Stay Hungry. Stay Foolish.
John Kindervag, founder of Zero Trust, provides a deep dive into Zero Trust, why it’s strategic and necessary to prevent successful data breaches, and how to build a Zero Trust architecture using a simple 5-step methodology.
https://www.paloaltonetworks.com/resources/videos/zero-trust-overview
We are excited to announce that Palo Alto Networks has achieved the highest Security Effectiveness score among all twelve products included in this year’s NSS Labs NGFW group test. Our NGFW blocked 100% of evasions, and it earned a “Recommended” rating.
Highlights from our test results include:
We believe our strong performance in the NSS Labs NGFW Group test validates our prevention-first philosophy. Our next-generation firewalls prevent successful cyberattacks with an architecture you can easily deploy and operate. Using automation, we reduce manual effort so that IT and security teams can focus on high-value activities. And we continue to deliver new innovations that are natively integrated, making them easy to adopt.
In this test, NSS Labs evaluated 12 firewall products with 406 different evasion techniques, more than 2000 exploit tests and over 70 throughput measurements. The PA-5220 running PAN-OS 8.1.6-h2 was evaluated with the Threat Prevention subscription enabled. Since this test was run we’ve added even more functionality and performance in PAN-OS 9.0; we expect the customer experience to keep getting better and better.
Our NGFW is an integral part of the Palo Alto Networks Security Operating Platform. Through the power of the platform, your organization can continually improve security effectiveness and efficiency throughout your environment: across the network, in the cloud and at the endpoints, including servers and mobile devices.
Read the full Test Report and Comparative Report on Security
[Palo Alto Networks Blog]
Deploying and managing endpoint protection shouldn’t be difficult. However, customers of traditional endpoint protection products complain about day-to-day management, database maintenance, agent updates, and constant tuning to eliminate false positives and keep resource utilization in check. Worst, even with all this work, endpoints still get compromised.
A customer who was evaluating Traps put it into “listen mode” to see if it would catch anything the customer’s existing endpoint protection product could not. Within minutes of deploying agents, a domain controller lit up the Traps management service console with alerts. When the incident response team pulled up the console, they immediately identified a piece of targeted malware that had been running on that server for some time. This was an eye opener, and the customer immediately realized the simplicity and power Traps offers, even from day one.
Traps Management Service
As new malware variants pop up around the globe, and as new software bugs and vulnerabilities are discovered, it can be challenging to ensure your endpoints remain secure. With the cloud-based Traps management service, you save the time and cost of building out your own global endpoint security infrastructure. Its simplified deployment requires no server licenses, databases or other infrastructure to get started, enabling you to start protecting your endpoints from day one.
Palo Alto Networks deploys and manages the Traps management service security infrastructure globally to manage the endpoint security policy for local and remote endpoints, ensuring the service is secure, resilient, up to date and available when you need it. This allows you to focus on defining the polices to meet your corporate usage guidelines instead of deploying and managing the infrastructure.
Traps management service comprises the following components:
Integrated with Traps, WildFire malware prevention service identifies previously unknown malware and generates signatures that Palo Alto Networks next-generation firewalls and the Traps management service can use to detect and block the malware. When a Traps agent detects an unknown sample, Traps management service can automatically forward it to WildFire for analysis. Based on the properties, behaviors and activities the sample displays when analyzed and executed in the WildFire sandbox, WildFire delivers a verdict: benign, grayware, phishing or malicious. WildFire then generates signatures to recognize any newly discovered malware and makes the signatures globally available in as few as five minutes.
Traps management service provides out-of-the-box protection for all registered endpoints, with a default security policy for each type of platform.
