Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Slides:



Advertisements
Similar presentations
Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
Advertisements

Dynamic Computing & Dynamic Threats Requires Dynamic Security.
Modern Malware Mixer. Jul-10Jul-11 Palo Alto Networks at a Glance Corporate Highlights Disruptive Network Security Platform Safely Enabling Applications.
Palo Alto Networks Jay Flanyak Channel Business Manager
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain
Cyber Threats: Industry Trends and Actionable Advice Presented by: Elton Fontaine.
“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Expose The Underground Advanced Persistent Threats
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
About Palo Alto Networks
1 Enabling Secure Internet Access with ISA Server.
What Are We Missing? Practical Use of the Next-Generation Firewall: Controlling Modern Malware and Threats Jason Wessel – Solutions Architect.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
What Did You Do At School Today Junior?
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
Honeypot and Intrusion Detection System
NEXT GENERATION FIREWALLS Why NGFWs are Next-Generation FWs?
© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Network security Product Group 2 McAfee Network Security Platform.
Integrating and Troubleshooting Citrix Access Gateway.
Security fundamentals Topic 10 Securing the network perimeter.
Synchronized Security Revolutionizing Advanced Threat Protection
Sky Advanced Threat Prevention
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Palo Alto Networks - Next Generation Security Platform
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.
©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.
Security fundamentals
Barracuda NG Firewall ™
BUILD SECURE PRODUCTS AND SERVICES
TMG Client Protection 6NPS – Session 7.
Critical Security Controls
Securing the Network Perimeter with ISA 2004
Basic Policy Overview Palo Alto.
Threat Management Gateway
Prevent Costly Data Leaks from Microsoft Office 365
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Software-Defined Secure Networks in Action
The Next Generation Cyber Security in the 4th Industrial Revolution
Chapter 4: Protecting the Organization
Presentation transcript:

Palo Alto Networks Threat Prevention

Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling Applications Able to Address all Network Security Needs Exceptional Ability to Support Global Customers Experienced Technology and Management Team 850+ Employees Globally Jul-10Jul-11 Revenue Enterprise Customers $MM FYE July Jul-12 2 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Real Attacks Employ Multiple Techniques Bait the end-user 1 End-user lured to a dangerous application or website containing malicious content Exploit 2 Infected content exploits the end-user, often without their knowledge Download Backdoor 3 Secondary payload is downloaded in the background. Malware installed Establish Back-Channel 4 Malware establishes an outbound connection to the attacker for ongoing control Explore & Steal 5 Remote attacker has control inside the network and escalates the attack 3 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Lifecycle of a Modern Attack - Simplified 4 | ©2012, Palo Alto Networks. Confidential and Proprietary. Attacks are Blended  Traffic and Malware  Inbound and Outbound Designed to Evade Security  Encryption, strange ports, tunneling, polymorphic malware, etc. Break Security Assumptions  When attackers control both ends of a connection they can hide their traffic in any way they want

Threat Prevention Requirements 1.Full Visibility of Traffic  Equal analysis of all traffic across all ports (no assumptions)  Control the applications that attackers use to hide  Decrypt, decompress and decode 2.Control the full attack lifecycle  Exploits, malware, and malicious traffic  Maintain context across disciplines  Maintain predictable performance 3.Expect the Unknown  Detect and stop unknown malware  Automatically manage unknown or anomalous traffic 5 | ©2012, Palo Alto Networks. Confidential and Proprietary.

An Integrated Approach to Threat Prevention Applications Visibility and control of all traffic, across all ports, all the time Sources Control traffic sources and destinations based on risk Known Threats Stop exploits, malware, spying tools, and dangerous files Unknown Threats Automatically identify and block new and evolving threats Reduce the attack surface Control the threat vector Control the methods that threats use to hide Sites known to host malware Find traffic to command and control servers SSL decrypt high-risk sites NSS tested and Recommended IPS Stream-based anti-malware based on millions of samples Control threats across any port WildFire analysis of unknown files Visibility and automated management of unknown traffic Anomalous behaviors Reducing Risk 6 | ©2012, Palo Alto Networks. Confidential and Proprietary.

App-ID URL IPS Threat License Spyware AV Files WildFire Block high-risk apps Block known malware sites Block the exploit Prevent drive-by- downloads Detect unknown malware Block malware Bait the end-user ExploitDownload Backdoor Establish Back-Channel Explore & Steal Block spyware, C&C traffic Block C&C on non-standard ports Block malware, fast-flux domains Block new C&C traffic Coordinated intelligence to detect and block active attacks based on signatures, sources and behaviors Coordinated Threat Prevention An Integrated Approach to Threat Prevention 7 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Requirement: Visibility Into All Traffic

