Archive for the ‘Palo Alto Networks’ Category

Palo Alto Networks Introduces Cortex, the Industry’s Only Open and Integrated, AI-Based Continuous Security Platform

Friday, March 8th, 2019

Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today introduced three significant advancements aimed at harnessing the power of advanced AI and machine learning to transform how security will be managed in the future.

Introducing Cortex™
Cortex is the industry’s only open and integrated, AI-based continuous security platform. Cortex is a significant evolution of the Application Framework designed to simplify security operations and considerably improve outcomes. Deployed on a global, scalable public cloud platform, Cortex allows security operations teams to speed the analysis of massive data sets. Cortex is enabled by the Cortex Data Lake, where customers can securely and privately store and analyze large amounts of data that is normalized for advanced AI and machine learning to find threats and orchestrate responses quickly.

Cortex XDR™ – Breaking Data Silos
Cortex XDR is the first-of-its-kind detection, investigation and response product that natively integrates network, endpoint and cloud data. Cortex XDR uncovers threats using behavioral analytics, accelerates investigations with automation, and stops attacks before damage is done through tight integration with existing enforcement points.

Traps™ 6.0 – Great Prevention Gets Even Better
Traps endpoint protection and response now includes a Behavioral Threat Protection engine that stops advanced threats in real time by stitching together a chain of events to identify malicious activity. Traps 6.0 acts as the ultimate data collection sensor for Cortex Data Lake, gathering the most comprehensive endpoint security data in the industry. In conjunction with Cortex XDR, customers can use Traps to extend their prevention capabilities to include detection and response across their entire digital infrastructure with a single agent.

QUOTES

“While detection and response are integral components of cybersecurity defense, the current model of disjointed standalone products leaves organizations with blind spots and conflicting data,” said Lee Klarich, chief product officer at Palo Alto Networks. “We believe the only way to solve this is with best-in-class prevention, combined with the ability to normalize and analyze data at scale from as many sources as possible, applying AI and machine learning to automatically detect and quickly respond to threats.”

“While endpoint and detection response tools are valuable, they give a limited view of what an attack may look like,” said Fernando Montenegro, senior analyst at 451 Research. “Security teams need more sources of data so that they can find and block threats faster across what are increasingly complex enterprise environments. We believe integrating data across endpoint, network and cloud is a positive step toward better addressing these security needs.”

New Partnerships Behind Cortex
To support the rollout of Cortex XDR, five managed security service partners will launch offerings that deliver round-the-clock threat monitoring, detection and response services to Palo Alto Networks customers. The partnerships in place are with PwC, Critical Start, ON2IT, BDO and Trustwave.

Pricing and Availability
Cortex Data Lake and Traps 6.0 will be available immediately to customers worldwide. Cortex XDR will be available to customers on March 4, 2019.

Learn More
Cortex
Cortex XDR
Cortex Data Lake
Traps endpoint protection and response

View the original post by Palo Alto Networks.

Introducing PAN-OS 9.0: Stop Threats Hiding in DNS, Close Security Gaps

Tuesday, February 19th, 2019

We’re excited to announce PAN-OS 9.0, the latest version of the software that powers our next-generation firewalls. PAN-OS 9.0 delivers over 60 tightly integrated innovations that strengthen security. The new DNS Security service continues our tradition of expanding the platform and replacing disconnected point products. We have always set the standard for next-generation firewalls — keeping you on the cutting edge while simplifying security.

Here are a few highlights from PAN-OS 9.0.

Stop threats hiding in DNS traffic

DNS is essential to running your business, but according to the Unit 42 threat research team, almost 80 percent of malware uses DNS to establish command and control. Today, security teams lack the visibility, scale, and agility needed to stop threats that use DNS. Our new DNS Security service applies predictive analytics and infinite cloud scale to disrupt attacks that use DNS for command and control or data theft. Using shared threat intelligence and machine learning, DNS Security enables teams to quickly identify threats hidden in DNS traffic. Because the service is tightly integrated with our next-generation firewall, customers get automated protections and eliminate the need for independent tools or changes to DNS infrastructure.

