I first started my career in the IT industry, then move to focus on cybersecurity since the past 13 years. I got a chance to get involved with cybersecurity solutions while working for a CyberSec distributor. After which, I moved to work for other cybersecurity vendors.
There are a couple of things that really helped me to grow professionally, and I believe they will continue to drive me forward in my career. Firstly, be humble and honest to yourself that you don’t know a lot of things and be ready to learn them. It is very important in a cybersecurity career since this is a very dynamic and ever-evolving industry. Secondly, build your advisory network, connect with cybersecurity thought leaders around the world, and learn from them as much as you can. Last but not least, actively participate in the cybersecurity community and share your knowledge and experiences. If possible, contribute your time, efforts, and resources to help build cyber labs for the universities, be a mentor to the students, and guide them along the way.
In my career recently, I worked with lots of CISOs and Security Management professionals. So, when I saw a CISO dedicated program, the Certified Chief Information Security Officer (C|CISO); it right away got my attention. The program attracted me as I really wanted to learn how to think like a CISO, not only to support them but also with the hope that I can become one, someday. CISO is a top-level position in the cybersecurity career ladder. Well, the EC-Council’s C|CISO training material and courseware were terrific! The content was concise, focused, relevant, and easy to understand. The videos (I attended iClass) were also astonishing. This program professionally introduced me to:
Strategic Planning which related to Zero Trust Cybersecurity Strategy and its business cases
Information Security Control and Compliance
Information Security Core Competencies with building Adaptive Security Architecture
Governance and Risk Management
C|CISO program is a set path to becoming a CISO. It helps you to gain all the required knowledge. I endorse this program because it benefitted me in many ways. It helped me to grow in my career, develop the right skill sets, and build a strong professional network (while learning).
Go for C|CISO if you really want to become a C-level InfoSec professional.
Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer, organizations and associations.
John Kindervag, founder of Zero Trust, provides a deep dive into Zero Trust, why it’s strategic and necessary to prevent successful data breaches, and how to build a Zero Trust architecture using a simple 5-step methodology.
We are excited to announce that Palo Alto Networks has achieved the highest Security Effectiveness score among all twelve products included in this year’s NSS Labs NGFW group test. Our NGFW blocked 100% of evasions, and it earned a “Recommended” rating.
Highlights from our test results include:
Highest Security Effectiveness score
100% evasions blocked (406 out of 406)
97.87% NSS exploit block rate
We believe our strong performance in the NSS Labs NGFW Group test validates our prevention-first philosophy. Our next-generation firewalls prevent successful cyberattacks with an architecture you can easily deploy and operate. Using automation, we reduce manual effort so that IT and security teams can focus on high-value activities. And we continue to deliver new innovations that are natively integrated, making them easy to adopt.
In this test, NSS Labs evaluated 12 firewall products with 406 different evasion techniques, more than 2000 exploit tests and over 70 throughput measurements. The PA-5220 running PAN-OS 8.1.6-h2 was evaluated with the Threat Prevention subscription enabled. Since this test was run we’ve added even more functionality and performance in PAN-OS 9.0; we expect the customer experience to keep getting better and better.
Our NGFW is an integral part of the Palo Alto Networks Security Operating Platform. Through the power of the platform, your organization can continually improve security effectiveness and efficiency throughout your environment: across the network, in the cloud and at the endpoints, including servers and mobile devices.
Deploying and managing endpoint protection shouldn’t be difficult. However, customers of traditional endpoint protection products complain about day-to-day management, database maintenance, agent updates, and constant tuning to eliminate false positives and keep resource utilization in check. Worst, even with all this work, endpoints still get compromised.
A customer who was evaluating Traps put it into “listen mode” to see if it would catch anything the customer’s existing endpoint protection product could not. Within minutes of deploying agents, a domain controller lit up the Traps management service console with alerts. When the incident response team pulled up the console, they immediately identified a piece of targeted malware that had been running on that server for some time. This was an eye opener, and the customer immediately realized the simplicity and power Traps offers, even from day one.
Traps Management Service
As new malware variants pop up around the globe, and as new software bugs and vulnerabilities are discovered, it can be challenging to ensure your endpoints remain secure. With the cloud-based Traps management service, you save the time and cost of building out your own global endpoint security infrastructure. Its simplified deployment requires no server licenses, databases or other infrastructure to get started, enabling you to start protecting your endpoints from day one.
Palo Alto Networks deploys and manages the Traps management service security infrastructure globally to manage the endpoint security policy for local and remote endpoints, ensuring the service is secure, resilient, up to date and available when you need it. This allows you to focus on defining the polices to meet your corporate usage guidelines instead of deploying and managing the infrastructure.
Traps management service comprises the following components:
Traps management service web interface is a cloud-based security infrastructure service designed to minimize the operational challenges of protecting your endpoints. From the Traps management service, you can manage your endpoint security policy, review security events as they occur and perform additional analysis of associated logs.
Traps agents protect each local or remote endpoint. The agent enforces your security policy on the endpoint and reports when it detects a threat. Agents communicate securely with Traps management service using Transport Layer Security 1.2.
Logging Service is a cloud-based logging infrastructure that allows you to centralize the collection and storage of Traps agent logs, regardless of location. Traps agents and Traps management service forward all logs to the Logging Service. You can view these logs in Traps management service, and with the Log Forwarding app, you can forward logs to an external syslog receiver.
Integrated with Traps, WildFire malware prevention service identifies previously unknown malware and generates signatures that Palo Alto Networks next-generation firewalls and the Traps management service can use to detect and block the malware. When a Traps agent detects an unknown sample, Traps management service can automatically forward it to WildFire for analysis. Based on the properties, behaviors and activities the sample displays when analyzed and executed in the WildFire sandbox, WildFire delivers a verdict: benign, grayware, phishing or malicious. WildFire then generates signatures to recognize any newly discovered malware and makes the signatures globally available in as few as five minutes.
