Downloaded 13 times
Uploaded byJisc
Prevention first platform for cyber defence the alternative strategy khipu - networkshop44
This document discusses the need for organizations to change their security strategies to address modern cyber threats. It describes how attackers have evolved over time and now operate at scale through cybercrime industries in many nations. Legacy security approaches using individual point solutions are no longer effective and lack coordination. The document promotes the Palo Alto Networks next-generation security platform as a fully integrated automated solution that can prevent both known and unknown threats through continuous innovation like the Traps, GlobalProtect, WildFire, and AutoFocus features. It argues this approach reduces risk, simplifies security operations, and saves costs through staff realignment compared to traditional complex and manual security methods.
More Related Content
Similar to Prevention first platform for cyber defence the alternative strategy khipu - networkshop44
Prevention first platform for cyber defence the alternative strategy khipu - networkshop44
- 1. A Need forChange.The Challenge for Organisations Khipu Simon Crocker Systems Engineering Manager
- 2. 2 | ©2015, Palo Alto Networks. Confidential and Proprietary. A Need for Change. The Challenge for Organisations SimonCrocker SystemsEngineeringManager
- 3. Palo Alto Networksat-a-glance 3 | © 2015, Palo Alto Networks. Confidential and Proprietary. CORPORATE HIGHLIGHTS • Founded in 2005; first customer shipment in 2007 • Safely enabling applications and preventing cyber threats • Able to address all enterprise cybersecurity needs • Exceptional ability to support global customers • Experienced team of 3,000+ employees • Q1 FY16: $297.2M revenue $MM REVENUES ENTERPRISE CUSTOMERS $13 $49 $119 $255 $396 $598 $928 $0 $200 $400 $600 $800 $1,000 FY09FY10FY11FY12FY13FY14FY15 4,700 9,000 13,500 19,000 26,000 0 4,000 8,000 12,000 16,000 20,000 24,000 Jul-11 Jul-12 Jul-13 Jul-14 Jul-15
- 4.
- 5. What’s changed? 5 |© 2015, Palo Alto Networks. Confidential and Proprietary. THE EVOLUTION OF THE ATTACKER $445 CYBERCRIME NOW billion industry 100+ nations CYBER WARFARE
- 6. What’s changed? Known threats Organizationalrisk Identitycompromise Zero-day exploits / vulnerabilities Evasive command-and-control Unknown & polymorphic malware Mobility threat THE EVOLUTION OF THE ATTACK 4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 7. Business Drivers forthe CIO Social Networking CloudAnalyticsMobility
- 8. Different Security Strategies. CurrentSecurity Thinking. Palo Alto Networks Thinking.
- 9. The Challenges forthe Head of Security 9 | © 2015, Palo Alto Networks. Confidential and Proprietary. • APPS • USERS • CONTENT Research Infiltration Discovery Capture Exfiltration £ Market Automated Scalable Specialised Manual Complex Expensive £+HC Regulation Departments & Faculties Counter Intel. Volume of Threat Intel. SPAM? Blocking Complex Lack of Correlation Point Solutions. SIEM Costly £ & People Complex Encryption Cumbersome and Impractical Incident Response Costly £ & People Blocking
- 10. Failure of LegacyBlocking Architectures 10 | © 2015, Palo Alto Networks. Confidential and Proprietary. URLFirewall Network AV Anti-APT cloud Internet Limited visibility Manual responseLacks correlation DNS Alert Endpoint Alert AV Alert SMTP Alert AV Alert Web Alert Web Alert SMTP Alert DNS Alert AV Alert DNS Alert Web Alert Endpoint Alert VPNIPS/IDS SandBox …. Security Operations Centre SIEM £ Market Automated Scalable Specialised Detection Architecture = Manual Response URLFirewall Network AV IPS/IDS UTM / NGFW
- 11. Next Generation SecurityPlatform 11 | © 2015, Palo Alto Networks. Confidential and Proprietary. • Application Aware • User Aware • Content Aware
- 12. 12 | ©2015, Palo Alto Networks. Confidential and Proprietary. URLFirewall Network AV Anti-APT cloud Internet Limited visibility Manual responseLacks correlation DNS Alert Endpoint Alert AV Alert SMTP Alert AV Alert Web Alert Web Alert SMTP Alert DNS Alert AV Alert DNS Alert Web Alert Endpoint Alert VPNIPS/IDS SandBox …. Security Operations Centre SIEM Detection Architecture = Manual Response URLFirewall Network AV IPS/IDS UTM / NGFW Fully Integrated & Automated Blocking Architecture
- 13. Public Cloud • ONE PLATFORM,ONE POLICY, DYNAMIC SECURITY Advanced Endpoint Threat Intelligence Cloud Internet Enterprise Network DNS Alert Endpoint Alert Web Alert APT Endpoint Alert Detect unknown threats Detect everywhere in the network Real-time “closed-loop” prevention Traps Traps Traps GlobalProtect Security Operations Centre Panorama AutoFocus Prevention Architecture = Automated Response Fully Integrated & Automated Blocking Architecture Traps
