- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-15-2021 09:15 AM - last edited on 09-17-2021 02:24 PM by icharkashy
Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.
Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021.
Come back on July 28th from 8am to 5pm PT to join the event as our experts answer your questions!
To participate in this event, please use the Reply button below to ask your questions.
Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!
Want to learn more details about the event? Check out this article.
07-25-2021 05:54 AM - last edited on 08-05-2021 02:08 PM by jdelio
@AVaidya1 wrote:
Hello Cyber Elite Experts!
What Prisma Access related content will be most helpful to our LIVEcommunity members?
What tips will help our Prisma Access community?
Thank you!
Hi @AVaidya1
A good place to start is the "Prisma access getting started" guide which can be found here: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/get-started...
Then of course there is also the detailed documentation available which is split in the cloud managed prisma access ( https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin.html ) and the panorama managed prisma access ( https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin.html )
If you prefer viewing videos rather than reading, there are also many of them available on youtube. For example:
And of course there is also the live community technology ressource page for prisma access where you also find prisma access discussions are to ask questions to the community: https://live.paloaltonetworks.com/t5/prisma-access/ct-p/PrismaAccess
07-27-2021 10:15 AM
07-27-2021 10:16 AM
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
07-27-2021 10:16 AM
What do you think the biggest cybersecurity headline will be in 2021?
07-28-2021 05:26 AM - last edited on 08-05-2021 02:10 PM by jdelio
@kazhang wrote:
Hi! How can I troubleshoot my issue on LIVEcommunity before opening an issue with Support team?
It depends on what issue you are having.
Mostly if you need help in configuration there are knowledge base articles.
For Troubleshooting issues you can go to Collaboration then to discussions there are so many tabs there depending on which technology you need help with for example for firewall related issues you can search in General Topics.
Put specific words for example like what error you are facing while doing commit on PA and do the search.
Mostly you will find the answers there.
When I was new to Palo alto i used to search in Live community and for most of the issues I found answers here.
If your issue is new and there are no answers in Live community then depending on your severity you can open up tac case.
Hope this helps.
Regards
07-28-2021 07:55 AM - last edited on 08-05-2021 02:11 PM by jdelio
@jforsythe wrote:
Hi Cyber Elite experts! I have a couple questions for you...- What aspect of working working in cybersecurity do you find most interesting or exciting?- What do you think the next five years in cybersecurity holds?
Hello @jforsythe ,
07-28-2021 07:57 AM - last edited on 08-05-2021 02:11 PM by jdelio
@jforsythe wrote:
What do you think the biggest cybersecurity headline will be in 2021?
Hello @jforsythe ,
I think its going to be a toss up of another huge supply chain attack and/or ransomware hitting something huge. We are already seeing a lot of it and its going to get a lot worse before it gets better.
Regards,
07-28-2021 08:17 AM - last edited on 08-05-2021 02:11 PM by jdelio
@rjawaid wrote:
I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!
For myself I mostly work on Firewalls mostly all models, Panorama M200 and Log collectors M500.
Regarding Technology I mostly work on Configuration of firewalls and applying all the security profiles including SSL decryption
for traffic going to internet and coming from Internet. Also I work on Global protect as we have few thousand users who connect to network remotely.
Also we use MFA for logging into to Firewall and for remote users.
Regards
07-28-2021 08:33 AM
@jforsythe wrote:
Hi Cyber Elite experts! I have a couple questions for you...- What aspect of working working in cybersecurity do you find most interesting or exciting?- What do you think the next five years in cybersecurity holds?
What aspect of working in cybersecurity do you find most interesting or exciting?
There's never a boring day in this line of work, and I've never found myself wishing I had more to do. I don't think anyone working in this field can really ever say that their work is finished and just switch into maintaining the existing environment.
What do you think the next five years in cybersecurity holds?
We're hopefully going to see more and more environments move away from relying on perimeter security as we see more and more SaaS solutions being deployed and workers spending more time remote. If you aren't deploying solutions to ensure visibility into your endpoints regardless of location you're doing it wrong.
