Seoul, Korea November 30th, 2015 - CONCERTconcert.or.kr/suf2015/pdf/K-1.pdfBond films, learned this...
Transcript of Seoul, Korea November 30th, 2015 - CONCERTconcert.or.kr/suf2015/pdf/K-1.pdfBond films, learned this...
The future of the Platform
Joseph Green-VP, Systems Engineering APAC
Seoul, Korea November 30th, 2015
A brief introduction
• Originally from Chicago, Il USA • Los Angeles to HK-2012 • Focused on Network Security since 1996 • Joined Palo Alto Networks in 2014 • VP Systems Engineering-APAC • Outside of work: 9x Ironman
Triathlete, Incheon-Sept-2015 • At work: I hire people who get things done
• If not, we should talk
For Today
So how did Security become a
TOP PRIORITY?
Because CEO’s don’t want their
emails to be public
5 | © 2014, Palo Alto Networks. Confidential and Proprietary.
EON PRODUCTIONS, the producers of the James Bond films, learned this morning that an early version of the screenplay for the new Bond film SPECTRE is amongst the material stolen and illegally made public by hackers who infiltrated the Sony Pictures Entertainment computer system. Read more: http://www.businessinsider.com/james-bond-spectre-script-leaks-2014-12#ixzz3QkLWPf4w
“$300M USD to make and over budget”
GOP: Guardians of Peace claim over 100TB stolen from Sony
Over 17,000 emails are now posted at wikileaks
The Platform
6 | © 2015, Palo Alto Networks. Confidential and Proprietary.
What defines a (successful)
Platform?
7 | © 2015, Palo Alto Networks. Confidential and Proprietary.
What Platforms do I already use?
plat·form ˈplatfôrm/ noun 1. a raised level surface on which people or things can stand.
One of the world’s largest
Platforms
8 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Korea focus: Naver: Navigator,
Sailor of the web
9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
When Platforms collide-Users win
10 | © 2015, Palo Alto Networks. Confidential and Proprietary.
What if the new PLATFORM for
SECURITY, looked like this?
Threat Prevention URL Filtering WildFire
The shift to the Cloud
12 | © 2015, Palo Alto Networks. Confidential and Proprietary.
AGILITY DRIVING CHANGE
Public Cloud (IaaS, PaaS)
Software as a
Service (SaaS)
Private Cloud (SDN, NSX, ACI)
Where does data live?
Who has access?
14 | © 2015, Palo Alto Networks. Confidential and Proprietary.
BUSINESS IMPACTS OF SAAS
SANCTIONED Fast to deploy Minimal cost
Infinitely Scalable
UNSANCTIONED Violates Compliance Loss of corporate IP
Malware distribution
16 | © 2015, Palo Alto Networks. Confidential and Proprietary.
The Workflow
17 | © 2015, Palo Alto Networks. Confidential and Proprietary.
COMPLETE SAAS SECURITY APERTURE
GLOBALPROTECT
WILDFIRE
CONTEXTUAL
CONTROL
OF DATA
EXPOSURE
PROGRAMABLE
DOCUMENT
CLASSIFICATION
MALWARE
DETECTION
AND
REMOVAL
CONTEXTUAL
CONTROL
OF DATA
EXPOSURE
INTUITIVE UI
ONE CLICK COMPLIANCE RETROACTIVE ASSOCIATION VIEW PRIORITIZED RISK LIST REMEDIATION TRACKING
APERTURE
Building a PLATFORM to take
ACTION on data
21 | © 2014, Palo Alto Networks. Confidential and Proprietary.
WE DON’T HAVE BETTER ALGORITHMS.
WE JUST HAVE MORE DATA.
PETER NORVIG, GOOGLE
22 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Gathering the
Intelligence
WildFireTM
URL
intelligence
Dynamic
DNS
50+ third
party feeds
Threat
Intelligence Cloud
714M
session
410M
samples
40B
artifacts
Intelligence with context
WildFire intelligence correlated
26,000 devices
worldwide
2.5M samples
per day
30k unique
malware per day Policy detects unknown
threats on Gateway and Endpoint
Over 7000 Paying Customers for WildFire (That’s over double our nearest competitor)
23 | © 2015, Palo Alto Networks. Confidential and Proprietary.
