Presentation is loading. Please wait.

Presentation is loading. Please wait.

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Published byHoward Leonard Modified over 9 years ago

Similar presentations

Presentation on theme: "Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling."— Presentation transcript:

1 Palo Alto Networks Threat Prevention

2 Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling Applications Able to Address all Network Security Needs Exceptional Ability to Support Global Customers Experienced Technology and Management Team 850+ Employees Globally Jul-10Jul-11 Revenue Enterprise Customers $MM FYE July Jul-12 2 | ©2012, Palo Alto Networks. Confidential and Proprietary.

3 Real Attacks Employ Multiple Techniques Bait the end-user 1 End-user lured to a dangerous application or website containing malicious content Exploit 2 Infected content exploits the end-user, often without their knowledge Download Backdoor 3 Secondary payload is downloaded in the background. Malware installed Establish Back-Channel 4 Malware establishes an outbound connection to the attacker for ongoing control Explore & Steal 5 Remote attacker has control inside the network and escalates the attack 3 | ©2012, Palo Alto Networks. Confidential and Proprietary.

4 Lifecycle of a Modern Attack - Simplified 4 | ©2012, Palo Alto Networks. Confidential and Proprietary. Attacks are Blended  Traffic and Malware  Inbound and Outbound Designed to Evade Security  Encryption, strange ports, tunneling, polymorphic malware, etc. Break Security Assumptions  When attackers control both ends of a connection they can hide their traffic in any way they want

5 Threat Prevention Requirements 1.Full Visibility of Traffic  Equal analysis of all traffic across all ports (no assumptions)  Control the applications that attackers use to hide  Decrypt, decompress and decode 2.Control the full attack lifecycle  Exploits, malware, and malicious traffic  Maintain context across disciplines  Maintain predictable performance 3.Expect the Unknown  Detect and stop unknown malware  Automatically manage unknown or anomalous traffic 5 | ©2012, Palo Alto Networks. Confidential and Proprietary.

6 An Integrated Approach to Threat Prevention Applications Visibility and control of all traffic, across all ports, all the time Sources Control traffic sources and destinations based on risk Known Threats Stop exploits, malware, spying tools, and dangerous files Unknown Threats Automatically identify and block new and evolving threats Reduce the attack surface Control the threat vector Control the methods that threats use to hide Sites known to host malware Find traffic to command and control servers SSL decrypt high-risk sites NSS tested and Recommended IPS Stream-based anti-malware based on millions of samples Control threats across any port WildFire analysis of unknown files Visibility and automated management of unknown traffic Anomalous behaviors Reducing Risk 6 | ©2012, Palo Alto Networks. Confidential and Proprietary.

7 App-ID URL IPS Threat License Spyware AV Files WildFire Block high-risk apps Block known malware sites Block the exploit Prevent drive-by- downloads Detect unknown malware Block malware Bait the end-user ExploitDownload Backdoor Establish Back-Channel Explore & Steal Block spyware, C&C traffic Block C&C on non-standard ports Block malware, fast-flux domains Block new C&C traffic Coordinated intelligence to detect and block active attacks based on signatures, sources and behaviors Coordinated Threat Prevention An Integrated Approach to Threat Prevention 7 | ©2012, Palo Alto Networks. Confidential and Proprietary.

8 Requirement: Visibility Into All Traffic

9 Requirements for Visibility Any Traffic Not Fully Inspected = Threats Missed The Rule of All - All traffic, all ports, all the time - Mobile and roaming users Progressive Inspection - Decode – 190+ application and protocol decoders - Decrypt – based on policy - Decompress Stop the methods that attackers use to hide - Proxies - Encrypted tunnels - Peer-to-peer 9 | ©2012, Palo Alto Networks. Confidential and Proprietary.

10 Evasion is Common in Applications Non-Standard Ports - Evasive Applications – Standard application behavior - Security Best Practices – Moving internet facing protocols off of standard ports (e.g. RDP) Tunneling Within Allowed Protocols - SSL and SSH - HTTP - DNS Circumventors - Proxies - Anonymizers (Tor) - Custom Encrypted Tunnels (e.g. Freegate, Ultrasurf) 10 | ©2012, Palo Alto Networks. Confidential and Proprietary.

11 Evasive Traffic Observed in Malware Malware in Live Networks Detected by WildFire - Use of non-standard ports, dynamic DNS, use of proxies and custom traffic were most common techniques 13,256 samples generated Internet traffic Of those samples, 7,918 generated evasive traffic 16,497 Newly Discovered Malware Samples (1 month) 59%80% 66% Undetected by traditional AV vendors 11 | ©2012, Palo Alto Networks. Confidential and Proprietary. Evasion is Standard in Malware

12 Requirement: Threat Prevention That Performs

13 Traditionally, More Security = Poor Performance Traditional Security  Each security box or blade robs the network of performance  Threat prevention technologies are often the worst offenders  Leads to the classic friction between network and security Best Case Performance Firewall Anti-Malware IPS 13 | ©2012, Palo Alto Networks. Confidential and Proprietary.