Close dangerous policy gaps faster and more easily

The new Policy Optimizer strengthens security by closing dangerous policy gaps left by legacy firewall policies. Policy Optimizer’s simple workflows use intelligence gathered by PAN-OS to easily move from legacy rules to App-ID-based rules. Taking complexity out by removing scores of legacy rules reduces human error, which is a leading cause of data breaches. With PAN-OS 9.0, we continue to deliver the tools you need to implement best practices that reduce the risk of attack.

Reduce web-based threat exposure

We’ve taken URL Filtering to the next level with powerful new capabilities to protect your organization from web-based threats. Applied analytics powers granular web policy for more control and flexibility than ever. New risk ratings take the guesswork out of choosing which sites to block or allow. Based on policy, automated actions let you trigger additional inspection or containment, including turning on SSL decryption. Machine learning-based image recognition dramatically increases phishing detection, finding even the most evasive sites attempting to steal your credentials. And finally, your protection is always up to date with instant updates for newly discovered malicious sites.

Protect your network with the fastest next-generation firewall ever

Organizations with large data centers, high volumes of encrypted traffic, and a growing ecosystem of internet of things (IoT) devices must secure more network traffic than ever. Our PA-7000 Series, with new line cards, is the fastest next-generation firewall in the industry, delivering performance without compromising security. Our all-new Network Processing Cards (NPCs), Switch Management Cards (SMCs), and Log Forwarding Cards (LFCs) deliver 350 Gbps of protected throughput, measured with application identification, intrusion prevention, antivirus, anti-spyware, advanced malware analysis, and logging enabled. Palo Alto Networks customers can use the improved cards with their existing chassis and cards, ensuring their security investments are protected.

Consistently secure all of your clouds

Organizations want consistent security across multiple public clouds and virtualized data centers. The VM-Series now provides the broadest range of public cloud and virtualized data center environments by adding support for Oracle Cloud, Alibaba Cloud, Cisco ENCS, and Nutanix. Firewall throughput performance improvements for AWS and Azure of up to 2.5X combined with autoscaling and transitive architectures allow our customers to automate security for dynamic and large-scale public cloud deployments.

Secure large environments at scale

New innovations to Panorama make scaling network security easier. With PAN-OS 9.0, security teams can manage up to 5,000 firewalls with a single instance of Panorama. When required, customers can use Panorama Interconnect plugin to scale the single pane of glass to 30,000 firewalls. Panorama manages security for the entire network using a single security rule base for firewall, threat prevention, URL filtering, application awareness, user identification, advanced malware analysis, file blocking, and data filtering. Panorama helps administrators reduce operational workload and meet budget constraints, while improving overall security posture.

Strengthen network and security operations

New Transformation Services offerings will strengthen security with deep analysis of configuration and network traffic as well as enforcement of advanced security policies. These next-generation firewall, threat, and security operations services are designed to complement our Security Operating Platform by focusing on operational capabilities. This provides maximum protection to enable businesses for future growth.

To learn more, visit our PAN-OS 9.0 security page.

Watch Lee Klarich, chief product officer, dive into what’s new in PAN-OS 9.0.

View the original post by Palo Alto Networks.

Palo Alto Networks Joins Net-Ctrl on Stand C61

Thursday, January 10th, 2019

Net-Ctrl will be able to demo a range of Palo Alto Networks solutions on our BETT stand (C61).

Cyberattacks in the Education Sector are increasing year on year. This area is one that cybercriminals feel they can exploit more successfully as they know that IT teams are stretched. They know that due to tight budgets equipment is likely to be ageing and with the introduction of BYOD the attack surface is only increasing which has a knock-on effect adding even more pressure to schools to keep their students and their data secure.

Palo Alto Networks aims to help schools with this by putting in an Automated Security Platform that works without the need for human intervention, with their Threat Intelligence cloud they ensure that the system is constantly updated with the latest threats in the industry and with their TRAPS endpoint protection they can extend this protection out to endpoints and BYOD devices.

