, the chapter president, asked me to help him do more with the local chapter. As a chief technology evangelist/CIO, it was not at the top of my list of organizations to join, much less be on its board. In my time running large IT shops, I worked closely with a lot of internal and external auditors—some good, some not so good. In my head, my confirmation biasthe tendency to search for, interpret, focus on and remember information in a way that confirms one’s preconceptions—kicked in, and I still saw ISACA as simply an “IT auditing” organization. It is a reasonable assumption that auditors have a similar opinion or bias toward IT professionals.

Over the first few months, while I familiarized myself with the global ISACA organization, its offerings and its direction, a funny thing happened. The people were very giving and sharing. They freely talked about the challenges of being “perceived as a burden,” a “tax collector,” and as “paper tigers.” They wanted to do their jobs as well as they could for their companies and clients. They were very open to understanding the perspective of a “recovering CIO.” Constructively, I gave them both barrels from the IT perspective. Instead of wincing or recoiling defensively, they leaned in and said, “How can we (IT, info sec, the business, and audit) work better together?”

Well folks, I have to admit, I am a sucker for anyone attempting to focus on the business or people side of the equation and work together for the betterment of the business organization. So, I jumped out of the grandstands, gulped down the Kool-Aid, and said,“Put me in, coach!” I became much more involved in several areas beyond those assigned to me. The personal growth was incalculable. Not only did I get some very fresh perspectives on stale thoughts, but I also gained a renewed sense of adventure. Yes, adventure with auditors! This new sense of adventure culminated in March when our chosen delegate to the 2016 ISACA Global Leadership Summit was injured and the chapter turned to me. My old reaction would have sounded a little like, “Um, let’s see…um…400 auditors you say?… three days?…oh, yeah, I just remembered…”

Instead, I went to the Lisbon event and found 400 chapter leaders from over 80 countries, all attempting to “make things better.” It was three days of work, but I met some really extraordinary individuals from around the globe. Their insights and approaches to challenges, challenges the normal American would never face, were simply inspiring. That combined with a global organization attempting to reinvent itself and address the needs of the new era by reaching out to professionals, members, etc., made the experience a truly rewarding one.

NONE of these great experiences would have happened had I sat and watched from the grandstands.

The meta-message:
Changing up US President John F. Kennedy’s famous quote a little, my advice is this:

“Ask not what an organization can do for you, but rather what you can do for the organization.”

Pick one organization inside or outside your comfort zone. Join. Contribute. Expand. Excel!

Editor’s note:  Blair Baker serves as 1903 Solutions’ chief technology evangelist, ghost-executive, catalystic optimizer, interdepartmental liaison, speaker and coach.

Blair Baker, Chief Technology Evangelist /CIO, 1903 Solutions LLC

[ISACA Now Blog]

Posted on

A Quick Update On Our LabyREnth CTF Challenge

Congratulations to those who solved an introductory challenge hidden in our initial LabyREnth announcement!

If you decode the binary in the Palo Alto Networks logo on http://labyrenth.com, you get the following ascii message:

“For reals yall. Has anyone really been far as decided to use XOR even go want to do look more like? You’ve got to even have been kidding me with this PAN. I’ve been further even more decided to use even go need to do look more as anyone can for Rules and even more than Prizes have been the Overviews. Can you really be far from Ordering even as decided half as much to use Digits go wish for that?”

This message gives you a clue about how to decode the rest of the binary code. If you notice, certain words are capitalized: XOR PAN Rules Prizes Overviews Ordering and Digits. If you take the binary from the digits in the countdown clock, in order from 0 through 9, and XOR them with the key PAN, you’ll get the URL for the Overview, Rules, and Prizes pages.

As you can see, we’ll be giving away $16,000 in cash prizes, and participation prizes for anyone that finishes a track or all of the challenges. We hope you enjoy the LabyREnth challenge!

The challenge will start on Friday July 15, 2016, at 4pm PST and will run until August 14, 2016, at 11:59pm PST.

Follow the countdown at LabyREnth, and check out the overview of the challenge. Information about the rules and prizes are also there, if you are clever enough to find them! We’ll announce updates here on the blog and through Twitter: @unit42_intel, @wartortell, and #labyrenth.