I also think we'll sadly hear reports of a lot of organizations suffering from breeches over the next few years from improperly secured remote environments that got spun up due to the sudden change to remote work for a lot of organizations. Personnel were tasked with building solutions out quickly and often on a budget, and that generally leads to insecure solutions being implemented.
07-28-2021 08:34 AM - last edited on 08-05-2021 02:12 PM by jdelio
@jforsythe wrote:
What do you think the biggest cybersecurity headline will be in 2021?
Hi @jforsythe
I really hope we already passed the biggest headline for 2021 with for example
But probably these weren't the biggest ones. So, besides the ones above I don't want to think of even bigger headlines but like @OtakarKlier wrote, there probably will be more of these supply chain attacks specially in combination with ransomware ...
07-28-2021 08:57 AM
@jforsythe wrote:
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
I'm going to cheat and give you two.
App-ID
While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic.
Decrypting traffic
I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic.
In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate.
07-28-2021 09:16 AM
@jforsythe wrote:
What do you think the biggest cybersecurity headline will be in 2021?
I really hope @Remo is right and the biggest headlines for the year have already passed, but breaches and supply chain attacks are going to continue to dominate headlines.
07-28-2021 09:20 AM - last edited on 08-05-2021 02:12 PM by jdelio
@BPry wrote:
@jforsythe wrote:
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
I'm going to cheat and give you two.
App-ID
While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic.
Decrypting traffic
I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic.
In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate.
I'll add another two - also because I think there is not the one thing. There isn't the one line of defense where organizations need to take care of, multiple ones are required in order to be as secure as possible. So my two are:
07-28-2021 09:31 AM - last edited on 08-05-2021 02:13 PM by jdelio
@rjawaid wrote:
I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!
Hi @rjawaid
My focus are the the firewalls of any model with quite a few features that I use (decryption, threatprevention, wildfire, file blocking, RADIUS/LDAP/SAML authentication, zone protection, DoS protection, IPSec VPN, Global Protect and many more) and Cortex XDR. For these and more tools there is XSOAR that stiches everything together and helps to keep an eye on whats going on.
07-28-2021 12:58 PM - last edited on 08-05-2021 02:14 PM by jdelio
@AVaidya1 wrote:
Hello folks!
There are so many sources of information/news on cyber topics these days.
What are the top 3-5 sources of cybersecurity related news that you rely on?
Thank you!
Hi @AVaidya1
Here are a few websites:
And a weekly podcast with news an deeper explanations about current cybersecurity "events": https://twit.tv/shows/security-now
07-28-2021 01:57 PM - last edited on 08-05-2021 02:14 PM by jdelio
@jennaqualls wrote:
Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.
Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021.
Come back on July 28th from 8am to 5pm PT to join the event as our experts answer your questions!
To participate in this event, please use the Reply button below to ask your questions.
Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!
Want to learn more details about the event? Check out this article.
Hello @AVaidya1 ,
This is a great topic that is always changing. Here is what I use to keep up on current events:
What I want to know is how things are used/done. Meaning if I know an exploit is in the wild, even a zero day, I can usually find either a detection for it, via the SIEM, or protection via Wildfire or another vendor resource. Knowing how the threat actors think, operate, helps me with detection and prevention.
Hope thats a good start.
07-28-2021 02:38 PM - last edited on 08-05-2021 02:15 PM by jdelio
@jforsythe wrote:
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
Hello @jforsythe ,
I would add secure DNS. This is often not thought of or overlooked and can provide a great deal of protection. Lets say you were blocking any new domains that were less than 30 days old and dynamically generated ones. This alone would have prevented the Solarwinds hack by blocking the DNS requests outbound so it would not have left the environment.
Regards,
07-29-2021 10:56 AM
Hi Group
Apologies for any lateness in my responses, but I hope they are still welcomed. 😛
The 2 areas that I think are the core of the PANW security solutions are the STRATA and PRISMA areas.
