Enterprise Security Platform for Government

Transcription

1 Enterprise Security Platform for Government

2 Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data centers and moving to virtualization. They must find ways to increase capacity in fewer data centers and adopt virtualization without impacting security. As some of the most targeted organizations in the world, they know nation-states and other adversaries will continue to threaten sensitive information, military networks and communications with Zero Days and Advanced Persistent Threats (APTs). Such attacks cut straight through today s endpoint solutions undetected. Targeting endpoints through frequented websites and credential theft, as well as blended tactics, they look for any weak point to penetrate. Critical infrastructure including Supervisory Control and Data Acquisition (SCADA) systems which run nations power grids and other utilities, weapons systems and more must also be prioritized. Such systems need security solutions which can understand their proprietary protocols and block traditional IT applications and unauthorized users from these critical networks. Modern military personnel and mobile civilian workers are increasingly untethered from their government networks using mobile devices as well as advanced tactical mobile gear. As such, cyber defense is at an all-time high priority and must not only focus on prevention but resilience in the face of an attack. It must defend the endpoint however defined by the strategic, tactic, military or civilian entity and thwart advanced attacks and lateral movement to ensure resilience when attackers Government challenges and initiatives: Advanced and highly targeted threats at the endpoint, lateral movement through the network Need security for consolidated and virtualized data centers Protect Shared services Ensure resilient real-time tactical communications Protect sensitive data Support military s future sailor/soldier/airman reach the heart of the network. To effectively protect today s government networks, a modern cyber defense is necessary. Traditional Point solutions Don t Address Modern Government Needs To overcome these challenges and effectively prevent today s most advanced cyber attacks, a disruptive, comprehensive approach a platform approach is necessary. Palo Alto Networks enterprise security platform eliminates complexities involved with point products firewall, IPS, IDS, URL filtering, endpoint antivirus, and more. The enterprise security platform realizes this vision of comprehensive security by integrating the power of three core elements: NEXT-GENERATION FIREWALL NATIVELY INTEGRATED N E T W O R K THREAT INTELLIGENCE CLOUD AUTOMATED CLOUD Figure 1: Palo Alto Networks enterprise security platform. E N D P O I N T EXTENSIBLE ADVANCED ENDPOINT PROTECTION The advanced endpoint prevention, Traps, ensures that the point of entry for most advanced threats, the host, is secure. It uses a disruptive approach to prevention, stopping the underlying techniques used by exploits and malware in their attack chain. This is unlike the ineffective and burdensome approach used by traditional endpoint solutions which only look at the ever growing repository of known signatures, strings, and behaviors to try to deter Zero Day attacks. The threat intelligence cloud (public or private) analyzes and correlates intelligence from all platform security functions URL Filtering, mobile security, IPS/threat prevention and the virtual execution engine or sandbox, WildFire and validated community input. WildFire immediately discovers previously unknown malware and communicates the results to the platform to automatically generate signatures. All threat intelligence is distributed PAGE 2