AUTOFOCUS:
ACTIONABLE
THREAT
INTELLIGENCE
AUTOFOCUS: ACTIONABLE THREAT
INTELLGIENCE
24 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Prioritize events
Highlight unique, targeted attacks
when they happen
Context and search
Quick investigation on actors, campaigns and
attack techniques
Proactive response
Prevent across the attack lifecycle before
the breach
CYBER THREAT INTELLIGENCE
REQUIREMENTS
25 | © 2015, Palo Alto Networks. Confidential and Proprietary.
223.144.191.23
Adversary
Lotus Blossom
Related
indicators 101.55.121.171:443
DNS: gagalist.net
Targets Government &
Military
Context around indicators
and incidents Quick and
proactive response Prioritize
important events
Export indicators
Prevent attacks
AUTOFOCUS ARCHITECTURE
26 | © 2015, Palo Alto Networks. Confidential and Proprietary.
WildFire | PAN-DB | Unit 42 | Passive DNS
Statistical Analysis | Third-party feeds
From my conversations with
customers
The number one thing customers ask me is…
What are other
customers
doing?
Speaking of customers…
From my meetings recently
• Here is what I hear directly
from CxO’s, VP’s and
Directors;
• We have a lot of vendors…
• Correlation/Visibility are very
hard
• Security is now a priority after
the “incident last week”
• We just got hit with cryptolocker
• We still have DOS, Windows 95
and XP
• Malware is our biggest problem
• Phishing emails still come
through
These attacks only happen in
the U.S.
ELISE BACKDOOR
File system control
Execute shell commands
Download and execute additional tools
Uniquely identifies
the malware
reporting to
the C2
HTTP-based command and control
Named by author for the Lotus Elise
Each target identified by campaign code
Custom-built, low detection Windows backdoor
Developed by the Lotus Blossom Group for their needs:
Real Malware from our customers-
in ANZ
Dark Seoul
34 | © 2015, Palo Alto Networks. Confidential and Proprietary.
3.20대란 “다크서울” 다시 등장
Who is to blame?
The answer: Everyone
Security Lifecycle Review
Marketing example
Security Lifecycle Review
Customer example
• Security Lifecycle Review
• Formerly called an AVR (Application Visibility Report)
• Typically 5 days (can be longer)
• Completely passive
• Executive level report delivered
• No charge
• Can be run at any company-existing customer or not
• KPMG and their “Cyber Center” in Hong Kong
Real data, from a real customer-
APAC-ANZ
Real Data from APAC-ASEAN
Key observations on the 74 high risk applications out 277 applications
Activity Concealment:
• Proxy (2) and remote access (2) applications were found. IT savvy employees are using these
applications with increasing frequency to conceal activity and in so doing, can expose to compliance and
data loss risks.
File transfer/data loss/copyright infringement:
• P2P applications (8) and browser-based file sharing applications (10) were found. These applications
expose to data loss, possible copyright infringement, compliance risks and can act as a threat vector.
Personal communications:
• A variety of applications that are commonly used for personal communications were found including
instant messaging (4), webmail (5), and VoIP/video (2) conferencing. These types of applications
expose to possible productivity loss, compliance and business continuity risks.
Bandwidth hogging:
• Applications that are known to consume excessive bandwidth including photo/video (12), audio (2) and
social networking (7) were detected. These types of applications represent an employee productivity
drain and can consume excessive amounts of bandwidth and can act as potential threat vectors.
Korean SLR
42 | © 2015, Palo Alto Networks. Confidential and Proprietary.
43 | © 2015, Palo Alto Networks. Confidential and Proprietary.
NEXT-GENERATION
PLATFORM
Palo Alto Networks
Next-Generation Threat Cloud
Palo Alto
Networks
Next-Generation
Endpoint
Many vendors have tried this…
We succeeded
Unknowns
Unknowns &
zero-day
discoveries
Real-time
Signatures
15 minute updates
TP/DNS/URL/WF
Real-time
signatures
Confirm detection Integrated reporting
Next-Generation Firewall
Inspects all traffic
Safely enables
applications
Sends unknown
threats to cloud
Blocks network
based threats
Next-Generation Threat Cloud
Gathers potential threats
from network and
endpoints
Analyses and correlates
threat intelligence
Disseminates threat
intelligence to network
and endpoints
Next-Generation Endpoint Inspects all processes and files
Prevents both known and unknown exploits
Protects fixed, virtual, and mobile endpoints
Lightweight client and cloud based
Palo Alto
Networks
Next-
Generation
Firewall
The new PLATFORM for
SECURITY, does look like this
Threat Prevention URL Filtering WildFire
45 | © 2015, Palo Alto Networks. Confidential and Proprietary. Asia Pacific Forum for Palo Alto Networks Partners