A Comprehensive CyberSecurity Policy

Similar documents
Palo Alto Networks PAN-OS

Paloalto Networks PCNSA EXAM

Palo Alto Networks Stallion Spring Seminar -Tech Track. Peter Gustafsson, June 2010

Palo Alto Networks PCNSE7 Exam

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version

APP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

SRX als NGFW. Michel Tepper Consultant

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Security 2.0: Balancing Business Enablement and Information Security

Understanding the Dynamic Update Mechanism Tech Note

Future-ready security for small and mid-size enterprises

FIREWALL OVERVIEW. Palo Alto Networks Next-Generation Firewall

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version

Next Generation Endpoint Security Confused?

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis

Design and Deployment of SourceFire NGIPS and NGFWL

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Annexure E Technical Bid Format

AT&T Endpoint Security

Configuring a Zone-Based Firewall on the Cisco ISA500 Security Appliance

COMPUTER NETWORK SECURITY

Simple and Powerful Security for PCI DSS

Training UNIFIED SECURITY. Signature based packet analysis

Juniper Sky Advanced Threat Prevention

CyberP3i Course Module Series

DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT

Palo-Alto PCNSE7. Palo Alto Networks Certified Network Security Engineer.

2 ZyWALL UTM Application Note

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Next-Generation Firewall Overview

Managing SonicWall Gateway Anti Virus Service

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Endpoint Security Manager

JUNIPER SKY ADVANCED THREAT PREVENTION

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Juniper Sky Advanced Threat Prevention

Access Control. Access Control Overview. Access Control Rules and the Default Action

Chapter 9. Firewalls

MESSAGING SECURITY GATEWAY. Solution overview

Access Control. Access Control Overview. Access Control Rules and the Default Action

THE ACCENTURE CYBER DEFENSE SOLUTION

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Product Guide. McAfee Web Gateway Cloud Service

Office 365 Integration Guide Software Version 6.7

All-in one security for large and medium-sized businesses.

Automating Security Response based on Internet Reputation

CA Host-Based Intrusion Prevention System r8

Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran

PROTECT WORKLOADS IN THE HYBRID CLOUD

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

The Eight Components of a Strong Cyber Security Defense System

Cisco s Appliance-based Content Security: IronPort and Web Security

Introduction. The Safe-T Solution

SOLUTION MANAGEMENT GROUP

Application Firewalls

Configuring F5 for SSL Intercept

Sun Mgt Bonus Lab 11: Auto-Tagging in PAN-OS 8.X

Symantec Ransomware Protection

exam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT

Segment Your Network for Stronger Security

Introducing the CSC SSM

Palo-Alto PCNSE. Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS

Test Report April esafe Virtual Appliance

A Modern Framework for Network Security in Government

Seqrite Antivirus for Server

Intelligent and Secure Network

Quick Heal AntiVirus for Server. Optimized Antivirus Scanning. Low on Resources. Strong on Technology.

Medigate and Palo Alto Networks Integration

Monitoring the Device

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

BIG-IP Application Security Manager : Getting Started. Version 12.1

Security Landscape Thorsten Stoeterau Security Systems Engineer - Barracuda Networks

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Comodo. Endpoint Security Manager Software Version 1.6. CIS Configuration Editor Guide Guide Version

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Medium / Large Enterprises Next-Generation UTM NU-850C

Network Configuration Example

Evaluation criteria for Next-Generation Firewalls

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

SONICWALL SECURITY HEALTH CHECK SERVICE

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

Addendum to RFP SSL/IT/RFP-004/ dated 28-March-2017

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Protection Service with Continuity

SONICWALL SECURITY HEALTH CHECK SERVICE

A Unified Threat Defense: The Need for Security Convergence

Transcription:

A Comprehensive CyberSecurity Policy Review of ALL NGFW Capabilities Attack Surface Reduction From Complex to Comprehensive Before and After of a PANW customer 1

2

1 Enhanced Policy on the L7 layer Leverage ALL NGFW Capabilities - Location Limit Sources and Destinations of traffic! Restricted IP Ranges! Countries! Specific known bad IP s! Dynamic Block Lists! Known Users/Groups Slide 6 3