Outside of Core Security Palo Alto Networks are also able to assist Schools with Safe-Guarding with the following:

  • URL Filtering
  • Categorisation and Control of Websites
  • Application Control
  • Ensure that only authorised applications are in use on the School Network
  • Search Engine Alerts
  • Real-Time awareness of search queries
  • Visibility Reports
  • Show granular visibility of Network and web-based activity by user

Come and visit Net-Ctrl and Palo Alto Networks on stand C61 at BETT 2019 to learn more about how Palo Alto Networks can fit into your school’s infrastructure. We will have a dedicated team able to answer your questions and provide solution demonstrations.

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance email marketing@net-ctrl.com.

Enhanced Network Security with Pulse Policy Secure and Palo Alto Networks Firewall

Thursday, December 13th, 2018


In today’s IT world, Internet and networking technologies have evolved to offer unprecedented services to the end users. Billions of Internet of Things devices are being deployed across all industries, and with this also means allowing access to important and confidential data and resources which brings significant security risks to business IT systems.

Organizations need to implement solutions to address challenges from a security standpoint and the best way to eliminate every possible risk associated with technology is to bring ecosystem and interoperate. One such solution is our award-winning Pulse Policy Secure (NAC) integrated with Palo Alto Networks Firewall.

Pulse Policy Secure provides a Network Access Control solution at an endpoint/user level and provides intelligent Identity-based access by quickly learning contextual data (endpoint IP address, User ID and User role) and shares this with Palo Alto Networks firewall to take appropriate actions to allow or deny access.

Pulse Policy Secure also provides enhanced network security to protect from vulnerable devices with altering based integration with PAN Firewall. Through this joint solution, organizations, users, and customers are protected from cyber threats.

In addition to the above integration, Pulse Secure offers a seamless secure access solution using session federation via IF-MAP framework. This can be achieved within an enterprise network by sharing session information across Pulse Policy Secure or Pulse Connect Secure using an IF-MAP protocol through an IF-MAP server. Once an end user connects remotely or locally to the corporate network and gets authenticated by Pulse Connect Secure or Pulse Policy Secure. The federation requires Dynamic AUTH table provisioning on the PAN firewall and allows secure access to the protected resource based on the resource access policies that are configured on PPS.

Additional information on how to deploy and implement this joint solution is available at https://www.pulsesecure.net/techpubs/pulse-policy-secure/pps.

Check out these resources on our latest NAC release, Pulse Policy Secure 9.0r3:

Zero Trust Secure Access for The Smart Factory Floor Infographic

Pulse Secure Access for the Industrial Internet of Things (IIoT)

Pulse Secure Expands Zero Trust Security for IoT

 

View the original post by Pulse Secure.

Palo Alto Networks a Seven-Time Gartner Magic Quadrant Leader

Wednesday, October 10th, 2018

Palo Alto Networks® (NYSE: PANW), the global cybersecurity leader, today announced that, for the seventh consecutive time, the company has been recognized in the Leaders quadrant of the “Magic Quadrant for Enterprise Network Firewalls” by Gartner Inc.

According to the report, “The Leaders quadrant contains vendors that build products that fulfil enterprise requirements. These requirements include a wide range of models, support for virtualization and virtual LANs, and a management and reporting capability that is designed for complex and high-volume environments, such as multitier administration and rule/policy minimization. A solid NGFW capability is an important element, as enterprises continue to move away from having dedicated IPS appliances at their perimeter and remote locations. Vendors in this quadrant lead the market in offering new features that protect customers from emerging threats, provide expert capability rather than treat the firewall as a commodity and have a good track record of avoiding vulnerabilities in their security products. Common characteristics include handling the highest throughput with minimal performance loss, offering options for hardware acceleration and offering form factors that protect enterprises as they move to new infrastructure form factors.”

The Magic Quadrant for Enterprise Network Firewalls(1) evaluates vendors’ ability to execute as well as their completeness of vision.