14 Single-Pass Pattern Match Single-pass pattern match engine can provide multiple matches with one pass through the engine. Look once, get many answers. 14 | ©2012, Palo Alto Networks. Confidential and Proprietary.

15 Stream-Based Malware Analysis In-line threat prevention is stream based, because it’s the only method that maintains performance. Only Palo Alto Networks and Fortinet have stream-based malware analysis (requires specialized processors). 15 | ©2012, Palo Alto Networks. Confidential and Proprietary.

16 Validated in 3 rd Party Testing “Regardless of which UTM features we enabled - intrusion prevention, antispyware, antivirus, or any combination of these - results were essentially the same as if we'd turned on just one such feature. Simply put, there's no extra performance cost…” -NetworkWorld, 2012 16 | ©2012, Palo Alto Networks. Confidential and Proprietary.

17 Requirement: Expect the Unknowns

18 Systematically Manage Knowns and Unknowns ApplicationsUsersContent KnownDecoders (190+) Signatures Port and protocol Decryption Active Directory LDAP eDirectory Terminal Services Exchange GlobalProtect Decoders (190+) Stream-based scanning Uniform signature format All Apps, All Ports, All the Time All Users, All Locations, Any Repository All Exploits, Malware, Files, and URLs UnknownUnknown Decoders Heuristics Override Custom App-ID XML API Captive Portal Behavioral Botnet Report WildFire Policy Control: Identify, Allow, Enable, Deny 18 | ©2012, Palo Alto Networks. Confidential and Proprietary.

19 The Gaps in Traditional Antivirus Protection ☣ Targeted and custom malware ☣ Polymorphic malware ☣ Newly released malware Highly variable time to protection Modern malware is increasingly able to: - Avoid falling into traditional AV honey-pots - Evolve before protection can be delivered via polymorphism, re-encoding, and crypting 19 | ©2012, Palo Alto Networks. Confidential and Proprietary.

20 WildFire Architecture 10 Gbps Threat Prevention and file scanning All traffic, all ports Web, email, FTP and SMB Running in the cloud lets the malware do things that you wouldn’t allow in your network. Updates to sandbox logic without impacting the customer Stream-based malware engine to perform true inline enforcement 20 | ©2012, Palo Alto Networks. Confidential and Proprietary.

21 EPS\Pitch\Palo Alto Networks - 601955643© 2012 Palo Alto Networks. Proprietary and Confidential. Page 21 |

22 Daily Coverage of Top AV Vendors Malware Sample Count New Malware Coverage Rate by Top 6 AV Vendors 22 | ©2012, Palo Alto Networks. Confidential and Proprietary.

23 Real-World Spread of 0-Day Malware 23 | ©2012, Palo Alto Networks. Confidential and Proprietary. Analysis of 50 0-Day malware samples Captured by WildFire in live customer networks Tracked the spread and number of infections by hour following the initial infection Attempted Malware Infections Hours

24 Real-World Spread of 0-Day Malware 24 | ©2012, Palo Alto Networks. Confidential and Proprietary. WildFire Subscription Hours Total Attempted Malware Infections Looking at the first 48 hours of malware propagation, 95% of infections occur in the first 24 hours

25 Real-World Spread of 0-Day Malware 25 | ©2012, Palo Alto Networks. Confidential and Proprietary. WildFire SubscriptionThreat Prevention Hours Attempted Malware Infections

26 Sample WildFire Analysis 26 | ©2012, Palo Alto Networks. Confidential and Proprietary. Detailed analysis of malware behaviors including Malware actions Domains visited Registry changes File changes

27 Integrated WildFire Logging 27 | ©2012, Palo Alto Networks. Confidential and Proprietary. WildFire logs integrated to the Palo Alto Networks user interface Malware verdict User Application Related logs

28 App-ID URL IPS Threat License Spyware AV Files WildFire Block high-risk apps Block known malware sites Block the exploit Prevent drive-by- downloads Detect unknown malware Block malware Bait the end-user ExploitDownload Backdoor Establish Back-Channel Explore & Steal Block spyware, C&C traffic Block C&C on non-standard ports Block malware, fast-flux domains Block new C&C traffic Coordinated intelligence to detect and block active attacks based on signatures, sources and behaviors Coordinated Threat Prevention An Integrated Approach to Threat Prevention 28 | ©2012, Palo Alto Networks. Confidential and Proprietary.

29 Questions?

Download ppt "Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling."

Similar presentations

Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.

Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
Dynamic Computing & Dynamic Threats Requires Dynamic Security.

Dynamic Computing & Dynamic Threats Requires Dynamic Security.
Modern Malware Mixer. Jul-10Jul-11 Palo Alto Networks at a Glance Corporate Highlights Disruptive Network Security Platform Safely Enabling Applications.

Modern Malware Mixer. Jul-10Jul-11 Palo Alto Networks at a Glance Corporate Highlights Disruptive Network Security Platform Safely Enabling Applications.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.

Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.

Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.
“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Expose The Underground Advanced Persistent Threats

Expose The Underground Advanced Persistent Threats
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

Similar presentations

Ads by Google