Category: Palo Alto Networks

Interested in the top Palo Alto Networks news from this past week? It’s all right here.

Palo Alto Networks researchers identified a new Trojan, Funtasy, that targets Spanish Android users with sneaky SMS charges.

For the Record: We recently asked several Palo Alto Networks customers to describe the benefits of WildFire, and why adding a WildFire subscription to their Palo Alto Networks deployment is a better option than buying a standalone detection product or service.

Sharat Sinha, Palo Alto Networks VP, detailed 3 security priorities for the Asia Pacific region.

Kevin Magee, Palo Alto Networks Regional Sales Manager for Ontario, Public Sector, shared his perspective on the success of the Palo Alto Networks Expert Forums held recently in Ontario’s unique public sector community.

We hosted our third annual EMEA Expert Tour under the sun this week in Marbella, Spain with NextWave partner sales engineers and technicians across the EMEA region.

We talked at our Federal Expert Forum about tackling the government’s toughest cybersecurity challenges.

As a continuing part of our government and public sector activities, we are featured on Federal News Radio/WTOP in the United States over the next few months. Check it out to hear Rick and Steve Hoffman, VP, U.S. Federal, talk about what advanced government security teams are doing today.

Danelle Au discussed the massive challenge of securing the Internet of Things.

Our own James Sherlow commented on whether it is time to kill OpenSSL post-Heartbleed.

Join fellow IT Managers & Security Experts at the Palo Alto Networks Customer Forum on May 21 in The Netherlands. If you attend, you could win a great prize.

Here are more upcoming events you should know about:

• Application or Threat: 3 keys to sniffing them out
  • When: May 20, 2014 from 8:00 AM – 9:30 AM GMT+12:00
  • Where: Westhaven Marina, Auckland
• Forum De La Sécurité IT [French]
  • When: May 20, 2014 from 9:00 AM – 6:00 PM CET
  • Where: Tlemcen
• Strategies that Work for Advanced Persistent Threat Prevention
  • When: May 20, 2014 from 11:00 AM – 12:00 PM PST
  • Where: Online
• Building a Zero Trust Approach to Network Security
  • When: May 21, 2014 from 11:00 AM – 12:00 PM EST
  • Where: Online
• Combat APTs with Palo Alto Networks
  • When: May 21, 2014 from 10:30 AM – 11:30 AM GMT+5:30
  • Where: Online
• Palo Alto Networks: Live Demo
  • When: May 21, 2014 from 9:00 AM – 10:00 AM PST
  • Where: Online
• Ultimate Test Drive – Markham
  • When: May 22, 2014 from 8:30 AM – 12:00 PM EST
  • Where: Markham, ON
• Undersöker ni alternativ till Cisco ASA 5500 ? [Swedish]
  • When: May 22, 2014 from 3:00 PM – 4:00 PM CET
  • Where: Online
• Die Zwei um Zwölf: Advanced Persistent Threats und Modern Malware [German]
  • When: May 23, 2014 from 12:00 PM – 1:00 PM CET
  • Where: Online
• Palo Alto Networks: Live Demo [Polish]
  • When: May 23, 2014 from 10:00 AM – 11:00 AM CET
  • Where: Online
• Oppdag hurtig ukjente trusler med utvidet visibilitet og intelligens. [Norwegian]
  • When: May 27, 2014 from 3:00 PM – 3:30 PM CET
  • Where: Online
• Expose the Underground [Spanish]
  • When: May 28, 2014 from 8:00 PM – 10:00 PM CST
  • Where: Ciudad de Mexico, DF
• Next Generation Security Technical Workshop
  • When: May 28, 2014 from 10:00 AM – 1:00 PM GMT
  • Where: London
• Palo Alto Networks: Live Demo
  • When: May 28, 2014 from 9:00 AM – 10:00 AM PST
  • Where: Online
• Transforming Networks Security with the Software Defined Data Center
  • When: May 28, 2014 from 1:00 PM – 2:00 PM CET
  • Where: Online
• Ultimate Test Drive Workshop Brisbane
  • When: May 28, 2014 from 11:00 AM – 3:00 PM GMT+10:00
  • Where: Brisbane
• AFCEA: Spring Intelligence Symposium – Intel
  • When: May 29, 2014 from 8:00 AM – 6:00 PM EST
  • Where: Bethesda, MD
• Combat APTs with Palo Alto Networks
  • When: May 29, 2014 from 10:30 AM – 11:30 AM GMT+7:00
  • Where: Online
• Expose the Underground
  • When: May 29, 2014 from 11:30 AM – 1:30 PM MST
  • Where: Edmonton, AB
• Expose the Underground [Spanish]
  • When: May 29, 2014 6:30 PM – 9:00 PM CST
  • Where: Monterrey
• Oppdag hurtig ukjente trusler med utvidet visibilitet og intelligens. [Norwegian]
  • When: May 30, 2014 from 3:00 PM – 3:30 PM CET
  • Where: Online

