How Palo Alto Networks Can Help With ASD's Top Cyber Intrusion Mitigation Strategies

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "How Palo Alto Networks Can Help With ASD's Top Cyber Intrusion Mitigation Strategies"

Transcription

1 How Palo Alto Networks Can Help With ASD's Top Cyber Intrusion Mitigation Strategies

2 Table of Contents Introduction 3 Executive Summary 3 A Systematic Approach to Network Application Whitelisting 4 Positive Security Model = Application Whitelisting 5 Application Control With Palo Alto Networks 5 User-based Policy Control 6 Defence in Depth: Application Whitelisting + Next-Generation Firewalls 8 The Last Line of Defence: Next-Generation Endpoint Protection 8 Top 35 Mitigation Steps Where Palo Alto Networks Can Help 9 PAGE 2

3 Introduction The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate (DSD) plays a lead role in protecting Australia s critical infrastructure and other information networks from cyber intrusions that pose real and present threats to Australia s national security and national interests. As part of their cyber security charter, the ASD has defined the top 35 cyber intrusion mitigation strategies that organisations can implement to help protect the nation s digital assets. Within those top 35 strategies, ASD has mandated that four of them be implemented. Palo Alto Networks is a next generation cyber security company dedicated to the needs of global government. Today it is used within governments in 72 countries across five continents, and is serving widely within the military, civilian and intelligence establishments. Executive Summary It s no secret that government networks are among the most targeted of virtually any sector. The stakes are high and attackers know they must use more evasive tactics to penetrate these networks. Sadly, many attackers are not only able to penetrate their target network, but often successfully establish a beachhead and remain undetected for a significant period of time while continuing evasive and damaging action. This leads to tremendous loss whether of strategic, political, monetary or intelligence value. Additionally, government networks are undergoing change. Many agencies face the challenges of reducing data centre footprints, virtualising existing services to reduce costs and go green, or of advancing security strategies to thwart advanced attacks in the field or at home. These changes mean government agencies are demanding more from their cyber security solutions today. The ASD Top 35 mitigation strategies have been proven to help agencies protect their networks against targeted attacks. Palo Alto Networks Next Generation Security Platform can help agencies not only implement a large number of these strategies, but also supplement and augment these strategies with capabilities and best practices only provided by a real next generation security platform, to form an advanced coordinated approach to extensible defence-in-depth. Next-generation Firewall Inspects all traffic Safely enables applications Sends unknown threats to cloud Blocks networks-based threats NEXT-GENERATION THREAT INTELLIGENCE CLOUD AUTOMATED CLOUD Next-generation Threat Intelligence Cloud Gathers potential threats from network and endpoints Analyses and correlates threat intelligence Disseminates threat intelligence to network and endpoints NATIVELY INTEGRATED N E T W O R K E N D P O I N T EXTENSIBLE NEXT-GENERATION FIREWALL Next-generation Endpoint Inspects all processes and files Prevents both known and unknown exploits Protects fixed, virtual and mobile endpoints Lightweight client and cloud based. NEXT-GENERATION ENDPOINT PAGE 3

4 The Palo Alto Networks Next Generation Security Platform is a flexible and extensible, natively integrated and automated platform for the detection and prevention of known and unknown cyber threats. Spanning network and endpoint and augmented by a global Threat Intelligence Cloud, it has the ability to understand all traffic, no matter which port, protocol or encryption is used to provide granular control of applications, users, and content. It employs automated closed-loop protection mechanisms that are deployed in-line and that are uniform across traditional infrastructure at the Internet Edge, the cloud (whether public/private, cloud-delivered applications, or virtualised infrastructure), and mobile devices. In its number one mitigation strategy, ASD mandates the whitelisting of applications on the endpoint. This is critical in preventing targeted malicious code from executing on an endpoint. Similarly, Palo Alto Networks believes that the whitelisting of applications at the network level is also critical in defeating targeted attacks. Application whitelisting at the network level greatly reduces the attack surface and the number of attack vectors into a network, and makes hiding lateral movement and command-and-control traffic that much more difficult. A Systematic Approach to Network Application Whitelisting The best approach to regaining control over your network activity, application or otherwise, is a systematic one that includes learning what is in use, and by whom, establishing the associated business requirements in conjunction with the users, documenting associated policies, and then enforcing them with technology. Equally important is the ongoing policy review and update to account for changing application and user behaviors. Visibility: The old adage of Knowledge is Power is appropriate in the quest to regain control over the applications, users and content at both the workstation and network levels. Without full knowledge of what users are doing, policy control efforts may miss the mark entirely, leave gaping holes, or create a user environment where they are able to take steps to avoid control efforts. Policy establishment: Once an in depth picture of which applications are in use and by whom, appropriate policy rules need to be established that balances the business requirements outlined by users and the associated risks from a security and business perspective. Once agreement has been established, is it critically important that the policy is documented and users be made aware via ongoing education that these policies are in place and the reasons why. Enforcement and review: Using network and workstation level controls, the next step is to begin enforcing the established policies. As policies are violated, users should be notified of their actions via pop-up pages, alerts or other means. Here too, a balance must be struck that enables the user, without exerting unreasonable levels of control. Over time, the policies on what is or is not allowed need to be reviewed and updated. From a technology perspective there are two approaches to executing a systematic approach towards regaining control. End-point level control: Application whitelisting is client or end-point focused approach that defines which applications are or are not allowed to be installed (executed). Policies are established at a central control point as a means of determining what is allowed and all else is blocked. Network level control: Using next-generation firewalls that are designed to identify and control applications (not ports), such as Palo Alto Networks, is a network level approach that allows organisations to establish positive security model rules that determine which applications are allowed, and by default, which applications are implicitly denied. Both alternatives help organisations work towards the end-goal of protecting the network and the digital assets while enabling users to accomplish their daily tasks. From a defense in depth perspective, PAGE 4

