Category: #IT/CYBER/TECHNOLOGY

Posted on

PAN-OS 6.0: WildFire Delivers Breakthrough Visibility of Unknown Malware and Zero-Day Exploits

The tail end of 2013, and right into the New Year, has kept enterprise security teams working around the clock. Stealthy, persistent attacks have compromised tens of millions of customer records, often lurking in networks for extended periods of time to accomplish their mission. When it comes to these advanced attacks, one thing is clear: security teams require visibility into all traffic flowing over their network, irrespective of common evasions like port-hopping or hiding in SSL encryption.

With the new features in PAN-OS 6.0, Palo Alto Networks is delivering a breakthrough release for WildFire, extending our malware detection capabilities to more file types, discovering zero-day exploits, and simplifying the job of security and IR teams with granular malware intelligence.

WildFire now provides:

  • Extended threat detection across all common file types, including: Adobe PDF, Microsoft Office documents, Java, Zip files, and Android APKs. WildFire goes a step further across all these files, deeply analyzing them for high-risk embedded content such as Adobe Flash files, images, and Javascript.
  • Discovery of zero-day exploits across common applications and operating systems (OSs). This signature-less capability takes threat detection earlier in the cyber-kill chain, often identifying and preventing exploits from delivering malware.
  • New OSs in the WildFire cloud-based virtual analysis environment, to identify malware and exploits for both Windows XP and Windows 7. Unlike other solutions, threats are detected across both OSs in parallel, ensuring environment-aware threats are found and blocked.
  • Simplified identification and remediation of infected systems with new Indicators of Compromise (IOCs) such as detailing out changes to system files, registry modifications, and the actual behavior of malware across different operating systems.
  • Providing the original malicious file and full packet captures (PCAPs) of malware as it executes, for further analysis or development of custom protections.

These new features build on the native classification of all traffic within our Enterprise Security Platform, which includes visibility into nearly 400 applications that can transfer files, regardless of ports or encryption. Unlike other APT solutions, WildFire is built to understand threats based on how they truly operate, with the context of the applications used to deliver them, using a single integrated platform.

You can learn more about our new capabilities in the WildFire datasheet or PAN-OS 6.0 release notes. And take a minute to watch this short video covering new WildFire features.

[Source: ]

Posted on

PAN-OS 6.0: Raising the Bar in the Fight Against Advanced Threats

Today Palo Alto Networks announced the availability of PAN-OS 6.0, and with it another major milestone in our commitment to defend enterprises, service providers and governments from the most advanced cyber threats.  At the center of our enterprise security strategy is an innovative platform, powered by PAN-OS, that provides breakthrough protection from the data center to the network perimeter, as well as the distributed enterprise. With over 60 new features now available in this release there is quite literally something for everyone.

As you read through the feature overview you’ll see two dominant themes emerge.  First, we continue to invest heavily in exposing new evasion tactics used by attackers to avoid detection. A clear example can be seen with the enhancements made to WildFire, which protects our customers from unknown malware, and zero-day exploits across nearly 400 different applications. Detecting these threats requires that you inspect all traffic – regardless of the port it’s transmitting through, the protocol used, or whether it’s encrypted, which we estimate constitutes as much as 20-30% of enterprise traffic today.

Second, it should go without saying that the intelligence gathered during detection must be closely integrated with your defenses and shared globally, such that previously unknown attack patterns can never be repeated.

Here are some of the highlights:

  • PAN-OS 6.0 expands WildFire’s dynamic analysis to include all major file types including Android APK, Java, PDF, PE and Microsoft Office.  Inspection can be performed against fully emulated Windows XP and Windows 7 environments with granular reporting and analysis tools to help expedite incident response.
  • PAN-OS 6.0 adds new DNS analysis and monitoring techniques to identify previously unknown command-and-control (C&C) servers, as well as infected hosts operating within your enterprise.  C&C intelligence is routed back to our Threat Prevention and URL Filtering subscription service to block any future communication and quickly remediate existing infections.

