(Ended) Join the discussion: LIVEcommunity Cyber Elite Experts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

(Ended) Join the discussion: LIVEcommunity Cyber Elite Experts

Community Team Member

Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts  will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.

 

Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021. 

 

Come back on July 28th from 8am to 5pm PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

Want to learn more details about the event? Check out this article.

20 accepted solutions

Accepted Solutions


@AVaidya1 wrote:

Hello Cyber Elite Experts!

 

What Prisma Access related content will be most helpful to our LIVEcommunity members? 

 

What tips will help our Prisma Access community?

 

Thank you! 



Hi @AVaidya1 

A good place to start is the "Prisma access getting started" guide which can be found here: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/get-started...

Then of course there is also the detailed documentation available which is split in the cloud managed prisma access ( https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin.html ) and the panorama managed prisma access ( https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin.html )

If you prefer viewing videos rather than reading, there are also many of them available on youtube. For example:

And of course there is also the live community technology ressource page for prisma access where you also find prisma access discussions are to ask questions to the community: https://live.paloaltonetworks.com/t5/prisma-access/ct-p/PrismaAccess

 

View solution in original post

Community Team Member
Thanks for reading!

View solution in original post

Community Team Member

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 

Thanks for reading!

View solution in original post

Community Team Member

What do you think the biggest cybersecurity headline will be in 2021?

Thanks for reading!

View solution in original post


@kazhang wrote:

Hi! How can I troubleshoot my issue on LIVEcommunity before opening an issue with Support team? 


@kazhang 

 

It depends on what issue you are having.

Mostly if you need help in configuration there are knowledge base articles.

 

For Troubleshooting issues you can go to Collaboration then to discussions there are so many tabs there depending on which technology you need help with for example for firewall related issues you can search in General Topics.

 

Put specific words for example like what error you are facing while doing commit on PA and do the search.

Mostly you will find the answers there.

 

When I was new to Palo alto i used to search in Live community and for most of the  issues I found answers here.

 

If your issue is new and there are no answers  in Live community then depending on your severity you can open up tac case.

 

Hope this helps.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

View solution in original post


@jforsythe wrote:


Hello @jforsythe ,

- What aspect of working working in cybersecurity do you find most interesting or exciting?
  • I personally love the erratic dynamic chaotic nature of it. It keeps my mind thinking of new ways to detect/prevent newer types of attacks with my existing technologies. This also helps me determine if I have a deficit that needs to be addressed.
 
- What do you think the next five years in cybersecurity holds?
  • I think we are going to see a lot more ransomware/blackmail along with supply chain attacks. Unfortunately we are already seeing them and as lot of organizations either dont have the technical expertise or funding to prevent them.

View solution in original post


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


Hello @jforsythe ,

I think its going to be a toss up of another huge supply chain attack and/or ransomware hitting something huge. We are already seeing a lot of it and its going to get a lot worse before it gets better.

Regards,

View solution in original post


@rjawaid wrote:

I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!


@rjawaid 

For myself I mostly work on Firewalls mostly all models, Panorama M200 and Log collectors M500.

Regarding Technology I mostly work on Configuration of firewalls and applying all the security profiles including SSL decryption

for traffic going to internet and coming from Internet. Also I work on Global protect as we have few thousand users who connect to network remotely.

Also we use MFA for logging into to Firewall and for remote users.

 

Regards

 

 

MP

Help the community: Like helpful comments and mark solutions.

View solution in original post


@jforsythe wrote:

What aspect of working in cybersecurity do you find most interesting or exciting?

There's never a boring day in this line of work, and I've never found myself wishing I had more to do. I don't think anyone working in this field can really ever say that their work is finished and just switch into maintaining the existing environment. 

 

What do you think the next five years in cybersecurity holds? 

We're hopefully going to see more and more environments move away from relying on perimeter security as we see more and more SaaS solutions being deployed and workers spending more time remote. If you aren't deploying solutions to ensure visibility into your endpoints regardless of location you're doing it wrong. 

I also think we'll sadly hear reports of a lot of organizations suffering from breeches over the next few years from improperly secured remote environments that got spun up due to the sudden change to remote work for a lot of organizations. Personnel were tasked with building solutions out quickly and often on a budget, and that generally leads to insecure solutions being implemented. 