5 application whitelisting and next-generation firewalling are a perfect compliment. The remainder of this paper will focus on how Palo Alto Networks can help Australian organisations fulfill the #1 mitigation strategy of application whitelisting while assisting in fulfilling many of the other 35 recommended strategies. Positive Security Model = Application Whitelisting By definition, application whitelisting has the same criteria found in the positive security model that firewalls adhere to, albeit at the network level. As a reminder, a firewall operates on the premise of allowing what is defined by policy, then denying all else either implicitly or explicitly. This is exactly what application whitelisting does but at the client level. The challenge that traditional port-based firewalls face is that their positive security model policies are defined by ports, protocols and IP addresses, not applications specifically, making positive security model application level control nearly impossible. Palo Alto Networks next-generation firewalls are different to traditional firewalls in that the first task executed when it sees network traffic is to determine what the application is, irrespective of port, protocol, encryption or evasive technique employed. The application then becomes the basis of the positive security model policy that says allow these specific applications and deny all others. The knowledge of which application is traversing the network is used to create firewall security policies, including allow, deny, inspect for threats, apply traffic shaping and more. All policy decisions are made and enforced at the network level. Application Control With Palo Alto Networks At one time, controlling which applications an employee could use was easy. Applications were tied specifically to port or protocol and controlling them was as simple as allow or deny. Today, application developers want their application to be as easy to access as possible so they may not adhere to this development process because it may limit the acceptance of the application. Today, it is easy to find applications, both business and personal use, that: Are fully functional applications that are browser-based, yet may or may not use port 80. Are capable of running off of a high speed USB drive. Are client-server applications operating across port 80 or port 443. Use SSL, hop ports or both. These are just a few of the tactics that applications may use to enable user access and at the same time, enable the application to bypass traditional detection mechanisms. The result is that organisations have lost the ability to see, much less control the applications traversing the network. In order to help organisations regain control over the applications traversing the network at the firewall, Palo Alto Networks uses up to four different mechanisms: application decoders and signatures, protocol decoders, heuristics and SSL decryption to accurately identify more than 1,750 applications, regardless of port, protocol, encryption or evasive tactic employed. It s important that the term application be clarified since it doesn t have an industry standard definition. In the context of Palo Alto Networks firewalls, an application is a specific program or feature of a program that can be detected, monitored, and/or controlled. For example, Facebook is an application, as is Facebook Chat. Each of them can be detected, monitored, and controlled independently as part of the positive enforcement security policy. PAGE 5

6 As traffic traverses the Palo Alto Networks firewall, the applications are identified and graphically summarised in near-real time, allowing administrators to see what s happening on the network, learn more about the application if needed, then make an informed decision on how to treat the application. Application visibility: View application activity in a clear, easy-to-read format. Add and remove filters to learn more about the application, its functions and who is using them. User-based Policy Control The identity of the application can be mapped to specific users with User-ID, a technology that seamlessly integrates Palo Alto Networks firewalls with enterprise directory services (Active Directory, Exchange, LDAP, edirectory, Citrix and Microsoft Terminal Services, XML API). With User-ID, administrators can see exactly who is using the application, and as needed, can enable a policy to allow (whitelist), deny (blacklist), shape, inspect, schedule, decrypt and more. Immediate access to the knowledge of which applications are traversing the network, who is using them, and the potential security risk empowers administrators to quickly and easily determine the appropriate response. Armed with these data points, administrators can apply policies with a range of responses that are more fine-grained than allow or deny. Examples include: Enable only the IT group to use a fixed set of management applications such as SSH, telnet, and RDP. Block bad applications such as P2P file sharing, circumventors, and external proxies. Define and enforce an organisation-wide policy that allows and inspects specific webmail and instant messaging usage. PAGE 6

7 Control the file transfer functionality within an individual application, allowing application use yet preventing file transfer. Identify and block applications using port 80 or 443 that are used to provide anonymous access to the Internet or to evade traditional firewalls such as UltraSurf, tor, and CGIproxy Identify and control the transfer of sensitive information such as credit card numbers or social security numbers, either in text or file format. Deploy URL filtering policies that block access to obvious non-work related sites, monitor questionable sites, and coach access to others. Implement QoS policies to allow media and other bandwidth intensive applications but limit their impact on business critical applications. Palo Alto Networks next-generation firewalls enable customers to deploy application usage policies to block certain applications, allow specific applications, as well as inspect them, shape them and schedule their use. This level of control, at the network layer, is a perfect complement to application whitelisting performed at the end-point. Identify and control the transfer of sensitive information such as credit card numbers or social security numbers, either in text or file format. Deploy URL filtering policies that block access to obvious non-work related sites, monitor questionable sites, and coach access to others. Implement QoS policies to allow media and other bandwidth intensive applications but limit their impact on business critical applications. Palo Alto Networks next-generation firewalls enable customers to deploy application usage policies to block certain applications, allow specific applications, as well as inspect them, shape them and schedule their use. This level of control, at the network layer, is a perfect complement to application whitelisting performed at the end-point. Unified Policy Editor: A familiar look and feel enables the rapid creation and deployment of policies that control applications, users and content. PAGE 7

