At the end of last year, I went to a Cyber Security event and the keynote speaker Charlie Miller, renowned hacker, talked about vulnerabilities in code. In his opinion, because we are human, we make mistakes and when we make mistakes in writing code (very common) vulnerabilities are created. It is stated that 96% of Web applications have code vulnerabilities (Cenzic). Charlie found one tiny vulnerability in his Jeep which allowed him to hack the vehicle and take control of the steering wheel.
Your employees use a ton of applications whether they are web based, cloud based, or on premise. Making sure your users have access to these applications is integral to business productivity. On the other side of things, making sure you have visibility and policy on which applications can be accessed is extremely important to compliance and the overall security posture of your organization.
The leader in private cloud datacenter services and the leader in public cloud services partner to bring the best of both worlds and a hybrid IT solution to your datacenter. Is it a match made in heaven?
I recently attended an event at San Diego State University known as Link2Cyber.
You know your business better than anyone else. How much money will you lose due to system downtime? What is your cost to recovery? How much is your data worth? I think the answer here is simple; pay the ransom if it is going to seriously affect your business.
Long before technology took over our world, CEOs held the role of total responsibility. If a company started to lose profits, market share, etc. the CEO was to blame.
Long gone are the days of business and IT segregation.
Are you in the midst of a merger, acquisition, or is your organization complex? If so you may be experiencing this challenge.
The digital age has brought amazing innovations to the working world like Skype, Dropbox, Office 365, and so much more. At the same time, the digital age has brought many headaches and concerns. Some in the form of a disastrous Ransomware attack on healthcare systems and others of less grave consequences such as a faulty Wi-Fi connection.
Written By Larry Hoehn
Here’s a brief overview of a couple of the new features and upgrades included with the new release PAN-OS 7.0. At a high level, the new version addresses these issues:
- Turning alerts into action. According to a report from Ernst & Young, 33% of security professionals don’t know how long it takes to respond to alerts.
- Discovering unknown threats. According to the 2014 Verizon DBIR, there were $400M financial losses from 700 million compromised records. Much was from unknown threats and 75% of attacks spread from Victim 0 to Victim 1 within 24 hours.
To help with the first challenge, the ACC tab has been redesigned with actionable data:
That new widget shows application usage – the bigger the box, the more application usage on the network. Red means critical, orange means important. You can quickly get more detail to find critical information with a few clicks. For example, application and user activity:
And network activity with threat levels:
To help with the second challenge (discovering unknown threats): Since WildFire already analyzes 20 million samples per week (and growing), Palo Alto added multi-version detailed analysis with a single virtual machine for different versions of software. For example, a file can be run through several versions of Acrobat to see if malware is targeted to a specific version of that application. They’ve also added a new verdict to WildFire to quickly analyze threats. Previously just “malware” or “benign”, a new verdict includes “Grayware”, for things like Adware and Trackware.
A new feature is the automated correlation engine. It’s an analytics tool that verifies compromised hosts in your network. It scrutinizes isolated events across multiple logs on the firewall, examines patterns, and correlates events to identify actionable information such as host-based activities that indicate a compromised host. The engine includes correlation objects that are defined by the Palo Alto Networks Malware Research team. These objects identify a suspicious sequence of events that indicate a malicious outcome. Correlation objects trigger alerts when they match on patterns that indicate a compromised host on your network. For example:
In the example above, if these four indicators are present, we have an automated trigger to alert there is a compromised host. The following screenshot illustrates how the automated correlation engine combines indicators of threats and highlights the resulting situation as “critical”, which means it exhibits signs of worm activity to help you determine where to focus effort for fast remediation.
There are many more updated capabilities, but these were a few I though you would think are interesting. When you get a chance, take a look at the new version and let me know your thoughts!