01-30-2020 01:33 AM
Hello Guys,
This is my first post here and I am very sad.
I am big fan of PA and had a couple of implementations with customers but...
Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack.
Customer of mine had some public exposed servers(public services).
In log files I saw many login attempts and no Brute-force signature engaged.
Interesting is here in the screenshot.
1. Vulnerability stopped and than again....login attempt:
All internal serves and infrastructure were down and has to be REBUILD from scratch. 😞
PLEASE give advice on how to "fine tune" vulnerability protection to stop these kind and future threats.
Somewhere I read that brute-force timers/attempts should be managed but I think this is not enough.
Maybe the login attempts were not the only problem.
I can show traffic logs for many login attempts BUT No threats.
P.S.: Of course it has Threat License and company DID loose huge amount of money as Monday morning there were no servers.
I would be happy to receive any help.
02-11-2020 06:45 AM
for critical level threats and specifically for brute force threats I usually set a block-ip action for a good amount of time to discourage hammering internal resources
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
