Healthcare organizations are targeted by some of the most advanced cyber adversaries and malware. The newest release of the Palo Alto Networks Next-Generation Security Platform, PAN-OS 8.0, is now available and introduces new features and enhancements that will help stop advanced cyberthreats within healthcare organizations. I’ll outline a few of them here:
1). New credential theft protection: You can now detect phishing attacks and choose to block or allow your users from submitting their credentials to websites based on the site’s URL category. There are four new features that safeguard enterprise credentials that provide an entry point for attackers to access your healthcare network.
Feature 1: Administrators can prevent users from submitting enterprise credentials to malware and phishing sites.
Feature 2: Administrators can prevent users from submitting enterprise credentials to unknown sites. Let’s say, for example, that one of your users received a convincing phishing email that encourages them to log in to a phishing website that’s just been created solely to target your healthcare organization. The site would be categorized as “unknown” in the URL filtering capability of the Next-Generation Firewall, since it was just created. The new credential theft protection in PAN-OS 8.0 would detect that an internal user is attempting to post their enterprise credentials to a site categorized as “unknown” and block it.
Feature 3: Administrators can explicitly enable users to submit credentials to specific external corporate sites.
Feature 4: The WildFire phishing verdict now classifies phishing sites, sites disguised as legitimate websites that aim to steal sensitive information, separately from malicious sites. The newly‐discovered phishing sites that WildFire identifies are also rolled into the PAN‐DB URL category for phishing every five minutes, which enables you to block access and corporate credential submissions to phishing sites.
2). WildFire makes malware evasion more difficult: WildFire now runs on an all-new custom hypervisor. Adversaries have perfected anti-analysis techniques to evade detection. This makes working on evasion techniques highly profitable for cybercriminals because they can be used to target a wide variety of systems. WildFire now runs on an all-new custom hypervisor to analyze and prevent the most evasive threats, making the business of anti-analysis techniques financially unfeasible.
WildFire now offers bare metal analysis: Malware has become increasingly adept at recognizing when it is being analyzed in a virtual environment and attempts to prevent further analysis. WildFire now adds an advanced bare metal analysis capability, allowing detection and analysis of even the most evasive malware.
3). MineMeld is now integrated into AutoFocus: Previously a separate (free) add-on, MineMeld is now natively integrated into AutoFocus. This empowers AutoFocus with the ability to consume multiple external threat feeds and automatically convert any third-party threat intelligence into enforceable prevention (aka blocking) at the next-generation firewall. This is really powerful because in most security architectures, even outside of the healthcare industry, it was not technically possible to automatically create block rules on your firewall based on incoming threat intelligence subscriptions. Now you can.
4). WildFire now automatically generates C2 signatures: Not only are we able to automate the detection and blocking of command and control (C2) URLs in this release, but we are also able to automate the detection and blocking of “payload-based” C2 signatures. This was previously performed manually by a team at Palo Alto Networks. Where previously the team created dozens of C2 signatures based on malware seen in WildFire over the course of a few days, now WildFire automatically enables the creation of thousands of signatures. This means it’s even more likely that a C2 URL in that phishing email one of your doctors received this morning will be blocked automatically.
5). Panorama is now significantly faster and offers flexible log ingestion: Panorama has an improved log query and reporting engine to enable a significant improvement in reporting and log querying capabilities. The log storage format is revamped, and on upgrade, your existing Panorama logs can be migrated to the new format. You can also import logs from other sources, starting with Traps advanced endpoint protection, for better correlation, visibility and control across the platform.
6). New VM-Series models offer wider deployment flexibility: The VM-Series virtualized next-generation firewall has been optimized and expanded to deliver App-ID enabled throughput that ranges from 200Mbps to 20Gbps across five models, both of which are industry-leading metrics. The VM-Series models include:
- The new VM-50 is optimized to consume minimal resources yet deliver up to 200Mbps of App-ID enabled firewall performance for customer scenarios that range from virtual clinic/customer premise equipment (CPE) to high-density, multi-tenancy environments.
- The VM-100 and VM-300 have been optimized to deliver 2x and 4x their existing performance with 2Gbps and 4Gbps of App-ID enabled firewall performance for hybrid cloud, segmentation, and internet gateway use cases.
- The new VM-500 and VM-700 deliver an industry-leading 10Gbps to 20Gbps of App-ID enabled firewall performance respectively and can be deployed as network functions virtualization (NFV) security components in fully virtualized data center and service provider environments.
And those are just some highlights. There are many more improvements and new features in PAN-OS 8.0 that I didn’t list here, but these are the top ones that I think will directly benefit healthcare organizations.
[Palo Alto Networks Research Center]