Traps management service provides out-of-the-box protection for all registered endpoints, with a default security policy for each type of platform.
Traps Security Profiles
Out of the box, Traps management service provides default security profiles you can use to begin protecting your endpoints from threats immediately. Although security rules enable you to block or allow execution of files on your endpoints, security profiles help you customize and reuse settings across different groups of endpoints. When Traps detects a behavior that matches a rule defined in your security policy, it applies the security profile attached to the rule for further inspection. You can enjoy immediate protection from multiple security profiles:
Exploit profiles block attempts to exploit system flaws in browsers and operating systems. These help protect against exploit kits, illegal code execution, and other attempts to exploit process and system vulnerabilities.
Malware profiles protect against the execution of malware, including Trojans, viruses, worms and grayware. Malware profiles serve to define how to treat behavior common with malware, such as ransomware or script-based attacks, and how to treat known malware and unknown files.
Restrictions profiles limit where executable files can run on an endpoint. For example, you can restrict files from running from removable media or specific, local folders.
Agent settings profiles let you customize settings that apply to the Traps application, such as the disk space quota for log retention. For Mac® and Windows® platforms, you can also customize user interface options for the Traps console, such as accessibility and notifications.
Conclusion
Security built solely to protect virtual endpoints often lacks the broader contextual intelligence critical to effective enterprise security architecture. Integrated threat intelligence, including data on the tactics, techniques and procedures of new and previously seen cyberattacks, is often critical to successfully defend systems and networks.
As an integral part of the Palo Alto Networks Security Operating Platform, Traps prevents cyberattacks automatically and in real time, regardless of the nature of the endpoints and the systems you have deployed. In concert with WildFire, Traps and the entire Security Operating Platform benefit from increased contextual visibility into – and protection against – correlated threat actors and campaigns, wherever they may try to attack.
Customers depend on Traps to ensure endpoints are protected, whether online or off, on-site or remote. IT teams must be able to confidently apply policies that control access to critical resources, and you need confidence in the integrity and configuration of the devices being used to connect to your network, whenever and wherever that may be. Protection cannot depend on full-time network access – it should just work, out of the box, from day one.
Watch the webinar “5 Endpoint Protection Best Practices” to learn the essential requirements for endpoint protection, and how Traps advanced endpoint protection is simple to deploy and manage, providing a prevention-first approach that protects endpoints from malware, exploits and ransomware.
We keep hearing about products and technologies that are “5G-ready.” But what does that mean? Mobile Service Providers will undoubtedly require 5G equipment that is scalable in terms of capacity and throughput, but does that alone mean the networks will be 5G-ready?
In late February at Mobile World Congress 2019, we can certainly expect to see demos of 5G core networks, network slicing, New Radios (5G-NR), and other 5G-ready network components. But what about security? Mobile networks will not be 5G-ready unless the necessary security capabilities are baked into these networks by design.
Tom Wheeler, former chairman of the Federal Communications Commission, accurately points out in a recent NY Times op-ed: “Leadership in 5G technology is not just about building a network, but also about whether that network will be secure enough for the innovations it promises.” Wheeler goes on to state, “The simple fact is that our wireless networks are not as secure as they could be because they weren’t designed to withstand the kinds of cyberattacks that are now common. This isn’t the fault of the companies that built the networks, but a reflection that when the standards for the current fourth-generation (4G) technology were set years ago, cyberattacks were not a front-and-center concern.”
A New Approach for Security Is Needed
With 5G, everything changes. Critical applications like remote healthcare, remote monitoring and control over our power grids, and self-driving automobiles will all rely on 5G technologies. The networks will become more distributed, and many critical applications will be hosted at the edge of 5G networks and across edge clouds. Opportunities for threat actors will emerge if they are allowed to go unchecked, as they will use automation to wage multi-stage attacks and find the least secure portions of the 5G networks to exploit. For mobile networks to be 5G-ready, a new approach for security is required.
Even though standards and network architectures are still being defined, mobile operators not only have the opportunity to build the right set of security capabilities into these network evolutions by design, they have no choice but to do it. Today’s cyberattacks are already capable of evading mobile networks, and their continued evolution is indeed a front-and-center concern.
To truly be 5G-ready, mobile operators need to adopt a robust and comprehensive end-to-end security strategy with:
Complete visibility, inspection, and controls that are applied across all layers of the network – application, signaling, and data planes.
Cloud-based threat analytics – powered by machine learning (ML) – that are leveraged across the different mobile network locations and environments.
A cloud-ready platform that ensures consistent security enforcement across all network locations.
With these necessary security capabilities in place, mobile networks will be able to evolve as 5G-ready with a data-driven threat prevention posture that provides contextual security outcomes. Mobile operators will be able to automate processes to proactively identify infected devices and prevent device-initiated attacks. They will be able to capture advanced multi-stage attacks that will naturally look to leverage different signaling and control layers across the 5G networks. They will be able to automatically identify advanced threats, correlate these with specific devices/users, and isolate/remove infected devices from their networks. They will also be able to differentiate themselves as “secure business enablers.”
These 5G networks are set to become the backbone of transformational services that will positively alter our lives for generations to come. Whether it’s autonomous vehicles, remote surgery, smart utilities, or the multitude of other technological advancements that will enable us to benefit from 5G, as Wheeler states: “Innovators, investors and users need confidence in the network’s cybersecurity if its much-heralded promise is to be realized.”
