This executive summary highlights key findings from the February 2020 edition of the Unit 42 Cloud Threat Report. Data shows Data shows nearly 200k insecure IaC templates in use, 43% of cloud databases are not encrypted, and 60% of cloud storage services have logging disabled.
Learn how consolidating and integrating networking and security functions, as well as unifying management and monitoring with SD-WAN in the branch, can lead to more secure and efficient operations.
Every security team has its own set of security tools, competencies, common use cases and compliance requirements. One of the few common threads that weaves through all these elements is the steps for responding to a security incident. Demisto, now part of Palo Alto Networks, sponsored a study of security professionals around the world to delve deeper into their challenges across the incident response (IR) lifecycle, the tools they use and the capabilities they feel are missing from their tool stacks.
ESG conducted a research survey with the intent to gain insight into the current and future processes involved in securing cloud-native applications, the challenges that arise when securing cloud-native applications, and the product requirements companies will demand as they continue to secure more cloud-native applications.
Gartner’s 2019 Magic Quadrant for Network Firewalls Report recognizes Palo Alto Networks a Leader for the EIGHTH time in a row, with the highest position in ability to execute and furthest in completeness of vision.
This report highlights key learnings from these incidents along with research by Unit 42’s cloud research team to shed light on current and emerging trends. Moreover, it offers tips and best practices to help organizations ensure business-critical data across their public cloud environments – Google Cloud, AWS, and Azure – is secure.
This Unit 42 report highlights key learnings from public cloud security incidents and presents original research from the cloud-focused division of the Unit 42 threat research team.
In 1H 2019, NSS Labs performed an independent test of the Palo Alto Networks PA-5220. This comprehensive testing compared security effectiveness, performance and cost among 12 NGFW products. Palo Alto Networks achieved the highest security effectiveness score and a Recommended rating.
NSS Labs performed an independent test of the Palo Alto Networks PA-5220 PAN-OS 8.1.2. The product was subjected to thorough testing at the NSS facility in Austin, Texas, based on the Next Generation intrusion Prevention System (NGIPS) Test Methodology v4 and the NSS Labs Evasion Test Methodology v1.1. Testing was conducted free of charge and NSS did not receive any compensation in return for Palo Alto Network’s participation.
Palo Alto Networks® is focused on securing your business with a prevention-focused architecture you can easily deploy and operate. In its 2018 “Next Generation Firewall Group Test Report,” NSS Labs® recognized this and gave our NGFW a Recommended rating.
In this research report, we present the results of a recent Tech Pro Research survey, asking CBS Interactive’s readers about their current cloud activities, security operations, and priorities. You'll learn how IT departments are planning their implementation of private and hybrid cloud infrastructure, how they're dealing with concerns about insider threats, their perceptions of shadow IT, and how you can protect your organization in a challenging threat landscape.
Credential theft is the oxygen of malicious activity: nearly always there, necessary, but never noticed. According to the 2016 Verizon® Data Breach Report, 63 percent of confirmed data breaches leveraged credentials, and the use of stolen credentials is the most common approach in web-app attacks. Credential theft is a staple in the playbooks of sophisticated attackers, like the Sofacy threat actor group, and unsophisticated attackers alike.
Credential-Based Attacks: Exposing the Ecosystem and Motives Behind Credential Phishing, Theft and Abuse
In this white paper, Unit 42 details the ecosystem behind how adversaries steal and leverage legitimate credentials to break in and move laterally within the organization, often bypassing security controls. Learn the key attack methods currently in use, how this technique fits into attacker playbooks, and real-world guidance on preventing successful attacks.
Unit 42 tracks Nigerian Threat Actors and finds they've evolved into capable and formidable adversaries successfully attacking major companies and governments.
Exploit kits, which first became popular in 2006, are used to automate the exploitation of vulnerabilities on victims’ machines, most commonly while users are browsing the web. Over the past decade they have become an extremely popular means for criminal groups to distribute mass malware or remote access tools (RAT), because they lower the barrier to entry for attackers and can enable opportunistic attacks at scale. To understand this phenomenon, we must understand the ecosystem that surrounds exploit kits, including the actors, campaigns and terminology involved.
The Palo Alto Networks threat research team, Unit 42, has spent the last seven months investigating a series of attacks, determining that they are the result of a long-standing cyber espionage campaign. The campaign, which we refer to as “Scarlet Mimic,” has activity dating back over four years. The result of our analysis has allowed us to connect a series of disparate attacks into a coherent picture of the Scarlet Mimic operation, which has targeted human rights activists, as well as organizations with knowledge about these groups, including government entities.
The AUTR provides visibility into the real-world threat and application landscape, helping security teams to understand how adversaries are attempting to attack organizations around the world and build proactive, actionable controls. Built by the Unit 42 threat research team, the report correlates data from more than 7,000 enterprise organizations, providing broad visibility into critical trends.
CoolReaper: The Coolpad Backdoor
New research from Unit 42 confirms security risk in Coolpad devices
Palo Alto Networks researchers have uncovered CoolReaper, a backdoor contained in millions of Android devices sold by manufacturer Coolpad. CoolReaper exposes users to potential malicious activity and appears to have been installed and maintained by Coolpad despite objections from customers.
Due to the unique way Coolpad modifies the Android OS, it is difficult for Android antivirus programs to identify and remove this backdoor.
Read the report about WireLurker and its potential impact, and get recommendations for preventing and mitigating WireLurker and other iOS and OS X malware threats.
In the past three months Palo Alto Networks has identified a series of attacks emanating from Nigerian actors against our customers in Taiwan and South Korea. Our team is tracking this activity under the code name Silver Spaniel. These attacks have deployed commodity tools that can be purchased for small fees on underground forums and deployed by any individual with a laptop and an e-mail address. Read the report by Palo Alto Networks Unit 42.
In the face of government regulation such as the Health Insurance Portability and Accountability Act (HIPAA), personal health information (PHI) continues to leak into the public domain at an alarming rate, resulting in fraudulent insurance claims, identity theft and other costs to the health care industry. Research indicates PHI can easily be found on peer-to-peer (P2P) filesharing networks. But why?