8 Defence in Depth: Application Whitelisting + Next-Generation Firewalls By mandating application whitelisting as a top priority in protecting against cyber intrusions, the Australian Signals Directorate has acknowledged that application control is a critical component in an agencies cyber security posture. Taking a complementary, defence-in-depth approach to cyber security, Palo Alto Networks next-generation firewalls can help agencies exert an added layer of security at the network level by identifying and controlling applications using positive control model security rules. The Last Line of Defence: Next-Generation Endpoint Protection The endpoint represents the last line of defence. Even with application whitelisting enforced, most endpoints run a large number of applications, some of which have bugs, or unknown Zero-Day vulnerabilities that could be triggered as part of an exploitation attempt. We estimate that as many as 5,000 of these new software vulnerabilities emerge each year. The problem agencies face when trying to defend against Zero-Day attacks is that traditional solutions rely on prior knowledge or behavior analysis to detect usage, and are incapable of preventing Zero-Day attacks since by definition, they are unknown. In addition, adversaries can craft an endless number of fully undetectable malware. This makes it impossible to become intimately familiar with every potential threat, which is why we shifted our focus to the exploit delivery phase of the attack. Your adversaries whether nation-state, espionage-oriented, activist group, or black hat hacker all share one commonality; they must use the same core exploit techniques to execute their attack. If an attacker s critical path for exploitation is known, even when the vulnerability that is used or the malware planned to be delivered is not; it can be prevented before any malicious activity is ever executed. Only a few new exploitation techniques are published or used in the wild every few years. For example, the state-of-the-art Stuxnet attack featured several new Zero-Day exploits, yet it was completely based on known exploitation techniques. By addressing the exploit techniques required to execute an attack, Palo Alto Networks has built modules to mitigate and interfere with the attacker s exploit techniques. Since an exploit is always based on a chain of techniques, preventing the use of any technique in the chain will block the exploitation attempt and the malware delivery entirely. This fundamentally different approach has enabled Palo Alto Networks to offer a future-proof solution the EP Series that can prevent both known and unknown attacks, regardless of the state of security patches or updates on the system. Our EP Series raises the bar on security by creating a new category of preventive cyber-defence that did not exist until now. With Palo Alto Networks EP Series installed on the endpoint, our proprietary mitigation modules are injected directly into the process every time a user launches a process. As this happens, the process initiated by the user will continue to run as intended, protecting it and the endpoint from exploitation attempts. Only when an exploit attempt is made, our EP Series activates the injected traps to block the finite exploit techniques the attacker must use so malware is never delivered, and the exploit is prevented! As our EP Series blocks an exploitation attempt, a real-time picture of the process memory is taken, detailing the attack source and vectors used in the attempted attack. This forensic data is sent to the management centre, sharing invaluable information between the network and the endpoint, thus contributing to a greater threat intelligence. In addition to our proprietary exploit prevention methods, the EP Series protects against attacks from the execution of malicious executable files. This component provides the administrator with flexible and robust granular policy engine to enforce rules to prevent social engineering attacks which could endanger the organisation. PAGE 8

9 TOP 35 MITIGATION STEPS WHERE PALO ALTO NETWORKS CAN HELP MITIGATION STRATEGIES Automated dynamic analysis of and web content run in a sandbox to detect suspicious behaviour including network traffic, new or modified files, or configuration changes. HOW PALO ALTO NETWORKS CAN HELP Palo Alto Networks WildFire identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) by directly executing them in a scalable, virtual sandbox environment. For Government customers and those that for privacy or regulatory concerns can t send information to the Palo Alto Networks Threat Intelligence Cloud, WildFire is deployed as a private cloud on a single WF-500 appliance. The WildFire architecture is uniquely designed to meet the demands of analysing large numbers of potentially malicious content. To support dynamic malware analysis across the enterprise s network at scale, the virvual malware analysis environment is shared across all firewalls, as opposed to deploying single-use hardware at every ingress/egress point and network point of presence. This approach ensures maximum sharing of threat information, while minimising the hardware requirements of the task. When an unknown threat is discovered, WildFire automatically generates protections to block the threat across the cyber kill-chain, sharing these updates with all subscribers across the globe in as little as 15 minutes. These quick updates are able to stop rapidly spreading malware, as well as identify and block the proliferation of all future variants without any additional action or analysis. In conjunction with protection from malicious and exploitive files, WildFire analysis looks deeply into malicious outbound communication, disrupting command-control activity with anti-c2 signatures and DNS-based callback signatures. The information is also fed into PAN-DB, where newly discovered malicious URLs are automatically blocked. This correlation of data and in-line protections are key to identifying and blocking ongoing intrusions as well as future attacks on a network. Extending the next-generation firewall platform that natively classifies all traffic across hundreds of applications, WildFire uniquely applies analysis regardless of ports or encryption, including full visibility into web traffic, protocols (SMTP, IMAP, POP), FTP, and SMB. PAGE 9 Operating system generic exploit mitigation mechanisms, eg, Data Execution Prevention (DEP), Address Space Layout Randomisation (ASLR) and Enhanced Mitigation Experience Toolkit (EMET). Palo Alto Networks next-generation endpoint protection provides comprehensive exploit mitigation and malware prevention through its proprietary exploit mitigation technology. The EP Series can prevent the following vectors of attack: Memory corruption based exploits Logic flaws based exploits (including Java exploits) An executable spawning a malicious child process DLL hijacking Hijacking program control flow Execution of malware from local folders commonly utilised by attackers Execution from network shares, external storage devices, and optical drives Execution of embedded exe files