QUOTE

“We’re thrilled that Gartner has recognized our leadership over the past seven times in its Gartner Magic Quadrant for Enterprise Network Firewalls. In the past 15 months, we have introduced updated versions of almost every next-generation firewall we offer, and have delivered new models which allow us to solve additional use cases for our customers. We believe our cloud-delivered subscriptions are natively integrated into our firewalls and offer best-in-class network security protection, as well as eliminate the need for our customers to deploy multiple point product offerings.”
– René Bonvanie, CMO, Palo Alto Networks

More than 54,000 customers in more than 150 countries have chosen Palo Alto Networks for its continuous innovation in security, automation and analytics.

To learn more about the Palo Alto Networks Security Operating Platform, visit: https://www.paloaltonetworks.com/products/security-operating-platform

To learn more about the Palo Alto Networks Next-Generation Firewall, visit: https://www.paloaltonetworks.com/products/secure-the-network/next-generation-firewall

To read a complimentary copy of the complete report, visit: https://start.paloaltonetworks.com/gartner-magic-quadrant-for-enterprise-network-firewall.html

  1. Gartner, Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Jeremy D’Hoinne, Rajpreet Kaur, October 4, 2018.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

View the original posts at paloaltonetworks.com.

You Don’t Know What You’re Missing on Your Network

Tuesday, March 27th, 2018

Today’s cyber threats hide in plain sight amidst your network traffic, making them nearly impossible to defend against. These advanced threats use applications as their infiltration vector, exhibit application-like evasion tactics and they leverage commonly used network applications for exfiltration.

Legacy point products are blind to much of what goes on in the network. Hackers exploit this.

Net-Ctrl and Palo Alto Networks are offering an assessment that reveals the Unknown in your network.

Here is some of what you will see:

  • Malware and spyware on your network
  • Unauthorised applications
  • Violations of your security policies
  • Malicious websites employees are accessing
  • Non-work-related applications and activity
  • Shadow IT

How it works: We put the Palo Alto Networks® Next-Generation Security Platform on your network to passively monitor traffic for just one week.

We deliver to you the Security Lifecycle Review (SLR). The SLR reveals under-the-radar activity on your network and the risks to your business. We meet with you to explain the findings, answer your questions, and offer practical recommendations. The SLR is cost-free, risk-free and obligation-free.

To schedule or learn more about the SLR, please complete our Contact Form and we will schedule a call with one of our engineers.

Announcing PAN-OS 8.1: Streamline SSL Decryption, Accelerate Adoption of Security Best Practices

Friday, February 23rd, 2018

Palo Alto Networks are pleased to announce PAN-OS 8.1, the latest version of the software that powers our next-generation firewalls. This release enables you to easily adopt application-based security, removes barriers to securing encrypted traffic, simplifies management of large networks and helps you quickly identify advanced threats in conjunction with Magnifier for behavioral analytics.

Let’s look at some of these enhancements in detail.

Simplified App-Based Security

App-ID classifies all traffic, including SaaS, traversing your network so you can safely enable desired applications and block unwanted ones. PAN-OS 8.1 makes it easier to adopt and maintain an application-based security policy.

  • Eliminate security risk: The new rule usage tracking tools empower organizations to review and confidently remove obsolete application-based policy rules as well as retire legacy rules – based on when a rule was last hit – to eliminate holes that create security risks.
  • Easily adopt new apps: Adopting new App-IDs, which used to be released weekly, usually requires a policy review. Now, new App-IDs are released on the third Tuesday of every month, giving you time to review the effect of the new App-ID and change policy if needed. New capabilities enable you to easily understand the impact of new and modified App-IDs on your traffic and policy.
  • Safely enable SaaS usage: SaaS applications host sensitive data, and you need to ensure data is stored in secure, compliant SaaS services. To add to existing capabilities, such as application filters, application characteristics and visibility, you can now use new SaaS application characteristics, such as lack of certifications, poor terms of service, history of data breaches and so on, to view and control their usage. In addition, the next-generation firewall can now add HTTP headers to SaaS app requests to granularly allow access to enterprise accounts while preventing access to free and consumer accounts.

