Year: 2017

Posted on

CrashOverride/Industroyer: Protections for Palo Alto Networks Customers

This week, the Industrial Control System (ICS) community was again abuzz after reports of a new ICS-specific malware researchers are calling CrashOverride or Industroyer. Several reports indicate that CrashOverride or Industroyer could be the tool used in the December 17, 2016 power outage in the Ukraine.

It’s imperative that ICS/SCADA environments adopt next-generation cybersecurity capabilities to prevent and mitigate malware threats such as CrashOverride. Below we describe protections in place for Palo Alto Networks customers.

Protections with Palo Alto Networks

CrashOverride/Industroyer prompts several questions from our ICS user base. Here’s how our customers are protected:

  1. WildFire – As of June 14, our WildFire database had 9 samples of CrashOverride/Industroyer. These samples included payloads covering functionality for various phases of the attack lifecycle including Reconnaissance, Remote Access, Loss of Control (ICS modules), and Destruction (Wiper). All samples were determined to be Malware by WildFire.Bottom-line: if this malware enters a customer’s WildFire-protected network, it will be quickly flagged as malware and new protections for stopping the payload and C2 communications will be created and shared automatically.
  2. Threat Prevention – We highly recommend WildFire for the most rapid network-based protection from zero-day attacks. However, users who don’t have that can use our Threat Prevention service to stop known payloads, exploits, and communications associated with CrashOverride/Industroyer, applying Threat Prevention profiles in firewall policy. Anti-virus signatures are now available for the known variants of CrashOverride/Industroyer and can be applied to provide protections.
  3. AutoFocus – Our threat intelligence tool, AutoFocus, currently has a tag for CrashOverride/Industroyer (“Industroyer”) which includes IoCs from the ESET and Dragos reports. Users of the AutoFocus service will be able to use these tags to quickly correlate their network traffic with the aggregate threat intelligence for CrashOverride/Industroyer in the Palo Alto Networks threat intelligence cloud then prioritize their incident response activities as needed.
  4. MineMeld – MineMeld is an open source tool that allows user to aggregate, enforce and share threat intelligence. For example, some customers aggregate intelligence feeds from E-ISAC, Palo Alto Networks and other third-party intelligence services then automatically update enforcements on the Palo Alto Networks Next-generation Firewall to block known bad IP addresses via Dynamic Block Lists.You can similarly leverage MineMeld to simplify and automate the process of translating future intelligence you get on CrashOverride/Industroyer to enforcement on your security devices.
  5. Traps Advanced Endpoint Protection – If one of the CrashOverride/Industroyer payloads were to somehow make its way directly to the endpoint, say via a USB device or via another host on a flat network, Traps will be able to submit the file to WildFire. Given that CrashOverride payloads have “Malware” verdicts, it will not be executed per the WildFire protection module.
  6. ICS Protocol Visibility and Control – Our next-generation firewall also has the capability to identify and control ICS-specific network protocols via App-ID technology as well as via zone protection profiles. This capability can be used to whitelist and blacklist protocol traffic even to the command level for some ICS protocols. Where relevant, User-ID can be coupled with App-ID to monitor and control role-based access.

To learn more about the Palo Alto Networks platform and its use cases for ICS/SCADA, please take a look at our white paper “Security Reference Blueprint for Industrial Control Systems”.

[Palo Alto Networks Research Center]

Posted on

Collaborating with Girl Scouts of the USA for First-Ever National Cybersecurity Badges!

Professionals of the future will contend with cybersecurity challenges unprecedented in scope and sophistication. Girl Scouts of the USA and Palo Alto Networks recognize that we all must work together to solve these challenges by creating the innovative cybersecurity problem solvers of tomorrow, which means educating today. Building interest in STEM at a young age is crucial. According to the Computing Technology Industry Association (CompTIA), 69 percent of women who do not have a career in information technology cited not knowing what opportunities were available to them as reasons they did not pursue one.

Today we are extremely excited to share that Palo Alto Networks will be working with Girl Scouts of the USA (GSUSA) to deliver the first-ever national cybersecurity badges for Girl Scouts  in grades K–12. Girl Scout badges are insignia Girl Scouts earn and display on their uniforms to demonstrate mastery of a given topic. Working with a panel of expert cybersecurity advisors from Palo Alto Networks and other organizations, GSUSA and Palo Alto Networks are developing a series of 18 cybersecurity badges. We expect to roll out the first of these badges in September 2018.