 

View solution in original post


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?



Hi @jforsythe 

I really hope we already passed the biggest headline for 2021 with for example

  • Microsoft Exchange 0-day attacks at the beginning of the year
  • Colonial Pipeline Ransomware attack
  • Supply chain attack through Kaseya
  • PrintNightmare debacle
  • Activities that came into light with Pegasus spyware

But probably these weren't the biggest ones. So, besides the ones above I don't want to think of even bigger headlines but like @OtakarKlier wrote, there probably will be more of these supply chain attacks specially in combination with ransomware ...

View solution in original post


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 


I'm going to cheat and give you two.

App-ID

While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic. 

 

Decrypting traffic

I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic. 

In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate. 

 

View solution in original post


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


really hope @Remo is right and the biggest headlines for the year have already passed, but breaches and supply chain attacks are going to continue to dominate headlines. 

View solution in original post

L7 Applicator

@BPry wrote:

@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 


I'm going to cheat and give you two.

App-ID

While seeing people with application aware firewalls not building app-id policies has become less common, I still see it on a semi-regular basis. You should be building out app-id policies whenever possible, and you shouldn't have any 'any' policies simply relying on service objects to allow traffic. 

 

Decrypting traffic

I get to talk to, and work with, a lot of different organizations and the number that aren't decrypting outbound traffic is still staggeringly high. There seems to be a mindset around some people that decrypting traffic isn't worth it, but without it you aren't taking full advantage. of the tools you've already purchased and you have very limited visibility into the majority of network traffic. 

In addition I talk to some people who still believe that any phishing attempt or malicious file is going to be hosted on sites that aren't using HTTPS, and that's simply factually false. Outside of simply compromised sites which already have valid certificates, it's incredibly easy (and free) to go out and get a certificate. 

 



I'll add another two - also because I think there is not the one thing. There isn't the one line of defense where organizations need to take care of, multiple ones are required in order to be as secure as possible. So my two are:

  • Multi factor authentication - it became so easy to implement but I still see a lot of situations where companies rely on securing an access with a username and password and in addition the passwords aren't even strong ones
  • Internet access for servers(/containers) - servers and containers most of the time have one specific job. Ok, sometimes more than only one but it still is very specific. In order to do the required work there are also very specific destinations where they need to be able to connect to. So why allowing the servers to connect to the internet slmost without restrictions? This access should be closed by default and opened only there where it is really needed.

View solution in original post


@rjawaid wrote:

I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!



Hi @rjawaid 

My focus are the the firewalls of any model with quite a few features that I use (decryption, threatprevention, wildfire, file blocking, RADIUS/LDAP/SAML authentication, zone protection, DoS protection, IPSec VPN, Global Protect and many more) and Cortex XDR. For these and more tools there is XSOAR that stiches everything together and helps to keep an eye on whats going on.

View solution in original post


@AVaidya1 wrote:

Hello folks!

 

There are so many sources of information/news on cyber topics these days. 

 

What are the top 3-5 sources of cybersecurity related news that you rely on?

 

Thank you!



Hi @AVaidya1 

Here are a few websites:

And a weekly podcast with news an deeper explanations about current cybersecurity "events": https://twit.tv/shows/security-now

View solution in original post

Cyber Elite
Cyber Elite

@jennaqualls wrote:

Ask your questions from July 14 - July 28 as the LIVEcommunity Cyber Elite Experts  will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be an opportunity to ask our Cyber Elite Experts questions about a range of technologies, solutions, and how they can help you find what you need.

 

Ask questions from Wednesday, July 14 to Wednesday, July 28, 2021. 

 

Come back on July 28th from 8am to 5pm PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

Want to learn more details about the event? Check out this article.



Hello @AVaidya1 ,

This is a great topic that is always changing. Here is what I use to keep up on current events:

What I want to know is how things are used/done. Meaning if I know an exploit is in the wild, even a zero day, I can usually find either a detection for it, via the SIEM, or protection via Wildfire or another vendor resource. Knowing how the threat actors think, operate, helps me with detection and prevention.

Hope thats a good start.

View solution in original post


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 



Hello @jforsythe ,

I would add secure DNS. This is often not thought of or overlooked and can provide a great deal of protection. Lets say you were blocking any new domains that were less than 30 days old and dynamically generated ones. This alone would have prevented the Solarwinds hack by blocking the DNS requests outbound so it would not have left the environment.

