(Ended) Join the discussion: LIVEcommunity Cyber Elite Experts

cancel
Showing results for 
Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

(Ended) Join the discussion: LIVEcommunity Cyber Elite Experts

Community Team Member

Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts  will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.

 

Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021. 

 

Come back on July 28th from 8am to 5pm PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

Want to learn more details about the event? Check out this article.

25 REPLIES 25


@jforsythe wrote:


Hello @jforsythe ,

- What aspect of working working in cybersecurity do you find most interesting or exciting?
  • I personally love the erratic dynamic chaotic nature of it. It keeps my mind thinking of new ways to detect/prevent newer types of attacks with my existing technologies. This also helps me determine if I have a deficit that needs to be addressed.
 
- What do you think the next five years in cybersecurity holds?
  • I think we are going to see a lot more ransomware/blackmail along with supply chain attacks. Unfortunately we are already seeing them and as lot of organizations either dont have the technical expertise or funding to prevent them.

View solution in original post


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


Hello @jforsythe ,

I think its going to be a toss up of another huge supply chain attack and/or ransomware hitting something huge. We are already seeing a lot of it and its going to get a lot worse before it gets better.

Regards,

View solution in original post


@rjawaid wrote:

I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!


@rjawaid 

For myself I mostly work on Firewalls mostly all models, Panorama M200 and Log collectors M500.

Regarding Technology I mostly work on Configuration of firewalls and applying all the security profiles including SSL decryption

for traffic going to internet and coming from Internet. Also I work on Global protect as we have few thousand users who connect to network remotely.

Also we use MFA for logging into to Firewall and for remote users.

 

Regards

 

 

MP

View solution in original post


@jforsythe wrote:

What aspect of working in cybersecurity do you find most interesting or exciting?

There's never a boring day in this line of work, and I've never found myself wishing I had more to do. I don't think anyone working in this field can really ever say that their work is finished and just switch into maintaining the existing environment. 

 

What do you think the next five years in cybersecurity holds? 

We're hopefully going to see more and more environments move away from relying on perimeter security as we see more and more SaaS solutions being deployed and workers spending more time remote. If you aren't deploying solutions to ensure visibility into your endpoints regardless of location you're doing it wrong. 

I also think we'll sadly hear reports of a lot of organizations suffering from breeches over the next few years from improperly secured remote environments that got spun up due to the sudden change to remote work for a lot of organizations. Personnel were tasked with building solutions out quickly and often on a budget, and that generally leads to insecure solutions being implemented. 

 

View solution in original post


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?



Hi @jforsythe 

I really hope we already passed the biggest headline for 2021 with for example

  • Microsoft Exchange 0-day attacks at the beginning of the year
  • Colonial Pipeline Ransomware attack
  • Supply chain attack through Kaseya
  • PrintNightmare debacle
  • Activities that came into light with Pegasus spyware

But probably these weren't the biggest ones. So, besides the ones above I don't want to think of even bigger headlines but like @OtakarKlier wrote, there probably will be more of these supply chain attacks specially in combination with ransomware ...

View solution in original post


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 


I'm going to cheat and give you two.

App-ID

While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic. 

 

Decrypting traffic

I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic. 

In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate. 

 

View solution in original post


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


really hope @vsys_remo is right and the biggest headlines for the year have already passed, but breaches and supply chain attacks are going to continue to dominate headlines. 

View solution in original post


@BPry wrote:

@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 


I'm going to cheat and give you two.

App-ID

While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic. 

 

Decrypting traffic

I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic. 

In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate. 

 



I'll add another two - also because I think there is not the one thing. There isn't the one line of defense where organizations need to take care of, multiple ones are required in order to be as secure as possible. So my two are:

  • Multi factor authentication - it became so easy to implement but I still see a lot of situations where companies rely on securing an access with a username and password and in addition the passwords aren't even strong ones
  • Internet access for servers(/containers) - servers and containers most of the time have one specific job. Ok, sometimes more than only one but it still is very specific. In order to do the required work there are also very specific destinations where they need to be able to connect to. So why allowing the servers to connect to the internet slmost without restrictions? This access should be closed by default and opened only there where it is really needed.

View solution in original post


@rjawaid wrote:

I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!



Hi @rjawaid 

My focus are the the firewalls of any model with quite a few features that I use (decryption, threatprevention, wildfire, file blocking, RADIUS/LDAP/SAML authentication, zone protection, DoS protection, IPSec VPN, Global Protect and many more) and Cortex XDR. For these and more tools there is XSOAR that stiches everything together and helps to keep an eye on whats going on.

View solution in original post

L4 Transporter

Hello folks!

 

There are so many sources of information/news on cyber topics these days. 

 

What are the top 3-5 sources of cybersecurity related news that you rely on?

 

Thank you!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!