04-27-2018 02:39 PM - edited 04-27-2018 02:41 PM
I just was emailed a Palo Alto Networks security report listing information on all of the wildfire submissions from our organization. This email came from a vendor that we had never purchased Palo Alto products from and contained detailed information about our environment.
I was shocked and disturbed by this disclosure. Support refered me to the Privacy Policy
https://www.paloaltonetworks.com/legal-notices/privacy
This privacy policy sure as heck does not seem to cover this case. Has anyone else had this happen?
Thanks,
John Wade
04-28-2018 09:07 AM
I can't comment on your specific situation without the details but I am guessing the communications you received falls under this section of the privacy policy.
Business Partners.
We may share Your Information with our business partners and channel partners so that they can provide you with information on our products or services, or follow up on a sales lead. If you do not wish to receive promotional emails from our partners, you can unsubscribe directly in the footer of the partner’s email to you.
Assuming the people contacting you were from a PAN partner/reseller and using the information about your usage as an opportunity to upsell other PAN products and services.
Many businesses will use transactional and other information to generate sales leads in this way for either interal sales teams and partners. And in this time of Big Data with machine learning you can expect this to increase. Some companies have a method to opt out of such activities. You could explore that with your account manager or sales engineer.
04-28-2018 09:10 AM - edited 04-28-2018 09:15 AM
I'm going to disagree with @pulukas on this being a partner staying within their lane. The partner can pull what devices you have and likely form a basic understanding of your network from that information. If your SE if leaving detailed account notes they may also know that you have a 7000 series as your primary firewall, 3200s seperating building, and 220s segmenting departments. There can be a lot of design information in your customer profile.
What they shouldn't have been able to do is pull any WildFire submissions using what they have access to as a partner. This is the section that concerns me and one that you should investigate with your SE and account manager. A partner should neve recieve access to your WildFire enviroment if you have no working relationship with them.
04-28-2018 09:27 AM
As I said, I can't comment on the specifics of the situation because I don't have the details and am not a PAN or partner employee so also don't know the procedures.
But I would start by assuming everyone is above board and asking the what/where/why of the account team as I mentioned. In other words give people the benefit of the doubt as you gather more information to make a fully informed judgement.
05-02-2018 06:41 AM
Well, I am following up with Legal and our sales team. It sure doesn't seem right to me.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
