palo alto networks · system engineer italy . 2 what’s changed? the evolution of the attacker $1+...
TRANSCRIPT
1 1
PALO ALTO NETWORKS Come realizzare un Enterprise Security Framework
17 Marzo 2015
| ©2014, Palo Alto Networks. Confidential and Proprietary. 1
Antonio Iannuzzi Country Manager Italy&Malta Stefania Iannelli System Engineer Italy
2
WHAT’S CHANGED? THE EVOLUTION OF THE ATTACKER
$1+ CYBERCRIME NOW
trillion industry
100+ nations
CYBER WARFARE
10.000+ hours
CYBER PROFESSIONALISM
3
WHAT’S CHANGED?
Known threats
Org
aniz
atio
nal r
isk Identity compromise
Zero-day exploits / vulnerabilities
Evasive command-and-control
Unknown & polymorphic malware
Mobility threat
THE EVOLUTION OF THE ATTACK
4
OVERALL MALWARE FOUND
6% of all files scanned is Malware Average of 31K Malware files per day, a 50% increase in 3 months Requires 320 new AV signatures every 15 minutes
0
10000
20000
30000
40000
50000
60000
Malware found per day
5
Growth of Command & Control Traffic
C&C traffic growing after a quiet summer Seems to imply a growth in the number of players developing Malware Requires 280 new URL rules every 30 minutes
6
President Obama Speaks at the White House Summit on Cybersecurity and Consumer Protection
7
FAILURE OF LEGACY SECURITY ARCHITECTURES
Anti-APT for port 80 APTs
Anti-APT for port 25 APTs
Endpoint AV
DNS protection cloud
Network AV
DNS protection for outbound DNS
Anti-APT cloud
Internet
Enterprise Network
UTM/Blades
Limited visibility Manual response Lacks correlation
Vendor 1 Vendor 2
Vendor 3 Vendor 4
Internet Connection Malware Intelligence
DNS Alert Endpoint Alert
AV Alert
SMTP Alert
AV Alert
Web Alert
Web Alert
SMTP Alert
DNS Alert
AV Alert
DNS Alert
Web Alert
Endpoint Alert
8
REQUIREMENTS FOR THE FUTURE DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE ORGANIZATION
At the internet edge
Between employees and
devices within the LAN
At the data center edge, and
between VM’s
At the mobile device
Cloud
Within private, public and hybrid
clouds
9
PREVENTING ATTACKS AT EVERY STAGE OF THE KILL-CHAIN Breach the perimeter 1 Deliver the malware 2 Lateral movement 3 Exfiltrate data 4
URL Filtering
§ Prevent use of social engineering § Block known malicious URLs and IP
addresses
Next-Generation Firewall / GlobalProtect
§ Visibility into all traffic, including SSL § Enable business-critical applications § Block high-risk applications § Block commonly exploited file types
Threat Prevention
§ Block known exploits, malware and inbound command-and-control communications
WildFire
§ Send specific incoming files and email links from the internet to public or private cloud for inspection
§ Detect unknown threats § Automatically deliver protections
globally
Next-Generation Firewall / GlobalProtect
§ Establish secure zones with strictly enforced access control
§ Provide ongoing monitoring and inspection of all traffic between zones
Threat Prevention
§ Block outbound command-and-control communications
§ Block file and data pattern uploads § DNS monitoring and sinkholing
Traps / WildFire
§ Block known and unknown vulnerability exploits
§ Block known and unknown malware § Provide detailed forensics on attacks
URL Filtering
§ Block outbound communication to known malicious URLs and IP addresses
WildFire
§ Detecting unknown threats pervasively throughout the network
10
Requirements for Security in todays Threat Landscape 1. Application based security rules
2. Rules based on User Identity/User Groups
3. Wildfire subscription to detect unknown malware
4. Threat Prevention subscription to enable dynamic prevention signatures for malware
5. URL (PAN-DB) subscription to enable dynamic prevention of malware Command & Control
11
AND MORE IMPORTANTLY, SIMPLIFY THIS…
Anti-APT for port 80 APTs
Anti-APT for port 25 APTs
Endpoint AV
DNS protection cloud
Network AV
DNS protection for outbound DNS
Anti-APT cloud
Internet
Enterprise Network
UTM/Blades
Limited visibility Manual response Lacks correlation
Vendor 1 Vendor 2
Vendor 3 Vendor 4
Internet Connection Malware Intelligence
DNS Alert Endpoint Alert
AV Alert
SMTP Alert
AV Alert
Web Alert
Web Alert
SMTP Alert
DNS Alert
AV Alert
DNS Alert
Web Alert
Endpoint Alert
12
TO THIS…
Internet
Enterprise Network
NGFW
DNS Alert Endpoint Alert Web Alert APT Endpoint Alert
WildFireTM GlobalProtect
Palo Alto Networks
Malware Prevention
NGFW NGFW
① Significantly reduced their risk ② Dropped their TCO ③ Increased their business agility
Traps
Traps
Traps
Traps
Traps
Traps
13
Delivering the Next-Generation Security Platform
NATIVELY INTEGRATED EXTENSIBLE
AUTOMATED
NEXT-GENERATION FIREWALL
ADVANCED ENDPOINT PROTECTION
THREAT INTELLIGENCE
CLOUD
Palo Alto Networks We are leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Because of our deep expertise, commitment to innovation and game-changing security platform, thousands of customers have chosen us and we are the fastest growing security company in the market.
Traps – Advanced Endpoint Protection Palo Alto Networks developed a very unique approach that prevents all exploit and malware-based attacks, even those based on unknown zero-day vulnerabilities.
§ Prevent all exploits § Prevent all malware § Forensics of attempted attack § Scalable, lightweight and user friendly § Integrate with network and cloud security
14
WHY PALO ALTO NETWORKS
Prevention
Zero-Day
Reduce Risk Policy
Visibility
Remediation
Detection
Endpoint
Data Center
Mobility
BYOD Management
Vulnerability
Responsive
Exploit
Anti-Malware Forensics
Automation Private Cloud
Public Cloud
Perform
ance
Scalability
Platform
Segmentation
Applications
Users
Control
Agile
Perimeter
Integrated
Support
Web Security
Com
mand-&
-Control
Virtualization
Ecosystem Context
Correlation
Services
People
Culture
Safe Enablement
Application
15