Strata meaning the enterprise products, with the FWs, Panorama, virtualization of the firewalls, containerized firewalls, etc.
Prisma (specifically Primsa Access) builds upon the core function of FWs rule, Panorama deployment, VPNs, so that in (today's Covid aware) enterprise environments, the question of "How do I secure my remote users and branches, without compromising security", or having a single/consistent security posture, a single/consistent mobile user experience"
As I get the time, it is very important, with today's cloud based virtualization (IaaS) that companies that develop or deploy code ensure that their public cloud is protected.
07-29-2021 11:13 AM - last edited on 08-05-2021 02:16 PM by jdelio
@jforsythe wrote:
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
From my perspective, the answer would be, believing that their current rule sets are properly configured and providing adequate projection.
The typical IT professional is very busy through his/her day, and there never seems a moment in time to just re-prioritize and focus on your current security posture.
Example:
Can someone, right now, tell me EXACTLY how many application their network has seen in the past 30 days.
Can you tell me if all of these applications are needed (think.. Acceptable Use Policy of your employer...) just because someone uses an application does not mean it is a business justified one.
Do you have rules limiting the risk level of your applications?. There are 143 Risk Level 5 applications detected by the PANW FW. Have you reviewed the 143? Do you have security rules/posture to block the apps that are not being used?
If you look at your application usage and only three risk level 5 (say, FTP, SMTP, and Skype) are needed... and you do not see any other risk level 5 in your network... are you actively creating policies to BLOCK the apps that your enterprise is not even using.
This is called "Reducing the Attack Surface"
There are 3563 applications known on the PANW appliance. Have you taken the time to review the application and appropriately TAGGED the application using the "Sanctioned" tag. Imagine how easy your security policy could be if you only allowed SANCTIONED applications? Your security rules numbers could be easily reduced.
For those with Panorama... are you looking and utilizing the the Automated Correlation Engine? If the Panorama is the "single pane of glass" to your security posture, have you reviewed its output against these events:
And lastly, when was the last time your company ran its configuration through the PANW created Best Practice Assessment tool, available in your support account. It takes your configuration and finds EVERY single area of improvement that needs to be performed (according to the recommendations of PANW_ to secure and improve the posture of your network. Perform these 2 to 4 times a year, to keep current.
The list could go on, in ways to improve. Review the CyberElite comments and take advantage of the knowledge and experience from these experts.
07-30-2021 10:00 AM - last edited on 08-05-2021 02:16 PM by jdelio
@jforsythe wrote:
What do you think the biggest cybersecurity headline will be in 2021?
From my point of view we will see increase in Ransomware attacks followed by supply chain attacks.
Already this year's list of Top 10 Cyber attacks includes more Ransomware attacks as compared to other cyber attacks.
Regards
07-20-2021 11:10 AM
Looking forward to having our Cyber Elite member experts join in during this event and answer all of your burning questions! This forum is open now, so feel free to jump on in and start asking!
07-23-2021 10:24 AM
Hello Cyber Elite Experts!
What Prisma Access related content will be most helpful to our LIVEcommunity members?
What tips will help our Prisma Access community?
Thank you!
07-25-2021 05:54 AM - last edited on 08-05-2021 02:08 PM by jdelio
@AVaidya1 wrote:
Hello Cyber Elite Experts!
What Prisma Access related content will be most helpful to our LIVEcommunity members?
What tips will help our Prisma Access community?
Thank you!
Hi @AVaidya1
A good place to start is the "Prisma access getting started" guide which can be found here: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/get-started...
Then of course there is also the detailed documentation available which is split in the cloud managed prisma access ( https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin.html ) and the panorama managed prisma access ( https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin.html )
If you prefer viewing videos rather than reading, there are also many of them available on youtube. For example:
And of course there is also the live community technology ressource page for prisma access where you also find prisma access discussions are to ask questions to the community: https://live.paloaltonetworks.com/t5/prisma-access/ct-p/PrismaAccess
07-26-2021 03:46 PM
I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!