10 MITIGATION STRATEGIES Automated dynamic analysis of and web content run in a sandbox to detect suspicious Operating system generic exploit mitigation behaviour including network traffic, new or mechanisms, eg, Data Execution Prevention (DEP), modified files, or configuration changes. Address Space Layout Randomisation (ASLR) and Enhanced Mitigation Experience Toolkit (EMET). Network segmentation and segregation into security zones to protect sensitive information and critical services such as user authentication by Microsoft Active Directory. Software-based application firewall, blocking incoming network traffic that is malicious or otherwise unauthorised, and denying network traffic by default. Software-based application firewall, blocking outgoing network traffic that is not generated by whitelisted applications, and denying network traffic by default. Operating system generic exploit mitigation mechanisms, eg, Data Execution Prevention (DEP), Address Space Layout Randomisation (ASLR) and Enhanced Mitigation Experience Toolkit (EMET). content filtering allowing only businessrelated attachment types. Preferably analyse/ convert/sanitise links, PDF and Microsoft Office attachments. Web content filtering of incoming and outgoing traffic, whitelisting allowed types of web content and using behavioral analysis, cloud-based PAGE 10 reputation ratings, heuristics and signatures. Network Web domain segmentation whitelisting and for segregation all domains, into since security this zones approach to protect is more sensitive proactive information and thorough and than critical services blacklisting such a tiny as user percentage authentication of malicious by Microsoft domains. command-control activity with anti-c2 signatures and DNS-based callback signatures. The information is also fed into PAN-DB, where newly discovered malicious URLs are automatically blocked. This correlation of data and in-line protections are key to identifying and blocking ongoing intrusions as well as future attacks on a network. Extending the next-generation firewall platform that natively classifies all traffic across hundreds of applications, WildFire uniquely applies analysis regardless of ports or encryption, including full visibility into web traffic, protocols (SMTP, IMAP, HOW PALO POP), ALTO FTP, NETWORKS and SMB. CAN HELP Palo Alto Networks WildFire identifies unknown malware, zero-day exploits, and Advanced Persistent Palo Alto Networks next-generation endpoint protection Threats (APTs) by directly executing them in a scalable, provides comprehensive exploit mitigation and malware virtual sandbox environment. prevention through its proprietary exploit mitigation technology. For Government customers and those that for privacy or regulatory concerns can t send information to the Palo The EP Series can prevent the following vectors of Alto Networks Threat Intelligence Cloud, WildFire is attack: deployed as a private cloud on a single WF-500 Memory corruption based exploits appliance. The WildFire architecture is uniquely designed Logic flaws based exploits (including Java exploits) to meet the demands of analysing large numbers of An executable spawning a malicious child process potentially malicious content. To support dynamic DLL hijacking malware analysis across the enterprise s network at Hijacking program control flow scale, the virvual malware analysis environment is Execution of malware from local folders commonly shared across all firewalls, as opposed to deploying utilised by attackers single-use hardware at every ingress/egress point Execution from network shares, external storage and network point of presence. This approach ensures devices, and optical drives maximum sharing of threat information, while Execution of embedded exe files minimising the hardware requirements of the task. When an unknown threat is discovered, WildFire automatically Using a security generates zone-based protections architecture, to block organisations the threat across can isolate the cyber restricted kill-chain, data behind sharing firewall these rules updates that with will all segment subscribers the network across to the provide globe added in as little levels as of 15 network minutes. security. For These purposes quick updates of definition, are able a security to stop zone rapidly is a spreading logical container malware, comprised as well of as physical identify interfaces, and block the VLANS proliferation and IP addresses. of all Using future zones, variants organisations without any additional can: action Control or analysis. exactly which applications are accessing the data, forcing them over standard ports. In conjunction Validate which with users protection are accessing from malicious the data, and exploitive associated files, applications. WildFire analysis looks deeply into malicious Find and outbound stop the use communication, of rogue or misconfigured disrupting command-control applications. activity with anti-c2 signatures and DNS-based Identify and callback block signatures. a wide range The of threats information without is also fed degrading into PAN-DB, the where network newly performance. discovered malicious URLs are automatically blocked. This correlation of data and in-line protections are key to identifying and blocking ongoing intrusions as well as future attacks on Through a network. its integration with VMware s NSX network virtualization platform, Palo Alto Networks VM-Series Extending virtual firewalls the next-generation identify, control firewall and safely platform enable that applications natively classifies between virtual all traffic servers across within hundreds the data of centre. applications, This capability WildFire provides uniquely critical applies application analysis regardless whitelisting of and ports segmentation or encryption, of servers including at the full hypervisor visibility level. Additionally into web traffic, full Threat Prevention protocols features (SMTP, can be IMAP, applied POP), to the FTP, traffic and including SMB. IPS, AV, anti-spyware/c2, and anti-malware.the integration with VMware NSX enables the Palo Alto Networks next-generation VM-Series to be automatically deployed within every Palo VMware Alto ESXi Networks server. next-generation endpoint protection provides comprehensive exploit mitigation and malware prevention through its proprietary exploit mitigation technology. In addition to Microsoft Exchange, Palo Alto Networks The identifies EP Series 66 other can prevent applications the following that can vectors be used of in attack: firewall security policies. For those applications that Memory are allowed, corruption organisations based exploits can also identify and control Logic 50+ flaws file types based such exploits as.doc, (including.docx, PDF. Java exploits) An executable spawning a malicious child process DLL hijacking Hijacking program control flow As a Execution complement of malware to the application from local visibility folders and commonly control enabled utilised by App-ID, by attackers URL categories can be used as a match criteria Execution for policies. from network Instead of shares, creating external policies storage that are limited devices, to either and allowing optical drives all or blocking all behavior, URL category Execution as a match of embedded criteria allows exe files for exception based behavior, resulting in increased flexibility, yet more granular policy enforcement. Examples of how using URL Using categories a security can be zone-based used in policies architecture, include: organisations can Identify isolate restricted and allow exceptions data behind to firewall general rules security that will segment policies the for network users who to provide may belong added to levels multiple of network groups

