Segurança com Disrupçãonas Universidades Portuguesas
Paulo VieiraSales Manager Portugal
THE DIGITAL AGE
2 | © 2018, Palo Alto Networks. All Rights Reserved.
DIGITAL TRANSFORMATIONFOR COMPETITIVE ADVANTAGE
3 | © 2018, Palo Alto Networks. All Rights Reserved.
4 | © 2018, Palo Alto Networks. All Rights Reserved.
5 | © 2018, Palo Alto Networks. All Rights Reserved.
6 | © 2018, Palo Alto Networks. All Rights Reserved.
NO SLOWDOWN
HIGHLY AUTOMATED ADVERSARY
7 | © 2018, Palo Alto Networks. All Rights Reserved.
8 | © 2018, Palo Alto Networks. All Rights Reserved.
CYBER MOONSHOT CHALLENGE
National Security Telecommunications Advisory Committee
OFFICE OF THE CISO
CONSUMING CYBERSECURITY IS BECOMING IMPOSSIBLE
10 | © 2018, Palo Alto Networks. All Rights Reserved.
AUTOMATION, ORCHESTRATION, AND LEVERAGE
11 | © 2018, Palo Alto Networks. All Rights Reserved.
NO SINGLE ENTITYCAN DO ALL INNOVATION
12 | © 2018, Palo Alto Networks. All Rights Reserved.
13 | © 2018, Palo Alto Networks. All Rights Reserved.
INNOVATION THATCAN BE CONSUMED
Cortex
14 | © 2018, Palo Alto Networks. All Rights Reserved.
Mobile UsersBranch Office
Next-Generation Firewall
Campus
Traps
ServersEndpoints Cloud Data Center
CortexTM
HUB
CortexTM Data Lake
3rd PARTY
APP
3rd PARTY
APP
AUTOFOCUSHUNTING
MAGNIFIERBEHAVIORAL ANALYTICS
ENABLING INNOVATIVE SECURITY APPS
Reporting and
Visualization
IoT Security
Automation and
Orchestration
Malware
DetectionAnalytics
Threat
Intelligence
Detection and
Response
Identity
Application
Framework
15 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.
IoT SECURITY APPS TO PROTECT CONNECTED DEVICES
16 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.
Fingerprint and
monitor IoT
devices
Support specialized
devices across
multiple industries
Control access
to quickly stop
unauthorized activity
18 | © 2018, Palo Alto Networks. All Rights Reserved.
19 | © 2018, Palo Alto Networks. All Rights Reserved.
20 | © 2018, Palo Alto Networks. All Rights Reserved.
21 | © 2015, Palo Alto Networks. Confidential and Proprietary.
22 | © 2015, Palo Alto Networks. Confidential and Proprietary.
23 | © 2015, Palo Alto Networks. Confidential and Proprietary.
24 | © 2015, Palo Alto Networks. Confidential and Proprietary.
SECOPS TO AUTOMATE WORKFLOWS
25 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.
Contain threats faster
with orchestrated
enforcement
Streamline operations
by coordinating actions
for third-party products
Improve efficiency
by removing
manual processes
26 | © 2015, Palo Alto Networks. Confidential and Proprietary.
27 | © 2015, Palo Alto Networks. Confidential and Proprietary.
ANALYTICS APPS TO FIND SOPHISTICATED THREATS
Detect stealthy
threats with machine
learning
Access rich
data and threat
intelligence easily
Automate
enforcement to
stop threats
JOIN THE GROWING ECOSYSTEM
29 | © 2018, Palo Alto Networks. All Rights Reserved.
CLOUDNETWORK ENDPOINT
30 | © 2017, Palo Alto Networks. Confidential and Proprietary.
