PA-820 Threat License attack passed

Reply
L0 Member

PA-820 Threat License attack passed

Hello Guys,

 

This is my first post here and I am very sad.

 

I am big fan of PA and had a couple of implementations with customers but...

Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack.

 

Customer of mine had some public exposed servers(public services).

In log files I saw many login attempts and no Brute-force signature engaged.

Interesting is here in the screenshot.

1. Vulnerability stopped and than again....login attempt:

KaloyanKirchev_0-1580376316902.png

All internal serves and infrastructure were down and has to be REBUILD from scratch.

 

PLEASE give advice on how to "fine tune" vulnerability protection to stop these kind and future threats.

Somewhere I read that brute-force timers/attempts should be managed but I think this is not enough.

Maybe the login attempts were not the only problem.

I can show traffic logs for many login attempts BUT No threats.

 

P.S.: Of course it has Threat License and company DID loose huge amount of money as Monday morning there were no servers.

 

I would be happy to receive any help.

 

L7 Applicator

for critical level threats and specifically for brute force threats I usually set a block-ip action for a good amount of time to discourage hammering internal resources

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!