Day: January 31, 2019

Posted on

Protecting Endpoints From Day One

Deploying and managing endpoint protection shouldn’t be difficult. However, customers of traditional endpoint protection products complain about day-to-day management, database maintenance, agent updates, and constant tuning to eliminate false positives and keep resource utilization in check. Worst, even with all this work, endpoints still get compromised.

A customer who was evaluating Traps put it into “listen mode” to see if it would catch anything the customer’s existing endpoint protection product could not. Within minutes of deploying agents, a domain controller lit up the Traps management service console with alerts. When the incident response team pulled up the console, they immediately identified a piece of targeted malware that had been running on that server for some time. This was an eye opener, and the customer immediately realized the simplicity and power Traps offers, even from day one.

Traps Management Service

As new malware variants pop up around the globe, and as new software bugs and vulnerabilities are discovered, it can be challenging to ensure your endpoints remain secure. With the cloud-based Traps management service, you save the time and cost of building out your own global endpoint security infrastructure. Its simplified deployment requires no server licenses, databases or other infrastructure to get started, enabling you to start protecting your endpoints from day one.

Palo Alto Networks deploys and manages the Traps management service security infrastructure globally to manage the endpoint security policy for local and remote endpoints, ensuring the service is secure, resilient, up to date and available when you need it. This allows you to focus on defining the polices to meet your corporate usage guidelines instead of deploying and managing the infrastructure.

Traps management service comprises the following components:

  • Traps management service web interface is a cloud-based security infrastructure service designed to minimize the operational challenges of protecting your endpoints. From the Traps management service, you can manage your endpoint security policy, review security events as they occur and perform additional analysis of associated logs.
  • Traps agents protect each local or remote endpoint. The agent enforces your security policy on the endpoint and reports when it detects a threat. Agents communicate securely with Traps management service using Transport Layer Security 1.2.
  • Logging Service is a cloud-based logging infrastructure that allows you to centralize the collection and storage of Traps agent logs, regardless of location. Traps agents and Traps management service forward all logs to the Logging Service. You can view these logs in Traps management service, and with the Log Forwarding app, you can forward logs to an external syslog receiver.

Integrated with Traps, WildFire malware prevention service identifies previously unknown malware and generates signatures that Palo Alto Networks next-generation firewalls and the Traps management service can use to detect and block the malware. When a Traps agent detects an unknown sample, Traps management service can automatically forward it to WildFire for analysis. Based on the properties, behaviors and activities the sample displays when analyzed and executed in the WildFire sandbox, WildFire delivers a verdict: benign, grayware, phishing or malicious. WildFire then generates signatures to recognize any newly discovered malware and makes the signatures globally available in as few as five minutes.

Traps management service provides out-of-the-box protection for all registered endpoints, with a default security policy for each type of platform.

Traps Security Profiles

Out of the box, Traps management service provides default security profiles you can use to begin protecting your endpoints from threats immediately. Although security rules enable you to block or allow execution of files on your endpoints, security profiles help you customize and reuse settings across different groups of endpoints. When Traps detects a behavior that matches a rule defined in your security policy, it applies the security profile attached to the rule for further inspection. You can enjoy immediate protection from multiple security profiles:

  • Exploit profiles block attempts to exploit system flaws in browsers and operating systems. These help protect against exploit kits, illegal code execution, and other attempts to exploit process and system vulnerabilities.
  • Malware profiles protect against the execution of malware, including Trojans, viruses, worms and grayware. Malware profiles serve to define how to treat behavior common with malware, such as ransomware or script-based attacks, and how to treat known malware and unknown files.
  • Restrictions profiles limit where executable files can run on an endpoint. For example, you can restrict files from running from removable media or specific, local folders.
  • Agent settings profiles let you customize settings that apply to the Traps application, such as the disk space quota for log retention. For Mac® and Windows® platforms, you can also customize user interface options for the Traps console, such as accessibility and notifications.