Streamlined SSL Decryption

Decryption image 2Most enterprise web traffic is now encrypted, and attackers exploit this to hide threats from security devices. The new Decryption Broker feature removes all barriers to securing encrypted traffic. Our next-generation firewall now decrypts the traffic, applies security and load balances decrypted flows across multiple stacks of security devices for additional enforcement. This eliminates dedicated SSL off-loaders, reducing network complexity and making decryption simple to operate.

Performance Boost for Internet-Edge Security

  • Secure the high-speed internet edge: The Palo Alto Networks PA-3200 Series of next-generation firewalls comprises the PA-3260, PA-3250 and PA-3220. These appliances deliver up to five times the performance, up to seven times the decryption performance and up to 20 times greater decryption session capacity of existing hardware, making them ideal for securing all internet-bound traffic, including encrypted traffic.
  • Secure large data centers and high-performance mobile networks: The Palo Alto Networks PA-5280 is the latest addition to the PA-5200 Series appliances. It prevents threats, safely enables applications, and is suitable for mobile network environments as well as large enterprise datacenters. The PA-5280 offers security at throughput speed of 68 Gbps and session capacity of 64 million.
  • Secure industrial deployments: Palo Alto Networks PA-220R ruggedized appliance brings next-generation capabilities to industrial applications in harsh environments. Read the blog post for more information.

Improved Efficiency and Performance for Management

Panorama 8.1 provides greater efficiency for teams that manage physical and virtual appliances running PAN-OS. Using variables in templates, you can now leverage common configuration across many devices while substituting device-specific values in place of IP addresses, IP ranges, FQDNs and more. With device health monitoring, Panorama provides a deployment-wide view into the health and status of your next-generation firewalls. Trending of critical system resources up to 90 days helps you identify gradual changes in your environment. Proactive monitoring automatically creates alerts when substantial changes occur in the utilization of critical device resources, ensuring you’re the first to know.

In addition, new M-600 and M-200 appliances deliver high-performance management.

Advanced Threat Detection and Prevention

  • Advanced threat detection. Updates to WildFire include dynamic unpacking, which defeats packing techniques attackers use to evade detection.
  • Prevention everywhere. This update has improved detection of malware targeting Linux servers and IoT devices. Plus, you can detect and prevent malware moving freely inside the network with new SMB protocol support and find malware hiding in less common file archive formats, including RAR and 7z (from 7-Zip).
  • Rich data for analytics. Enhanced application logs evolve next-generation firewalls into advanced network sensors for analytics, including Application Framework apps. Magnifier uses this data to allow customers to identify advanced attacks, insider threats and malware with precision.

Palo Alto Networks Next-Generation Firewall provides effective protections you can use, automates tasks so you can focus on what matters and enables you to consume innovations quickly. The new capabilities in PAN-OS 8.1 allow you to accelerate the adoption of next-generation security best practices so you can prevent the most advanced threats and safely enable your business.

To learn more, visit the PAN-OS 8.1 security page.

View the original post by Palo Alto Networks.

Palo Alto Networks Adds to Its Next-Generation Firewall Lineup With New Hardware That Speeds Decryption and Improves Performance

Thursday, February 22nd, 2018

New PAN-OS Release Simplifies Decryption and Helps Organizations Use Best Practices to Improve Security Posture

Palo Alto Networks®, the next-generation security company, today announced new hardware and updates to its PAN-OS® operating system that further enable organizations to easily implement and automate best practices for application-based controls that strengthen security. With today’s announcement, Palo Alto Networks introduces PAN-OS version 8.1, the PA-3200 Series, the PA-5280, the ruggedized PA-220R and two new models in the M-Series management appliances.

