Yesterday at RSA I learned a lot about how Palo Alto Networks can prevent cyber attacks.
It was great to see what customers, partners, and other vendors were interested in learning. We had many presentations and demos in the booth yesterday that covered Malware, Mobile Workforce Security, Datacenter and virtualization, and Traps.
Here are some details from a few.
Scott Stevens explained the common traits of breached networks, which include:
A port-based firewall
A static IPS
Zero day malware. Note: Zero days have been used the most recently because they target vulnerabilities for which there is little or no awareness.
Identity credentials hacked
Scott Ciccone's presentation was about the Migration Tool, which can help you migrate from a port-based firewall to App-ID. One of the most useful features of the Migration Tool is the ability to reduce the amount of time to move security policies from Layer4 (services) to Layer7 (App-ID). The tool also helps retrieve App-IDs we have seen from logs by rule and helps identify unknown traffic. Sometimes this unknown traffic can be transformed in custom signatures via an application override. Or it can help create a new custom application signature, which saves time. Learn more about migrating here.
Scott Simkin explained The Kill Chain and the modern way to detect and prevent threats, which includes people, process and technology.
In order to prevent attacks, you must understand how they may be delivered. Email attacks often deliver malware or carrier files, either as attachments or links to hosted files. While hosted attacks often rely on behind-the-scenes exploitation. Direct attacks are often automated through tools, although hands-on-keyboard versions may be employed for highly targeted efforts. Palo Alto Networks products can prevent an attack at every stage of the kill chain.
Sudeep and Matt explained how Palo Alto Networks can secure the datacenter, using a PA-7050, Amazon Web Services, virtual machines and Panorama.