[Source: Palo Alto Networks]

Summary:

• Critical vulnerability (CVE-2014-1776) identified in Internet Explorer, with active attacks observed in the wild
• IE vulnerability could be used to exploit multiple versions of Internet Explorer, including those on Windows-XP based systems, which no longer receive security updates from Microsoft
• Palo Alto Networks Threat Prevention customers are protected from exploitation of the vulnerability
• Cyvera endpoint solution specializes in preventing the type of exploitation behavior used in this attack

On Saturday, Microsoft disclosed a critical vulnerability in Internet Explorer, CVE-2014-1776, affecting Internet Explorer versions 6 through 11. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability allows an attacker to execute arbitrary code in the context of the current user within Internet Explorer. This could be exploited with drive-by downloads or watering-hole attacks, and has been observed being used in attacks in the wild.

The exploit code used in these attacks only targets IE versions 9, 10 and 11, but earlier versions are still vulnerable. As of this writing, Microsoft has not stated when a patch for the vulnerability will be available, but in its advisory the company provided multiple work-arounds. Additionally, Windows XP systems running IE 6, 7 and 8 are also vulnerable, but will not receive a patch, as Microsoft no longer supports them.

Palo Alto Networks response:

• We released an emergency content update on April 28^th, 2014 that provides detection of attempted exploitation of CVE-2014-1776 with IPS vulnerability signature ID 36435 (“Microsoft Internet Explorer Memory Corruption Vulnerability”) with critical severity and a default action of reset-client. Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices.
• We are integrating Cyvera’s next-generation endpoint solution into our security platform. This integration will provide customers with the ability to stop zero-day attacks on browsers and operating systems to prevent future breaches that exploit unknown vulnerabilities, as we have seen used in CVE-2014-1776.

It is always important to view this type of critical vulnerability in the larger context of the threat landscape. Attackers identify thousands of critical vulnerabilities in commonly used software each year, such as Internet Explorer. Once identified, they then craft a seemingly endless supply of exploits that leverage these vulnerabilities to deliver unknown malware and compromise networks and endpoints.

Palo Alto Networks enterprise security platform is focused on providing an integrated approach to detecting and preventing advanced threats across each step in the attack kill-chain. Bringing together our next-generation firewall – again a Gartner Magic Quadrant Leader – Threat Prevention, URL Filtering, WildFire, and Cyvera’s ability to prevent exploitation of unknown vulnerabilities will allow us to continue offering ground-breaking protection for our customers’ networks and endpoints, including Windows XP clients.

[Source: Palo Alto Networks Research Center]

Santa Clara, Calif., April 17, 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, today announced it has been positioned by Gartner Inc. in the “leaders” quadrant of the April 15, 2014 “Magic Quadrant for Enterprise Network Firewalls.” This is the third year that Palo Alto Networks has been recognized as a leader in the Magic Quadrant for Enterprise Firewalls.

According to the report, “through 2018, more than 75% of enterprises will continue to seek network security from a different vendor than their network infrastructure vendor.”  The report also states, “products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multi-tiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions.”QUOTE

• “We’re thrilled to once again be named a leader in Gartner’s Magic Quadrant for enterprise firewalls report.  We believe this echoes the momentum we’ve been experiencing as enterprise organizations see the value of a truly next-generation security platform – one that safely enables all applications and proactively prevents cyber threats for all users on any device across any network.”

– René Bonvanie, chief marketing officer at Palo Alto Networks

Leading the Way in Next-generation Enterprise Security

Nine years ago, Palo Alto Networks changed the network security industry with the introduction of the next-generation firewall. This breakthrough architecture brought unparalleled control through the safe enablement of applications, and exceptional levels of protection by blocking all known threats operating across a multitude of different vectors.

Two years ago, we again changed the industry with the introduction of WildFire and a next-generation threat cloud that focuses on detecting and defending against the most advanced, unknown threats. Most recently, through our acquisition of Cyvera, we added unique endpoint protection to the platform.  The combination of our next-generation endpoint technology, our next-generation firewall and our next-generation threat cloud represents the most innovative, integrated, and automated enterprise security platform in the market.