 

Regards,

View solution in original post

Cyber Elite
Cyber Elite

Hi Group

 

Apologies for any lateness in my responses, but I hope they are still welcomed. 😛

 

The 2 areas that I think are the core of the PANW security solutions are the STRATA and PRISMA areas.

Strata meaning the enterprise products, with the FWs, Panorama, virtualization of the firewalls, containerized firewalls, etc.

Prisma (specifically Primsa Access) builds upon the core function of FWs rule, Panorama deployment, VPNs, so that in (today's Covid aware) enterprise environments, the question of "How do I secure my remote users and branches, without compromising security", or having a single/consistent security posture, a single/consistent mobile user experience"

 

As I get the time, it is very important, with today's cloud based virtualization (IaaS)  that companies that develop or deploy code ensure that their public cloud is protected.

 

 

 

Help the community: Like helpful comments and mark solutions

View solution in original post


@jforsythe wrote:

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 



From my perspective, the answer would be, believing that their current rule sets are properly configured and providing adequate projection.

The typical IT professional is very busy through his/her day, and there never seems a moment in time to just re-prioritize and focus on your current security posture.

 

Example: 

Can someone, right now, tell me EXACTLY how many application their network has seen in the past 30 days.

Can you tell me if all of these applications are needed (think.. Acceptable Use Policy of your employer...) just because someone uses an application does not mean it is a business justified one. 

 

Do you have rules limiting the risk level of your applications?.   There are 143 Risk Level 5 applications detected by the PANW FW. Have you reviewed the 143?  Do you have security rules/posture to block the apps that are not being used? 

If you look at your application usage and only three risk level 5 (say, FTP, SMTP, and Skype) are needed... and you do not see any other risk level 5 in your network... are you actively creating policies to BLOCK the apps that your enterprise is not even using. 

 

This is called "Reducing the Attack Surface" 

 

There are 3563 applications known on the PANW appliance.  Have you taken the time to review the application and appropriately TAGGED the application using the "Sanctioned" tag.  Imagine how easy your security policy could be if you only allowed SANCTIONED applications?  Your security rules numbers could be easily reduced.

 

For those with Panorama... are you looking and utilizing the  the Automated Correlation Engine?  If the Panorama is the "single pane of glass" to your security posture, have you reviewed its output against these events:

SteveCantwell_0-1627582205763.png

And lastly, when was the last time your company ran its configuration through the PANW created Best Practice Assessment tool, available in your support account.  It takes your configuration and finds EVERY single area of improvement that needs to be performed (according to the recommendations of PANW_ to secure and improve the posture of your network.   Perform these 2 to 4 times a year, to keep current.

 

The list could go on, in ways to improve.  Review the CyberElite comments and take advantage of the knowledge and experience from these experts. 

Help the community: Like helpful comments and mark solutions

View solution in original post


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


@jennaqualls 

 

From my point of view we will see increase in Ransomware attacks followed by supply chain attacks.

Already this year's list of Top 10 Cyber attacks includes more Ransomware attacks as compared to other cyber attacks.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

View solution in original post

25 REPLIES 25

Community Manager
Community Manager

Looking forward to having our Cyber Elite member experts join in during this event and answer all of your burning questions!  This forum is open now, so feel free to jump on in and start asking! 

Crasmussen - LIVEcommunity Manager 
Remember to click LIKE if a post is helpful to you | Stay Engaged!

L4 Transporter

Hello Cyber Elite Experts!

 

What Prisma Access related content will be most helpful to our LIVEcommunity members? 

 

What tips will help our Prisma Access community?

 

Thank you! 


@AVaidya1 wrote:

Hello Cyber Elite Experts!

 

What Prisma Access related content will be most helpful to our LIVEcommunity members? 

 

What tips will help our Prisma Access community?

 

Thank you! 



Hi @AVaidya1 

A good place to start is the "Prisma access getting started" guide which can be found here: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/get-started...