CORTEX XDR: BREAKING SECURITY SILOS
CortexTM Data Lake
CortexTM XDR
DETECTION & RESPONSE FOR NETWORK, ENDPOINT AND CLOUD
Automatically detect attacks
using rich data & cloud-
based behavioral analytics
Accelerate investigations
by stitching data together
to reveal root cause
Tightly integrate with
enforcement points to stop
threats & adapt defenses
App
AppApp name
Protocol
URL and Domain
Response Size
Response Code
Referrer
COLLECT AND CORRELATE RICH DATA
Collect rich data for
behavioral analytics & AI
Automatically correlate data to gain
context for investigations
User & Host
Network
Threat Intel
Endpoint
NetworkTCP port
Source IP
Country
Dest IP
Sent Bytes
Received BytesThreat
IntelligenceMalware hashes
Malicious IPs
Phishing URLs
URL Categories
User & HostUser name
Hostname
Organizational unit
Operating system
Mac address
EndpointFile update
Process name
MD5/SHA Hash
File path
Registry change
Malware verdict
CLI arguments
SECURE YOUR ORGANIZATION WITH CORTEX XDR & TRAPS
32 | © 2018, Palo Alto Networks. All Rights Reserved.
Rapidly Investigate
• Root cause analysis
• Timeline analysis
• Integrated threat intel
Prevent
• Market-leading network, endpoint, cloud security
Respond & Adapt
• Integrated enforcement
• Adaptable rules
Automatically Detect
• Behavioral analytics with machine learning
• Customizable detection
• Automated threat hunting
1 2
4 3
AUTOMATICALLY DETECT ATTACKS WITH BEHAVIORAL ANALYTICS
Cortex XDR profiles behavior to find
anomalies indicative of attack
Malware Behavior
Attackers often perform 1,000s of actions, but each one may look innocent
Command and Control
Internal Reconnaissance
Cortex
Data Lake
Cortex
XDR
ACCELERATE & SIMPLIFY INVESTIGATIONS
34 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Investigate any alert with one click
Automatically reveal the root cause & chain of events
Review threat intel, forensic timeline & context
chrome.exe
ENV21\Sauron
1 2 3
ROOT
CAUSE
7zFM.exe cmd.exe powershell.exe wscript.exe
Clicks on URL in phishing email Downloads 7zip file 7zip runs *.pdf.bat file in zip *pdf.bat file creates Virtual basic
script for Windows script engine
Attempts C2 connection
12
2
Traps alert
RESPOND & ADAPT TO THREATS
Apply knowledge gained to detect
future threats & ease investigations
Easily stop threats through tight
integration with enforcement points
Block attacks with firewall external
dynamic lists
Isolate the endpoint using Traps
Create new rule to detect known
bad activity
Cortex
Data Lake
Cortex XDR
PALO ALTO NETWORKS ACADEMY
O QUE REPRESENTA AS ACADEMIAS PARA PORTUGAL
37 | © 2015, Palo Alto Networks. Confidential and Proprietary.
• 8 academias em Portugal
1 academia Regional
• 46 Instrutores formados para dar os cursos completos
• Mais de €1,7M em equipamentos nas 8 academias.
• 80 Alunos já com o nível de PCNSE
Your Environments Are so Diverse
38 | © 2015, Palo Alto Networks. Confidential and Proprietary.
39 | © 2018, Palo Alto Networks. All Rights Reserved.
3 EVOLUTIONS OVER 10 YEARS
WHAT WE HAVE ACCOMPLISHED FY18
TOP 20 Companies
using Artificial
Intelligence
”Palo Alto Networks is activelyusing AI and Machine Learning tobeat the bad guys”.
Gartner Market Share
We are #1 in theenterprise networksecurity market shareaccording to Gartner.
Fortune Future 50
The worlds forward-looking innovative companies that are in best shape to the change the future.
AI
WHAT WE HAVE ACCOMPLISHED FY18
42 | © 2017, Palo Alto Networks. All Rights Reserved.
*Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D’Hoinne, and Rajpreet Kaur, May 2016
Strong industry leadership position
More
innovation
More
sharing
More
automation
More flexibility
on usage
More ease of
deployment
More
software
A NEW MODEL
43 | © 2018, Palo Alto Networks. All Rights Reserved.
