Month: February 2018

Posted on

Protecting Workloads on Google Cloud Platform with the VM-Series

One of three articles in a series about the VM-Series on: Google, AWS and Azure.

Organizations are adopting Google Cloud Platform to take advantage of the same technologies that drive the commonly used Google search engine and maps services. Business initiatives – such as big data, analytics and machine learning – deployed on GCP can leverage contextual data collected from billions of Google search engine data points. GCP offers a global footprint to allow you to quickly deploy enterprise-class applications and services.

Our VM-Series, deployed to protect workloads within a Google project, helps customers address their role in the shared responsibility model. GCP was designed with security as a core component and uses a variety of technologies and processes to secure information stored on Google servers. However, Google is very clear on where their security responsibilities end, and where the customer’s security responsibilities begin. As shown below, it is the customer’s responsibility to protect their operating systems packages and the applications they deploy.

Figure 1: GCP Shared Responsibility Model

 

That’s where the VM-Series on GCP, which we officially announced this month, can help. It complements Google Firewall by protecting your applications and data using a prevention-based approach:

  • Complete visibility and control: The VM-Series gives you complete visibility into the applications traversing your cloud deployment and the content within, malicious or otherwise. This knowledge allows you to deploy a more consistent, stronger security policy for inbound and outbound traffic to prevent known and unknown attacks.
  • Reduce the attack surface; limit data exfiltration: Using the application identity as a means of enforcing a positive security model reduces the attack surface by enabling only allowed applications and denying all else. Application usage can be aligned with business needs, extending to application functions as needed (e.g., allow SharePoint documents for all but limit SharePoint administration access to the IT group). In addition to controlling applications, policies can be enabled to block or generate alerts on file and data transfers, thereby limiting data exfiltration.
  • Prevent known and unknown threats: Applying application-specific threat prevention policies to allowed traffic can block known threats, including vulnerability exploits, malware, and malware-generated command-and-control traffic. Unknown and potentially malicious files are analyzed based on hundreds of behaviors. If a file is deemed malicious, a prevention mechanism is delivered in as few as five minutes. Following delivery, the information gained from file analysis is used to continually improve all other prevention capabilities.

To help eliminate security as a possible bottleneck, bootstrapping, the XML API and other VM-Series automation features, combined with GCP or Terraform templates, will allow you to embed next-generation security into your application development lifecycle. The VM-Series on GCP will be available in March 2018.

 

Learn More

Watch the VM-Series on Google Cloud Platform Lightboard

Read the VM-Series on Google Cloud Platform Deployment Guidelines

Visit the VM-Series on Google Cloud Platform resource page

[Palo Alto Networks Research Center]

Posted on

Mobile Android Is an Even Bigger Opportunity for Attackers Than Windows PCs

Mobile Android is now a bigger threat opportunity than Windows PCs – in terms of shipments, usage, installed base and the number of vulnerable targets.

According to Statcounter, at the end of 2017, the leading mobile operating system, Android OS, was the most used global operating system, surpassing usage of 17 other operating systems, including Windows. Android had surpassed Windows shipments a few years ago, reaching 1.9 billion by the end of 2017 – nine times the shipments of traditional PCs according to Gartner. There are now 2.7 billion Android-based smart devices in use, compared to an estimated 1.5 billion Windows devices.

Historically, cybercriminals simply did not have enough vulnerable mobile devices out there to make significant attacks worthwhile. That’s changed. Cybercriminals are in it for the money; and they look for the most vulnerable targets, in the greatest quantity, that will take the least amount of effort to breach and have the highest potential for monetary gain.

This building of mobile threat has been foreseen for some time. In 2006, roughly six months before the release of the first iPhone, Scientific American warned about the perils of mobile malware and noted mobile malware growth at that time roughly paralleled that of computer viruses in the first two years after the first PC virus, “Brain,” was released in 1986.

In 1988, computer experts dismissed viruses as inconsequential, vastly underestimating how quickly malware could grow in prevalence, diversity and sophistication. In their 2006 article, Scientific American also warned about making the same mistakes with mobile, pointing out that the bigger the target, the greater the attraction for malicious programmers and that smartphones would soon make up most of the world’s computers (now true).

Outdated Windows devices have proven to be a significant security risk. About 140 million active Windows PCs are still running Windows XP, a 14-year-old operating system that Microsoft stopped updating in 2014. The massive WannaCry cyberattack last year exploited a security hole in the Windows XP operating system.

But in comparison, Android has about one billion of the 2.7 billion active devices running outdated operating systems. That’s about seven times the amount of vulnerable XP devices.

Mobile devices do have had some advantages over Windows security-wise, so maybe that will help stall the pace of infection and attack going forward. Applications are more tightly controlled by OS leaders, like Apple and Google, and users must provide permission to allow access to core phone functions. There are fewer malicious actors adept in mobile software. But counter to that is the more casual attitude of subscribers towards security of their mobile devices and the fact that mobile devices have billing mechanisms built in, leading to SMS fraud.