 

Conclusion 

Security built solely to protect virtual endpoints often lacks the broader contextual intelligence critical to effective enterprise security architecture. Integrated threat intelligence, including data on the tactics, techniques and procedures of new and previously seen cyberattacks, is often critical to successfully defend systems and networks.

As an integral part of the Palo Alto Networks Security Operating Platform, Traps prevents cyberattacks automatically and in real time, regardless of the nature of the endpoints and the systems you have deployed. In concert with WildFire, Traps and the entire Security Operating Platform benefit from increased contextual visibility into – and protection against – correlated threat actors and campaigns, wherever they may try to attack.

 

Customers depend on Traps to ensure endpoints are protected, whether online or off, on-site or remote. IT teams must be able to confidently apply policies that control access to critical resources, and you need confidence in the integrity and configuration of the devices being used to connect to your network, whenever and wherever that may be. Protection cannot depend on full-time network access – it should just work, out of the box, from day one.

Watch the webinar “5 Endpoint Protection Best Practices” to learn the essential requirements for endpoint protection, and how Traps advanced endpoint protection is simple to deploy and manage, providing a prevention-first approach that protects endpoints from malware, exploits and ransomware.

 and 

Source: https://researchcenter.paloaltonetworks.com/2019/01/protecting-endpoints-day-one/

[Palo Alto Networks Research Center]

Posted on

What Does It Mean to Be “5G-Ready”?

With regard to security, it’s critical.

We keep hearing about products and technologies that are “5G-ready.” But what does that mean? Mobile Service Providers will undoubtedly require 5G equipment that is scalable in terms of capacity and throughput, but does that alone mean the networks will be 5G-ready?

In late February at Mobile World Congress 2019, we can certainly expect to see demos of 5G core networks, network slicing, New Radios (5G-NR), and other 5G-ready network components. But what about security? Mobile networks will not be 5G-ready unless the necessary security capabilities are baked into these networks by design.

Tom Wheeler, former chairman of the Federal Communications Commission, accurately points out in a recent NY Times op-ed:  “Leadership in 5G technology is not just about building a network, but also about whether that network will be secure enough for the innovations it promises.”  Wheeler goes on to state, “The simple fact is that our wireless networks are not as secure as they could be because they weren’t designed to withstand the kinds of cyberattacks that are now common. This isn’t the fault of the companies that built the networks, but a reflection that when the standards for the current fourth-generation (4G) technology were set years ago, cyberattacks were not a front-and-center concern.”

 

A New Approach for Security Is Needed

With 5G, everything changes. Critical applications like remote healthcare, remote monitoring and control over our power grids, and self-driving automobiles will all rely on 5G technologies. The networks will become more distributed, and many critical applications will be hosted at the edge of 5G networks and across edge clouds. Opportunities for threat actors will emerge if they are allowed to go unchecked, as they will use automation to wage multi-stage attacks and find the least secure portions of the 5G networks to exploit. For mobile networks to be 5G-ready, a new approach for security is required.

 

Even though standards and network architectures are still being defined, mobile operators not only have the opportunity to build the right set of security capabilities into these network evolutions by design, they have no choice but to do it. Today’s cyberattacks are already capable of evading mobile networks, and their continued evolution is indeed a front-and-center concern.

To truly be 5G-ready, mobile operators need to adopt a robust and comprehensive end-to-end security strategy with:

  • Complete visibility, inspection, and controls that are applied across all layers of the network – application, signaling, and data planes.
  • Cloud-based threat analytics – powered by machine learning (ML) – that are leveraged across the different mobile network locations and environments.
  • A cloud-ready platform that ensures consistent security enforcement across all network locations.

