Palo Alto Networks will be kicking off another Breach Prevention week July 24-28th and we are recapping the last round of topics to help you prep for what’s to come. In case you missed it, Breach Prevention Week is a weeklong webinar series where Palo Alto Networks provides insights on how to prevent successful cyberattacks and achieve high performance across your network, endpoint, and cloud environments. Here we continue our summary series with Part 3: Use Automation to Prevent Evasive Threats and C2 Traffic.CLICK TO REGISTER FOR BREACH PREVENTION WEEK
Part 3: Use Automation to Prevent Evasive Threats and C2 Traffic
Part 3 of this summary series covers detection, automated prevention and leveraging threat intelligence sources into preventive actions. First let’s dig into the behavior of today’s attackers who are sophisticated and adaptable. VM Analysis Evasions, where an attacker can plug and play into any malware and evade detection into even the most advance virtual machines, are much more prevalent than even just a year ago. Because every security vendor started with common open-sourced virtualization technology, attackers have learned evasion tactics by knowing where they’re being watched, who’s watching them and the protection instruments in place. Today’s adversaries don’t stand still and are continuously shifting variables, thus the status quo for Command-and-Control (C2) prevention with automated coverage, based on static variables, has limited effectiveness. Though manual coverage is more effective for payload-based protections – it simply cannot not scale.
On top of a continuum of shifting variables, security teams face the challenge of managing sources and Indicators of Compromise (IOCs), validating intel and driving preventive actions.
Palo Alto Networks brings 3 distinct, next-generation, innovations to help arm you against the shifty adversary:
- The newly, updated, WildFire: All new anti-evasion analysis engine
- Threat Prevention: Changing the game with automated payload-based C2 protections
- AutoFocus with MindMeld: To turn any 3rd party intelligence source into prevention
Detection and Prevention Powered by WildFire
Palo Alto Networks’ threat prevention cloud, WildFire, has been custom built to be evasion resistant and allows you to side-step VM evasion since attackers don’t have access to the software, unlike standard open-source security offerings. WildFire will continue to deliver relevant threat intelligence to customers on a massive scale and it’s improved architecture allows for quick implementation of new anti-VM evasion techniques as they become known.
WildFire Threat Prevention Cloud: Over 2.4 billion malware samples, growing at 150 million/per month compounding on top of itself helping to drive automated prevention of unknown threats delivered to customers within 5 minutes.
WildFire’s All-New Malware Analysis Environment with PAN OS 8.0:
When combating cyber security adversaries, threat intelligence and detection is only as good as the prevention you can automatically enforce. The method of detection and response is outdated. Resources and security teams can’t scale and prevent attacks as they occur in real-time because there are simply too many alerts, too much data and too much information to analyze. PAN OS 8.0 removes the trade-off between automated and manual coverage by combining scale and the speed of automated protection with the fidelity of research generated protections.
The new automated payload-based C2 protections allow you to defeat whole classes of C2 traffic at scale:
- 10x more coverage: 10x more payload-based C2 signatures release per day
- 20x more effective Coverage: New automatically generated c2 signatures cover 20x more malware per signature
Palo Alto Networks AutoFocus platform makes threat intelligence easily accessible to every organization. AutoFocus allows customers to:
- Identify: Unique, targeted, attacks
- Context: Attacks, campaigns, techniques
- Analyze: Correlate global and local threat intelligence
- Protect: Drive automated prevention across Palo Alto Networks platform to increase your security posture
- … And now has the capability to layer on applications. The first application available from Palo Alto Networks is MineMeld which aggregates any third-party threat intelligence into the application that has been built directly into AutoFocus. MineMeld will correlate and validate intelligence against all other providers and drive automated prevention across all Palo Alto Networks devices or ingest intelligence into other security systems using external dynamic lists – requiring no firewall commits or policy changes. MineMeld is complete automated intelligence ingestion from end-to-end.