44 | © 2018, Palo Alto Networks. All Rights Reserved.
RADICALLY DIFFERENTOUTCOMES
OBRIGADO
PALO ALTO NETWORKS PLATFORM
NETWORK SECURITY ADVANCED ENDPOINT PROTECTION CLOUD SECURITY
WildFireThreat Prevention URL Filtering AutoFocus Logging Service Magnifier MineMeld
CLOUD-DELIVERED SECURITY
SERVICES
© 2018, Palo Alto Networks. All Rights Reserved.
Threat Intelligence
WildFire
Global and Regional
Cloud-based zero-day
malware analysis
engine
AutoFocus
Acquiring contextual
intelligence providing
correlation and
aggregation
“Lens into WildFire”
MineMeld
Turn contextual
intelligence from
AutoFocus and 3rd Party
sources into automated
prevention measures
© 2018, Palo Alto Networks. All Rights Reserved.
Detection Investigation Respond
MALWARE, WF-AV, URLS, DNS, AUTO-C2
EVERY 5 MINUTES
STATIC
ANALYSIS
FIREWALLS TRAPS APERTURE CYBER THREAT
ALLIANCE
PARTNER
INTEGRATIONSVM-SERIES
DYNAMIC
ANALYSIS
MACHINE LEARNING BARE METAL
DYNAMIC UNPACKING
NETWORK TRAFFIC
PROFILING
MAGNIFIER
NEW
NEW
NEW
NEW
NEW
GLOBAL
PROTECT
WILDFIRE
THREAT
PREVENTION
URL
FILTERING
© 2018, Palo Alto Networks. All Rights Reserved.
AUTOFOCUS
49 | © 2018, Palo Alto Networks. All Rights Reserved.
Cumulative total unique files processed
0.0
2.5
5.0
7B
5T
300M
Samples
Artifacts
Per month
300M+Never before seen samples
every month demonstrates
our unique data set
26,000+WildFire Customers growing
every month
45%Malware detected by
WildFire is unknown in
Virus Total
40%Zero-day malware detected by
WildFire were not seen by the top
six antivirus vendors at the time of
detection
230KNew high quality protections delivered
daily to the platform within 5 minutes
1- PE, PE64 (Windows)
2- Android APK
3- DLL (Windows)
4- PDF (Adobe)
5- ELF (Linux)
IP, DNS, C2, URL, WF-AV
Top file type trends
Malware delivered over applications other than web and email
(FTP, SMB)
8%
1.1MAverage Malware variants covered from a
single WildFire signature
Protections Delivered:
50 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.
Wil
dF
ire
By T
he N
um
bers
Malware Analysis Engine - Automation
Bare
Metal
Analysis
Static
Analysis
Dynamic
Analysis
Dynamic
Unpacking
Detect known exploits,
malware, and variants
Find new zero-day
exploits & malware
through execution
Heuristic Engine
Steer evasive malware
to bare metal
Identify VM-aware
threats using hardware
systems
Memory analysis
Machine learning
File anomalies
Malicious patterns
Known malicious code
Custom hypervisor
Behavioral scoring
Multi-version analysis
Full dynamic analysis
Real desktop hardware
No virtual environment
No hypervisor
© 2018, Palo Alto Networks. All Rights Reserved.
Continuous Feedback Loop
52 | © 2018, Palo Alto Networks, Inc. All Rights Reserved.
Bare Metal
Analysis
Network Traffic
ProfilingCustom Hypervisor
Used Twitter to download malware Hosts temperature checks to
bypass legacy sandboxes
Rapid Innovations
Causes crashes in virtual
environment
SARODIP GRAVITYRAT VARIOUS THREATS
NAM
EMEA - EU
APAC
Japan
SOC 2 Type 2 Compliant | Regional Data Privacy | Identical Capabilities | Distributed Research Team
Singapore
Amsterdam
CaliforniaVirginia
© 2018, Palo Alto Networks. All Rights Reserved.
