Archive for August, 2016

Not All Next-Generation Firewalls Are Created Equal

Tuesday, August 9th, 2016

As cybersecurity threats increase in sophistication, the security solutions used to defend against these threats must also evolve. Developers no longer adhere to standard port/protocol/application mapping; applications are capable of operating on non-standard ports, as well as port hopping; and users are able to force applications to run over non-standard ports, rendering first-generation firewalls ineffective in today’s threat environment. Enter the “next-generation firewall” (NGFW), the next stage of firewall and intrusion prevention systems (IPS) technology.

A common understanding of an NGFW is a network platform that combines the traditional firewall functionalities with IPS and application control. However, merely bundling traditional firewalls with IPS and application control does not result in an NGFW. A true NGFW emphasizes native integration, classifies traffic based on applications rather than ports, performs a deep inspection of traffic and blocks attacks before a network can be infiltrated. Here is a list of key features of a true NGFW to better inform your next purchase decision.

Identify and control applications and functions on all ports, all the time

An NGFW should identify traffic on all ports at all times, and classify each application, while monitoring for changes that may indicate when an unpermitted function is being used. For example, using Citrix GoToMeeting for desktop sharing is permitted but allowing an external user to take control is not.

Identify users regardless of device or IP address

Knowing who is using which applications on the network, and who is transferring files that may contain threats, strengthens an organization’s security policies and reduces incident response times. An NGFW must get user identity from multiple sources – such as VPN solutions, WLAN controllers and directory servers – and allow policies that safely enable applications based on users, or groups of users, in outbound or inbound directions.

Identify and control security evasion tactics

There are two different classes of applications that evade security policies: applications that are designed to evade security, like external proxies and non-VPN-related encrypted tunnels (e.g., CGIProxy), and those that can be adapted to achieve the same goal such as remote server/desktop management tools (e.g., TeamViewer). An NGFW must have specific techniques that identify and control all applications, regardless of port, protocol, encryption or other evasive tactics and know how often that firewall’s application intelligence is updated and maintained.

Decrypt and inspect SSL and control SSH

An NGFW should be able to recognize and decrypt SSL and SSH on any port, inbound or outbound; have policy control over decryption; and offer the necessary hardware and software elements to perform SSL decryption simultaneously across tens of thousands of SSL connections with predictable performance.

Systematically manage unknown traffic

Unknown traffic represents significant risks and is highly correlated to threats that move along the network. An NGFW must classify and manage all traffic on all ports in one location and quickly analyze the traffic, known and unknown, to determine if it’s an internal/custom application, a commercial application without a signature, or a threat.

Protect the network against known and unknown threats in all applications and on all ports

Applications enable businesses, but they also act as a cyberthreat vector, supporting technologies that are frequent targets for exploits. An NGFW must first identify the application, determine the functions that should be permitted or blocked, and protect the organization from known and unknown threats, exploits, viruses/malware or spyware. This must be done automatically with near-real time updates to protect from newly discovered threats globally.

Deliver consistent policy control over all traffic, regardless of user location or device type

An NGFW should provide consistent visibility and control over traffic, regardless of where the user is and what device is being used, without introducing performance latency for the user, additional work for the administrator, or significant cost for the organization.

Simplify network security

To simplify and effectively manage already overloaded security processes and people, an NGFW must enable easy translation of your business policy to your security rules. This will allow policies that directly support business initiatives.

Perform computationally intensive tasks without impacting performance

An increase in security features often means significantly lower throughput and performance. An NGFW should deliver visibility and control including content scanning, which is computationally intensive, in high-throughput networks with little tolerance for latency.

Deliver the same firewall functions in both a hardware and virtualized form factor

Virtualization and cloud computing environments introduce new security challenges, including inconsistent functionality, disparate management and a lack of integration points. An NGFW must provide flexibility and in-depth integration with virtual data centers in private and public cloud environments to streamline the creation of application-centric policies.