Be sure to check out the full breadth of this release at our What’s New in PAN-OS 6.0 feature page.  We’ll detail all of the enhancements made across the platform including VM-Series, GlobalProtect, and Panorama.

[Source: ]

Posted on

UPDATED – SCADA Security: Join Palo Alto Networks and the ICS-ISAC For A Look At SARA

UPDATE:  The ICS-ISAC panel session has been moved to January 22, 2014, 1:00PM EST, due to an unforeseen urgent matter. You can use the same link to register.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Supervisory control and data acquisition (SCADA) system security is a hot topic, and Palo Alto Networks will be participating in an ICS-ISAC online panel on situational awareness this Wednesday, January 15, January 22. Please join us and register here if you are interested to learn more.

The ICS-ISAC is a non-profit Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security. The ICS-ISAC is developing and piloting the Situational Awareness Reference Architecture (SARA). SARA is a practical compilation of standard practices, processes and technologies that can be used by asset owners, knowledge centers and their public and private partners to guide the implementation of local and shared situational awareness.

Palo Alto Networks is a new member of the ICS-ISAC, and we believe our next-generation security platform is a perfect fit for this architecture with its ability to provide highly granular visibility into network traffic and potential risks. We look forward to showcasing our solution in the ICS-ISAC’s SARA test bed in various situational awareness use cases across the control center and remote station environments.

Hope you can join us!

[Source: ]

Posted on

Two Thirds of Personal Banking Apps Found Full of Vulnerabilities

A researcher looked at the security of home banking apps, and found shocking results. Forty home banking apps from the top 60 most influential banks in the world were tested and found to have major security weaknesses.

Ariel Sanchez, a security consultant with IOActive, tested 40 iPhone and iPad banking apps over a period of 40 man-hours. He doesn’t name the apps nor the banks concerned, but has contacted some of the banks and reported the vulnerabilities. Although he doesn’t describe the vulnerabilities in any detail, if he can find them so easily, then so could attackers – and many of them are relatively easily exploitable. He published his findings in a blog posting yesterday.

Sanchez conducted tests in six separate areas: transport security, compiler protection, UIWebViews, data storage, logs and binary analysis. In each area he found widespread weaknesses. For example, 40% of the apps do not validate the authenticity of SSL certificates, making them, he says, “susceptible to Man in The Middle (MiTM) attacks.”

A full 90% of the apps contain non-SSL links, potentially allowing “an attacker to intercept the traffic and inject arbitrary JavaScript/HTML code in an attempt to create a fake login prompt or similar scam.”

50% “are vulnerable to JavaScript injections via insecure UIWebView implementations… allowing actions such as sending SMS or emails from the victim’s device.”

70% have no facility for any “alternative authentication solutions, such as multi-factor authentication, which could help to mitigate the risk of impersonation attacks.”

“Most of the log files generated by the apps, such as crash reports, exposed sensitive information.” Documents leaked by Edward Snowden indicate that the NSA specifically looks for Windows error reports sent over the internet as a potential source for developing new 0-day exploits. Sanchez says the same problem exists with banking apps: “This information could be leaked and help attackers to find and develop 0day exploits with the intention of targeting users of the application.”

Some of the apps clearly rely on the device’s own security to protect the user’s data. “Some of them used an unencrypted Sqlite database and stored sensitive information, such as details of customer’s banking account and transaction history. An attacker could use an exploit to access this data remotely, or if they have physical access to the device, could install jailbreak software in order to steal… the information from the file system of the victim’s device.”

But one of his more worrying findings came from disassembling the apps themselves. He used the IDA PRO disassembler tool with the Clutch decryption tool. “A combination of decrypted code and code disassembled with IDA PRO was used to analyze the application,” he explains; and what he found was hardcoded development credentials within the code. “By using hardcoded credentials,” he says, “an attacker could gain access to the development infrastructure of the bank and infest the application with malware causing a massive infection for all of the application’s users.”