11 outgoing network traffic that is not generated by whitelisted applications, and denying network traffic by default. and anti-malware.the integration with VMware NSX enables the Palo Alto Networks next-generation VM-Series to be automatically deployed within every VMware ESXi server. Palo Alto Networks: ASD Top 35 content filtering allowing only businessrelated attachment types. Preferably analyse/ convert/sanitise links, PDF and Microsoft Office attachments. MITIGATION STRATEGIES Automated dynamic analysis of and web content run in a sandbox to detect suspicious Web content filtering of incoming and outgoing behaviour including network traffic, new or traffic, whitelisting allowed types of web content modified files, or configuration changes. and using behavioral analysis, cloud-based reputation ratings, heuristics and signatures. Web domain whitelisting for all domains, since this approach is more proactive and thorough than blacklisting a tiny percentage of malicious domains. Deny direct internet access from workstations by using an IPv6-capable firewall to force traffic through a split DNS server, an server or an authenticated web proxy server. Restrict access to Server Message Block (SMB) and NetBIOS services running on workstations and on servers where possible. In addition to Microsoft Exchange, Palo Alto Networks identifies 66 other applications that can be used in firewall security policies. For those applications that are allowed, organisations can also identify and control 50+ file types such as.doc,.docx, PDF. HOW PALO ALTO NETWORKS CAN HELP Palo Alto Networks WildFire identifies unknown malware, zero-day exploits, and Advanced Persistent As a complement to the application visibility and control Threats (APTs) by directly executing them in a scalable, enabled by App-ID, URL categories can be used as a match virtual sandbox environment. criteria for policies. Instead of creating policies that are limited to either allowing all or blocking all behavior, URL For Government customers and those that for privacy or category as a match criteria allows for exception based regulatory concerns can t send information to the Palo behavior, resulting in increased flexibility, yet more Alto Networks Threat Intelligence Cloud, WildFire is granular policy enforcement. Examples of how using URL deployed as a private cloud on a single WF-500 categories can be used in policies include: appliance. The WildFire architecture is uniquely designed Identify and allow exceptions to general security to meet the demands of analysing large numbers of policies for users who may belong to multiple groups potentially malicious content. To support dynamic within Active Directory (e.g., deny access to malware malware analysis across the enterprise s network at and hacking sites for all users, yet allow access to scale, the virvual malware analysis environment is users that belong to the security group). shared across all firewalls, as opposed to deploying Allow access to streaming media category, but apply single-use hardware at every ingress/egress point QoS to control bandwidth consumption. and network point of presence. This approach ensures Prevent file download/upload for URL categories that maximum sharing of threat information, while represent higher risk (e.g., allow access to unknown minimising the hardware requirements of the task. sites, but prevent upload/download of executable files from unknown sites to limit malware propagation). When an unknown threat is discovered, WildFire Apply SSL decryption policies that allow encrypted access automatically generates protections to block the threat to finance and shopping categories but decrypt and inspect across the cyber kill-chain, sharing these updates with traffic to all other URL categories. all subscribers across the globe in as little as 15 minutes. These quick updates are able to stop rapidly spreading malware, as well as identify and block the proliferation Palo Alto Networks of all future fully support variants IPv6 without including any additional IPv6 action dynamic or routing analysis. protocols. In conjunction with protection from malicious and exploitive files, WildFire analysis looks deeply into malicious outbound communication, disrupting command-control activity with anti-c2 signatures and DNS-based Using next generation callback signatures. application The based information firewall security is also fed policies, into PAN-DB, access to where SMB and newly NetBIOS discovered can be malicious controlled by URLs user or are user automatically group at the blocked. network This level, correlation regardless of of port. data and in-line protections are key to identifying and blocking ongoing intrusions as well as future attacks on a network. Extending the next-generation firewall platform that natively classifies all traffic across hundreds of applications, WildFire uniquely applies analysis regardless of ports or encryption, including full visibility into web traffic, protocols (SMTP, IMAP, POP), FTP, and SMB. Operating system generic exploit mitigation mechanisms, eg, Data Execution Prevention (DEP), Address Space Layout Randomisation (ASLR) and Enhanced Mitigation Experience Toolkit (EMET) Great America Parkway Santa Clara, CA Main: Sales: Support: Network segmentation and segregation into security zones to protect sensitive information and critical services such as user authentication by Microsoft Active Directory. Palo Alto Networks next-generation endpoint protection provides comprehensive exploit mitigation and malware prevention through its proprietary exploit mitigation technology. The EP Series can prevent the following vectors of attack: Memory corruption based exploits Logic flaws based exploits (including Java exploits) An executable spawning a malicious child process DLL hijacking Hijacking program control flow Copyright Execution 2014, Palo of malware Alto Networks, from Inc. local All rights folders reserved. commonly Palo Alto Networks, the Palo utilised Alto Networks by attackers Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Execution Networks, from Inc. network All specifications shares, are external subject to storage change without notice. Palo Alto devices, Networks and assumes optical no drives responsibility for any inaccuracies in this document or for Execution any obligation of to embedded update information exe files in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_WP_ASD-Top35_ Using a security zone-based architecture, organisations can isolate restricted data behind firewall rules that will segment the network to provide added levels of network security. For purposes of definition, a security zone is a logical container comprised of physical interfaces, VLANS