- 14. Palo Alto Networks- Rebalancing the Scales 14 | © 2015, Palo Alto Networks. Confidential and Proprietary. • APPS • USERS • CONTENT Research Infiltration Discovery Capture Exfiltration £ Market Automated Scalable Specialised Automated, Scalable & Integrated - Prevention Regulation Departments & Faculties Counter Intel. Volume of Threat Intel. SPAM? SIEM Reduction of Events, reducing Cost £ & People Encryption Integrated and Selective Incident Response Reduction of Cost £ & People Blocking Simplified, Automated and Fully Integrated for known and unknown Threats .Blocking
- 15. Traps Delivering continuous innovation GlobalProtect WildFire ThreatPrevention URL Filtering 10 | © 2015, Palo Alto Networks. Confidential and Proprietary. AutoFocus Aperture
- 16. Why Palo AltoNetworks. 16 | © 2015, Palo Alto Networks. Confidential and Proprietary. • Application Control and Enablement • Prevention Strategy • Single Pass Architecture • Predictable Performance • Fully Integrated and Automated Solution • Simplification / Consolidation • Cost Savings & Staff Realignment
- 17. Why Palo AltoNetworks? 17 | © 2015, Palo Alto Networks. Confidential and Proprietary. Prevention Zero-Day Reduce Risk Policy Visibility Remediation Detection Endpoint Data Center Mobility BYOD Management Vulnerability Responsive Exploit Anti-Malware Forensics Automation Private Cloud Public Cloud Performance Scalability Platform Segmentation Applications Users Control Agile Perimeter Integrated Support Web Security Command-&-Control Virtualization Ecosystem Context Correlation Services People Culture Safe Enablement Application
- 18. jisc.ac.uk Simon Crocker Systems EngineeringManager Khipu
Editor's Notes
- #4 Here are some additional facts you can use based on where we closed at the end of FY15. We’ll update these numbers quarterly following each earnings release. At the end of Q4, ‘15, we had more than 26,000 customers in over 140 countries across multiple industries. Palo Alto Networks has ranked an ”enterprise firewall market leader” by Gartner in 2011, 2012, 2013 and 2014 (published April 2015). FY’15 revenues grew 55% year over year We have consistently added more than 1,000 customers per quarter for the last 15 consecutive quarters, indicating a strong acceptance of our vision and strategy. We have over 2,600 employees worldwide. We’ve built a world-class global support operations with teams in the Americas, EMEA, Asia, and Japan.
- #6 Over the last two years in particular we’ve seen a dramatic change in both the attacker and the techniques they use. By many estimates cybercrime is now a $1+ trillion industry. And like any industry, opportunity fuels more investment and it is clear this “industry” isn’t being deprived. But like any industry investment decisions are made based on the expectation of profit. The best way to get an industry to collapse on itself is take away that potential for profit. Our strategy is quite simple - make it so unbelievably hard for cybercriminals to achieve their objectives that their only recourse is to invest more and more resources to stage a successful attack, or give up and move on to someone else. Today there are more than 100 nations who are actively building cyber military capabilities. Out of the 100 there are about 20 who are considered serious players. These nation states follow a completely different set of motives, and are not concerned about profit. These new units are accelerating the weaponization of vulnerabilities. They’re launching sophisticated campaigns at our employees looking to take advantage of weak defensive links. They are not motivated by profit. They’re motivated by warfare, terrorism, theft of secrets that may give their country an advantage. Equally so, we need to make it unbelievably hard for these nations to achieve their objectives. To achieve this we must consider a new approach. --------------------------------------------------------- Facts & Credits The $445B comes from a study administered by the Center for Strategic and International Studies (CSIS) and released June 2014. Peter W. Singer, director of the Center for 21st Century Security and Intelligence at the Brookings Institution, said 100 nations are building cyber military commands, and of that there are about 20 that are serious players and a smaller number could carry out a complete cyberwar campaign. The barrier to entry for attackers has come down significantly in the last couple of years with the accessibility of exploit kits that may be easily purchased online with full support.
