Segurança com DisrupçãoPALO ALTO NETWORKS PLATFORM NETWORK SECURITY ADVANCED ENDPOINT PROTECTION CLOUD SECURITY Threat Prevention URL Filtering WildFire AutoFocus Logging Service

Segurança com Disrupçãonas Universidades Portuguesas

Paulo VieiraSales Manager Portugal

✉️ [email protected]

THE DIGITAL AGE

2 | © 2018, Palo Alto Networks. All Rights Reserved.

DIGITAL TRANSFORMATIONFOR COMPETITIVE ADVANTAGE





NO SLOWDOWN

HIGHLY AUTOMATED ADVERSARY



CYBER MOONSHOT CHALLENGE

National Security Telecommunications Advisory Committee

OFFICE OF THE CISO

CONSUMING CYBERSECURITY IS BECOMING IMPOSSIBLE


AUTOMATION, ORCHESTRATION, AND LEVERAGE


NO SINGLE ENTITYCAN DO ALL INNOVATION



INNOVATION THATCAN BE CONSUMED

Cortex


Mobile UsersBranch Office

Next-Generation Firewall

Campus

Traps

ServersEndpoints Cloud Data Center

CortexTM

HUB

CortexTM Data Lake

3rd PARTY

APP

3rd PARTY

APP

AUTOFOCUSHUNTING

MAGNIFIERBEHAVIORAL ANALYTICS

ENABLING INNOVATIVE SECURITY APPS

Reporting and

Visualization

IoT Security

Automation and

Orchestration

Malware

DetectionAnalytics

Threat

Intelligence

Detection and

Response

Identity

Application

Framework

15 | © 2018 Palo Alto Networks, Inc. All Rights Reserved.

IoT SECURITY APPS TO PROTECT CONNECTED DEVICES


Fingerprint and

monitor IoT

devices

Support specialized

devices across

multiple industries

Control access

to quickly stop

unauthorized activity




21 | © 2015, Palo Alto Networks. Confidential and Proprietary.




SECOPS TO AUTOMATE WORKFLOWS


Contain threats faster

with orchestrated

enforcement

Streamline operations

by coordinating actions

for third-party products

Improve efficiency

by removing

manual processes



ANALYTICS APPS TO FIND SOPHISTICATED THREATS

Detect stealthy

threats with machine

learning

Access rich

data and threat

intelligence easily

Automate

enforcement to

stop threats

JOIN THE GROWING ECOSYSTEM


CLOUDNETWORK ENDPOINT


CORTEX XDR: BREAKING SECURITY SILOS

CortexTM Data Lake

CortexTM XDR

DETECTION & RESPONSE FOR NETWORK, ENDPOINT AND CLOUD

Automatically detect attacks

using rich data & cloud-

based behavioral analytics

Accelerate investigations

by stitching data together

to reveal root cause

Tightly integrate with

enforcement points to stop

threats & adapt defenses

App

AppApp name

Protocol

URL and Domain

Response Size

Response Code

Referrer

COLLECT AND CORRELATE RICH DATA

Collect rich data for

behavioral analytics & AI

Automatically correlate data to gain

context for investigations

User & Host

Network

Threat Intel

Endpoint

NetworkTCP port

Source IP

Country

Dest IP

Sent Bytes

Received BytesThreat

IntelligenceMalware hashes

Malicious IPs

Phishing URLs

URL Categories

User & HostUser name

Hostname

Organizational unit

Operating system

Mac address

EndpointFile update

Process name

MD5/SHA Hash

File path

Registry change

Malware verdict

CLI arguments

SECURE YOUR ORGANIZATION WITH CORTEX XDR & TRAPS


Rapidly Investigate

• Root cause analysis

• Timeline analysis

• Integrated threat intel

Prevent

• Market-leading network, endpoint, cloud security

Respond & Adapt

• Integrated enforcement

• Adaptable rules

Automatically Detect

• Behavioral analytics with machine learning

• Customizable detection

• Automated threat hunting

1 2

4 3

AUTOMATICALLY DETECT ATTACKS WITH BEHAVIORAL ANALYTICS

Cortex XDR profiles behavior to find

anomalies indicative of attack

Malware Behavior

Attackers often perform 1,000s of actions, but each one may look innocent

Command and Control

Internal Reconnaissance

Cortex

Data Lake

Cortex

XDR

ACCELERATE & SIMPLIFY INVESTIGATIONS


Investigate any alert with one click

Automatically reveal the root cause & chain of events

Review threat intel, forensic timeline & context

chrome.exe

ENV21\Sauron

1 2 3

ROOT

CAUSE

7zFM.exe cmd.exe powershell.exe wscript.exe

Clicks on URL in phishing email Downloads 7zip file 7zip runs *.pdf.bat file in zip *pdf.bat file creates Virtual basic

script for Windows script engine

Attempts C2 connection

12

2

Traps alert

RESPOND & ADAPT TO THREATS

Apply knowledge gained to detect

future threats & ease investigations

Easily stop threats through tight

integration with enforcement points

Block attacks with firewall external

dynamic lists

Isolate the endpoint using Traps

Create new rule to detect known

bad activity

Cortex

Data Lake

Cortex XDR

PALO ALTO NETWORKS ACADEMY

O QUE REPRESENTA AS ACADEMIAS PARA PORTUGAL


• 8 academias em Portugal

1 academia Regional

• 46 Instrutores formados para dar os cursos completos

• Mais de €1,7M em equipamentos nas 8 academias.

