The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy
The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security Platform that safely enables all applications through granular use control and prevention of known and unknown cyber threats for all users on any device across any network. Prevention 1 st
Detect new unknown attacks across all traffic 154 total different application types used in the past year >50% of unknown malware via Web- browsing is Encrypted Internet Utility 6% Business systems 11% Storage8 ERP/CRM 1% Collaboration 5% Social Networking Office programs 1% backup 1% 8% Gaming 1% Proxy 3% Remote Access 1% Audio streaming 1% Photo8Video 6% Internet Utility 5% email 17% File Sharing 33%
What s changed?.volume Attack Vectors Zero Days Sheer volume Traditional security design fails to cope with the sheer attack volume and keep pace
30 minutes of malware Stop the spread, prevent attacks New infection every 3 seconds After. 1 minute = 2,021 instances 15 minutes = 9,864 instances 30 minutes = 45,457 instances
Security needs for a Paradigm Shift Current Security Thinking Detection The action or process of identifying the presence of something concealed Remediation The action or remedying something, in particular of reversing or stopping environmental damage Palo Alto Networks Thinking Prevention 1 st The action of stopping something from happening or arising
Preventing Attacks The Next Generation Enterprise Security Platform Complete visibility Reduce attack surface area Prevent all known threats Prevent new threats All applications All users All context Encrypted traffic SaaS Cloud Mobile Enable business apps Block bad apps Limit app functions Limit file types Block web sites Exploits* Malware Command and control Malicious web sites Bad domains Stolen credentials Static analysis Dynamic analysis Attack techniques Anomaly detection Analytics Orchestration & Automation
The Next Generation Enterprise Security Platform SaaS Security Aperture AutoFocus WildFire Identify and block known and unknown malware, incremental updates every 5 minutes Threat Prevention URL Filtering Threat Protection and Prevention with Single Pass Architecture (App- ID, User- ID, Content- ID, URL Filtering, ) Threat Intelligence Traps GlobalProtect Adv. EndPoint Protection: Malware and Exploit Prevention
App-ID Identify the application User-ID Identify the user Content-ID Scan the content NGFW What about?
NGFW What about? Single Pass Software: performs operations once ü App- ID: identify the application ü User- ID: identify the user ü Content- ID: scan the content, single- pass scanning Parallel Processing Hardware: high level performance ü Separated Dataplane and Management Plane ü Specialized processing groups that work in harmony to perform critical functions Works also for VM! Using dedicated vcpu
1 Phishing email sent to victim Breaking credential theft attack cycle 2 Credentials sent to phishing page NGFW What s new? Mail server Domain controller Application server RADIUS Analyzed by WildFire, blocked by PAN-DB Suspicious credential submission blocked Policy-based MFA enforced at network layer 3 Adversary navigates through network to access critical applications with stolen credentials
PANOS v8.0 New PA- Series NGFW What s new? PA-5200 SERIES PA-800 SERIES PA-220 Up to 10x performance and capacity increases Front-to-back cooling Up to 10x decryption performance increase Up to 35x SSL session capacity increase Higher port density, flexible I/O, & hardware resiliency
PANOS v8.0 New VM- Series NGFW What s new? Extra small (200M) Branch office, vcpe, Network based MSSP Small, Medium (2-4G) Hybrid cloud, segmentation, and Internet gateway Large, Extra Large (8-16G) NFV component in virtualized data center and service provider environments VM-50 VM-100 VM-200 VM-300 VM-1000-HV VM-500 VM-700 200M App- ID,100M Threat, 50K sessions Up to 2G App- ID, 1G Threat, 250K sessions Up to 4G App- ID, 2G Threat, 800K sessions Up to 8G App- ID, 4G Threat, 2M sessions Up to 16G App- ID, 8G Threat, 10M sessions
WildFire all-new analysis engine PANW Wildfire Threat Intelligent Cloud New machine learning The only custom-built anti-evasion malware analysis environment Final frontier for anti-vm detection Static Analysis Dynamic Analysis Heuristic engine Bare Metal Analysis Detection of known exploits, malware, and new variants Detonation reveals zero-day exploitation & malware Dynamically steers highly evasive, suspicious files to bare metal Detonates malware on real hardware, detecting all VM-aware malware
PANW Wildfire Threat Intelligent Cloud Researcher-grade C2 protection, at scale Removing the trade-off, effectiveness with scale: WildFire Extract C2 payload ü Automatic high-fidelity signature creation Automatic signature generation ü Capturing C2 data from WildFire execution ü Daily content updates More Coverage 10 times more payloadbased C2 signatures release per day (and growing) Higher Effectiveness New automatically generated C2 signatures cover between 200-300 unique malware samples per signature
WildFire Global Cloud Infrastructure PANW Wildfire Threat Intelligent Cloud Regional Clouds WildFire Global Cloud Analysis performed in-region EU Customer files stored in-region Local research staff handles engine accuracy maintenance CA VA Analysis data / signatures Customer files JP Intelligence & Prevention Analysis data and signatures sent to global cloud All customers receive global signature package AutoFocus continues to have global visibility SOC 2 & ISO certified datacenters SOC 2 Compliant WildFire infrastructure All customers continue to receive a global WildFire signature package every 5 minutes Customers choose which clouds to use to meet privacy needs
PANW TRAPS Advanced Endpoint Protection Prevention Requires a Combination of Multiple Purpose- built Methods 6 Malware8 Quarantine WildFire8 1 Inspection8&8 Analysis ü Prevention Focused ü Malware Prevention ü Exploit Prevention ü Automated Prevention w/ Threat Intel ü Persistent Protection Admin 5 Override Policies Trusted8 4 Publisher8 Identification Traps MultiLMethod8 Malware Prevention 3 Execution8 Restrictions Static8Analysis8 2 via8machine8 Learning
SAFELY ENABLE SaaS APPLICATIONS PANW Aperture Cloud SaaS Security ü Connects customer s SaaS apps over application API ü Sends hashes and.exe to the Wildfire Cloud ü Deep content inspection based on keywords, regex, & industry standard data classifiers i.e. PCI, PII etc. ü Machine learning allows custom data classification ü Extracts users, collaborators, and access information ü Calculate risks based on threats, data & occurrences ü Allows administrator to take actions like end user notification, quarantine etc. to mitigate risks. Office 365 SANCTIONED SaaS
PANW AutoFocus Threat Intelligence TIME TO RESPONSE Decrease time to identify and respond to new, targeted attack ü AutoFocus was much easier than the current manual monitoring for alerts used by the Security Operations Center (SOC) team. ü Demonstrated quicker response time, flagging malicious activity their SOC team hadn t seen yet. ü Provided immediate answers on What happened, and Did we lose anything? for malware events
Threat Intelligence Feeds Network Enforcers Private Feeds SIEM Threat Intelligence Platforms Endpoint Enforcers Search Sessions Samples Cloud Intelligence AutoFocus Match Indicators Action Indicator Store Apps MineMeld PANW AutoFocus MineMeld On Premise End Point SIEM Firewall Proxies Local MineMeld
Complete Data Security Next Generation Enterprise Security Platform APERTURE GLOBALPROTECT NEXT GEN FIREWALL TRAPS Public Cloud (IaaS, PaaS) Office 365 Software as a Service (SaaS) NEXT GEN FIREWALL NEXT GEN FIREWALL WF AUTOFOCUS F Private Cloud (SDN, NSX, ACI) Threat Intelligent Cloud
Thank You! Domenico Stranieri Pre- Sales System Engineer Palo Alto Networks EMEA Italy dstranieri@paloaltonetworks.com