- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-15-2021 09:15 AM - last edited on 09-17-2021 02:24 PM by icharkashy
Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.
Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021.
Come back on July 28th from 8am to 5pm PT to join the event as our experts answer your questions!
To participate in this event, please use the Reply button below to ask your questions.
Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!
Want to learn more details about the event? Check out this article.
07-28-2021 08:57 AM
@jforsythe wrote:
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
I'm going to cheat and give you two.
App-ID
While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic.
Decrypting traffic
I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic.
In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate.
07-28-2021 09:16 AM
@jforsythe wrote:
What do you think the biggest cybersecurity headline will be in 2021?
I really hope @Remo is right and the biggest headlines for the year have already passed, but breaches and supply chain attacks are going to continue to dominate headlines.
07-28-2021 09:20 AM - last edited on 08-05-2021 02:12 PM by jdelio
@BPry wrote:
@jforsythe wrote:
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
I'm going to cheat and give you two.
App-ID
While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic.
Decrypting traffic
I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic.
In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate.
I'll add another two - also because I think there is not the one thing. There isn't the one line of defense where organizations need to take care of, multiple ones are required in order to be as secure as possible. So my two are:
07-28-2021 09:31 AM - last edited on 08-05-2021 02:13 PM by jdelio
@rjawaid wrote:
I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!
Hi @rjawaid
My focus are the the firewalls of any model with quite a few features that I use (decryption, threatprevention, wildfire, file blocking, RADIUS/LDAP/SAML authentication, zone protection, DoS protection, IPSec VPN, Global Protect and many more) and Cortex XDR. For these and more tools there is XSOAR that stiches everything together and helps to keep an eye on whats going on.
07-28-2021 09:43 AM
Hello folks!
There are so many sources of information/news on cyber topics these days.
What are the top 3-5 sources of cybersecurity related news that you rely on?
Thank you!
07-28-2021 12:58 PM - last edited on 08-05-2021 02:14 PM by jdelio
@AVaidya1 wrote:
Hello folks!
There are so many sources of information/news on cyber topics these days.
What are the top 3-5 sources of cybersecurity related news that you rely on?
Thank you!
Hi @AVaidya1
Here are a few websites:
And a weekly podcast with news an deeper explanations about current cybersecurity "events": https://twit.tv/shows/security-now
07-28-2021 01:57 PM - last edited on 08-05-2021 02:14 PM by jdelio
@jennaqualls wrote:
Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.
Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021.
Come back on July 28th from 8am to 5pm PT to join the event as our experts answer your questions!
To participate in this event, please use the Reply button below to ask your questions.
Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!
Want to learn more details about the event? Check out this article.
Hello @AVaidya1 ,
This is a great topic that is always changing. Here is what I use to keep up on current events:
What I want to know is how things are used/done. Meaning if I know an exploit is in the wild, even a zero day, I can usually find either a detection for it, via the SIEM, or protection via Wildfire or another vendor resource. Knowing how the threat actors think, operate, helps me with detection and prevention.
Hope thats a good start.
07-28-2021 02:38 PM - last edited on 08-05-2021 02:15 PM by jdelio
@jforsythe wrote:
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
Hello @jforsythe ,
I would add secure DNS. This is often not thought of or overlooked and can provide a great deal of protection. Lets say you were blocking any new domains that were less than 30 days old and dynamically generated ones. This alone would have prevented the Solarwinds hack by blocking the DNS requests outbound so it would not have left the environment.
Regards,
07-29-2021 10:56 AM
Hi Group
Apologies for any lateness in my responses, but I hope they are still welcomed. 😛
The 2 areas that I think are the core of the PANW security solutions are the STRATA and PRISMA areas.
Strata meaning the enterprise products, with the FWs, Panorama, virtualization of the firewalls, containerized firewalls, etc.
Prisma (specifically Primsa Access) builds upon the core function of FWs rule, Panorama deployment, VPNs, so that in (today's Covid aware) enterprise environments, the question of "How do I secure my remote users and branches, without compromising security", or having a single/consistent security posture, a single/consistent mobile user experience"
As I get the time, it is very important, with today's cloud based virtualization (IaaS) that companies that develop or deploy code ensure that their public cloud is protected.
07-29-2021 11:13 AM - last edited on 08-05-2021 02:16 PM by jdelio
@jforsythe wrote:
What’s the number one thing individuals aren’t doing but should to secure their virtual worlds?
From my perspective, the answer would be, believing that their current rule sets are properly configured and providing adequate projection.
The typical IT professional is very busy through his/her day, and there never seems a moment in time to just re-prioritize and focus on your current security posture.
Example:
Can someone, right now, tell me EXACTLY how many application their network has seen in the past 30 days.
Can you tell me if all of these applications are needed (think.. Acceptable Use Policy of your employer...) just because someone uses an application does not mean it is a business justified one.
Do you have rules limiting the risk level of your applications?. There are 143 Risk Level 5 applications detected by the PANW FW. Have you reviewed the 143? Do you have security rules/posture to block the apps that are not being used?
If you look at your application usage and only three risk level 5 (say, FTP, SMTP, and Skype) are needed... and you do not see any other risk level 5 in your network... are you actively creating policies to BLOCK the apps that your enterprise is not even using.
This is called "Reducing the Attack Surface"
There are 3563 applications known on the PANW appliance. Have you taken the time to review the application and appropriately TAGGED the application using the "Sanctioned" tag. Imagine how easy your security policy could be if you only allowed SANCTIONED applications? Your security rules numbers could be easily reduced.
For those with Panorama... are you looking and utilizing the the Automated Correlation Engine? If the Panorama is the "single pane of glass" to your security posture, have you reviewed its output against these events:
And lastly, when was the last time your company ran its configuration through the PANW created Best Practice Assessment tool, available in your support account. It takes your configuration and finds EVERY single area of improvement that needs to be performed (according to the recommendations of PANW_ to secure and improve the posture of your network. Perform these 2 to 4 times a year, to keep current.
The list could go on, in ways to improve. Review the CyberElite comments and take advantage of the knowledge and experience from these experts.
07-30-2021 10:00 AM - last edited on 08-05-2021 02:16 PM by jdelio
@jforsythe wrote:
What do you think the biggest cybersecurity headline will be in 2021?
From my point of view we will see increase in Ransomware attacks followed by supply chain attacks.
Already this year's list of Top 10 Cyber attacks includes more Ransomware attacks as compared to other cyber attacks.
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!