Leverage ALL NGFW Capabilities - Applications Limit Sources and Destinations of traffic! Restricted IP Ranges / Countries! Known Users/Groups! Specific known bad IP s / Dynamic Block Lists Control Application Usage (Positive Enforcement / Default Deny)! Avoid High risk -- File Transfer and Tunneling Applications! Reduce or avoid the need for unknown-udp/tcp usage! Allow legitimate applications FTP was a surprisingly evasive and effec5ve malware vector - 95% of malware delivered via FTP were never detected by tradi>onal AV (in a 30 day period). - 97% of malware sessions used non- standard ports.. 2013 Modern Malware Review Webmail is a very common delivery vector for Malware - Yahoo- Mail, AIM- Mail, Hotmail, Mail.ru are among the top 15 apps that deliver malware - SMTP, POP3, and other common mail apps make the list as well 2013 Modern Malware Review Slide 7 Leverage ALL NGFW Capabilities - Applications Limit Sources and Destinations of traffic! Restricted IP Ranges / Countries! Known Users/Groups! Specific known bad IP s / Dynamic Block Lists Control Application Usage (Positive Enforcement / Default Deny)! Avoid High risk -- File Transfer and Tunneling Applications! Reduce or avoid the need for unknown-udp/tcp usage! Allow legitimate applications 22 Email Apps 34 File Sharing Apps Slide 8 4

Leverage ALL NGFW Capabilities - Browsing Limit Sources and Destinations of traffic! Restricted IP Ranges / Countries! Known Users/Groups! Specific known bad IP s / Dynamic Block Lists Control Application Usage (Positive Enforcement / Default Deny)! Avoid High risk -- File Transfer and Tunneling Applications! Reduce or avoid the need for unknown-udp/tcp usage! Allow legitimate applications Limit Web browsing activity Malware Adult & Pornography Unknown Slide 9 Leverage ALL NGFW Capabilities Known Threats Limit Sources and Destinations of traffic Slide 10! Restricted IP Ranges / Countries! Known Users/Groups! Specific known bad IP s / Dynamic Block Lists Control Application Usage (Positive Enforcement / Default Deny)! Avoid High risk -- File Transfer and Tunneling Applications! Reduce or avoid the need for unknown-udp/tcp usage! Allow legitimate applications Limit Web browsing activity Malware Adult & Pornography Unknown Scan for Threats within allowed traffic Exploits Malware / Spyware Virus 5

User Identification Single Policy ONLY THEN Bring in the Sandbox! Slide 12 6

Policy Example Policy Development Intelligence & Background First understand your network and use visibility tools from Palo Alto Networks NGFW Application Usage Source / Destination Information Threat Activity User Behavior Web Browsing behavior Use WildFire to track How Malware got in using/via which Applications, Websites, Countries, Users Review the enterprises business requirements Partner Communication requirements Necessary Applications Internet Usage Policy Set your Policy Goals: Do not hinder computing and communication needs of the users Protect the Organization from Malware Slide 14 7

Some definitions ZONES -- Important for Network Segmentation! Logical Containers for physical interfaces, VLANs, IP Ranges! All interfaces must be part of a zone! Purpose of the NGFW is to control traffic between Zones! Policy execution focuses on just relevant Zone Zone traffic Slide 16 8

Policy Elements! Security Policy fundamentally controls traffic between Zones! Leverage many more criteria ( tuples ) than in a traditional Firewall! Common Elements - SRC_Addr, DST_Addr, SRC_Port, DST_Port! PLUS: Zone, User/Group, HIP Profile, Application, URL Category! Single Policy with security controls and content inspection " Security Profiles! Rule options Log forwarding, Scheduling, etc! Tags allow for logical grouping and management Slide 17 Objects! Policy Elements that can be pre-defined and reused in the construction of Policies.! Modification of the object (vs the policy itself) allows the policy framework to remain fixed while the objects change.! Types of Objects! Applications! Addresses / Regions! Dynamic Block Lists! Custom Categories! Custom Signatures! Service Objects! Security Profiles! Log Forwarding! Schedules Slide 18 9

Security Profiles = Objects used in Policies/Rules! Profiles are defined as objects and used granularly throughout the entire Policy! Used in combination with other profiles! IPS, Anti-Virus, Spyware, File Control, etc...! Targeted at Specific Users, Zones, Address Groups, Regions -- Rules! Variety of Actions available Block/ Continue/ independent of Firewall Allow / Deny Slide 19 Profiles Slide 20 10

The Policy Visualized Control the sources of traffic! Inbound Control! Block traffic From Countries you do no Business with! Use Geo or Region Objects; combined with the Deny action for all traffic! Consider the Negate feature on the Source Objects Eliminates a broad swath of unnecessary traffic Utilize Source Country Address filters The Negate feature combined with the Deny action Targeted Between Zones Untrust -> DMZ Untrust -> Untrust Untrust -> Trust Logging Enabled on rule Slide 22 11

Control Outbound Destinations (User Traffic)! Outbound Control! Block SSL and Web traffic To Countries you do no Business with! Consider the Negate feature; select applications; and the Deny action Controls Outbound user traffic to unnecessary destinations Utilize Destination Country Address filters Targeted Between Zones Trust -> Untrust Leverages App-ID SSL & Web Browsing On their Default Ports Logging Enabled on rule Slide 23 Eliminate Traffic from known Malicious sources! Block Known Malicious Sources! Custom or Dynamic Block List source address; combined with the Deny action Leverage existing list of known sources of attack Targeted Between Zones Untrust -> DMZ Untrust -> Untrust Untrust -> Trust Logging Enabled on rule Slide 24 12