Most mobile subscribers don’t apply even the basic security passwords, and even fewer install device protection. Permissions in new apps are requested and granted broadly by impatient subscribers. The monetary incentives are also getting sweeter for cybercrime. Use of mobile for financial transactions is growing. The GSMA estimated that the industry processed 22 billion financial transactions in 2016 and identifies mobile technology as key to transforming access to financial services in emerging markets for hundreds of millions of people.

Our Unit 42 threat intelligence team has been analyzing threat trends and reporting on the last four years of new Android malware evolution. Check out their latest research on Android threats.

Will the threat landscape for mobile networks and devices reach the attack volume witnessed with Windows devices and enterprise networks? We believe the answer is “yes,” and we think the trend is well underway.

For mobile network operators, the growing number of attacks threatens their own infrastructure as well as their subscribers. Malware-infected devices can be recruited into botnets and turn against mobile infrastructure to degrade network availability. The full visibility provided by Palo Alto Networks Next-Generation Security Platform is essential as it allows mobile network operators to monitor building threats, identify already infected devices and determine appropriate action.

 

Connect with us at Mobile World Congress in Barcelona

Want to learn what we’re doing to help secure the new hyper-connected world that we live in? Connect with our mobile network specialists or reserve your seat at one of our speaking sessions at Mobile World Congress in Barcelona.

[Palo Alto Networks Research Center]

Posted on

IoT Security in Healthcare is Imperative in Life and Death

We go into the hospital with a great deal of trust. We trust that doctors will help us and potentially even save our lives. Beyond hospitals, there are not many places in the world where we are willing to do anything we are asked: take off our clothes, talk about our sex lives, etc.

Recent cyberattacks, such as WannaCry and NotPetya, put this trust into question. An increasing number of cybersecurity incidents have impacted many hospitals and made them unsafe. Not only was patient information stolen and privacy impaired, but, in some cases, the cyberattacks interrupted normal operations and services. In hospitals, that could mean life or death.

Over the last decade, the healthcare industry made significant progress on digital transformation. Patients’ healthcare records are online, test results and images are digitized, an increasing number of medical devices are connected, and medical equipment can be remotely monitored and maintained. This technology has brought tremendous improvements in efficiency and convenience to medical staff and patients alike, while helping reduce human errors and lower operational costs. At the same time, however, this high level of connectivity has created a much larger surface area for security risks. Because there are so many connected devices and a large variety of different types of connected devices, it is becoming increasingly difficult to completely secure all of them at all times.

Hackers can not only use these devices as stepping stones to access critical assets, such as patients’ healthcare records, they also can compromise these devices to cause physical harm and put people’s lives at risk. For example, we demonstrated in our research lab that we can hack into an infusion pump from a leading vendor to change the dosage of the medication that is going directly into a patient’s body. This dosage change alone could be fatal to a patient.

Mid- to large-size hospitals use hundreds, if not thousands of third-party products and services. Even if the hospital itself is secured, these third-party vendors can bring in lots of vulnerabilities. Each of these third parties also uses many more other external vendors. If any of those external vendors is affected, there could be a domino effect on the hospital’s security – yet another reason it is extremely challenging to secure a hospital and all its IoT devices.

Is there a solution? In many ways, an IoT system is very similar to the human body – a large and complex system that is always on. Let’s use a heart attack as an analogy. We all know that a heart attack can be catastrophic. Although a heart attack usually happens suddenly, the conditions that make it likely actually take days, months or even years to build up. If we could continuously, automatically and intelligently monitor the heart and body, we could detect early signs of problems and take preventive actions to avoid the heart attack.

Doctors detect and cure diseases through their detailed knowledge of different parts of our body and their functionalities. Surprisingly, we don’t have similar information on IoT networks. Most hospitals we have talked to don’t have up-to-date information about what types of IoT devices they have, much less how many of these devices are connected onto their networks. So, IoT device visibility is the first task for each organization. At any given time, we need to know which devices are connected onto the network – plus, what they are supposed to do and not supposed to do – and conduct real-time monitoring of their behavior for early detection of potential cyberattacks.

Yet another challenge beyond the number and varied types of devices: these devices get on and off the network dynamically. How do we handle a highly dynamic system of such large scale? Obviously, manual monitoring is not feasible. The key is to leverage artificial intelligence (AI) to identify and monitor devices automatically, so that we can further protect them – and the hospital and its patients – in the event of a cyberattack.

In summary, visibility and AI are the keys for IoT security in healthcare.

Dr. May Wang, Co-Founder and CTO, ZingBox

[ISACA Now Blog]

English
English
Exit mobile version