Our goal is simple: We will provide cybersecurity education to over a million girls throughout the United States while helping them to develop their problem-solving and leadership skills.

For more:

[Palo Alto Networks Research Center]

Posted on

Announcing GlobalProtect Cloud Service: Consistent Protection Delivered to Remote Networks and Mobile Users

Today at Ignite 2017 in Vancouver, we announced GlobalProtect cloud service, a new cloud-based security infrastructure managed by Palo Alto Networks that allows you to deploy consistent next-generation security to your remote networks and mobile users using Panorama management.

The old ways of thinking about perimeter security are just that: old. Organizations often have many remote locations, users are way more mobile, and commonly used applications – formerly located behind the safety of the corporate firewall – have migrated to the cloud as SaaS applications or to such infrastructure as Amazon Web Services and Microsoft Azure. GlobalProtect cloud service addresses all of these fundamental trends.

Typical approaches to securing remote networks and mobile users, such as backhauling traffic to the corporate network or using multiple point products, are difficult to manage, costly and inconsistent when it comes to security policy and protection. Years ago, we began to solve these challenges with GlobalProtect network security for endpoints, which extends the protection of next-generation security to your remote locations and mobile users. Now, GlobalProtect cloud service operationalizes the deployment of consistent security to remote locations and mobile users.

Based on the entire suite of our Next-Generation Security Platform features, GlobalProtect cloud service is managed by Panorama, allowing you to create and deploy consistent security policies across your entire organization. To consume GlobalProtect cloud service, you will use Panorama to onboard remote networks and mobile users, and then create and deploy security policies as needed.

Remote networks will connect to GlobalProtect cloud service via an on-premise IPsec VPN-capable device, or through one of our technology integration partners that support SD-WAN or IPsec VPN connectivity options. Remote networks will have protected access to corporate resources, SaaS applications and other web applications. Mobile users will utilize the GlobalProtect app on their device to connect via an IPsec or SSL VPN connection and be granted similar protected access.

GlobalProtect cloud service uses a shared ownership model in which Palo Alto Networks manages the security infrastructure, and you manage security for your remote networks and mobile users. With GlobalProtect cloud service, you can reduce the operational burden associated with deploying security to remote locations and mobile users, and move your security expenditures to a more efficient and predictable operational expense (Opex) based model – right-fit for the era of cloud.

To learn more:

[Palo Alto Networks Research Center]

Posted on

Accelerating Security Innovation: Introducing the Palo Alto Networks Application Framework

At Palo Alto Networks, we strive to provide the most compelling security to our customers, delivered with the utmost consistency across the network, endpoint and cloud. We are trusted by more than 39,500 customers to protect their organizations, prevent cyberattacks, and help maintain trust in the digital age. Our decade-long journey was founded on two words: innovation and disruption. The time has come to once again help change the future of the security industry, but this time we aren’t forging the way by ourselves – we are building on everything we have done and dramatically changing the consumption model for the most comprehensive security achievable. It is time to unleash security innovation, entrepreneurship and better protection for our customers.

The Palo Alto Networks Application Framework, announced today at our Ignite 2017 conference in Vancouver, reinvents how our customers rapidly adopt the most compelling new security technologies, consumed via cloud-based apps developed by any provider, large or small.

The framework is built on top of the Palo Alto Networks Next-Generation Security Platform, allowing our customers to access, evaluate and adopt the most compelling new security technology, as an extension of the infrastructure they already own and operate. These apps can be built by us, by third-party partners, by MSSPs and by customers directly to solve any use case imaginable.

It’s time to elevate this discussion beyond the level of individual products and vendors. Now, customers can embrace the technology they need to keep up with the ever-changing threat landscape, not make security decisions based on the typically large upfront ROI risk and cost of deploying and managing new hardware. It is not reasonable to ask security teams to differentiate workflows and derive actionable next steps from a mountain of threat intelligence, throwing manpower and new products at the challenges, only to find the next day that the threats and specific resource needs have once again shifted.

