Seoul, Korea November 30th, 2015 - CONCERTconcert.or.kr/suf2015/pdf/K-1.pdfBond films, learned this...

The future of the Platform

Joseph Green-VP, Systems Engineering APAC

Seoul, Korea November 30th, 2015

A brief introduction

• Originally from Chicago, Il USA • Los Angeles to HK-2012 • Focused on Network Security since 1996 • Joined Palo Alto Networks in 2014 • VP Systems Engineering-APAC • Outside of work: 9x Ironman

Triathlete, Incheon-Sept-2015 • At work: I hire people who get things done

• If not, we should talk

For Today

So how did Security become a

TOP PRIORITY?

Because CEO’s don’t want their

emails to be public

5 | © 2014, Palo Alto Networks. Confidential and Proprietary.

EON PRODUCTIONS, the producers of the James Bond films, learned this morning that an early version of the screenplay for the new Bond film SPECTRE is amongst the material stolen and illegally made public by hackers who infiltrated the Sony Pictures Entertainment computer system. Read more: http://www.businessinsider.com/james-bond-spectre-script-leaks-2014-12#ixzz3QkLWPf4w

“$300M USD to make and over budget”

GOP: Guardians of Peace claim over 100TB stolen from Sony

Over 17,000 emails are now posted at wikileaks

The Platform


What defines a (successful)

Platform?


What Platforms do I already use?

plat·form ˈplatfôrm/ noun 1. a raised level surface on which people or things can stand.

One of the world’s largest

Platforms


Korea focus: Naver: Navigator,

Sailor of the web


When Platforms collide-Users win


What if the new PLATFORM for

SECURITY, looked like this?

Threat Prevention URL Filtering WildFire

The shift to the Cloud


AGILITY DRIVING CHANGE

Public Cloud (IaaS, PaaS)

Software as a

Service (SaaS)

Private Cloud (SDN, NSX, ACI)

Where does data live?

Who has access?


BUSINESS IMPACTS OF SAAS

SANCTIONED Fast to deploy Minimal cost

Infinitely Scalable

UNSANCTIONED Violates Compliance Loss of corporate IP

Malware distribution

The Workflow


COMPLETE SAAS SECURITY APERTURE

GLOBALPROTECT

WILDFIRE

CONTEXTUAL

CONTROL

OF DATA

EXPOSURE

PROGRAMABLE

DOCUMENT

CLASSIFICATION

MALWARE

DETECTION

AND

REMOVAL

CONTEXTUAL

CONTROL

OF DATA

EXPOSURE

INTUITIVE UI

ONE CLICK COMPLIANCE RETROACTIVE ASSOCIATION VIEW PRIORITIZED RISK LIST REMEDIATION TRACKING

APERTURE

Building a PLATFORM to take

ACTION on data


WE DON’T HAVE BETTER ALGORITHMS.

WE JUST HAVE MORE DATA.

PETER NORVIG, GOOGLE


Gathering the

Intelligence

WildFireTM

URL

intelligence

Dynamic

DNS

50+ third

party feeds

Threat

Intelligence Cloud

714M

session

410M

samples

40B

artifacts

Intelligence with context

WildFire intelligence correlated

26,000 devices

worldwide

2.5M samples

per day

30k unique

malware per day Policy detects unknown

threats on Gateway and Endpoint

Over 7000 Paying Customers for WildFire (That’s over double our nearest competitor)


AUTOFOCUS:

ACTIONABLE

THREAT

INTELLIGENCE

AUTOFOCUS: ACTIONABLE THREAT

INTELLGIENCE


Prioritize events

Highlight unique, targeted attacks

when they happen

Context and search

Quick investigation on actors, campaigns and

attack techniques

Proactive response

Prevent across the attack lifecycle before

the breach

CYBER THREAT INTELLIGENCE

REQUIREMENTS


223.144.191.23

Adversary

Lotus Blossom

Related

indicators 101.55.121.171:443

DNS: gagalist.net

Targets Government &

Military

Context around indicators

and incidents Quick and

proactive response Prioritize

important events

Export indicators

Prevent attacks

AUTOFOCUS ARCHITECTURE


WildFire | PAN-DB | Unit 42 | Passive DNS

Statistical Analysis | Third-party feeds

From my conversations with

customers

The number one thing customers ask me is…

What are other

customers

doing?

