(Ended) Join the discussion: LIVEcommunity Cyber Elite Experts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

(Ended) Join the discussion: LIVEcommunity Cyber Elite Experts

Community Team Member

Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts  will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.

 

Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021. 

 

Come back on July 28th from 8am to 5pm PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

Want to learn more details about the event? Check out this article.

25 REPLIES 25


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 


I'm going to cheat and give you two.

App-ID

While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic. 

 

Decrypting traffic

I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic. 

In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate. 

 


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


really hope @Remo is right and the biggest headlines for the year have already passed, but breaches and supply chain attacks are going to continue to dominate headlines. 

L7 Applicator

@BPry wrote:

@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 


I'm going to cheat and give you two.

App-ID

While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic. 

 

Decrypting traffic

I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic. 

In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate. 

 



I'll add another two - also because I think there is not the one thing. There isn't the one line of defense where organizations need to take care of, multiple ones are required in order to be as secure as possible. So my two are:

  • Multi factor authentication - it became so easy to implement but I still see a lot of situations where companies rely on securing an access with a username and password and in addition the passwords aren't even strong ones
  • Internet access for servers(/containers) - servers and containers most of the time have one specific job. Ok, sometimes more than only one but it still is very specific. In order to do the required work there are also very specific destinations where they need to be able to connect to. So why allowing the servers to connect to the internet slmost without restrictions? This access should be closed by default and opened only there where it is really needed.


@rjawaid wrote:

I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!



Hi @rjawaid 

My focus are the the firewalls of any model with quite a few features that I use (decryption, threatprevention, wildfire, file blocking, RADIUS/LDAP/SAML authentication, zone protection, DoS protection, IPSec VPN, Global Protect and many more) and Cortex XDR. For these and more tools there is XSOAR that stiches everything together and helps to keep an eye on whats going on.

L4 Transporter

Hello folks!

 

There are so many sources of information/news on cyber topics these days. 

 

What are the top 3-5 sources of cybersecurity related news that you rely on?

 

Thank you!


@AVaidya1 wrote:

Hello folks!

 

There are so many sources of information/news on cyber topics these days. 

 

What are the top 3-5 sources of cybersecurity related news that you rely on?

 

Thank you!



Hi @AVaidya1 

Here are a few websites:

And a weekly podcast with news an deeper explanations about current cybersecurity "events": https://twit.tv/shows/security-now

Cyber Elite
Cyber Elite

@jennaqualls wrote:

Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts  will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.

 

Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021. 

 

Come back on July 28th from 8am to 5pm PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

Want to learn more details about the event? Check out this article.



Hello @AVaidya1 ,

This is a great topic that is always changing. Here is what I use to keep up on current events:

What I want to know is how things are used/done. Meaning if I know an exploit is in the wild, even a zero day, I can usually find either a detection for it, via the SIEM, or protection via Wildfire or another vendor resource. Knowing how the threat actors think, operate, helps me with detection and prevention.

Hope thats a good start.


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 



Hello @jforsythe ,

I would add secure DNS. This is often not thought of or overlooked and can provide a great deal of protection. Lets say you were blocking any new domains that were less than 30 days old and dynamically generated ones. This alone would have prevented the Solarwinds hack by blocking the DNS requests outbound so it would not have left the environment.

 

Regards,

Cyber Elite
Cyber Elite

Hi Group

 

Apologies for any lateness in my responses, but I hope they are still welcomed. 😛

 

The 2 areas that I think are the core of the PANW security solutions are the STRATA and PRISMA areas.

Strata meaning the enterprise products, with the FWs, Panorama, virtualization of the firewalls, containerized firewalls, etc.

Prisma (specifically Primsa Access) builds upon the core function of FWs rule, Panorama deployment, VPNs, so that in (today's Covid aware) enterprise environments, the question of "How do I secure my remote users and branches, without compromising security", or having a single/consistent security posture, a single/consistent mobile user experience"

 

As I get the time, it is very important, with today's cloud based virtualization (IaaS)  that companies that develop or deploy code ensure that their public cloud is protected.

 

 

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 



From my perspective, the answer would be, believing that their current rule sets are properly configured and providing adequate projection.

The typical IT professional is very busy through his/her day, and there never seems a moment in time to just re-prioritize and focus on your current security posture.

 

Example: 

Can someone, right now, tell me EXACTLY how many application their network has seen in the past 30 days.

Can you tell me if all of these applications are needed (think.. Acceptable Use Policy of your employer...) just because someone uses an application does not mean it is a business justified one. 

 

Do you have rules limiting the risk level of your applications?.   There are 143 Risk Level 5 applications detected by the PANW FW. Have you reviewed the 143?  Do you have security rules/posture to block the apps that are not being used? 

If you look at your application usage and only three risk level 5 (say, FTP, SMTP, and Skype) are needed... and you do not see any other risk level 5 in your network... are you actively creating policies to BLOCK the apps that your enterprise is not even using. 

 

This is called "Reducing the Attack Surface" 

 

There are 3563 applications known on the PANW appliance.  Have you taken the time to review the application and appropriately TAGGED the application using the "Sanctioned" tag.  Imagine how easy your security policy could be if you only allowed SANCTIONED applications?  Your security rules numbers could be easily reduced.

 

For those with Panorama... are you looking and utilizing the  the Automated Correlation Engine?  If the Panorama is the "single pane of glass" to your security posture, have you reviewed its output against these events:

SteveCantwell_0-1627582205763.png

And lastly, when was the last time your company ran its configuration through the PANW created Best Practice Assessment tool, available in your support account.  It takes your configuration and finds EVERY single area of improvement that needs to be performed (according to the recommendations of PANW_ to secure and improve the posture of your network.   Perform these 2 to 4 times a year, to keep current.

 

The list could go on, in ways to improve.  Review the CyberElite comments and take advantage of the knowledge and experience from these experts. 

Please help out other users and “Accept as Solution” if a post helps solve your problem !


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


@jennaqualls 

 

From my point of view we will see increase in Ransomware attacks followed by supply chain attacks.

Already this year's list of Top 10 Cyber attacks includes more Ransomware attacks as compared to other cyber attacks.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
  • 32120 Views
  • 25 replies
  • 6 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!