The answer is to drive a level of innovation that is at least as speedy, flexible and adaptive as attackers themselves. Our journey here is beginning, but we can’t do this alone. Delivering on this promise takes an entire community of developers and entrepreneurs to solve the most challenging security use cases facing our customers today.

Meet Our Community

As of today, more than 30 security industry vendors have committed to developing applications for the Palo Alto Networks Application Framework, including the following:

Accenture
AlgoSec
Anomali
Aruba, a Hewlett Packard Enterprise company
Attivo Networks
BlackStratus
Booz Allen Hamilton
Carbon Black
CrowdStrike
ExtraHop
Fidelis
FireMon
ForeScout
FourV Systems
HYAS
IBM
Phantom
PhishMe
Portnox
Proofpoint
ProtectWise
Recorded Future
SafeBreach
Schlumberger
SecurityScorecard
Siemplify
Sift Security
Sisense
Splunk
Sqrrl
Swimlane
Tanium
Telstra
Tenable
ThreatQuotient
Tufin
Wandera

Become an Application Developer for Palo Alto Networks Application Framework

Today we also announced the formation of a $20 million security venture fund. The fund will provide early stage capital investments to fuel development of innovative security applications. The fund expects to collaborate with Greylock Partners and Sequoia Capital to identify and evaluate innovative security applications for potential co-investment. Prospective developers can sign up for review by our Corporate Development team and VC partners here.

Learn More

You’ll be hearing a lot from us in the coming weeks and months about the Palo Alto Networks Application Framework and everything our community is doing to support it. Regularly here on the blog, we’ll be profiling the industry vendors who have signed on to be part of our vision – and how they plan to support it. Plus, there will be plenty of opportunities to engage with us as we anticipate full availability of the framework in early 2018.

For more:

[Palo Alto Networks Research Center]

Posted on

The Power of Leading From the Front: Encouraging Industry-Wide Diversity and Inclusion

At Palo Alto Networks, we believe a diverse and inclusive culture with people of different backgrounds, thoughts and ideas is instrumental in finding the most creative and effective solutions to the toughest cybersecurity challenges organizations around the world face today. This belief is an essential underpinning to achieve our mission of protecting our way of life in the digital age.

We have made significant strides in this mission, not just in the development of our next-generation security technology, but also in initiating industry collaboration by bringing together partners and competitors alike as a founding member of the Cyber Threat Alliance (CTA), coming together to share threat intelligence information in a coordinated effort against cyber adversaries. This is one example of how we have led from the front to further our mission for the greater good with marked success.

Now, in an effort for Palo Alto Networks to continue to lead from the front, I am honored to take part in the CEO Action for Diversity & Inclusion pledge, which I believe will be instrumental in encouraging industry-wide collaboration to encourage increased diversity and inclusion in workplaces across industries. This initiative aims at rallying the business community to cultivate a trusting environment where all ideas are welcomed, and employees feel comfortable and empowered to discuss diversity and inclusion.

Speaking from experience, we know this must not be just a pledge on paper; it requires active participation, and we are pleased to have some progress already underway to share. For example, the Palo Alto Networks Women’s Networking Community, founded by several female leaders at our company, provides career development, inspiration and networking opportunities for women across and beyond the company. The goal is to create a community that supports and fosters the development and achievement of women. We have seen consistent growth in membership and, as of May 2017, have over 300 active members.

As part of the White House’s Joining Forces initiative last year, we pledged to train 400 veterans and transitioning service members over the next five years. We believe vets are well-suited to transition into cybersecurity because their service gives them skills that make them uniquely qualified. As one of our veterans’ initiatives, we partnered with the organization VetsInTech to assist veterans transitioning into the private sector through cybersecurity education and training.

Whether through our own programs or alliances with larger initiatives like the CEO Action for Diversity & Inclusion pledge, we are committed to the development of these professionals and, in particular, underrepresented groups.

We look forward to continuing efforts in our own organization, participating in the initiatives’ dialogues and sharing best practices to continue encouraging diversity and inclusion initiatives across industries – and to lead from the front.

[Palo Alto Networks Research Center]

English
English
Exit mobile version