WildFire Global Infrastructure
Threat Intelligence
WildFire
Global and Regional
Cloud-based zero-day
malware analysis
engine
AutoFocus
Acquiring contextual
intelligence providing
correlation and
aggregation
“Lens into WildFire”
MineMeld
Turn contextual
intelligence from
AutoFocus and 3rd Party
sources into automated
prevention measures
© 2018, Palo Alto Networks. All Rights Reserved.
Detection Investigation Respond
How can we use AutoFocus context to deploy
automated protections?
AutoFocus : Answers to Important Questions
WHOWHATWHEN
WHEREHow does my organization
compare to the rest of the Industry?
Latest Malware in the news, are we
protected?
How long has this being going on?
© 2018, Palo Alto Networks. All Rights Reserved.
56 | © 2018, Palo Alto Networks. All Rights Reserved.
AutoFocus latest Statistics
57 | © 2015, Palo Alto Networks. Confidential and Proprietary. Executive Dashboard & Report
Granular SearchesDetailed Analysis
Export Capabilities
3rd Party FeedsCorrelation
API
© 2018, Palo Alto Networks. All Rights Reserved.
58
More
Customers
More
Protection
BetterHigh-Fidelity
Protection
More
Context
© 2018, Palo Alto Networks. All Rights Reserved.
AutoFocus tag group samples
Increase YoY
Ransomware: 75%
25%Increase in Android APK
files YoY
32%Malware Increase
YoY
• Non-Email : 100%
• Traditional Email: -23%
• Web-browsing : 235%
• Gmail: 136%
Increase in email applications
delivering malware YoY
16%Increase in malware delivered
over encrypted traffic YoY
Cryptomining: 1500%
Virlock Qhost Upatre Cosmic DukeAutoFocus top malware families seen in last 6 months
AutoFocus Trends
Threat Intelligence
WildFire
Global and Regional
Cloud-based zero-day
malware analysis
engine
AutoFocus
Acquiring contextual
intelligence providing
correlation and
aggregation
“Lens into WildFire”
MineMeld
Turn contextual
intelligence from
AutoFocus and 3rd Party
sources into automated
prevention measures
© 2018, Palo Alto Networks. All Rights Reserved.
Detection Investigation Respond
The MineMeld Application for AutoFocus
Drive automated
prevention for Palo
Alto Networks devices
or ingestion into other
security systems
Multi-source threat
intelligence by
aggregating any third-
party provider into
AutoFocus
Correlate and
validate intelligence
against all other
providers
& native AutoFocus
intel store
© 2018, Palo Alto Networks. All Rights Reserved .
MineMeld Ecosystem
200+ Sources ExportIntegrated Platform
AutoFocus | MineMeld
3rd Party Vendors
© 2018, Palo Alto Networks. All Rights Reserved.
PAN-OSEDL’s
63
More
Customers
More
Protection
BetterAutomated
Protection
© 2018, Palo Alto Networks. All Rights Reserved.
More
Context
3rd Party
Feeds
64 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Automated Protection #1
WildFire
5 min updates
WF-AV, C2, DNS, URL
230K protections daily
Near Real Time
1Automated Protection #2
API, External Dynamic List
5min updates
IP, URL, Domain
Better Policy Management
23rd Party Solutions
EDR | SIEM | IR Systems | O365
Automated Protection #3
API/External Dynamic List
White List OR Black List
Operational Efficiency
3
And More..
Next Generation
Security Platform
High-Fidelity IOC’s
URL
Domain
IP
Hash
Regex
AutoFocus3rd Party Intelligence Correlation and
Aggregation
•JSON
•JSON-SEQ
•STIX/TAXII
Next-Generation Firewall
Automated Prevention Touch Points Continuous Response
3Touchpoints
Automated Response
Export
© 2018, Palo Alto Networks. All Rights Reserved.
MINEMELD
Top Related