Every organization requires visibility into network traffic in order to prevent successful cyberattacks, but the proliferation of encryption has obstructed the view security teams once had into the data traversing their networks. Gartner predicts that “Through 2019, more than 80 percent of enterprises’ web traffic will be encrypted.”1 Gartner also predicts that “During 2019, more than fifty percent of new malware campaigns will use various forms of encryption and obfuscation to conceal delivery, and to conceal ongoing communications, including data exfiltration.”1

According to Palo Alto Networks, many organizations have not yet addressed the lack of visibility associated with encrypted traffic due to the complexity and performance impact of decryption, leaving those that do not decrypt network traffic without the ability to find and prevent over half of malware campaigns.

The new Palo Alto Networks PAN-OS operating system, version 8.1, reduces the complexity surrounding the implementation of cybersecurity best practices, including those associated with SSL-decryption within multi-vendor environments. New next-generation firewall models improve overall performance and enable customers to decrypt traffic at high speeds. Enhanced application logging adds additional richness to log data to improve the precision of Magnifier’s behavioural analytics with which customers rapidly hunt down and stop advanced threats.

Key benefits of the capabilities announced today include:

  • Easier adoption of SSL-decryption in multi-vendor environments: Streamlined SSL decryption provides high-throughput decryption on the next-generation firewall and enables sharing of cleartext traffic with chains of devices for additional enforcement, such as DLP. This further eliminates the need for dedicated SSL offloaders, simplifying deployment, network architecture and operations.
  • 20X decryption sessions capacity boost at internet edge: With 20 times more SSL-decryption sessions capacity compared to its predecessor, the new PA-3200 Series appliances deliver high-performance decryption at the internet edge. The new PA-5280 appliance brings higher performance and doubles the session capacity for securing large data centers and mobile network operators, or MNO, infrastructures.
  • Efficient adoption of best practices: App-ID™ technology-based security can now be achieved with even simpler workflows and policy review tools, allowing administrators to more effectively and confidently enforce best practices for application controls. Further, administrators can maintain a tight and effective app-based security policy with enhanced rule usage tracking.
  • Management at scale: New capabilities simplify the management and operational complexities of large, distributed deployments. The proactive device monitoring feature in Panorama™ management alerts the administrator if device behaviour is deviating from the norm. With little manual effort, the feature can be integrated into an automated workflow to enable operations teams to quickly perform remediation actions. New M-600 and M-200 management appliances deliver high-performance, with log ingestion rates up to two times compared to their predecessors, and double the log storage capacities.
  • Advanced threat detection and prevention: Updates to the WildFire® cloud-based threat analysis service enable customers to detect zero-day malware using evasive packing techniques, spot malware targeting Linux servers and IoT devices, and find malicious files hiding in less common file archive formats, such as 7-Zip and RAR.
  • Quick detection of targeted attacks: The next-generation firewall evolves to become an advanced network sensor that collects rich data for analytics, which can be easily expanded with content-based updates. As part of the Application Framework, Magnifier uses this data to enable customers to identify advanced attacks, insider threats and malware, with precision.

QUOTES
“The increasing volume of encrypted traffic means that visibility is now more important than ever. Buyers are rolling out tightly integrated security solutions, and are looking for network traffic decryption that’s built into existing cybersecurity infrastructure because it removes complexity, allowing security to function as a business enabler, rather than an inhibitor.”
– Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit

“PAN-OS version 8.1 introduces many new features to help organizations improve their security and manageability in easy-to-implement ways. The new next-generation firewall and management appliances allow for significantly greater throughput, especially for encrypted traffic, and greater scale. The combined capabilities of our next-generation firewalls and PAN-OS version 8.1 are a major step forward in our mission to help organizations prevent successful cyberattacks.”
– Lee Klarich, chief product officer, Palo Alto Networks

PRICING AND AVAILABILITY

PAN-OS 8.1 will be available to all current customers of Palo Alto Networks with valid support contracts in March. The PA-220R, PA-3200 Series, PA-5280, M-200 and M-600 are orderable on February 26, starting from $2,900 up to $200,000.

LEARN MORE:

1 Gartner, “Predicts 2017: Network and Gateway Security,” Lawrence Orans et al, 13 December 2016

View the original press release by Palo Alto Networks.