3 to the network and endpoints to ensure they are protected. Known, Zero Day and advanced attacks, including APTs, can all be prevented from endpoint to data center. This is all done automatically, reducing operational burden and shortening an organization s response time. Governments can select a cloud or private threat intelligence network option. This innovative architecture can be operated at a fraction of the cost it takes to deploy and manage an equivalent set of point products. Government Benefits to Platform Security Palo Alto Networks enterprise security platform provides several benefits while enabling a solid cyber defense with detection, prevention and resilience: Advanced threats and APTs at the endpoint: Advanced endpoint protection, unlike traditional government host-based security solutions, can prevent an adversary who uses active exploits of software vulnerabilities as an advanced attack against the government. By mitigating the finite number of exploitation techniques an attacker must use to deliver their exploit, rather than analyzing and reacting to every exploit, prevents delivery entirely. Advanced threats and APTs in the network: By supporting all of the applications used by adversaries not just web and and selectively decrypting SSL communications often used to hide attacker communications, uncover more ways the adversary can get in and move laterally. Advanced attackers use content disguised in common protocols such as UDP and FTP, use peer-to-peer applications and port hopping, as well as other evasive maneuvers. The platform sees it all. Full-threat view: With the sophistication and highly targeted nature of attacks against governments, the adversary can use numerous approaches and actions to get in and move across the network. Palo Alto Networks Threat Intelligence from the cloud or an on-premises government-run platform constantly gathers intelligence on evasive applications and converts the intelligence back into all platform devices. This ensures that organizations maintain control of evasive applications to ensure authorized activity traverses the networks while unauthorized activity fails to route. Our application research and intelligence team is available to perform custom intelligence analysis on any application the government deems necessary to ensure quality of service and control at every location on the enterprise. With this important triumvirate, the platform approach is the key to preventing advanced attacks and Zero Days. Resilience: If and when an adversary makes its way onto the network, they are limited in what they can do, where they can go and what data they can access. With network segmentation allowing only approved users access to approved applications the platform instills a zero-trust environment. Advanced attacks at the endpoint can be mitigated with an advanced techniques approach. And the attacker is discoverable. The platform provides more control over authorized and unauthorized traffic than any other solution. Data center consolidation and virtualization security: With the same complete visibility and protection to the data center without impact to speed or efficiency, the platform examines 100 percent of the traffic flowing in and out of the data center and between every application. Segmenting North-South (physical) and East-West (virtual) traffic, the platform tracks virtual application provisioning and changes via dynamic address groups, and automation and orchestration support via REST-API. The Palo Alto Networks virtual (VM)-Series for NSX can be deployed as a service with VMware NSX and Panorama, with VMware ESXi as part of a virtual network configuration for East-West traffic inspection, and as guest VMs on Citrix NetScaler SDX, consolidating Application Delivery Controllers (ADCs) and security services for multi-tenant, and Citrix XenApp/ XenDesktop deployments. The virtual platforms are also available for Kernel-based Virtual Machine (KVM) Hypervisors. Scale: Scaling to support more data in fewer entry points, the platform supports Government data consolidation and cost reduction efforts. PAGE 3

4 SCADA network security: Enforce network segmentation of government SCADA networks from the IT networks, enable legitimate SCADA protocols and content onto the network and only to approved SCADA network users through Role-based access controls (RBAC). The platform library contains application signatures for control network applications including Modbus, OSIsoft PI, ICCP, DNP3, and more, without disruption of critical systems such as sewage, water, electric and more on Army bases, posts and camps. Tactical Network security: Overcome lack of necessary security skillsets in tactical deployments that could increase the risk from misconfiguration, incorrect security policy rule, or missed signature update. Configure from a central management platform, automatically provision and deploy. Support custom application signatures for custom government or military applications and threat signatures all locally or through the centralized management platform, as well as signatures for threats specific to the network/ enclave or division without necessitating direct vendor support. Kill chain-wide defense: If caught at any stage in the kill chain, the attacker s strategy fails. Critical areas the platform defends against either outright attack or lateral movement to a desired target are data center edge and inter-vm, endpoints (mobile and fixed), tactical and SCADA networks. Private threat intelligence cloud: With immediate access to threat intelligence for Security Operations Centers, situational awareness requirements, and other cyber intelligence analysis needs, access integrated logs to quickly investigate and correlate events, locate data needed for timely investigations and incident response and make it actionable through log queries or custom signatures. Governments can develop and manage their own threat intelligence cloud on a closed, dedicated Palo Alto Networks WF-500 threat intelligence platform. (See Figure 2.) Zero Days Unknown Malware Known Malware Evasive Applications Threat Protection (URL/C2/ Etc) THREAT INTELLIGENCE Automated File Analysis Immediate Intelligence Conversion Wildfire Automated Global Dissemination Active Network Traffic Platform Devices Endpoint Memory Endpoint Agents Mobility Devices GlobalProtectVPN Internet Coalition! Mobile! Deployed Data Center Component/Subscriber Premise/DMZ Figure 2: Palo Alto Networks enterprise private threat intelligence cloud for Government. PAGE 4

5 What Risks Exist In Your Government Network? A strong cyber defense, agile to the needs of Governments globally as well as to the adversaries tactics and tool changes, is germane to the future. Palo Alto Networks meets the cyber security needs of its government customers by providing a future-proof platform with visibility, prevention and resilience from endpoint across the heart of the network and data center and for all threat types. Customers across all continents and numerous industries, the Fortune 100 and the most advanced governments and militaries rely on Palo Alto Networks to improve their cybersecurity posture. Schedule an Ultimate Test Drive (UTD) for hands-on experience with the platform. Find out how you can quickly discover what protocols, applications and risks exist on your own network Great America Parkway Santa Clara, CA Main: Sales: Support: Copyright 2015, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_WP_ESPG_011215