Requirements for Visibility Any Traffic Not Fully Inspected = Threats Missed The Rule of All - All traffic, all ports, all the time - Mobile and roaming users Progressive Inspection - Decode – 190+ application and protocol decoders - Decrypt – based on policy - Decompress Stop the methods that attackers use to hide - Proxies - Encrypted tunnels - Peer-to-peer 9 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Evasion is Common in Applications Non-Standard Ports - Evasive Applications – Standard application behavior - Security Best Practices – Moving internet facing protocols off of standard ports (e.g. RDP) Tunneling Within Allowed Protocols - SSL and SSH - HTTP - DNS Circumventors - Proxies - Anonymizers (Tor) - Custom Encrypted Tunnels (e.g. Freegate, Ultrasurf) 10 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Evasive Traffic Observed in Malware Malware in Live Networks Detected by WildFire - Use of non-standard ports, dynamic DNS, use of proxies and custom traffic were most common techniques 13,256 samples generated Internet traffic Of those samples, 7,918 generated evasive traffic 16,497 Newly Discovered Malware Samples (1 month) 59%80% 66% Undetected by traditional AV vendors 11 | ©2012, Palo Alto Networks. Confidential and Proprietary. Evasion is Standard in Malware

Requirement: Threat Prevention That Performs

Traditionally, More Security = Poor Performance Traditional Security  Each security box or blade robs the network of performance  Threat prevention technologies are often the worst offenders  Leads to the classic friction between network and security Best Case Performance Firewall Anti-Malware IPS 13 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Single-Pass Pattern Match Single-pass pattern match engine can provide multiple matches with one pass through the engine. Look once, get many answers. 14 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Stream-Based Malware Analysis In-line threat prevention is stream based, because it’s the only method that maintains performance. Only Palo Alto Networks and Fortinet have stream-based malware analysis (requires specialized processors). 15 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Validated in 3 rd Party Testing “Regardless of which UTM features we enabled - intrusion prevention, antispyware, antivirus, or any combination of these - results were essentially the same as if we'd turned on just one such feature. Simply put, there's no extra performance cost…” -NetworkWorld, | ©2012, Palo Alto Networks. Confidential and Proprietary.

Requirement: Expect the Unknowns

Systematically Manage Knowns and Unknowns ApplicationsUsersContent KnownDecoders (190+) Signatures Port and protocol Decryption Active Directory LDAP eDirectory Terminal Services Exchange GlobalProtect Decoders (190+) Stream-based scanning Uniform signature format All Apps, All Ports, All the Time All Users, All Locations, Any Repository All Exploits, Malware, Files, and URLs UnknownUnknown Decoders Heuristics Override Custom App-ID XML API Captive Portal Behavioral Botnet Report WildFire Policy Control: Identify, Allow, Enable, Deny 18 | ©2012, Palo Alto Networks. Confidential and Proprietary.

The Gaps in Traditional Antivirus Protection ☣ Targeted and custom malware ☣ Polymorphic malware ☣ Newly released malware Highly variable time to protection Modern malware is increasingly able to: - Avoid falling into traditional AV honey-pots - Evolve before protection can be delivered via polymorphism, re-encoding, and crypting 19 | ©2012, Palo Alto Networks. Confidential and Proprietary.

WildFire Architecture 10 Gbps Threat Prevention and file scanning All traffic, all ports Web, , FTP and SMB Running in the cloud lets the malware do things that you wouldn’t allow in your network. Updates to sandbox logic without impacting the customer Stream-based malware engine to perform true inline enforcement 20 | ©2012, Palo Alto Networks. Confidential and Proprietary.

EPS\Pitch\Palo Alto Networks © 2012 Palo Alto Networks. Proprietary and Confidential. Page 21 |

Daily Coverage of Top AV Vendors Malware Sample Count New Malware Coverage Rate by Top 6 AV Vendors 22 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Real-World Spread of 0-Day Malware 23 | ©2012, Palo Alto Networks. Confidential and Proprietary. Analysis of 50 0-Day malware samples Captured by WildFire in live customer networks Tracked the spread and number of infections by hour following the initial infection Attempted Malware Infections Hours

Real-World Spread of 0-Day Malware 24 | ©2012, Palo Alto Networks. Confidential and Proprietary. WildFire Subscription Hours Total Attempted Malware Infections Looking at the first 48 hours of malware propagation, 95% of infections occur in the first 24 hours

Real-World Spread of 0-Day Malware 25 | ©2012, Palo Alto Networks. Confidential and Proprietary. WildFire SubscriptionThreat Prevention Hours Attempted Malware Infections

Sample WildFire Analysis 26 | ©2012, Palo Alto Networks. Confidential and Proprietary. Detailed analysis of malware behaviors including Malware actions Domains visited Registry changes File changes

Integrated WildFire Logging 27 | ©2012, Palo Alto Networks. Confidential and Proprietary. WildFire logs integrated to the Palo Alto Networks user interface Malware verdict User Application Related logs

App-ID URL IPS Threat License Spyware AV Files WildFire Block high-risk apps Block known malware sites Block the exploit Prevent drive-by- downloads Detect unknown malware Block malware Bait the end-user ExploitDownload Backdoor Establish Back-Channel Explore & Steal Block spyware, C&C traffic Block C&C on non-standard ports Block malware, fast-flux domains Block new C&C traffic Coordinated intelligence to detect and block active attacks based on signatures, sources and behaviors Coordinated Threat Prevention An Integrated Approach to Threat Prevention 28 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.