Palo Alto Networks Announcing New Cloud Security Capabilities

Wednesday, February 7th, 2018

By Anuj Sawani at Palo Alto Networks.

At Palo Alto Networks we have committed to helping organizations accelerate their move to the cloud. And today, we’re taking another big step forward.

With the expansion of our comprehensive cloud security offering, we can now deliver consistent, automated protections across all three major public cloud environments, which prevent data loss and business disruption and meet a number of needs our customers have asked for. This expansion includes the ability to integrate into the cloud app development lifecycle, making cloud security frictionless for the development and security teams.

Let’s talk about why this is so important.

Rethinking Security for the Public Cloud

For many organizations, the public cloud has become the sole route to market for new application deployment, which, in turn, is reducing their data centre footprint. Along with that, developers now increasingly leverage easy-to-consume PaaS components, in addition to on-demand IaaS components, to harness the true efficiency of the cloud.

This trend is causing all of us to rethink security for our cloud apps and realize that what’s available the market today is insufficient: clunky approaches, pieced together from multiple vendors, resulting in a fragmented security environment where IT teams must manually correlate data to implement actionable security protections.

This level of human intervention increases the likelihood of human error, leaving organizations exposed to threats and data breaches. What’s more, security tools that are not built for the cloud significantly limit the agility of your development teams.

3 Key Capabilities

Ideally, cloud security should speed application development and business growth while preventing data loss and business downtime. This requires three key capabilities to be successful: advanced application and data breach prevention, consistent protection across locations and clouds, and “frictionless” deployment and management.

Our cloud security approach addresses all three capabilities, and we achieve this with inline, API and host protection technologies working together to eliminate the wide range of cloud risks.

Our new release includes the following:

  • Consistent protections across locations and clouds: For the first time, our Next-Generation Security Platform will extend cloud workload protections to the Google Cloud Platform, in addition to enhancing our existing capabilities for AWS and Azure environments.
  • Cloud-resident management with Panorama: Panorama now supports all major cloud environments. This provides flexibility for customers to deploy security management within their cloud architecture. They have multiple options including Panorama on-premise with distributed Log Collectors for a hybrid approach, or Panorama within their cloud environment for a cloud-only approach.
  • Better integrations for frictionless workflows in multi-cloud environments: Adding enhanced auto-scaling for AWS along with support for Azure Security Center and Google Cloud Deployment Manager simplifies security deployments and enables scaling based on changing cloud demands. Integrations with tools such as Terraform and Ansible automate workflows and policy management across clouds.
  • Continuous security with Aperture for all three major cloud environments: Aperture now helps to prevent data loss and enables compliance for public clouds. It achieves this by enabling discovery of cloud resources, providing advanced data classification, monitoring for risky or suspicious administrator behaviour, and adding more protection against security misconfigurations and malware propagation.
  • Prevention of zero-day attacks: Traps advanced endpoint protection can now prevent zero-day attacks for Linux workloads across all three major cloud environments, in addition to its existing support of Windows workloads.

That’s just the start of new capabilities for cloud and SaaS security we’re pleased to be able to offer. To learn more about these new features and our advanced approach, visit our cloud security page.

Availability

Updates to VM-Series virtualized next-generation firewalls, Aperture security service, Panorama and Traps are targeted for general availability in March 2018.

For more:

Watch: Palo Alto Networks Chief Product Officer Lee Klarich highlights our new features
Download: Securing Your Business in a Multi-Cloud World
Read: Today’s official press release
Experience: The Epic Cloud Security Event

View the original press release by Palo Alto Networks.

2018 Predictions & Recommendations: The Ransomware Plague Is Just Beginning

Thursday, December 21st, 2017

It’s not exactly a no-brainer, but the success of ransomware in 2017 leads us to a logical prediction that more successful ransomware attacks will continue to plague organizations in 2018. These attacks will increase both in volume and sophistication, which will make it even more challenging for security vendors of yesteryear to prevent these attacks and fulfil their basic promise of protecting their customers.