Control Legacy File Transfer Applications! Leverage User Groups identifying IT and/or Authorized Users! Zone and User Group(s) as sources; well defined applications; Allow action! Inspect allowed traffic Regulate how approved File Transfer applications are used Limit what users can leverage File Transfers outbound Ensure that FTP (and SSH) are only used on their default ports Inspect allowed traffic with IPS, AntiVirus, File Blocking, and other content controls. Targeted Between Zones Trust -> Untrust Logging Enabled on rule FTP was a surprisingly evasive and effec5ve malware vector - 95% of malware delivered via FTP were never detected by tradi>onal AV (in a 30 day period). - 97% of malware sessions used non- standard ports.. 2013 Modern Malware Review Slide 25 Safely Allow SOME social networking and behavior! Zone and User Group(s) as sources; well defined applications; Allow action! Inspect allowed traffic! Block unwanted sub-applications Manage the use of social networking applications and their functions Ensure that Social Networking only runs on its default port Inspect allowed traffic with IPS, AntiVirus, File Blocking, and other content controls. DENY the Facebook Apps and other sub function for all users. Most common social networking threat and malware vector Targeted Between Zones Trust -> Untrust Logging Enabled on rule Facebook- Apps accounts for 97% of all threats within social networking traffic. 2013 Applica>on usage and Threat report Slide 26 13

Control Webmail file attachments! Review and allow select webmail applications or use applications filters! Prevent downloads of exe/pe/bat/jar files for all or most users Allow the use of Webmail & Collaboration application cetegories, but Deny the ability to move certain file types with these applications Inspect allowed traffic with IPS, AntiVirus, File Blocking, and other content controls. Targeted Between Zones Trust -> Untrust Logging Enabled on rule Webmail is a very common delivery vector for Malware - Yahoo- Mail, AIM- Mail, Hotmail, Mail.ru are among the top 15 apps that deliver malware - SMTP, POP3, and other common mail apps make the list as well 2013 Modern Malware Review Slide 27 Control File Movement File Blocking Profile! Define 1 or more File Blocking Profiles! Use them selectively in the correct rules 1 firewall wide file blocking policy File Blocking Object is targeted at a specific rule allowing specific traffic. Policy within a Policy Criteria: Application, File Type, Direction, Action Slide 28 14

Control User File download behavior! Use the File Blocking and Security Profiles leveraging multiple match criteria! Zone, User or Group, Application(s) and URL categories Targets specific users and their web browsing behavior Prevents certain high risk file types from being delivered by visiting certain web sites. Inspects all allowed traffic with IPS, AV, Spyware, Malware Combined with SSL Decryption this can stop a common infection vector Slide 29 URL Filtering Profile! Define correct URL Filtering Profiles! If required, use custom URL Categories or populate Block/Allow Lists Content_ID Utilize Categorical selections to block access to unwanted or prohibited web destinations Logging enabled for allowed and blocked sites User information captured for all browsing activity. Slide 30 15

Control Web Browsing Behavior! Use URL and Content Filtering Profiles to control Internet access! Use correct Zone, User or Group, Application(s) objects Targets specific users and their web browsing behavior Prevents certain high risk file types from being delivered by visiting certain web sites. Inspects all allowed traffic with IPS, AV, Spyware, Malware Combined with SSL Decryption this can stop a common infection vector Slide 31 Control high risk / prohibited applications! In case some flexible Internet Application use is allowed; reduce the risk! Block high risk application categories, using Application Filters Deny the use of applications that are prohibited by internet usage policy Targeted Between Zones Trust -> Untrust Logging Enabled on rule Slide 32 16

If a file passes the previous controls WILDFIRE!! Use a WildFire enabled File Blocking Profile when File Downloads are allowed! Review logs and keep on tuning your policy! Benefit from the WildFire research; enhancing all layers of Threat Prevention Slide 33 The Results of Wildfire! Expanding the KNOWN threats near real time! New Unique Malware Signatures in less than 1 hour! DNS Signatures DNS lookups for host names associated with Malware! Malware URL s Constantly added to the URL Filtering Database! Command & Control (C&C) signatures added to the Spyware database! Important Security Intelligence to help refine policy! High Risk Applications which applications communicate Malware?! High Risk Users Which users have behavior that exposes them?! Sources of Malware IP Addresses, URL s, Geographic Regions! Destinations of Malware where do infected hosts communicate to? Slide 34 17

18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback