Being held in Vietnam for seven consecutive years since 2007, Security World has gained its recognition as a prestigious unique national forum where officers from Ministry of Public Security update and seek security technologies for the Ministries and Government’s ongoing projects. It also served as a meeting point for enterprises from Banking, Finance, Telecommunication, E-commerce, Retailing and Manufacturing industries, who will gather to exchange experiences for better development of IT Security.
This year featuring the theme “Align your information security programs to enable business growth”, Security World 2014 will take into account such hot common issues raised today as: discussing key trends of information security, evolving the mobile device management policies, mitigating security threats, integrating information security and risk management into business. Topics related to strategies, practices, and technologies for IT Security will also be discussed.
Along with the Conference, the Exhibition showcases diverse Information Security Technology/ Solutions and brings unique access to 600 CIOs, CSOs, IT Directors – Key decision makers for IT and Security Purchasing.
Palo Alto Networks joined as Conference Sponsor for Security World 2014, with Philip Hung Cao as speaker for topic: “Living with Next-Generation Security”.
Nine years ago, we forever changed the network security industry with the introduction of the next-generation firewall. This breakthrough architecture brought unparalleled control through the safe enablement of applications, and exceptional levels of protection by blocking all known threats operating across a multitude of different vectors. Two years ago, we again changed the industry with the introduction of WildFire and a next-generation threat cloud that focused on detecting and defending against the most advanced, unknown threats. With over 16,000 customers, our strategy and leadership position are firmly set.
With today’s announcement of our intent to acquire Cyvera, we are turning the page and looking to once again disrupt the security industry. Attackers are absolutely having their way with the endpoint. Traditional signature-only or detection-only defenses are simply ineffective at blocking advanced attacks. Together with Cyvera, we have something to say about that.
The composition of today’s cyber attacks typically involves three stages: identify a new vulnerability, employ a technique to exploit that vulnerability, and use that vulnerability to then launch malware and ultimately take control of the endpoint. Each year, there are thousands of new vulnerabilities emerge. And with millions of new malware instances found each year that increasingly are capable of evading existing controls, traditional security approaches simply aren’t effective. A new approach is required. One that doesn’t rely on post-breach forensics alone or remediation performed by expensive consultants.
Cyvera is an absolute standout. They’ve come up with a completely different approach: one that will forever change the endpoint security industry. While there is a limitless supply of vulnerabilities and malware, attackers are relegated to the use of a small number of techniques they can employ to exploit those vulnerabilities. In fact, there are a few dozen techniques today that can be used with an average of 2-4 new techniques added each year. Cyvera’s approach is simple: understand the techniques then employ a series of roadblocks and traps to prevent an attacker from successfully exploiting that vulnerability. Cyvera’s approach has been so powerful that they’ve successfully stopped every published zero-day attack since they first began deploying their product.
The combination of Cyvera, our next-generation firewall, and our next-generation threat cloud represents the most innovative, integrated, and automated enterprise security platform in the market. As we bring this acquisition to a close we look forward to sharing many more details with you. Our two companies have had a longstanding relationship that’s only going to grow as we bring our technologies together to offer the most effective approach to protecting you from the most advanced cyber attacks.
Following the much-discussed credit card breach at Target during the 2013 holiday season,CERT issued an alert on January 2, 2014 warning against malware specifically targeting Point of Sale (POS) systems.
Because they transact valuable credit card information, POS systems have always been an obvious target for cybercriminals. Some of the most notorious POS malware in recent years included Dexter, and its variant Stardust, which extracted track data from the system memory and from internal network traffic. In most cases, malware infiltrates POS systems through phishing emails.
To help strengthen POS security, the US-CERT has made the following 6 recommendations:
Use strong passwords
Update POS software Applications
Install a firewall
Use antivirus protection
Restrict access to the internet
Disallow remote access
Here is how Palo Alto Networks technology addresses CERT’s recommendations, along with some additional advice on how to best leverage our network security platform in a POS environment:
Apply segmentation combined with a strong zero-trust model as the first line of protection. In every industry, sensitive or restricted data that is subject to tight regulations or is of significant value (examples: credit card information, SSN…) should be systematically isolated from more generally accessible information. Our next-generation firewall’s ability to classify all network traffic based on application, user, and content is ideally suited to define and control access to network zones that should only be accessed by a limited, and identifiable set of users, and whose traffic should be constricted to a well-defined set of applications. Our approach allows you to easily enforce a zero-trust model where no traffic is allowed except the few applications and users authorized in the specific zone, no traffic is trusted regardless of location, and all traffic is inspected and logged.
Apply additional granular control where appropriate. One good practice is to block authentication to administrative functions from untrusted zones and from unauthorized users. Our ability to control application traffic at a functional level can enable you to implement such control with very simple policies.
Stop all known malware and detect unknown ones. We have signatures for Dexter and its variants to automatically block DNS and Command & Control traffic. Our ability to strictly control traffic based on applications and users limits the scope of you security risks on POS systems, but also enables you to inspect all suspicious files without any performance degradation.
In summary, deploying our next-generation security platform enables you to more easily control inbound and outbound traffic, screen out malicious traffic, and mitigate risks related to vulnerabilities of software and systems that are behind on patches.
It was a watershed year for mobile malware, with many high-profile organizations beinghacked. To continue our series on 2014 predictions, we asked our mobility experts for their thoughts on key mobile security topics we think you’ll be hearing more about in the new year.
1. The Mobile OS Ecosystem is Too Big for Patchwork Protection
Many in the security industry cut their teeth on securing Windows-based devices, and it’s logical that they would make assumptions about how to secure iOS and Android devices based on their experiences securing Windows.
But the mobile ecosystem is much more complicated and far-reaching than Windows. Too much of what’s being described as mobile security is based on buying add-ons for different devices running different operating systems – a scattershot model doomed to fail. Rather than focus on securing individual devices, organizations need to look for security solutions thatextend next-generation firewall policies across the full range of mobility use cases, independent of OS.
2. Mobile Security Issues Turn Security Admins’ Attention Outside the Firewall
Still too many “mobile security” solutions protect a user’s mobile device while they’re behind the corporate firewall but don’t enforce mobile security policy when users are outside it – an increasingly shortsighted approach. Facebook was hacked earlier this year, for example, when employees connected to a mobile developer’s compromised website, downloaded malware and then introduced it to Facebook’s internal servers when they were back behind the firewall. Expect to hear similar stories in 2014, and hopefully a shifting debate on how to solve these challenges.
3. “Lock it Down” Just Won’t Play
Many organizations still take a “lock it down” approach to mobile security and have put policies into effect that are so strict they eliminate the productivity and flexibility benefits of BYOD. But the mushrooming popularity of smartphones and tablets means users will find a way to use them on networks whether admins like it or not. In 2014, a majority of organizations will finally turn away from the “lock it down” approach in favor of a mobile security model that gives users some breathing room while preserving the secure enterprise network.
One of the many principles our CEO Mark McLaughlin brought to the company, that I fully embrace, is the rule of three, which encourages you to focus and prioritize. Top 10 lists are great for late night talk shows, but realistically, a list that long becomes somewhat dilutive. With that in mind, let’s delve into what I think will be three of the more interesting firewall and next-generation network security topics for 2014.
1. The NSA revelations will catalyze a dramatic uptick in the use of SSL/encryption.
This is a tricky subject. Encryption, when used to protect networks and digital assets, is a good thing, and we fully endorse its use. Encryption, when used to bypass security or steal data, is a bad thing. Now that we know more about just how closely our government is watching us, I suspect we’ll see a spike in SSL/encryption use.
Something that there is no debate on is that attackers are using SSL – what’s commonly known as the universal firewall bypass — to hide their actions. We need only look at this year’s APT1 revelations and the Aurora attack from several years ago to confirm this. Our most recent Application Usage and Threat Report shows that about 25 percent of the 1,395 applications found on enterprise networks are capable of using SSL. We expect that to number to increase, making the challenge of how SSL is being used that much more difficult to determine.
2. We will exert more control over remote access tools.
The revelations of how commonly remote access tools such as RDP, SSH and TeamViewer are used to attack your network will force us to exert greater control over these tools.
Make no mistake, these applications provide support and development teams with powerful tools to simplify their jobs. But we know from past Verizon Data Breach reports that they are used so commonly by attackers that there are scripts readily available to find their use on your network for purposes of exploitation. The recent APT1 revelations that RDP was used in the ongoing attack further solidified this finding.
We also know that employees use these tools to mask what they’re doing on the corporate network as a means of protecting privacy. Browser plugins such as Remote Desktop and uProxy for Google Chrome will make these tools more accessible and only increase the challenge of controlling their use on the corporate network. User privacy is critically important, but users also need to understand that these applications can jeopardize the core of the business. The challenge will be how organizations can best implement controls without limiting productivity. A tough challenge but one I am hopeful that we can make progress on this coming year.
3. Cyberlockers and cloud-based filesharing will continue to grow, despite the risks.
We’ve been watching browser-based filesharing applications since 2008, when we identified a pool of roughly 10 variants in this group. As of this year, we’re tracking more than 100 variants, and according to our research an average of 13 of these applications are found on networks we analyze.
In many cases, there is no business use case for this many variants. Hotfile, for example, was found on 30 percent of the 3,000+ networks we analyzed and it was just fined $80 million for copyright violations. Is this an application that belongs on your network?
I firmly believe there is business value for some of these applications (we use them here at Palo Alto Networks), but they do present business and security risks if they’re used too casually. The risks will continue to escalate as the vendors try to broaden their appeal to users and differentiate themselves by adding premium, always-on, always-synched features.
