Attackers are creative and persistent. They look for effective ways to get into your organization, and invest more time and resources in the reconnaissance, weaponization and delivery stages of the attack lifecycle. Threat intelligence sharing is more important now than ever before. According to the new research from the Ponemon institute, 39 percent of attacks can be thwarted by threat intelligence sharing, which is why our partnerships around this initiative with leading security, endpoints and networking vendors including our recent partnership with Proofpoint is significant.
In this post, I’ll go over what attackers look for, the tactics they use, and the advantages they gain in each of the first three stages of an attack. Then, I’ll provide information on how our partnership with Proofpoint helps you counter these multi-vector attacks.
The first three stages of the Attack Lifecycle
Reconnaissance Stage: In this stage, cyberattackers try to learn as much as possible about the systems you’re running, as they scan for services and applications they can exploit and identify vulnerabilities to target. They research, identify, and select targets, often using phishing tactics or extracting public information from LinkedIn profiles and corporate websites.
Weaponization Stage: Attackers create tailored exploits, and combine them with malicious payloads, to leverage weaknesses they’ve found during the reconnaissance stage.
Delivery Stage: Attackers determine how to send weaponized threats into the organization, using methods such as phishing via email or social media platforms, watering holes, etc. They may choose to embed malicious code within a seemingly innocuous file, like a PDF, Word document or email message, as part of a multi-stage download attack. In highly targeted attacks, attackers may craft deliverables to catch the specific interests of an individual.
New forms of sophisticated cybersecurity threats continually emerge, targeting enterprises, utilizing multiple attack vectors, and aiming at the target’s data through employees and partners. Infrastructure that is fragmented and patchy, built over time with multiple isolated systems and management tools, provide attackers with a huge advantage: gaps that may make their activities invisible.
What can you do to take that advantage away? Make them visible again.
- Gain total visibility by inspecting all data and traffic and cutting through the overwhelming volume of alerts and manual processes associated with operating many discrete security products designed for singular functions.
- Efficiently correlate information to identify infected systems and weaknesses throughout the network, cloud, and endpoints and then execute protection across the organization.
- Reduce the gaps between detection, analysis, and protection while keeping up with new threats composed of various tools, technologies and vectors.
We’ve designed our next-generation security platform to do just that, and we’re constantly working to add more threat intelligence and technology partners with the goal of reducing the gaps between different products across your organization and sharing actionable threat data globally.
This becomes essential when you prevent secondary downloads and data from leaving your organization and counter the next four stages of the attack life cycle, exploitation, installation, command and control and action on the objective.
New: Palo Alto Networks and Proofpoint Counter Multi-Vector Attacks
With the recent announcement of our partnership with Proofpoint, we’re able to deliver unprecedented threat intelligence and protection from cyberattacks targeting users, data and content via email and social media.
Prior to our partnership, files analyzed by Proofpoint were held and not shared with sandboxes. By combining our technologies, Proofpoint is able to share email attachments with WildFire, a key component of our security platform, in real time. Additionally, the joint development combines WildFire’s ability to analyze potentially malicious links with Proofpoint SocialPatrol’s ability to scan and, if necessary, remove malicious links throughout an organization’s social presence, including on platforms like Facebook, Twitter, LinkedIn and Instagram. This gives our platform unique access to Proofpoint’s threat intelligence and provides amplified visibility with an enriched blend of threat intelligence spanning the network, endpoints, cloud, email, and social media platforms. As new threats are discovered, WildFire automatically generates new protections and distributes them to all WildFire-subscribed customers globally, immediately preventing those threats from spreading.
By coordinating threat information across different attack vectors we are delivering:
- Coordinated detection and protection throughout the network, endpoint, cloud, email and social media platforms.
- Unified threat intelligence across different attack vectors.
- Easy implementation at no additional cost.
With real-time, shared threat intelligence and coordinated protection between Palo Alto Networks and Proofpoint, a cyberthreat can quickly be detected and prevented, regardless of the attack vector.
If you are both a Proofpoint and Palo Alto Networks customer, you can immediately benefit from this integration simply by turning it on.
For more information
- Palo Alto Networks technology partner page
- Cybersecurity Buyer’s Guide
- Palo Alto Networks and Proofpoint Partner to Extend Threat Prevention Capabilities
- [Webinar] Proofpoint and Palo Alto Networks: Delivering Advanced Threat Protection