(Ended) Join the discussion: LIVEcommunity Cyber Elite Experts

cancel
Showing results for 
Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

(Ended) Join the discussion: LIVEcommunity Cyber Elite Experts

Community Team Member

Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts  will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.

 

Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021. 

 

Come back on July 28th from 8am to 5pm PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

Want to learn more details about the event? Check out this article.

25 REPLIES 25


@AVaidya1 wrote:

Hello folks!

 

There are so many sources of information/news on cyber topics these days. 

 

What are the top 3-5 sources of cybersecurity related news that you rely on?

 

Thank you!



Hi @AVaidya1 

Here are a few websites:

And a weekly podcast with news an deeper explanations about current cybersecurity "events": https://twit.tv/shows/security-now

View solution in original post

Cyber Elite
Cyber Elite

@jennaqualls wrote:

Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts  will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.

 

Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021. 

 

Come back on July 28th from 8am to 5pm PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

Want to learn more details about the event? Check out this article.



Hello @AVaidya1 ,

This is a great topic that is always changing. Here is what I use to keep up on current events:

What I want to know is how things are used/done. Meaning if I know an exploit is in the wild, even a zero day, I can usually find either a detection for it, via the SIEM, or protection via Wildfire or another vendor resource. Knowing how the threat actors think, operate, helps me with detection and prevention.

Hope thats a good start.

View solution in original post


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 



Hello @jforsythe ,

I would add secure DNS. This is often not thought of or overlooked and can provide a great deal of protection. Lets say you were blocking any new domains that were less than 30 days old and dynamically generated ones. This alone would have prevented the Solarwinds hack by blocking the DNS requests outbound so it would not have left the environment.

 

Regards,

View solution in original post

Cyber Elite
Cyber Elite

Hi Group

 

Apologies for any lateness in my responses, but I hope they are still welcomed. 😛

 

The 2 areas that I think are the core of the PANW security solutions are the STRATA and PRISMA areas.

Strata meaning the enterprise products, with the FWs, Panorama, virtualization of the firewalls, containerized firewalls, etc.

Prisma (specifically Primsa Access) builds upon the core function of FWs rule, Panorama deployment, VPNs, so that in (today's Covid aware) enterprise environments, the question of "How do I secure my remote users and branches, without compromising security", or having a single/consistent security posture, a single/consistent mobile user experience"

 

As I get the time, it is very important, with today's cloud based virtualization (IaaS)  that companies that develop or deploy code ensure that their public cloud is protected.

 

 

 

Help the community: Like helpful comments and mark solutions

View solution in original post


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 



From my perspective, the answer would be, believing that their current rule sets are properly configured and providing adequate projection.

The typical IT professional is very busy through his/her day, and there never seems a moment in time to just re-prioritize and focus on your current security posture.

 

Example: 

Can someone, right now, tell me EXACTLY how many application their network has seen in the past 30 days.

Can you tell me if all of these applications are needed (think.. Acceptable Use Policy of your employer...) just because someone uses an application does not mean it is a business justified one. 

 

Do you have rules limiting the risk level of your applications?.   There are 143 Risk Level 5 applications detected by the PANW FW. Have you reviewed the 143?  Do you have security rules/posture to block the apps that are not being used? 

If you look at your application usage and only three risk level 5 (say, FTP, SMTP, and Skype) are needed... and you do not see any other risk level 5 in your network... are you actively creating policies to BLOCK the apps that your enterprise is not even using. 

 

This is called "Reducing the Attack Surface" 

 

There are 3563 applications known on the PANW appliance.  Have you taken the time to review the application and appropriately TAGGED the application using the "Sanctioned" tag.  Imagine how easy your security policy could be if you only allowed SANCTIONED applications?  Your security rules numbers could be easily reduced.

 

For those with Panorama... are you looking and utilizing the  the Automated Correlation Engine?  If the Panorama is the "single pane of glass" to your security posture, have you reviewed its output against these events:

SteveCantwell_0-1627582205763.png

And lastly, when was the last time your company ran its configuration through the PANW created Best Practice Assessment tool, available in your support account.  It takes your configuration and finds EVERY single area of improvement that needs to be performed (according to the recommendations of PANW_ to secure and improve the posture of your network.   Perform these 2 to 4 times a year, to keep current.

 

The list could go on, in ways to improve.  Review the CyberElite comments and take advantage of the knowledge and experience from these experts. 

Help the community: Like helpful comments and mark solutions

View solution in original post


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


@jennaqualls 

 

From my point of view we will see increase in Ransomware attacks followed by supply chain attacks.

Already this year's list of Top 10 Cyber attacks includes more Ransomware attacks as compared to other cyber attacks.

 

Regards

MP

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!