Traps Security Profiles
Out of the box, Traps management service provides default security profiles you can use to begin protecting your endpoints from threats immediately. Although security rules enable you to block or allow execution of files on your endpoints, security profiles help you customize and reuse settings across different groups of endpoints. When Traps detects a behavior that matches a rule defined in your security policy, it applies the security profile attached to the rule for further inspection. You can enjoy immediate protection from multiple security profiles:
Conclusion
Security built solely to protect virtual endpoints often lacks the broader contextual intelligence critical to effective enterprise security architecture. Integrated threat intelligence, including data on the tactics, techniques and procedures of new and previously seen cyberattacks, is often critical to successfully defend systems and networks.
As an integral part of the Palo Alto Networks Security Operating Platform, Traps prevents cyberattacks automatically and in real time, regardless of the nature of the endpoints and the systems you have deployed. In concert with WildFire, Traps and the entire Security Operating Platform benefit from increased contextual visibility into – and protection against – correlated threat actors and campaigns, wherever they may try to attack.
Customers depend on Traps to ensure endpoints are protected, whether online or off, on-site or remote. IT teams must be able to confidently apply policies that control access to critical resources, and you need confidence in the integrity and configuration of the devices being used to connect to your network, whenever and wherever that may be. Protection cannot depend on full-time network access – it should just work, out of the box, from day one.
Watch the webinar “5 Endpoint Protection Best Practices” to learn the essential requirements for endpoint protection, and how Traps advanced endpoint protection is simple to deploy and manage, providing a prevention-first approach that protects endpoints from malware, exploits and ransomware.
Source: https://researchcenter.paloaltonetworks.com/2019/01/protecting-endpoints-day-one/
[Palo Alto Networks Research Center]
With regard to security, it’s critical.
We keep hearing about products and technologies that are “5G-ready.” But what does that mean? Mobile Service Providers will undoubtedly require 5G equipment that is scalable in terms of capacity and throughput, but does that alone mean the networks will be 5G-ready?
In late February at Mobile World Congress 2019, we can certainly expect to see demos of 5G core networks, network slicing, New Radios (5G-NR), and other 5G-ready network components. But what about security? Mobile networks will not be 5G-ready unless the necessary security capabilities are baked into these networks by design.
Tom Wheeler, former chairman of the Federal Communications Commission, accurately points out in a recent NY Times op-ed: “Leadership in 5G technology is not just about building a network, but also about whether that network will be secure enough for the innovations it promises.” Wheeler goes on to state, “The simple fact is that our wireless networks are not as secure as they could be because they weren’t designed to withstand the kinds of cyberattacks that are now common. This isn’t the fault of the companies that built the networks, but a reflection that when the standards for the current fourth-generation (4G) technology were set years ago, cyberattacks were not a front-and-center concern.”
A New Approach for Security Is Needed
With 5G, everything changes. Critical applications like remote healthcare, remote monitoring and control over our power grids, and self-driving automobiles will all rely on 5G technologies. The networks will become more distributed, and many critical applications will be hosted at the edge of 5G networks and across edge clouds. Opportunities for threat actors will emerge if they are allowed to go unchecked, as they will use automation to wage multi-stage attacks and find the least secure portions of the 5G networks to exploit. For mobile networks to be 5G-ready, a new approach for security is required.
Even though standards and network architectures are still being defined, mobile operators not only have the opportunity to build the right set of security capabilities into these network evolutions by design, they have no choice but to do it. Today’s cyberattacks are already capable of evading mobile networks, and their continued evolution is indeed a front-and-center concern.
To truly be 5G-ready, mobile operators need to adopt a robust and comprehensive end-to-end security strategy with:
With these necessary security capabilities in place, mobile networks will be able to evolve as 5G-ready with a data-driven threat prevention posture that provides contextual security outcomes. Mobile operators will be able to automate processes to proactively identify infected devices and prevent device-initiated attacks. They will be able to capture advanced multi-stage attacks that will naturally look to leverage different signaling and control layers across the 5G networks. They will be able to automatically identify advanced threats, correlate these with specific devices/users, and isolate/remove infected devices from their networks. They will also be able to differentiate themselves as “secure business enablers.”
