Agenda , Palo Alto Networks. Confidential and Proprietary.

Transcription

1

2

3 Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation , Palo Alto Networks. Confidential and Proprietary.

4 4 2013, Palo Alto Networks. Confidential and Proprietary.

5 WHAT S CHANGED? THE EVOLUTION OF THE ATTACKER CYBERCRIME NOW $1+ trillion industry CYBER WARFARE 100+ nations

6

7 CYBER THREATS ARE GETTING MORE ADVANCED Advanced Persistent Threat Uses a broad spectrum of exploits Both well-known and zero-day exploits Crosses multiple vectors; uses crypting Goal-oriented rather than opportunistic Highly targeted, methodical attacks Re-encodes or uses polymorphism Organized, wellfunded criminal adversaries Nation-states, cyberespionage groups Thousands of off-theshelf tools available

8 How exploit develops.. SMTP IMAP POP3 Web browsing (7) Code execution exploits seen in SMTP, POP3, IMAP and web browsing. Smoke.loader botnet controller Delivers and manages payload Steals passwords Encrypts payload Posts to URLs Anonymizes identity Twitter Web browsing Facebook Palo Alto Networks. Confidential and Proprietary.

9 COMPROMISED CREDIT CARDS APTs IN ACTION THE FAIL CHAIN Attacker penetrates network from supplier Lack of monitoring allows credential escalation Signals of data exfiltration are not monitored Network security logs are ignored Alert from IPS that malware is being installed is missed Poor segmentation allows attacker to make lateral move to sensitive data Recon on companies Target works with Spearphishing third-party HVAC contractor Breached Target network with stolen payment system credentials Moved laterally within Target network and installed POS Malware Compromised internal server to collect customer data Exfiltrated data command-andcontrol servers over FTP Maintain access

10 MORE TOOLS HAVE RESULTED IN SECURITY SILOES AND UNCESSARY COMPLEXITY Degraded performance without really solving the issue Firewall helpers have limited view of traffic Complex and costly to buy and maintain Doesn t provide adequate visibility Internet Enterprise Network

11 State of the nation 100+ nations

12 How exploit develops.. SMTP IMAP POP3 Web browsing (7) Code execution exploits seen in SMTP, POP3, IMAP and web browsing. Smoke.loader botnet controller Delivers and manages payload Steals passwords Encrypts payload Posts to URLs Anonymizes identity Twitter Web browsing Facebook Palo Alto Networks. Confidential and Proprietary.

13 CONTENT USERS APPLICATIONS KNOW WHAT S ON YOUR NETWORK AT ALL TIME BASED ON APPLICATIONS, USERS, AND CONTENT Classify all traffic by application (layer 7) with App-ID Tie users and devices to applications, regardless of location, with User-ID Scan content and protect against all threats, both known and unknown, with Content-ID

14 SYSTEMATICALLY REDUCE THE SCOPE OF YOUR SECURITY CHALLENGE 0 Full visibility 1 Limit traffic legitimate apps and sources 2 Eliminate known threats 3 Eliminate unknown threats

15 Safe Application Enablement: Some Examples , Palo Alto Networks. Confidential and Proprietary.

16 PREVENTION AGAINST UNKNOWN THREATS 3 SIGNATURE CREATION Anti-malware signatures DNS intelligence Malware URL database Anti-C2 signatures 2 Command-and-control Staged malware downloads Host ID and data exfil SANDBOX TESTING TM WildFire Soak sites, sinkholes, 3 rd party sources 4 Global intelligence and protection shared with all customers 1 SUSPICIOUS TRAFFIC Palo Alto Networks Customers

17 NETWORK SEGMENTATION Group systems logically by trust levels and risk factors independent of physical location Deny all traffic between zones by default except the few legitimate applications (App-ID) Apply least privilege access for user access (User-ID) Inspect all content for malicious payload known and unknown threats Limit the scope of compliance Fewer servers are subject to compliance audits Limit the scope of vulnerability - Separate vulnerable parts of the network, or old servers that cannot be patched from others Limit data exfiltration limit the volume of data that is compromised in the case of a breach

18 Palo Alto Networks Cost Reductions, Improved Operations Fewer appliances and policies to deploy and maintain (5x) One management platform across security functions and locations Business-relevant policies Fewer translation errors between business and security teams Better security decisions Introduction NXG Firewalls vs traditional 30%-80% savings 40%-65% savings No data or intelligence silos Reporting, and compliance audits are made easier Better performance from single pass architecture across functions

19 2014 Magic Quadrant for Enterprise Network Firewalls Palo Alto Networks is assessed as a Leader, mostly because of its NGFW focus, because it set the direction of the market along the NGFW path, and because of its consistent visibility in shortlists, increasing revenue and market share, and its proven ability to disrupt the market. --Gartner Magic Quadrant for Enterprise Network Firewalls

20

21

22

23

24

25

26