Enterprise Security Platform for Government

Enterprise Security Platform for Government Enterprise Security Platform for Government Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data

More information

REPORT & ENFORCE POLICY

REPORT & ENFORCE POLICY App-ID KNOWN PROTOCOL DECODER Start Decryption (SSL or SSH) Decode Signatures Policy IP/Port Policy Application Signatures Policy IDENTIFIED TRAFFIC (NO DECODING) UNKNOWN PROTOCOL DECODER Apply Heuristics

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID uses as many as four identification techniques to determine the exact identity of

More information

WildFire. Preparing for Modern Network Attacks

WildFire. Preparing for Modern Network Attacks WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

Firewall Feature Overview

Firewall Feature Overview Networking P A L O A LT O N E T W O R K S : F i r e w a l l F e a t u r e O v e r v i e w Firewall Feature Overview A next-generation firewall restores application visibility and control for today s enterprises

More information

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network. Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration

More information

A Modern Framework for Network Security in Government

A Modern Framework for Network Security in Government A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around

More information

Palo Alto Networks Next-generation Firewall Overview

Palo Alto Networks Next-generation Firewall Overview PALO PALO ALTO ALTO NETWORKS: NETWORKS: Next-Generation Firewall Firewall Feature Feature Overview Overview Palo Alto Networks Next-generation Firewall Overview Fundamental shifts in application usage,

More information

Next-Generation Firewall Overview

Next-Generation Firewall Overview Next-Generation Firewall Overview Fundamental shifts in the application and threat landscape, user behavior, and network infrastructure have steadily eroded the security that traditional port-based firewalls

More information

Content-ID. Content-ID URLS THREATS DATA

Content-ID. Content-ID URLS THREATS DATA Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and

More information

Palo Alto Networks Next-Generation Firewall Overview

Palo Alto Networks Next-Generation Firewall Overview PALO PALO ALTO ALTO NETWORKS: NETWORKS: Next-Generation Firewall Firewall Feature Feature Overview Overview Palo Alto Networks Next-Generation Firewall Overview Fundamental shifts in application usage,

More information

Next-Generation Firewall Overview

Next-Generation Firewall Overview Next-Generation Firewall Overview Recent changes in application behavior and usage patterns have steadily eroded the protection that the traditional firewall once provided. Users are accessing any application,

More information

Next Generation Enterprise Network Security Platform

Next Generation Enterprise Network Security Platform Next Generation Enterprise Network Security Platform November 2014 Lyndon Clough - Territory Sales Manager Derran Guinan Systems Engineer Agenda The Palo Alto Networks story Today s Threat Landscape The

More information

May 2010. Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com

May 2010. Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com Application Visibility and Control: In the Firewall vs. Next to the Firewall How Next-Generation Firewalls are Different From UTM and IPS-based Products May 2010 Palo Alto Networks 232 E. Java Drive Sunnyvale,

More information

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Our next-generation security platform prevents successful cyberattacks for hundreds of hospitals, clinics and healthcare networks across the globe. Palo Alto

More information

Palo Alto Networks. October 6

Palo Alto Networks. October 6 Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%

More information

Next-generation enterprise security platform. Walter Doria

Next-generation enterprise security platform. Walter Doria Next-generation enterprise security platform Walter Doria Why do you need network, endpoint, and cloud working together? The network is best for identifying and controlling all traffic, preventing known

More information

Moving Beyond Proxies

Moving Beyond Proxies Moving Beyond Proxies A Better Approach to Web Security January 2015 Executive Summary Proxy deployments today have outlived their usefulness and practicality. They have joined a long list of legacy security