His research comes at a vital time. Banks are promoting the use of mobile banking as a competitive differentiator, but they clearly need to do more to protect their customers. “Home banking apps that have been adapted for mobile devices, such as smart phones and tablets, have created a significant security challenge for worldwide financial firms. As this research shows, financial industries should increase the security standards they use for their mobile home banking solutions,” warns Sanchez.

[Source: InfoSecurity Magazine]

Posted on

Palo Alto Networks Acquires Morta Security

Morta Team Expertise and Technologies Contribute to Palo Alto Networks’ Proven WildFire Threat Detection and Prevention Capabilities

Palo Alto Networks Santa Clara, CA
Palo Alto Networks® (NYSE: PANW), today announced it has acquired Morta Security, a Silicon Valley-based cybersecurity company operating in stealth mode since 2012.  Financial terms of the acquisition were not disclosed.The acquisition of Morta Security further cements Palo Alto Networks as the leading provider of next-generation enterprise security.  Palo Alto Networks offerings uniquely provide enterprises the ability to safely enable applications and rapidly detect and prevent threats, especially those that use an increasingly sophisticated array of tactics to compromise networks and gain access to valuable intellectual property.Morta Security brings to Palo Alto Networks a team experienced at protecting national infrastructure as well as technologies that enhance the proven detection and prevention capabilities of the Palo Alto Networks WildFire™ offering, which is already used by more than 2,400 customers.

QUOTES

·         “The Morta team brings additional valuable threat intelligence experience and capabilities to Palo Alto Networks” said Mark McLaughlin, President and CEO of Palo Alto Networks.  “The company’s technology developments align well with our highly integrated, automated and scalable platform approach and their contributions will translate into additive threat detection and prevention benefits for our customers.”

·         “Palo Alto Networks has a successful history of disrupting the network security landscape with its unique offerings” said Raj Shah, CEO of Morta Security.  “The Morta team is excited to work with the clear leaders in this space and we look forward to joining the company and contributing to future highly innovative technology leadership.”

Advanced Threats Demand Automated and Scalable Approach

Today’s sophisticated attacks increasingly rely on a combination of tactics and threat vectors to penetrate an organization and often remain undetected for extended periods of time while inflicting long-term damage.  Most organizations still rely on legacy point technologies that address only specific types of attacks, or phases of the attack.  Because of the singular nature of these technologies, they are ill-equipped to detect and prevent today’s advanced cyber attacks.  And, when they are finally discovered, they typically require significant human incident response efforts.  As the volume and sophistication of these attacks continues to grow, throwing more point products and human capital at the challenge is too costly and cumbersome for most organizations.

To address these challenges, a new approach is required:  One that begins with positive security controls to reduce the attack surface; inspects all traffic, ports, and protocols to block all known threats; rapidly detects unknown threats through analysis and correlation of abnormal behavior; then automatically employs new signatures and policies back to the front line to ensure previously unknown threats are known to all and blocked.  This approach can reduce the number of threats that penetrate an organization and greatly reduce the need for costly human remediation.

Palo Alto Networks is pioneering the development of this kind of automated approach; it starts with the firewall as the core enforcement vehicle within the network and is complemented by advanced detection services to increase overall efficacy.  With its security platform, Palo Alto Networks builds greater visibility upstream combined with strong prevention mechanisms of both known and unknown threats.  The Morta team’s cybersecurity expertise and technologies will fit seamlessly into this approach by adding capabilities that can expedite the detection of new attack variations.

To learn more about the Palo Alto Networks security platform and WildFire offering: visit:https://paloaltonetworks.com/products/features/apt-prevention.html.

ABOUT PALO ALTO NETWORKS

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats.  Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content.  Find out more atwww.paloaltonetworks.com.

Palo Alto Networks, The Network Security Company, WildFire, and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

[Source: Palo Alto Networks]

English
English
Exit mobile version