https://live.paloaltonetworks.com/t5/next-generation-firewall/how-palo-alto-ngfw-prevent-unknow-cves/m-p/575920#M2578 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/223298">@SopheaHem</a>&nbsp;- CVE IDs are centrally allocated, but it is inevitable that there is some duplication and overlap among the 220,000+ CVE <A href="https://www.cve.org/" target="_self">records</A> currently available. Sometimes an "unknown" one (to us) might actually be known to us as a different CVE ID.&nbsp; A similar story would apply to any other security vendor.</P> <P>&nbsp;</P> <P>Bear in mind that CVE IDs can be allocated before any information is known about the specifics of the threat, and without threat specifics we would need to rely on other heuristics to identify a novel threat.&nbsp;</P> <P>&nbsp;</P> <P>Like any good answer, the best answer I can give here is, "it depends."&nbsp; No security vendor, be it Palo Alto Networks or anyone else, can&nbsp;<EM>guarantee</EM> anything about detecting and eliminating unknown CVEs, and you should be highly suspicious of claims to the contrary.&nbsp; If they're unknown, or highly novel, there is always a risk that they could slip past unnoticed.&nbsp; This is where tools like App-ID, URL Filtering, and WildFire, and having a sensible but strict security policy that utilises them, really come into their own.&nbsp; &nbsp;Defence in depth is an excellent approach as well: don't just rely on App-ID, for example, but instead use all of the tools at your disposal.</P> <P>&nbsp;</P> <P>Moreover, not every CVE is network-centric, which makes it hard for a next-generation firewall to have any impact, positive or negative, on the detection of those.</P> <P>&nbsp;</P> <P>What we can also do is use tools like Advanced WildFire to detect and eliminate threats, including novel one threats, as quickly as possible using a range of analysis tools and techniques.&nbsp; This can also include threats that don't (yet) have a CVE identified.&nbsp; This relies on the knowledge gained from multiple sources including other customer environments using Advanced WildFire, which means that on average, any novel threat will have been seen at least once, and hopefully identified as such, before it encroaches on your environment.&nbsp;</P> Sun, 04 Feb 2024 23:02:59 GMT iarobertson 2024-02-04T23:02:59Z https://live.paloaltonetworks.com/t5/next-generation-firewall/how-palo-alto-ngfw-prevent-unknow-cves/m-p/572473#M2405 <P>Dear Team,</P> <P>&nbsp;</P> <P style="color: #252525;">I hope all of you are doing well.</P> <P style="color: #252525;">I have one question. How can PA prevent an unknown CVE on NGFW?</P> <P style="color: #252525;">&nbsp;</P> <P style="color: #252525;">Why I brought up this question is because I saw that from one vendor to another, they have different CVE numbers and IDs.</P> <P style="color: #252525;">I was wondering if you could advise me.</P> <P style="color: #252525;">&nbsp;</P> <P style="color: #252525;">Thanks!</P> Wed, 10 Jan 2024 03:19:44 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-palo-alto-ngfw-prevent-unknow-cves/m-p/572473#M2405 SopheaHem 2024-01-10T03:19:44Z https://live.paloaltonetworks.com/t5/next-generation-firewall/how-palo-alto-ngfw-prevent-unknow-cves/m-p/575920#M2578 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/223298">@SopheaHem</a>&nbsp;- CVE IDs are centrally allocated, but it is inevitable that there is some duplication and overlap among the 220,000+ CVE <A href="https://www.cve.org/" target="_self">records</A> currently available. Sometimes an "unknown" one (to us) might actually be known to us as a different CVE ID.&nbsp; A similar story would apply to any other security vendor.</P> <P>&nbsp;</P> <P>Bear in mind that CVE IDs can be allocated before any information is known about the specifics of the threat, and without threat specifics we would need to rely on other heuristics to identify a novel threat.&nbsp;</P> <P>&nbsp;</P> <P>Like any good answer, the best answer I can give here is, "it depends."&nbsp; No security vendor, be it Palo Alto Networks or anyone else, can&nbsp;<EM>guarantee</EM> anything about detecting and eliminating unknown CVEs, and you should be highly suspicious of claims to the contrary.&nbsp; If they're unknown, or highly novel, there is always a risk that they could slip past unnoticed.&nbsp; This is where tools like App-ID, URL Filtering, and WildFire, and having a sensible but strict security policy that utilises them, really come into their own.&nbsp; &nbsp;Defence in depth is an excellent approach as well: don't just rely on App-ID, for example, but instead use all of the tools at your disposal.</P> <P>&nbsp;</P> <P>Moreover, not every CVE is network-centric, which makes it hard for a next-generation firewall to have any impact, positive or negative, on the detection of those.</P> <P>&nbsp;</P> <P>What we can also do is use tools like Advanced WildFire to detect and eliminate threats, including novel one threats, as quickly as possible using a range of analysis tools and techniques.&nbsp; This can also include threats that don't (yet) have a CVE identified.&nbsp; This relies on the knowledge gained from multiple sources including other customer environments using Advanced WildFire, which means that on average, any novel threat will have been seen at least once, and hopefully identified as such, before it encroaches on your environment.&nbsp;</P> Sun, 04 Feb 2024 23:02:59 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-palo-alto-ngfw-prevent-unknow-cves/m-p/575920#M2578 iarobertson 2024-02-04T23:02:59Z