Preventing Credential Theft and Abuse
Palo Alto Networks has introduced a scalable and automated approach designed to prevent credential-based attacks. These capabilities, delivered from the next-generation firewall, prevent the theft and abuse of stolen credentials and complement additional malware and threat prevention and secure application enablement functionality, to extend customer organizations’ ability to prevent cyber breaches.
Highlights:
- Automatically identify and block phishing sites: Sending suspicious links from emails to the WildFire service for enhanced machine learning-based analysis. If the site is determined to be phishing, PAN-DB will automatically update the phishing URL category, block the site, and prevent users from accessing it.
- Prevent users from submitting credentials to phishing sites: Integrating with User-ID technology, the firewall can recognize the movement of enterprise credentials in the traffic. If a user unknowingly attempts to transmit a username and password to an unauthorized site, policies within the firewall can alert or drop the traffic and stop the transmission of corporate credentials.
- Prevent the use of stolen credentials: Providing a policy-based multi-factor authentication framework natively in the next-generation firewall. This capability makes it easy to enforce multi-factor authentication from the firewall to stop cyber adversaries from moving laterally in a network and accessing sensitive resources with the help of stolen credentials or compromised endpoints.
New hardware firewall appliances
According to the security company, as more and more traffic is encrypted by SSL, enterprises are left blind to the applications and content their users are accessing, and advanced cyber adversaries are increasingly leveraging SSL encryption to obscure malicious activity, leaving organizations unaware of the hidden dangers lurking on their networks. Legacy security products are simply unable to perform at rates high enough to decrypt this traffic and restore the visibility required to prevent cyber breaches.
To address these needs, six new hardware firewall appliances join the existing hardware family of 16 appliances to safely enable applications and offer threat prevention in large data centers, small branches and remote locations, all managed centrally from Panorama network security management.
The new hardware appliances are designed to enable advanced security protections applied at speed and scale by delivering predictable performance with deep visibility into and control over all traffic, including encrypted traffic.
The VM-Series virtualized next-generation firewall family also has been optimized and expanded with three new models – VM-50, VM-500 and VM-700 – to support customer organizations expanding cloud and virtualization initiatives – from virtualized branch offices to data center and service provider deployments – that require high throughput and capacity.
Cloud and SaaS security
Building upon existing capabilities in the platform, the company has also extended protections from physical networks to the cloud, further simplifying security operations and infrastructure, and ultimately helping organizations establish an effective and consistent security posture.
Highlights:
- Expanded security for public and private clouds: Optimized workflow automation features and integration with native cloud services that ensure the same security measures for a customer’s physical environment can be easily applied to Amazon Web Services, Microsoft Azure, or any other cloud.
- New SaaS application security capabilities: Enhanced visibility and interactive dashboards, new reporting, and automated features like instant quarantine and data sharing limitations. These features increase security, real-time monitoring and compliance enforcement capabilities on cloud-based assets.
Raising the bar with new threat prevention capabilities
New advancements in the PAN-OS 8.0 have been made to take advantage of added automation, machine learning and threat prevention capabilities, among others.
Highlights:
- Stopping sandbox evasion techniques: A new 100 percent custom-built hypervisor and bare metal analysis environment is built for the WildFire service, designed to automatically identify and prevent the most evasive threats.
- Automated command-and-control signatures: A new payload-based signature generation engine is designed to deliver researcher-grade, payload-based signatures in a delivery mechanism that is automated end to end for faster time to prevention of adversary phone home attempts.
- Automated integration of threat intelligence: This is delivered through the integration of the MineMeld application with the AutoFocus service, whereby security operations teams can easily ingest multiple data feeds, accelerate the digestion of all the threat intelligence, create customizable fields, and quickly automate remediation to the next-generation firewall, as well as alert SOC groups via third-party SIEM solutions or asset management products.
- Management features that provide administrators fast and accurate insight delivered by Panorama network security management have been introduced.