Then of course there is also the detailed documentation available which is split in the cloud managed prisma access ( https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin.html ) and the panorama managed prisma access ( https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin.html )

If you prefer viewing videos rather than reading, there are also many of them available on youtube. For example:

And of course there is also the live community technology ressource page for prisma access where you also find prisma access discussions are to ask questions to the community: https://live.paloaltonetworks.com/t5/prisma-access/ct-p/PrismaAccess

 

L4 Transporter

I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!

L1 Bithead

Hi! How can I troubleshoot my issue on LIVEcommunity before opening an issue with Support team? 

Community Team Member
Thanks for reading!

Community Team Member

What’s the number one thing individuals aren’t doing but should to secure their virtual worlds? 

Thanks for reading!

Community Team Member

What do you think the biggest cybersecurity headline will be in 2021?

Thanks for reading!


@kazhang wrote:

Hi! How can I troubleshoot my issue on LIVEcommunity before opening an issue with Support team? 


@kazhang 

 

It depends on what issue you are having.

Mostly if you need help in configuration there are knowledge base articles.

 

For Troubleshooting issues you can go to Collaboration then to discussions there are so many tabs there depending on which technology you need help with for example for firewall related issues you can search in General Topics.

 

Put specific words for example like what error you are facing while doing commit on PA and do the search.

Mostly you will find the answers there.

 

When I was new to Palo alto i used to search in Live community and for most of the  issues I found answers here.

 

If your issue is new and there are no answers  in Live community then depending on your severity you can open up tac case.

 

Hope this helps.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.


@jforsythe wrote:


Hello @jforsythe ,

- What aspect of working working in cybersecurity do you find most interesting or exciting?
  • I personally love the erratic dynamic chaotic nature of it. It keeps my mind thinking of new ways to detect/prevent newer types of attacks with my existing technologies. This also helps me determine if I have a deficit that needs to be addressed.
 
- What do you think the next five years in cybersecurity holds?
  • I think we are going to see a lot more ransomware/blackmail along with supply chain attacks. Unfortunately we are already seeing them and as lot of organizations either dont have the technical expertise or funding to prevent them.


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?


Hello @jforsythe ,

I think its going to be a toss up of another huge supply chain attack and/or ransomware hitting something huge. We are already seeing a lot of it and its going to get a lot worse before it gets better.

Regards,


@rjawaid wrote:

I would love to know what Palo Alto Networks product/technology areas of expertise Cyber Elite members focus on!


@rjawaid 

For myself I mostly work on Firewalls mostly all models, Panorama M200 and Log collectors M500.

Regarding Technology I mostly work on Configuration of firewalls and applying all the security profiles including SSL decryption

for traffic going to internet and coming from Internet. Also I work on Global protect as we have few thousand users who connect to network remotely.

Also we use MFA for logging into to Firewall and for remote users.

 

Regards

 

 

MP

Help the community: Like helpful comments and mark solutions.


@jforsythe wrote:

What aspect of working in cybersecurity do you find most interesting or exciting?

There's never a boring day in this line of work, and I've never found myself wishing I had more to do. I don't think anyone working in this field can really ever say that their work is finished and just switch into maintaining the existing environment. 

 

What do you think the next five years in cybersecurity holds? 

We're hopefully going to see more and more environments move away from relying on perimeter security as we see more and more SaaS solutions being deployed and workers spending more time remote. If you aren't deploying solutions to ensure visibility into your endpoints regardless of location you're doing it wrong. 

I also think we'll sadly hear reports of a lot of organizations suffering from breeches over the next few years from improperly secured remote environments that got spun up due to the sudden change to remote work for a lot of organizations. Personnel were tasked with building solutions out quickly and often on a budget, and that generally leads to insecure solutions being implemented. 

 


@jforsythe wrote:

What do you think the biggest cybersecurity headline will be in 2021?



Hi @jforsythe 

I really hope we already passed the biggest headline for 2021 with for example

  • Microsoft Exchange 0-day attacks at the beginning of the year
  • Colonial Pipeline Ransomware attack
  • Supply chain attack through Kaseya
  • PrintNightmare debacle
  • Activities that came into light with Pegasus spyware

But probably these weren't the biggest ones. So, besides the ones above I don't want to think of even bigger headlines but like @OtakarKlier wrote, there probably will be more of these supply chain attacks specially in combination with ransomware ...

  • 20 accepted solutions
  • 31894 Views
  • 25 replies
  • 6 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!