To learn more about what features a NGFW must have to safely enable applications and organizations, read the 10 Things Your Next Firewall Must Do white paper.

POSTED BY: Eila Shargh on August 8, 2016 on Palo Alto Network Research Portal

Palo Alto Networks Raises the Bar for Endpoint Security

Monday, August 8th, 2016

Palo Alto Networks®, the next-generation security company, announced new functionality, including significant machine learning capabilities for real-time unknown malware prevention, to its Traps™ advanced endpoint protection offering. These updates further strengthen the malware and exploit prevention capabilities of Traps and alleviate the need for legacy antivirus products to protect endpoints, such as laptops, servers and VDI instances.

Many organisations deploy a number of security products and software agents on their endpoint systems, including one or more traditional antivirus products. Nevertheless, cyber breaches continue to increase in frequency, variety and sophistication. Traditional antivirus products struggle to keep pace and invariably fail to prevent these attacks on endpoints.

An alternative to legacy antivirus point products, Traps uniquely combines the most effective, purpose-built malware and exploit detection methods to prevent known and unknown threats before they can successfully compromise an endpoint. By focusing on detecting and blocking the techniques at the core of these attacks, Traps can prevent sophisticated, targeted and never-before-seen attacks.

As a component of the Palo Alto Networks Next-Generation Security Platform, a natively integrated and automated platform designed to safely enable applications and prevent cyber breaches, Traps both shares with and receives threat intelligence information from the Palo Alto Networks WildFire™ cloud-based malware analysis environment. Threat intelligence information is passed to WildFire by each component of the security platform, and Traps uses this information to block threats on the endpoint no matter where they originated.

The new functionality announced today, which includes static analysis via machine learning and trusted publisher capabilities, will allow Traps to detect and immediately prevent malware that has never been seen.

Quotes

“The sophistication and frequency of cyberattacks are growing too quickly for legacy antivirus tools that rely on malware signatures to keep pace. The Palo Alto Networks Traps offering takes an innovative approach to endpoint security, keeping endpoints more secure despite a growing landscape of cyberthreats and reducing the resources required by IT teams to track and install security patches.”

Rob Westervelt, research manager, Security Products, IDC

“Antivirus point products give organisations a false sense of security, because while they technically make users compliant with regulatory and corporate governance requirements, they do not protect against today’s advanced cyberthreats. To do that, organisations must adopt a cybersecurity platform that prevents malware from infiltrating the enterprise at any point, including the endpoint, even if it has never been seen before.”

Lee Klarich, executive vice president, Product Management, Palo Alto Networks

The latest version of Traps, version 3.4, will be available by the end of August on the Palo Alto Networks Support Portal and will include the following updates:

  • Static analysis via machine learning examines hundreds of characteristics of a file to determine if it is malware. Threat intelligence available through the Palo Alto Networks WildFire subscription is used to train a machine learning model to recognise malware, especially previously unknown variants, with unmatched effectiveness and accuracy. This new functionality allows Traps to rapidly determine if a file should be allowed to run even before receiving a verdict from WildFire.
  • Trusted publisher identification allows organisations to automatically and immediately identify new executable files published by trusted and reputable software publishers. These executable files are allowed to run, cutting down on unnecessary analysis and allowing them to execute without delay or impact to the user.
  • Quarantine of malicious executables immediately removes malicious files and prevents further propagation or execution attempts of the files.
  • Grayware classification allows enterprises to identify non-malicious, but otherwise undesirable, software and prevent it from running in their environment.
  • Learn More

  • Read the Traps 3.4 blog post
  • Register for the upcoming webinar, Protect Yourself From Antivirus
  • Read the white paper, Protect Yourself From Antivirus
  • Palo Alto Networks Traps Advanced Endpoint Protection
  • Palo Alto Networks WildFire Cloud-Based Malware Analysis Environment
  • Palo Alto Networks Next-Generation Security Platform
  • View the original article at Palo Alto Networks.