- #7 This new approach must account for the realities that today’s attacks are not only multi-dimensional in nature, but also use an increasingly sophisticated set of techniques that are constantly in a state of change. As these techniques evolve the risk of breach increases. And as we all know an organization is only as strong as its weakest entry point, therefore an effective strategy must include multiple kill-points working together to prevent all aspects of an attack. This includes Blocking the different techniques attackers might use to evade detection and establish command-and-control channels Preventing installation of malware – including unknown and polymorphic malware Blocking the different techniques that attackers must follow in order to exploit a vulnerability Closely monitoring and controlling communications within the organization to protect against the unabated lateral movement when legitimate identities are hijacked With the evolution of the attack and the attacker as a backdrop, let’s take a quick look at where some of the breakdowns in approaches are occurring. --------------------------------------------------------- Facts & Credits Today we detect and analyze over 2M forms of new malware within WildFire. This trend line is increasing monthly.
- #12 We’d like to help you build a prevention-focused architecture that stops at nothing short of complete visibility into all traffic; is natively integrated in such a way that no gaps exist and context is delivered so you only have to react to the threats that are critically important; is highly automated to reduce or remove manual response; and enables you to drive seamless policy throughout your organization to reduce your attack surface and eliminate unnecessary risk. How do we do that? If you go back in time, the first thing we said we were going to do as a company was safely enable the use of all applications on your network. Why is that important? Attackers know that one of the easiest ways to get into your network is through an application. Back in the mid-90’s our founder, Nir Zuk, created the first stateful inspection firewall. Stateful inspection firewalls use port, protocol and IP addresses to make security policy decisions. That was OK in the mid-90’s when you had only two applications on your network – email and web that communicated over a very predictable set of ports. At the time there was also a very limited number of devices to contend with on your network. Fast forward to the early-2000’s and Nir could see that the number of applications landing on the network was about to explode, and that stateful-based firewalls would be incapable of handling this new environment where these applications utilized significantly more ports and followed non-standard patterns that the stateful firewall simply couldn’t anticipate. Mega trends like BYOD, mobility and cloud computing added further complications. Nir made the decision to re-invent the firewall and develop a new approach that took the guessing out of security, and provided a much more robust solution for managing applications, users and devices. That approach led to the formation of Palo Alto Networks in 2005, and the creation of the industries first next-generation firewall in 2007. The big different between stateful firewalls and next-generation firewalls is we don’t guess. We don’t guess about applications, we don’t guess about users, we don’t guess about content, and we don’t guess about devices. We definitively inspect and identify all applications, users, content, and devices operating across your network. That means you get real visibility on your network which leads to better security. The next thing we said we were going to do was prevent both known and unknown cyber threats for all users on any device across any network. To achieve this we developed a series of cloud-based services that integrate closely with the next-generation firewall and deliver automated threat detection and prevention. We have four cloud-based services today – Threat Prevention, URL Filtering, WildFire and GlobalProtect for mobile security. Let’s pick one of these services, WildFire, to demonstrate to power of this integrated approach. Now, if an attacker attempts to breach your organization using a known threat we’re going to automatically block that attack using a combination of our next-generation firewall and cloud-based services (Threat Prevention, URL Filtering and GlobalProtect). If the threat is unknown we’re going to quickly turn it into a known threat using WildFire which detects and analyzes potentially malicious files looking for new forms of malware, malicious URLs or command-and-control sites. As those unknown threats are detected, WildFire automatically develops new protections and within minutes routes those tools back to your cloud based services. We don’t just route those tools to your systems, we route them to the global customer base so you benefit from the multiplier effect of a large threat intelligence community. This automated process ensures that your platform can delivery the highest levels of security for all users on any device across your entire network. The newest technology we’ve brought to market is advanced endpoint protection. Let me tell you why we went down this path. Legacy providers have not been able to keep up with the challenges associated with advanced threats that have been finding their way onto the endpoint, then working their way into the network. We looked across the market, at all of the different approaches and decided something truly disruptive had to happen. Many of the “newer” technologies have effectively given up on prevention and instead focus their efforts on detection and remediation. Other prevention-based approaches were simply ineffective at stopping advanced threats, or imposed too much operational overhead to be viable on a large scale basis. We came up with a very unique approach that prevents all exploit and malware-based attacks, even those based on unknown zero-day vulnerabilities. And we do this with a very lightweight and scalable technology. This approach has proven to be highly effective at protecting endpoints from advanced attacks – including laptops, servers, industrial control systems, bank ATMs, medical devices and retail point of sale systems. So, to wrap it up our core value proposition is that we provide an enterprise security platform that safely enables all applications through granular use of controls and prevention of known and unknown cyber threats for all users on any device across any network. In doing so we’re able to deliver superior security with superior TCO.