More information

Breaking the Cyber Attack Lifecycle

Breaking the Cyber Attack Lifecycle Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com

More information

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013 Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,

More information

Using Palo Alto Networks to Protect the Datacenter

Using Palo Alto Networks to Protect the Datacenter Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular

More information

Next-Generation Firewall Overview

Next-Generation Firewall Overview Next-Generation Firewall Overview Business and technology advancements have steadily eroded the protection that the traditional firewall provided. Users have come to expect to be able to work from any

More information

THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS

THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS BeyondTrust Solution Overview October 2014 Table of Contents Introduction... 3 BeyondTrust Solutions... 6 The BeyondInsight

More information

Palo Alto Networks Next-Generation Firewall Overview

Palo Alto Networks Next-Generation Firewall Overview Palo Alto Networks Next-Generation Firewall Overview The firewall is the most strategic network security infrastructure component, it sees all traffic, and as such, is in the most effective location to

More information

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based

More information

Carbon Black and Palo Alto Networks

Carbon Black and Palo Alto Networks Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses

More information

Advanced Endpoint Protection Overview

Advanced Endpoint Protection Overview Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking

More information

A Modern Framework for Network Security in the Federal Government

A Modern Framework for Network Security in the Federal Government A Modern Framework for Network Security in the Federal Government 1 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Trends in Federal Requirements for Network Security In recent years,

More information

FIREWALL OVERVIEW. Palo Alto Networks Next-Generation Firewall

FIREWALL OVERVIEW. Palo Alto Networks Next-Generation Firewall FIREWALL OVERVIEW Palo Alto Networks Next-Generation Firewall Fundamental shifts in application usage, user behavior, and complex, convoluted network infrastructure create a threat landscape that exposes

More information

Internet Gateway Best Practices

Internet Gateway Best Practices Internet Gateway Best Practices Tim Treat Customer Success Architect Palo Alto Networks David Guretz Systems Engineer Palo Alto Networks Internet Gateway Architecture View Next- Generation Threat Cloud

More information

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com Cybercrime: evoluzione del malware e degli attacchi Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com About Palo Alto Networks We are the network security company World-class

More information

WildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks

WildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities

More information

How to Dramatically Reduce the Cost and Complexity of PCI Compliance

How to Dramatically Reduce the Cost and Complexity of PCI Compliance How to Dramatically Reduce the Cost and Complexity of PCI Compliance Using Network Segmentation and Policy-Based Control Over Applications, Users And Content to Protect Cardholder Data December 2008 Palo

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

THREAT INTELLIGENCE CLOUD

THREAT INTELLIGENCE CLOUD THREAT INTELLIGENCE CLOUD Leveraging the Global Threat Community to Prevent Known and Unknown Threats Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com Executive

More information

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation

More information

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager msarrias@paloaltonetworks.com

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager msarrias@paloaltonetworks.com Next Generation Security Strategies Marc Sarrias Regional Sales Manager msarrias@paloaltonetworks.com IT Ever-Evolving Challenges & Constraints Support IT Initiatives Minimize Business Risks from Cybersecurity

More information

FROM PRODUCT TO PLATFORM

FROM PRODUCT TO PLATFORM FROM PRODUCT TO PLATFORM DATA EQUIPMENT 2016 Mikkel Bossen Agenda Today s Challenges Data Growth, SSL encryption, Application Growth & SaaS What s hiding in under the surface? Legacy Security is that really

More information

How Attackers are Targeting Your Mobile Devices. Wade Williamson

How Attackers are Targeting Your Mobile Devices. Wade Williamson How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best

More information

MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH

MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH A Palo Alto Networks and Channel Partner Case Study Every day, the U.S. federal government experiences increasingly sophisticated

More information

APERTURE. Safely enable your SaaS applications.

APERTURE. Safely enable your SaaS applications. APERTURE Safely enable your SaaS applications. Unsanctioned use of SaaS (Software as a Service) applications is creating gaps in security visibility and new risks for threat propagation, data leakage and

More information

A Modern Framework for Network Security in Government

A Modern Framework for Network Security in Government A Modern Framework for Network Security in Government Palo Alto Networks A Modern Framework for Network Security in Government 1 Government: Securing Your Data, However and Wherever Accessed Governments

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

Still Using Proxies for URL Filtering? There s a Better Way

Still Using Proxies for URL Filtering? There s a Better Way Still Using Proxies for URL Filtering? There s a Better Way October 2013 The Arrival of Proxies Firewalls enforce network access via a positive control model, where only specific traffic defined in policies

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee

More information

Cisco Advanced Malware Protection

Cisco Advanced Malware Protection Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line

More information

The Application Usage and Threat Report

The Application Usage and Threat Report The Application Usage and Threat Report An Analysis of Application Usage and Related Threats within the Enterprise 10th Edition February 2013 PAGE 1 Executive Summary Global Findings Since 2008, Palo Alto

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks Palo Alto Networks Cyber Security Platform for the Software Defined Data center Zekeriya Eskiocak Security Consultant Palo Alto Networks Evolution towards a software defined data center Server Virtualiza-on