[Palo Alto Networks Research Center]

Posted on

Watch: Security Lifecycle Review

Discover which applications and threats are exposing vulnerabilities in your security posture using our Security Lifecycle Review (SLR). Learn how you can benefit from our comprehensive SLR report in this video by Scott Simkin, Senior Threat Intelligence Manager.

Additional Resources

[Palo Alto Networks Research Center]

Posted on

Prevention: Changing the Math of Cybersecurity Through Automated Defense

On June 21st our CEO, Mark McLaughlin, spoke in front of President Obama’s Commission on Enhancing National Cybersecurity. The Commission is holding open meetings around the country to hear from cybersecurity experts and gather input for a set of recommendations they are expected to announce in December. Mark was one of a handful of CEOs and technology officials from the Bay Area to present to the Commission at its conference focused on “Innovation for the Future of the Digital Economy.”

This Commission has its work cut out for them. Enhancing national cybersecurity is a massive challenge, and there are no simple, quick-fix solutions. Yet, it is a challenge that must be undertaken—and one that can be successful.

At the heart of the current cybersecurity battle is a math problem. Unfortunately, today, this math problem overwhelmingly favors our adversaries. Here’s why: The cost of computing power required for malicious actors to launch successful cyberattacks has been decreasing dramatically for decades. Coupled with the widespread availability of black market malware and exploits, our adversaries are able to conduct increasingly automated, successful attacks at little to no cost.

In the face of this automated onslaught, the network defender is generally relying on decades-old security technologies, often cobbled together as multiple layers of point products that are not designed to communicate with each other. This lack of automation and interoperability has become increasingly problematic as networks grow in complexity due to macro technology trends like the adoption of virtualization, software as a service (SaaS) technologies, cloud computing, mobility, and the internet of things. This increased complexity of enterprise architecture and independent security controls creates a dependence on one of the least scalable resources organizations have—people—to manually fight automated, machine-generated attacks. As defenders, we are simply losing the economics of the cybersecurity problem.

That’s why cybersecurity innovation must be focused on prevention.

Prevention means significantly decreasing the likelihood—and increasing the cost—of malicious actors launching a successful attack. We should not assume that attacks are going away or that all attacks can be stopped. The outcome we should strive for isn’t to eliminate all risk but to change the economics by making it more expensive in terms of resources, time and personal impact to launch a successful attack.

Innovative approaches—effectively applied to people, process and technology—can be one of the key principles in regaining leverage against our adversaries and achieving prevention.

First, we must develop technologies that work together seamlessly to enhance the security of individuals, enterprises, and the broader ecosystem. Simplification and automation are essential for making networks adequately defensible. Security technologies must be leveraged as part of natively integrated platforms, and capable of automatic reprogramming based on new threat information, to prevent threats across all stages of the attack lifecycle—on the network, in the cloud, and at the endpoint.

For example, Palo Alto Networks next-generation firewall customers around the world receive new preventive measures every five minutes – these average 1.1 MILLION new preventive measures week – based on the automated discoveries made by our WildFire advanced persistent threat detection capabilities. There is no way that people could manually generate this volume of prevention to keep up with the evolving threats seen across our base of 30,000+ customers.

To build upon such a platform, security technologies need to be fully integrated as part of a larger, global ecosystem. More specifically, this ecosystem must incentivize information sharing, leverage open source integration APIs, and develop interoperable technologies capable of automated security—including through partnership with complementary technologies from third-party companies.

We also need to ensure that our workforce is trained and leveraged with the right mix of automation. If we build our workforce development plans on a foundation of automated technology, we can ensure that we are recruiting and training people in a more targeted way for only those jobs that require a human’s sophistication and critical thinking. Absent automated defense, we are left with the impossible task of staffing every organization’s security operation’s center with tens of thousands of people simply responding to alerts of successful attacks. As our adversaries become increasingly automated, it is simply unscalable as a defense model to manually combat functions that could be more effectively addressed by automated technology.

Finally, we need to start educating children at the earliest possible age so that cybersecurity is fundamental. We must ensure that hands-on training with innovative security technologies is ingrained in educational curriculum. And we must leverage innovative technologies, like those that enable long-distance virtualized learning, to educate more people, and faster.

We applaud the tremendous work being done by the new Commission, and, as a company, were honored to be part of their deliberations. We hope if they only remembered one word from Mark’s presentation that it was “prevention.”

[Palo Alto Networks Research Center]

English
English
Exit mobile version