With over 16,000 customers, our momentum is a testament to our innovative approach that protects organizations based on what matters most in today’s dynamic computing environments: applications, users and content – not just ports and protocols – and protecting them from the most advanced cyber threats.

To learn more about the Palo Alto Networks approach, visit: www.paloaltonetworks.com.

To access the report, visit: http://go.paloaltonetworks.com/gartner2014pr.

About Palo Alto Networks

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats.  Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content.  Find out more atwww.paloaltonetworks.com.

Palo Alto Networks, the Palo Alto Networks Logo and WildFire are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Media Contacts:

Jennifer Jasper-Smith
Head of Corporate Communications
408-638-3280
jjsmith@paloaltonetworks.com

Tim Whitman
Voce Communications
617-721-5994
twhitman@vocecomm.com

[Source: Palo Alto Networks]

https://cloudsecurityalliance.org/membership/corporate-members/

The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

History

The issues and opportunities of cloud computing gained considerable notice in 2008 within the information security community. At the ISSA CISO Forum in Las Vegas, in November of 2008, the concept of the Cloud Security Alliance was born. Following a presentation of emerging trends by Jim Reavis that included a call for action for securing cloud computing, Reavis and Nils Puhlmann outlined the initial mission and strategy of the CSA. A series of organizational meetings with industry leaders in early December 2008 formalized the founding of the CSA. Our outreach to the information security community to create our initial work product for the 2009 RSA Conference resulted in dozens of volunteers to research, author, edit and review our first whitepaper.

We are leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Because of our deep expertise, commitment to innovation and game-changing security platform, thousands of customers have chosen us and we are the fastest growing security company in the market.

Our security platform natively brings together all key network security functions, including advanced threat protection, firewall, IDS/IPS, and URL filtering. Because these functions are natively-built into the platform and share important information across the respective disciplines, we ensure better security than legacy firewalls, UTMs, or point threat detection products.

With our platform, organizations can safely enable the use of all applications, maintain complete visibility and control, confidently pursue new technology initiatives like cloud and mobility, and protect the organization from cyber attacks — known and unknown.

Company Fast Facts

• More than 16,000 customers in over 120 countries across multiple industries
• More than 65 of the Fortune 100 rely on us to improve their cybersecurity posture
• Ranked an enterprise firewall market leader by Gartner in 2011 and 2012 (published Feb 2013)
• FY’13 revenues grew 55% year over year – more than any other publicly traded competitor
  in our market
• Added more than 1,000 customers per quarter for the last 9 consecutive quarters
• Partnered with elite IT leaders such as VMware, Citrix, Splunk, and Symantec
• Named “best place to work” by the Silicon Valley Business Journal
• Over 1,375 employees worldwide
• Global support organization with teams in the Americas, EMEA, Asia, and Japan
• IPO July 2012; stock symbol on the NYSE: PANW

[Source: Cloud Security Alliance]

A critical vulnerability in OpenSSL (CVE-2014-0160: OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, which affects servers running OpenSSL 1.0.1 through 1.0.1f, estimated at ”over 17% of SSL web servers which use certificates issued by trusted certificate authorities.” The vulnerability essentially compromises the integrity of SSL encryption, allowing attackers to steal sensitive data from this secure channel.

The vulnerability, also know as the Heartbleed bug, most severely impacts enterprise servers running vulnerable versions of OpenSSL, and in a worst-case scenario could expose end-user communication over SSL encryption.

Palo Alto Networks immediately addressed this vulnerability, ensuring our customers are protected against exploitation of Heartbleed, including the following updates:

• PAN-OS, our core operating system, is not impacted by CVE-2014-0160, as we are not using a vulnerable version of the OpenSSL library
• We released a content update on April 9th, 2014 that automatically detects and immediately blocks attempted exploitation of the vulnerability (IPS vulnerability signature ID 36416)

To be clear, Palo Alto Networks software is not vulnerable, and customers with a Threat Prevention subscription, and their users, are protected from Heartbleed. We advise that all Threat Prevention users ensure they are running the latest content version on their device.

Furthermore, we recommend that all enterprises update their web servers to the latest patched version of OpenSSL available as of April 7, 2014 (1.0.1g), and immediately replace SSL private keys after the patch is in place. Given the close relationships many of you have with your vendors and partners, it is important that you help identify vulnerable systems, and notify partners immediately.

As an end-user, continue to practice good Internet hygiene, such as not accessing public Wi-Fi hotspots, clicking on unknown links in email, or downloading and opening suspicious files.

[Source: Palo Alto Networks Research Center]