It isn’t just legacy vendors that are challenged, however. Ransomware causes headaches for shiny “next-gen” products that rely heavily on detection-and-response capabilities because, once ransomware has evaded prevention techniques, the damage has already been done: files/folders are encrypted, and the business is impacted. (But hey, if you need a pretty process tree, they’re your vendor.) Rollback features are the equivalent of rolling the dice, crossing your fingers and hoping for the best, which is not a strategy.

Ransoms Beyond Bitcoin

Mao Tse-tung allegedly said, “Political power grows out of the barrel of a gun.” While it’s a stretch to say ransomware will produce the same result, in 2018, ransomware motives will shift to increasingly political, instead of commercial, gains. The business model for ransomware has been simple: as an attacker, I’ll hold your files or folders hostage (encrypt them), and you pay me money (in the form of cryptocurrency). In 2017, we observed attacks that used ransomware, but the motives were political, rather than commercial, in nature. In March 2017, RanRan was a ransomware variant in the Middle East that, instead of money, demanded the victims speak out against a political leader in the region through the creation of a website. In 2018, we anticipate more uses of ransomware attacks that go beyond commercial. In another recent example, NotPetya focused its encryption, not on files and folders that could be later decrypted after payment but instead encrypted the Master Boot Record, crashing systems.

Ransomware for the Masses

According to our latest Unit 42 threat intelligence report, Ransomware: Unlocking the Lucrative Criminal Business Model, ransomware variants are increasing, with total numbers at least 150, if not hundreds more. Another reason driving this increased volume is how much easier it is to launch attacks. Given that cybercriminals with limited technical skills can execute these attacks, making it even more convenient and reducing the barrier to launch attacks, ransomware as a service has become a viable way to launch ransomware attacks (think having to leave the house and shop vs. order from DoorDash). In 2018, unfortunately, the number of successful ransomware attacks will continue to increase, and couch potato cybercriminals will be successful.

Down, Z, Up, X, A, Y, B, C

Do that on an Super Nintendo back in the day, and voila! Your sophisticated “Street Fighter II” champion codes were enabled. Now, think of something similar happening for ransomware. In 2017, a sophisticated set of tools was leaked by a group called The Shadow Brokers, which claimed the tools had been created by a U.S. government entity for offensive operations. These tools were quickly leveraged by attackers in some of the most talked-about attacks of 2017. We had already seen innovative distribution models used in ransomware attacks, including exploit kits, macros, malicious DLLs and others. In addition, kernel exploits were heavily used in these attacks, making them even more difficult for security vendors to prevent. (Learn how kernel exploits work.)

Keep On Keepin’ On

Self-propagation of ransomware attacks will likely continue. The combination of worm-like capabilities as a way to rapidly distribute ransomware has been proven and wildly successful. From a business perspective eliminating any friction needed to propagate the attack makes good business sense, which is why this type of ransomware worm will likely continue in 2018 and beyond.

More Platforms

While 2017 was a quiet year for Mac-specific ransomware, in 2018, we can expect the volume of Mac ransomware to increase. A ransomware attack has already targeted OS X hosts – KeRanger, which Unit 42 identified in 2016 – and given the increase in Mac usage, the attractive targets Mac users make, and with additional tools and the commoditization of ransomware, it’s a good bet we’ll be hearing more about organizations getting hit with ransomware targeting Macs.

Recommendation

As we mentioned upfront, based on the success in 2017, it doesn’t take Nostradamus to see that ransomware will continue in 2018. In fact, we believe adversaries will begin expanding their mission to more sophisticated attacks and targeting more platforms. Ransomware will likely continue as a thin veneer to more dangerous attacks that go through legacy security solutions like a hot knife through butter. The only defense is a coordinated security system that works together where endpoints communicate with firewalls to automatically convert threat intelligence into prevention at both locations, regardless of where a threat is first discovered. This level of integration also enables SecOps to correlate threat events and conduct forensic investigations using data from endpoints, firewalls, and global threat intelligence in ways that may not be possible with disparate security products.

View the original post by Palo Alto Networks.