Using NGFW to Prevent Corporate Credential Theft

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Community Team Member

General Graphics.jpg

 

Earlier this week I wrote about a Financial Services firm that lost hundreds of thousands of dollars. The Lazarus group, a North Korean-backed cybercrime group, was successful in its phishing campaign. The network was infiltrated and the group successfully pivoted to corporate assets using stolen credentials. In an abundant world of data, organizations will continue to be targeted with phishing for credential theft. To safeguard against such an attack, organizations should monitor and limit where corporate credentials are being used. 

 

Palo Alto Networks Next-Generation Firewall (NGFW) prevents credential phishing through user credential detection. Corporate credentials — username and/or password — that are submitted to a website can be scanned and alerted/blocked. 

 

IMG_5315.jpg

 

Credential submissions can be detected on website categories specified within a URL Filtering Profile. In the example above, user credential submissions are blocked for websites that fall under the social networking category. For best practice, it is recommended to block credential submissions on medium to high-risk category websites.

 

Screen Shot 2022-09-29 at 11.59.46 AM.png

 

Prior to setting up user credential detection, you will need to have User-ID, Decryption, and URL-Filtering enabled. Enabling credential detection can be found within the actual URL-Filtering profile.

 

Screen Shot 2022-09-29 at 12.53.06 PM.png

 

Cybersecurity awareness training can only go so far and users are bound to make mistakes. Check out this step-by-step guide and learning happy hour if you would like to add Credential Detection to your line of defense!

 

If you have any questions or comments feel free to drop a comment below or in the LIVEcommunity Discussion Forums.

 

  • 3650 Views
  • 0 comments
  • 1 Likes
Register or Sign-in
Labels