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

Strategies to Mitigate Targeted Cyber Intrusions Mitigation Details

Strategies to Mitigate Targeted Cyber Intrusions Mitigation Details CYBER SECURITY OPERATIONS CENTRE 13/2011 21 July 2011 Strategies to Mitigate Targeted Cyber Intrusions Mitigation Details INTRODUCTION 1. This document provides further information regarding DSD s list

More information

Enterprise-Grade Security from the Cloud

Enterprise-Grade Security from the Cloud Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security

More information

Streamline PCI Compliance With Next-generation Security

Streamline PCI Compliance With Next-generation Security Streamline PCI Compliance With Next-generation Security How Palo Alto Networks Enterprise Security Platform Enables Unparalleled Network Segmentation and Protection of Cardholder Data Executive Summary

More information

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets

More information

Securing the Database Stack

Securing the Database Stack Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,

More information

Moving Network Security from Black and White to Color Refocusing on Safely Enabling Applications

Moving Network Security from Black and White to Color Refocusing on Safely Enabling Applications Moving Network Security from Black and White to Color Refocusing on Safely Enabling Applications July 2009 Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com

More information

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection

More information

Securing the Virtualized Data Center With Next-Generation Firewalls

Securing the Virtualized Data Center With Next-Generation Firewalls Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks

More information

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency. Optimize your defense, resilience, and efficiency. Table of Contents Need Stronger Network Defense? Network Concerns Security Concerns Cost of Ownership Manageability Application and User Awareness High

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Sygate Secure Enterprise and Alcatel

Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and

More information

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013 What s Next for Network Security - Visibility is king! Gøran Tømte March 2013 Technology Sprawl and Creep Aren t the Answer More stuff doesn t solve the problem Firewall helpers have limited view of traffic

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

June 2012. Palo Alto Networks 3300 Olcott Street Santa Clara, CA 94089 www.paloaltonetworks.com

June 2012. Palo Alto Networks 3300 Olcott Street Santa Clara, CA 94089 www.paloaltonetworks.com The Application Usage and Risk Report An Analysis of End User Application Trends in the Enterprise Regional Findings Americas (Latin and South America, Canada, U.S.A.) Europe, Africa, Middle East Asia

More information

Malicious Email Mitigation Strategy Guide

Malicious Email Mitigation Strategy Guide CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview October 2010 Matias Cuba - Regional Sales Manager Northern Europe About Palo Alto Networks Palo Alto Networks is the Network

More information

Securing Traditional and Cloud-Based Datacenters With Next-generation Firewalls

Securing Traditional and Cloud-Based Datacenters With Next-generation Firewalls Securing Traditional and Cloud-Based Datacenters With Next-generation Firewalls February 2015 Table of Contents Executive Summary 3 Changing datacenter characteristics 4 Cloud computing depends on virtualization

More information

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Sophistication of attacks will keep improving, especially APT and zero-day exploits FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint

More information

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure

More information

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection

More information

How Protected Is Your Enterprise?

How Protected Is Your Enterprise? How Protected Is Your Enterprise? Next Gen thinking and technology to help strengthen and protect your critical business systems and data Greg Belanger, CISSP Symantec (Canada) Corporation - Security Practice

More information

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible White Paper Time for Integrated vs. Bolted-on IT Security Cyphort Platform Architecture: Modular, Open and Flexible Overview This paper discusses prevalent market approaches to designing and architecting

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Deploying Advanced Firewalls in Dynamic Virtual Networks

Deploying Advanced Firewalls in Dynamic Virtual Networks SOLUTION GUIDE Deploying Advanced Firewalls in Dynamic Virtual Networks Enterprise-Ready Security for Network Virtualization 1 This solution guide describes how to simplify deploying virtualization security

More information

WildFire Cloud File Analysis

WildFire Cloud File Analysis WildFire 6.1 Administrator s Guide WildFire Cloud File Analysis Palo Alto Networks WildFire Administrator s Guide Version 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America

More information

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Controlling Peer-to-Peer Applications

Controlling Peer-to-Peer Applications Controlling Peer-to-Peer Applications April, 2008 Palo Alto Networks 2130 Gold Street, Suite 200 Alviso, CA 95002-2130 Main 408.786.0001 Fax 408.786.0006 Sales 866.207.0077 www.paloaltonetworks.com Table

More information

10 Things Every Web Application Firewall Should Provide Share this ebook

10 Things Every Web Application Firewall Should Provide Share this ebook The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security

More information

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.

More information

Persistence Mechanisms as Indicators of Compromise

Persistence Mechanisms as Indicators of Compromise Persistence Persistence Mechanisms as Indicators of Compromise An automated technology for identifying cyber attacks designed to survive indefinitely the reboot process on PCs White Paper Date: October

More information

End-to-End Application Security from the Cloud

End-to-End Application Security from the Cloud Datasheet Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed

More information

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks

More information

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System AirGap The Technology That Makes Isla a Powerful Web Malware Isolation System Introduction Web browsers have become a primary target for cyber attacks on the enterprise. If you think about it, it makes

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Stallion SIA Seminar 2.12.2015 PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

Stallion SIA Seminar 2.12.2015 PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager Stallion SIA Seminar 2.12.2015 PREVENTION FIRST Introducing the Enterprise Security Platform Sami Walle Regional Sales Manager CYBER THREATS ARE GETTING MORE ADVANCED Advanced Persistent Threat Uses a

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information