palo alto networks security trends & advice · actionable advice implement ssl decryption...
TRANSCRIPT
1 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Palo Alto NetworksSecurity Trends & Advice
Elton FontaineSE Director
Business Agility with Consistent Capabilities
2 | © 2017, Palo Alto Networks. All Rights Reserved.
Architectural Flexibility
Data Mobility User Mobility
Google CloudMobile Users Branch Locations
Remote LocationsHeadquarters
Private Cloud
Google Cloud
Public Cloud
SAMPLES UPLOADED TO WILDFIRE DAILY
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
2/1/17 3/1/17 4/1/17 5/1/17 6/1/17 7/1/17 8/1/17 9/1/17 10/1/17 11/1/17 12/1/17 1/1/18
Wildfire Sample Uploads per Day• Looking at the past 12
months, we see a steady
growth of unknown files
uploaded to WildFire
• Currently 8M–10M files per
day Mon–Fri and 2M–3M
files per day Sat–Sun
• Weekends and holidays
are obvious in the charts
TOTAL MALWARE LEARNED DAILY – ALL FEEDS
• On average, we learn about
150K–300K new malicious
files each day
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
2/1/17 3/1/17 4/1/17 5/1/17 6/1/17 7/1/17 8/1/17 9/1/17 10/1/17 11/1/17 12/1/17 1/1/18
Wildfire Malware Verdicts per Day
MALWARE BY FILE TYPE
• PE is still the dominant
malicious file type
• APK making a strong
push to pass DLL as the
#2 malicious file type
• PE, DLL, APK are
typically 98–99% of the
malicious file types
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
7/1
/17
7/8
/17
7/1
5/1
7
7/2
2/1
7
7/2
9/1
7
8/5
/17
8/1
2/1
7
8/1
9/1
7
8/2
6/1
7
9/2
/17
9/9
/17
9/1
6/1
7
9/2
3/1
7
9/3
0/1
7
10/
7/1
7
10/
14
/17
10/
21
/17
10/
28
/17
11/
4/1
7
11/
11
/17
11/
18
/17
11/
25
/17
12/
2/1
7
12/
9/1
7
12/
16
/17
12/
23
/17
12/
30
/17
1/6
/18
1/1
3/1
8
1/2
0/1
8
1/2
7/1
8
Malware by File Type
Other
APK
DLL
PE
NEW SIGNATURES PER DAY
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
90,000
100,000
6/1/17 7/1/17 8/1/17 9/1/17 10/1/17 11/1/17 12/1/17 1/1/18
AV Signatures Delivered per Day to our Platform• While we see 150K–300K
new malicious files each
day, we push an average
of 25K–30K signatures to
our platform
NEW MALWARE AND NEW SIGNATURES
• On average, we deliver
29 signatures for every
100 pieces of malware
that we learn about from
all feeds
• This implies two things:
• Many of the
malware samples
we learn via feeds
are not valid
• Our file-based
signatures can block
more than one file
(unlike a hash)
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
6/1/17 7/1/17 8/1/17 9/1/17 10/1/17 11/1/17 12/1/17 1/1/18
AX
IS T
ITLE
Comparison of Learned Malware to AV Signatures Delivered
Malware Samples
New AV Sigs
150-300M+
New unique samples processed per month
>20,000Customers
60-70%Malware found by WildFire that is
not detectable by top antivirus vendors at the time of attack
25-30K+New anti-malware and anti-C2
protections delivered daily every 5 minutes
Automated Threat Prevention Firewalls
Traps
Industry sharing 150+ Partner integrations 3rd party feeds
Aperture
WildFire
SSL Decryption… Why Should We Care?
• 21 M new certs in 2016 by Lets Encrypt
• >50% Firefox/Chrome pages encrypted
• Gartner – “By 2020, 50% of new enterprise firewalls deployed will be used for outbound TLS inspection, up from less than 10% today.”
• SSL traffic grew 90+% y-o-y
• >75% SSL traffic by 2019
9 | © 2017, Palo Alto Networks, Inc. Confidential and Proprietary.
Enforcement through a “zero trust” architecture
10 | © 2017, Palo Alto Networks. All Rights Reserved.
Between employees and devices within
the LAN
At the data center edge and
between VMs
Within public/private
cloudsand SaaS
Business Agility with Consistent Capabilities
11 | © 2017, Palo Alto Networks. All Rights Reserved.
Architectural Flexibility
Data Mobility User Mobility
Google CloudMobile Users Branch Locations
Remote LocationsHeadquarters
Private Cloud
Google Cloud
Public Cloud
Business Agility with Consistent Capabilities
12 | © 2017, Palo Alto Networks. All Rights Reserved.
Architectural Flexibility
Data Mobility User Mobility
People / Process
Google CloudMobile Users Branch Locations
Remote LocationsHeadquarters
Private Cloud
Google Cloud
Public Cloud
Business Agility with Consistent Capabilities
13 | © 2017, Palo Alto Networks. All Rights Reserved.
Architectural Flexibility
Data Mobility User Mobility
Automation
Google CloudMobile Users Branch Locations
Remote LocationsHeadquarters
Private Cloud
Google Cloud
Public Cloud
Orchestration / Integration
Actionable Advice
▪ Implement SSL decryption strategy for high risk traffic
▪ Implement zero trust micro segmentation in the datacenter to protect critical assets
▪ Automate everywhere you can
▪ Implement SaaS application security for sanctioned applications (DLP & malware detection)
▪ Implement phishing / credential theft capabilities
▪ Review current security strategy and extensibility to cloud and remote sites
▪ Ransomware – malware prevention strategy, backup, end user education, never pay!
▪ Begin to explore User Behavior Analytics