07-27-2021 09:13 AM
Hi! How can I troubleshoot my issue on LIVEcommunity before opening an issue with Support team?
07-27-2021 10:15 AM
07-27-2021 10:16 AM
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
07-27-2021 10:16 AM
What do you think the biggest cybersecurity headline will be in 2021?
07-28-2021 05:26 AM - last edited on 08-05-2021 02:10 PM by jdelio
@kazhang wrote:
Hi! How can I troubleshoot my issue on LIVEcommunity before opening an issue with Support team?
It depends on what issue you are having.
Mostly if you need help in configuration there are knowledge base articles.
For Troubleshooting issues you can go to Collaboration then to discussions there are so many tabs there depending on which technology you need help with for example for firewall related issues you can search in General Topics.
Put specific words for example like what error you are facing while doing commit on PA and do the search.
Mostly you will find the answers there.
When I was new to Palo alto i used to search in Live community and for most of the issues I found answers here.
If your issue is new and there are no answers in Live community then depending on your severity you can open up tac case.
Hope this helps.
Regards
07-28-2021 07:55 AM - last edited on 08-05-2021 02:11 PM by jdelio
@jforsythe wrote:
Hi Cyber Elite experts! I have a couple questions for you...- What aspect of working working in cybersecurity do you find most interesting or exciting?- What do you think the next five years in cybersecurity holds?
Hello @jforsythe ,
07-28-2021 07:57 AM - last edited on 08-05-2021 02:11 PM by jdelio
@jforsythe wrote:
What do you think the biggest cybersecurity headline will be in 2021?
Hello @jforsythe ,
I think its going to be a toss up of another huge supply chain attack and/or ransomware hitting something huge. We are already seeing a lot of it and its going to get a lot worse before it gets better.
Regards,
07-28-2021 08:17 AM - last edited on 08-05-2021 02:11 PM by jdelio
@rjawaid wrote:
I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!
For myself I mostly work on Firewalls mostly all models, Panorama M200 and Log collectors M500.
Regarding Technology I mostly work on Configuration of firewalls and applying all the security profiles including SSL decryption
for traffic going to internet and coming from Internet. Also I work on Global protect as we have few thousand users who connect to network remotely.
Also we use MFA for logging into to Firewall and for remote users.
Regards
07-28-2021 08:33 AM
@jforsythe wrote:
Hi Cyber Elite experts! I have a couple questions for you...- What aspect of working working in cybersecurity do you find most interesting or exciting?- What do you think the next five years in cybersecurity holds?
What aspect of working in cybersecurity do you find most interesting or exciting?
There's never a boring day in this line of work, and I've never found myself wishing I had more to do. I don't think anyone working in this field can really ever say that their work is finished and just switch into maintaining the existing environment.
What do you think the next five years in cybersecurity holds?
We're hopefully going to see more and more environments move away from relying on perimeter security as we see more and more SaaS solutions being deployed and workers spending more time remote. If you aren't deploying solutions to ensure visibility into your endpoints regardless of location you're doing it wrong.
I also think we'll sadly hear reports of a lot of organizations suffering from breeches over the next few years from improperly secured remote environments that got spun up due to the sudden change to remote work for a lot of organizations. Personnel were tasked with building solutions out quickly and often on a budget, and that generally leads to insecure solutions being implemented.
07-28-2021 08:34 AM - last edited on 08-05-2021 02:12 PM by jdelio
@jforsythe wrote:
What do you think the biggest cybersecurity headline will be in 2021?
Hi @jforsythe
I really hope we already passed the biggest headline for 2021 with for example
But probably these weren't the biggest ones. So, besides the ones above I don't want to think of even bigger headlines but like @OtakarKlier wrote, there probably will be more of these supply chain attacks specially in combination with ransomware ...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!