Speaking of customers…

From my meetings recently

• Here is what I hear directly

from CxO’s, VP’s and

Directors;

• We have a lot of vendors…

• Correlation/Visibility are very

hard

• Security is now a priority after

the “incident last week”

• We just got hit with cryptolocker

• We still have DOS, Windows 95

and XP

• Malware is our biggest problem

• Phishing emails still come

through

These attacks only happen in

the U.S.

ELISE BACKDOOR

File system control

Execute shell commands

Download and execute additional tools

Uniquely identifies

the malware

reporting to

the C2

HTTP-based command and control

Named by author for the Lotus Elise

Each target identified by campaign code

Custom-built, low detection Windows backdoor

Developed by the Lotus Blossom Group for their needs:

Real Malware from our customers-

in ANZ

Dark Seoul


3.20대란 “다크서울” 다시 등장

Who is to blame?

The answer: Everyone

Security Lifecycle Review

Marketing example

Security Lifecycle Review

Customer example

• Security Lifecycle Review

• Formerly called an AVR (Application Visibility Report)

• Typically 5 days (can be longer)

• Completely passive

• Executive level report delivered

• No charge

• Can be run at any company-existing customer or not

• KPMG and their “Cyber Center” in Hong Kong

Real data, from a real customer-

APAC-ANZ

Real Data from APAC-ASEAN

Key observations on the 74 high risk applications out 277 applications

Activity Concealment:

• Proxy (2) and remote access (2) applications were found. IT savvy employees are using these

applications with increasing frequency to conceal activity and in so doing, can expose to compliance and

data loss risks.

File transfer/data loss/copyright infringement:

• P2P applications (8) and browser-based file sharing applications (10) were found. These applications

expose to data loss, possible copyright infringement, compliance risks and can act as a threat vector.

Personal communications:

• A variety of applications that are commonly used for personal communications were found including

instant messaging (4), webmail (5), and VoIP/video (2) conferencing. These types of applications

expose to possible productivity loss, compliance and business continuity risks.

Bandwidth hogging:

• Applications that are known to consume excessive bandwidth including photo/video (12), audio (2) and

social networking (7) were detected. These types of applications represent an employee productivity

drain and can consume excessive amounts of bandwidth and can act as potential threat vectors.

Korean SLR



NEXT-GENERATION

PLATFORM

Palo Alto Networks

Next-Generation Threat Cloud

Palo Alto

Networks

Next-Generation

Endpoint

Many vendors have tried this…

We succeeded

Unknowns

Unknowns &

zero-day

discoveries

Real-time

Signatures

15 minute updates

TP/DNS/URL/WF

Real-time

signatures

Confirm detection Integrated reporting

Next-Generation Firewall

Inspects all traffic

Safely enables

applications

Sends unknown

threats to cloud

Blocks network

based threats

Next-Generation Threat Cloud

Gathers potential threats

from network and

endpoints

Analyses and correlates

threat intelligence

Disseminates threat

intelligence to network

and endpoints

Next-Generation Endpoint Inspects all processes and files

Prevents both known and unknown exploits

Protects fixed, virtual, and mobile endpoints

Lightweight client and cloud based

Palo Alto

Networks

Next-

Generation

Firewall

The new PLATFORM for

SECURITY, does look like this

Threat Prevention URL Filtering WildFire

Seoul, Korea November 30th, 2015 - CONCERTconcert.or.kr/suf2015/pdf/K-1.pdfBond films, learned this...

Documents

Transcript of Seoul, Korea November 30th, 2015 - CONCERTconcert.or.kr/suf2015/pdf/K-1.pdfBond films, learned this...