These 5G networks are set to become the backbone of transformational services that will positively alter our lives for generations to come. Whether it’s autonomous vehicles, remote surgery, smart utilities, or the multitude of other technological advancements that will enable us to benefit from 5G, as Wheeler states: “Innovators, investors and users need confidence in the network’s cybersecurity if its much-heralded promise is to be realized.”
Meet with us at Mobile World Congress for an exclusive, executive 5G security briefing
Email us at: mwc@paloaltonetworks.com
References:
Palo Alto Networks: A New Approach for 5G Security
Lee Klarich Interview on 5G Cyber Security
Webinar: 5G Security: A New Approach is Needed
Source: https://researchcenter.paloaltonetworks.com/2019/01/what-does-it-mean-to-be-5g-ready/
[Palo Alto Networks Research Center]
As cyberattacks against ICS and SCADA systems become commonplace, the need for robust endpoint protection grows. The rapid growth of the internet, with its ever-increasing need for data, has made it almost mandatory that information be made available at all times. This gluttony of data results in the need for corporations to provide connections to devices within their process control networks without fully understanding the potential outcome of such actions.
Reasons for the increase in attacks
Thanks to trends like the internet of things, aka IoT, and Industry 4.0, the rise in attacks against critical infrastructure is becoming more prolific and targeted. This is seen in both the recently unsuccessful attack against a petrochemical company in Saudi Arabia during 2018 and the infamously successful Ukraine power grid breach of 2016. Cyberattacks against critical infrastructure are becoming prevalent, partially due to the increased number of networks connected and business-accessible devices, along with the need for the data they generate. Combine this with the demand placed on companies to do more with less staffing and more outsourcing as they attempt to lower yearly operational expense, and the potential for gaps in security grows – in some instances exponentially resulting in a number of worst-case scenarios for operators. With the need for remote access for employees and third-party support, businesses are facing more access to the environment and missing or misconfigured security policies that provide hackers with ideal attack vectors.
It has also come to light that critical infrastructure assets are becoming easier to find and identify, without any direct interaction from potential attackers. Using open source intelligence-gathering techniques, internet databases like Shodan, and geo-stalking, attackers are able to find these assets without exposing themselves or their intent – a clear example of too much information being readily available and unsecure.
Regardless of the reason for the lapse in security, all incidents of breach of a controls network shows us just how disruptive and dangerous these endpoints can be to our daily lives when under the control of those with malicious intent.
Why attack ICS and SCADA endpoints
Motives for attacking these systems can be grand in scope, ranging from corporate espionage with the intent to destroy a competitor’s brand to political in nature, such as the intent to influence the inner workings of a rival nation’s government. We also see examples of attacks that have a more simplistic purpose like financial gain or a script kiddie proving he or she can take control, earning them bragging rights. Regardless of the attacker’s motivation, the need to protect these critical infrastructure assets is of the utmost importance for the companies that run them and the community at large.
Current research into the matter shows that the number of vulnerabilities related to ICS and SCADA systems is doubling on a yearly cadence. As of this year, the estimated number of identified critical infrastructure-related vulnerabilities is roughly around 400, a number that will continue to grow due to the nature of how these systems operate and the security challenge they create. Legacy operating systems and the high uptime mandates of these systems make them some of the most difficult to secure.
There is hope
Despite all the advancements attackers are making to breach and control critical infrastructure, it is possible to defend and protect these highly targeted assets.
True advanced endpoint protection must be capable of preventing known and unknown threats by leveraging features such as:
ICS/SCADA systems require advance endpoint protection capable of disrupting known and unknown cyberattacks while not impacting production. The approach must be lightweight, scalable, innovative and capable of integrating both existing and new technologies while complementing other best practice procedures and offerings. Most importantly, it must be powerful and ICS/SCADA-friendly.
To learn how Palo Alto Networks can help operators of ICS and SCADA networks protect their critical infrastructure, download this whitepaper on advanced endpoint protection for ICS/SCADA systems.
[Palo Alto Networks Research Center]
