1 1

PALO ALTO NETWORKS Come realizzare un Enterprise Security Framework

17 Marzo 2015

| ©2014, Palo Alto Networks. Confidential and Proprietary. 1

Antonio Iannuzzi Country Manager Italy&Malta Stefania Iannelli System Engineer Italy

2

WHAT’S CHANGED? THE EVOLUTION OF THE ATTACKER

$1+ CYBERCRIME NOW

trillion industry

100+ nations

CYBER WARFARE

10.000+ hours

CYBER PROFESSIONALISM

3

WHAT’S CHANGED?

Known threats

Org

aniz

atio

nal r

isk Identity compromise

Zero-day exploits / vulnerabilities

Evasive command-and-control

Unknown & polymorphic malware

Mobility threat

THE EVOLUTION OF THE ATTACK

4

OVERALL MALWARE FOUND

6% of all files scanned is Malware Average of 31K Malware files per day, a 50% increase in 3 months Requires 320 new AV signatures every 15 minutes

0  

10000  

20000  

30000  

40000  

50000  

60000  

Malware  found  per  day  

5

Growth of Command & Control Traffic

C&C traffic growing after a quiet summer Seems to imply a growth in the number of players developing Malware Requires 280 new URL rules every 30 minutes

6

President Obama Speaks at the White House Summit on Cybersecurity and Consumer Protection

7

FAILURE OF LEGACY SECURITY ARCHITECTURES

Anti-APT for port 80 APTs

Anti-APT for port 25 APTs

Endpoint AV

DNS protection cloud

Network AV

DNS protection for outbound DNS

Anti-APT cloud

Internet

Enterprise Network

UTM/Blades

Limited visibility Manual response Lacks correlation

Vendor 1 Vendor 2

Vendor 3 Vendor 4

Internet Connection Malware Intelligence

DNS Alert Endpoint Alert

AV Alert

SMTP Alert

AV Alert

Web Alert

Web Alert

SMTP Alert

DNS Alert

AV Alert

DNS Alert

Web Alert

Endpoint Alert

8

REQUIREMENTS FOR THE FUTURE DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE ORGANIZATION

At the internet edge

Between employees and

devices within the LAN

At the data center edge, and

between VM’s

At the mobile device

Cloud

Within private, public and hybrid

clouds

9

PREVENTING ATTACKS AT EVERY STAGE OF THE KILL-CHAIN Breach the perimeter 1 Deliver the malware 2 Lateral movement 3 Exfiltrate data 4

URL Filtering

§  Prevent use of social engineering §  Block known malicious URLs and IP

addresses

Next-Generation Firewall / GlobalProtect

§  Visibility into all traffic, including SSL §  Enable business-critical applications §  Block high-risk applications §  Block commonly exploited file types

Threat Prevention

§  Block known exploits, malware and inbound command-and-control communications

WildFire

§  Send specific incoming files and email links from the internet to public or private cloud for inspection

§  Detect unknown threats §  Automatically deliver protections

globally

Next-Generation Firewall / GlobalProtect

§  Establish secure zones with strictly enforced access control

§  Provide ongoing monitoring and inspection of all traffic between zones

Threat Prevention

§  Block outbound command-and-control communications

§  Block file and data pattern uploads §  DNS monitoring and sinkholing

Traps / WildFire

§  Block known and unknown vulnerability exploits

§  Block known and unknown malware §  Provide detailed forensics on attacks

URL Filtering

§  Block outbound communication to known malicious URLs and IP addresses

WildFire

§ Detecting unknown threats pervasively throughout the network

10

Requirements for Security in todays Threat Landscape 1.  Application based security rules

2.  Rules based on User Identity/User Groups

3.  Wildfire subscription to detect unknown malware

4.  Threat Prevention subscription to enable dynamic prevention signatures for malware

5.  URL (PAN-DB) subscription to enable dynamic prevention of malware Command & Control

11

AND MORE IMPORTANTLY, SIMPLIFY THIS…

Anti-APT for port 80 APTs

Anti-APT for port 25 APTs

Endpoint AV

DNS protection cloud

Network AV

DNS protection for outbound DNS

Anti-APT cloud

Internet

Enterprise Network

UTM/Blades

Limited visibility Manual response Lacks correlation

Vendor 1 Vendor 2

Vendor 3 Vendor 4

Internet Connection Malware Intelligence

DNS Alert Endpoint Alert

AV Alert

SMTP Alert

AV Alert

Web Alert

Web Alert

SMTP Alert

DNS Alert

AV Alert

DNS Alert

Web Alert

Endpoint Alert

12

TO THIS…

Internet

Enterprise Network

NGFW

DNS Alert Endpoint Alert Web Alert APT Endpoint Alert

WildFireTM GlobalProtect

Palo Alto Networks

Malware Prevention

NGFW NGFW

①  Significantly reduced their risk ② Dropped their TCO ③  Increased their business agility

Traps

Traps

Traps

Traps

Traps

Traps

13

Delivering the Next-Generation Security Platform

NATIVELY INTEGRATED EXTENSIBLE

AUTOMATED

NEXT-GENERATION FIREWALL

ADVANCED ENDPOINT PROTECTION

THREAT INTELLIGENCE

CLOUD

Palo Alto Networks We are leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Because of our deep expertise, commitment to innovation and game-changing security platform, thousands of customers have chosen us and we are the fastest growing security company in the market.

Traps – Advanced Endpoint Protection Palo Alto Networks developed a very unique approach that prevents all exploit and malware-based attacks, even those based on unknown zero-day vulnerabilities.

§  Prevent all exploits §  Prevent all malware §  Forensics of attempted attack §  Scalable, lightweight and user friendly §  Integrate with network and cloud security

14

WHY PALO ALTO NETWORKS

Prevention

Zero-Day

Reduce Risk Policy

Visibility

Remediation

Detection

Endpoint

Data Center

Mobility

BYOD Management

Vulnerability

Responsive

Exploit

Anti-Malware Forensics

Automation Private Cloud

Public Cloud

Perform

ance

Scalability

Platform

Segmentation

Applications

Users

Control

Agile

Perimeter

Integrated

Support

Web Security

Com

mand-&

-Control

Virtualization

Ecosystem Context

Correlation

Services

People

Culture

Safe Enablement

Application

15