Implementing a central management system to view and preside over your many firewall deployments can give you full visibility into your entire network and help you to orchestrate detection and protection based on real-time intelligence. This chapter highlights Palo Alto Networks’ methodology for implementing Panorama and our best practices for managing multiple firewalls.
Windows® XP end-of-life is a critical threat exposure for XP users. Security was one of the major drivers for Microsoft’s decision to end support for this operating system. No doubt, the intention was to urge enterprises to upgrade their systems. In reality, however, Windows XP systems are still deployed in many organizations.
This technical brief outlines how Traps secures endpoint systems that run Windows XP, while enabling you to manage your XP upgrade policy at your own pace as you maintain acceptable levels of security and compliance.
First principles in a designated problem space are so fundamental as to be self-evident; so true that no expert in the field can argue against them. Experts use them like building blocks to derive everything else that is worth -knowing in the problem domain. In this paper, we propose that the first principle for all network defenders is to prevent high-risk material impact to the organization.
Healthcare organizations are increasingly under attack by cybercriminals, putting sensitive patient information,
such as medications, diagnoses and Social Security numbers, at risk. The Anthem breach in early 2015 exposed
the fact that, despite substantial investments made in securing their networks to be HIPAA compliant, healthcare
providers are not fully protected against advanced cyberattacks.
This book provides an in-depth overview of next-generation firewalls. It examines the evolution of network security, the rise of Enterprise 2.0 applications and their associated threats, the shortcomings of traditional firewalls, and the advanced capabilities found in next-generation firewalls.
Unit 42, the Palo Alto Networks® threat intelligence team, recently released a report identifying and tracking “Scarlet Mimic,” a series of sophisticated cyber espionage attacks which targeted Uyghur and Tibetan activists, their supporters, and entities that collect information on such groups. The attacks, which date back to 2009, have evolved over the past six years to compromise users of Windows®, Mac® OS X® and Android™ devices, indicating that they are the work of a well-resourced, sophisticated and persistent adversary group.
A comprehensive security strategy for federal and other government agencies requires in-depth analysis of encrypted traffic to detect and prevent hidden attacks and data leakage. As more Internet traffic is encrypted, increasing numbers of attackers, including state-sponsored actors, are using this technology to hide malware, and botnet-based command and control traffic to exfiltrate data and escalate the likelihood of successful attacks. Palo Alto Networks Next-Generation Security Platform provides a combination of advanced capabilities to prevent undesired applications and malicious content, including the decryption and scrutinization of encrypted communications, along with Hardware Security Module (HSM) support for enhanced performance and security of certificate and key management.
Evolution of Next-Generation Managed Network Security Services
For almost twenty years, the centerpiece of any corporate security strategy has been the firewall. As soon as there were appliances, there were services providers who offered to manage the firewall.
The AUTR provides visibility into the real-world threat and application landscape, helping security teams to understand how adversaries are attempting to attack organizations around the world and build proactive, actionable controls. Built by the Unit 42 threat research team, the report correlates data from more than 7,000 enterprise organizations, providing broad visibility into critical trends.
Outlines the benefits of intelligently integrating security functions into your firewall, why past approaches have failed, and how Palo Alto Networks succeeded with our single-pass architecture approach.
This paper examines modern endpoint protection, describing how the evolution of malware has created a need for a modernized approach to endpoint protection. It also looks at the role of Palo Alto Networks Traps offering in this critical market.
With today's growing cyber threats, you undoubtedly have multiple layers of security in place to ensure your data is protected. The problem is that the existing endpoint technologies are just not adequate, leaving you to spend much of your time trying to keep up with patches, then detecting, remediating, and often re-imaging systems when you should be preventing these breaches.
This whitepaper will introduce you to a better way, Traps, Palo Alto Networks Advanced Endpoint Protection is not only a product like no other, but an entirely new category that is going to change the way you think about endpoint protection.
Threat actors who pursue the most effective means to circumvent existing endpoint security measures rely on exploits, especially those that leverage unknown software vulnerabilities (commonly referred to as “zero-day exploits”). Embedded in specially crafted data files and content, such as Adobe® PDF and Microsoft® Word documents, zero-day exploits subvert legitimate applications to carry out nefarious activities. Their ability to evade traditional antivirus solutions, and a lack of vendor security patches, often leave organizations with little in terms of preventive measures against zero-day exploits, which generally serve as the initial stage of a targeted attack.
This paper provides a list of the Top 10 Zero-Day Exploits of 2015, offers several possible conclusions based on the types of exploits and their associated cybercrime campaigns, and discusses three particularly effective zero-day exploits in brief case studies.
The paper then introduces the reader to a technical solution that prevents security breaches which leverage zero-day exploits, including the Top 10 Zero-Day Exploits of 2015 that are listed in this document, without prior knowledge of the application vulnerabilities which they exploit. The solution safely enables organizations to continue the use of their applications regardless of the existence of zero-day exploits, the discovery of application vulnerabilities, or the deployment of security patches.
In this paper we will explore the adoption of IPv6, outline security considerations and concerns, and cover the support of IPv6 on the Palo Alto Networks next-generation firewall. Regardless of where you appear on the spectrum for IPv6 adoption, making the switch to the next-generation platform provides tremendous benefit by enabling organizations to implement security services, control errant and unmonitored usage of IPv6, provide a path to consistently secure traffic, and ease migration.