With these necessary security capabilities in place, mobile networks will be able to evolve as 5G-ready with a data-driven threat prevention posture that provides contextual security outcomes. Mobile operators will be able to automate processes to proactively identify infected devices and prevent device-initiated attacks. They will be able to capture advanced multi-stage attacks that will naturally look to leverage different signaling and control layers across the 5G networks. They will be able to automatically identify advanced threats, correlate these with specific devices/users, and isolate/remove infected devices from their networks. They will also be able to differentiate themselves as “secure business enablers.”

These 5G networks are set to become the backbone of transformational services that will positively alter our lives for generations to come. Whether it’s autonomous vehicles, remote surgery, smart utilities, or the multitude of other technological advancements that will enable us to benefit from 5G, as Wheeler states: “Innovators, investors and users need confidence in the network’s cybersecurity if its much-heralded promise is to be realized.”

 

Meet with us at Mobile World Congress for an exclusive, executive 5G security briefing

Email us at:  mwc@paloaltonetworks.com

 

References:

Palo Alto Networks: A New Approach for 5G Security

Lee Klarich Interview on 5G Cyber Security

Webinar:  5G Security:  A New Approach is Needed

 

Source: https://researchcenter.paloaltonetworks.com/2019/01/what-does-it-mean-to-be-5g-ready/

[Palo Alto Networks Research Center]

Posted on

Google’s GDPR Fine Reinforces Need for Intentional Data Governance

For those of us who work in information security, data privacy and governance, we seem to traverse daily from one headline to another. A new corporate victim announces they were breached to the tune of 100 million records. A regulatory body announces a financial and oversight settlement with a company for failure to adequately protect data. On and on we go.

Because of this constant onslaught, nobody was terribly surprised to hear about the €50 million fineleveled against Google by French data privacy regulators for violations of GDPR. We all knew a big enforcement was coming, and that the early, large fines would be against a social media or tech giant.  Check and check. But what does this mean to organizations on a broader scale?

As I draft this post on Data Privacy Day, trying to find the larger meaning in this first-of-many large fines, I am faced with many possibilities. Could the message be about regulatory muscle-flexing, or is it about corporate arrogance and gamesmanship? Is this a legitimate assertion of individual rights against a corporate giant, or is it an attack against a successful tech company and its profit model? In GDPR, are we looking at the shape of tomorrow’s global data environment, or are we seeing a regulatory trend that risks stifling innovation and “free” service delivery? Of course, the answer is all of the above.

The regulatory authorities across the EU who are charged with enforcing GDPR must, at some point, exercise their authority. No regulation can be effective until it is applied, tested and, ultimately, proven or defeated in practice. At the same time, some organizations may look at the details of the regulation and make a risk-based assessment that they have done enough to comply with their interpretation of the regulation, reasoning “We have taken some [less-than-perfect] actions, let’s see what happens.” The rights to one’s personal data are becoming more widely accepted as a given, but many consumers still are willing to casually or selectively trade some of those rights for convenience or services. With data privacy and security laws and regulators proliferating and evolving, data-centric business activities and profit models must be more carefully engineered and scrutinized. All of the above.

This recent and highly publicized enforcement activity is likely to spur additional compliance efforts from many organizations. Few can absorb a fine with that many zeros in it. On a strategic level, however, it may well contribute to the gradual paradigm shift away from the whack-a-mole approach to security and privacy regulations, and toward a philosophy of intentional data governance and strategy.

There are many financial and organizational benefits to proper data governance, including lower infrastructure costs, better litigation readiness, smaller cyberattack footprint, and better visibility for regulatory compliance. But sometimes it takes a negative result occurring to somebody else to make us ask the right questions and do the right things. Time will tell if a hefty fine is enough to move the behavioral needle for Google, or for the rest of us.

Editor’s note: For more on this topic, read “Maintaining Data Protection and Privacy Beyond GDPR Implementation.”

Andrew Neal, C|CISO, CISM, CRISC, CCFP, CIFI, LPI, President, Information Security & Compliance Services, TransPerfect Legal Solutions, and ISACA conference speaker

Source: https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=1139

[ISACA Now Blog]

English
English
Exit mobile version