• 80 Alunos já com o nível de PCNSE

Your Environments Are so Diverse



3 EVOLUTIONS OVER 10 YEARS

WHAT WE HAVE ACCOMPLISHED FY18

TOP 20 Companies

using Artificial

Intelligence

”Palo Alto Networks is activelyusing AI and Machine Learning tobeat the bad guys”.

Gartner Market Share

We are #1 in theenterprise networksecurity market shareaccording to Gartner.

Fortune Future 50

The worlds forward-looking innovative companies that are in best shape to the change the future.

AI

WHAT WE HAVE ACCOMPLISHED FY18


*Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D’Hoinne, and Rajpreet Kaur, May 2016

Strong industry leadership position

More

innovation

More

sharing

More

automation

More flexibility

on usage

More ease of

deployment

More

software

A NEW MODEL



RADICALLY DIFFERENTOUTCOMES

OBRIGADO

PALO ALTO NETWORKS PLATFORM

NETWORK SECURITY ADVANCED ENDPOINT PROTECTION CLOUD SECURITY

WildFireThreat Prevention URL Filtering AutoFocus Logging Service Magnifier MineMeld

CLOUD-DELIVERED SECURITY

SERVICES

© 2018, Palo Alto Networks. All Rights Reserved.

Threat Intelligence

WildFire

Global and Regional

Cloud-based zero-day

malware analysis

engine

AutoFocus

Acquiring contextual

intelligence providing

correlation and

aggregation

“Lens into WildFire”

MineMeld

Turn contextual

intelligence from

AutoFocus and 3rd Party

sources into automated

prevention measures


Detection Investigation Respond

MALWARE, WF-AV, URLS, DNS, AUTO-C2

EVERY 5 MINUTES

STATIC

ANALYSIS

FIREWALLS TRAPS APERTURE CYBER THREAT

ALLIANCE

PARTNER

INTEGRATIONSVM-SERIES

DYNAMIC

ANALYSIS

MACHINE LEARNING BARE METAL

DYNAMIC UNPACKING

NETWORK TRAFFIC

PROFILING

MAGNIFIER

NEW

NEW

NEW

NEW

NEW

GLOBAL

PROTECT

WILDFIRE

THREAT

PREVENTION

URL

FILTERING


AUTOFOCUS


Cumulative total unique files processed

0.0

2.5

5.0

7B

5T

300M

Samples

Artifacts

Per month

300M+Never before seen samples

every month demonstrates

our unique data set

26,000+WildFire Customers growing

every month

45%Malware detected by

WildFire is unknown in

Virus Total

40%Zero-day malware detected by

WildFire were not seen by the top

six antivirus vendors at the time of

detection

230KNew high quality protections delivered

daily to the platform within 5 minutes

1- PE, PE64 (Windows)

2- Android APK

3- DLL (Windows)

4- PDF (Adobe)

5- ELF (Linux)

IP, DNS, C2, URL, WF-AV

Top file type trends

Malware delivered over applications other than web and email

(FTP, SMB)

8%

1.1MAverage Malware variants covered from a

single WildFire signature

Protections Delivered:


Wil

dF

ire

By T

he N

um

bers

Malware Analysis Engine - Automation

Bare

Metal

Analysis

Static

Analysis

Dynamic

Analysis

Dynamic

Unpacking

Detect known exploits,

malware, and variants

Find new zero-day

exploits & malware

through execution

Heuristic Engine

Steer evasive malware

to bare metal

Identify VM-aware

threats using hardware

systems

Memory analysis

Machine learning

File anomalies

Malicious patterns

Known malicious code

Custom hypervisor

Behavioral scoring

Multi-version analysis

Full dynamic analysis

Real desktop hardware

No virtual environment

No hypervisor


Continuous Feedback Loop

52 | © 2018, Palo Alto Networks, Inc. All Rights Reserved.

Bare Metal

Analysis

Network Traffic

ProfilingCustom Hypervisor

Used Twitter to download malware Hosts temperature checks to

bypass legacy sandboxes

Rapid Innovations

Causes crashes in virtual

environment

SARODIP GRAVITYRAT VARIOUS THREATS

NAM

EMEA - EU

APAC

Japan

SOC 2 Type 2 Compliant | Regional Data Privacy | Identical Capabilities | Distributed Research Team

Singapore

Amsterdam

CaliforniaVirginia


WildFire Global Infrastructure

Threat Intelligence

WildFire

Global and Regional


malware analysis

engine

AutoFocus



correlation and

aggregation


MineMeld

Turn contextual

intelligence from



prevention measures



How can we use AutoFocus context to deploy

automated protections?

AutoFocus : Answers to Important Questions

WHOWHATWHEN

WHEREHow does my organization

compare to the rest of the Industry?

Latest Malware in the news, are we

protected?

How long has this being going on?



AutoFocus latest Statistics

57 | © 2015, Palo Alto Networks. Confidential and Proprietary. Executive Dashboard & Report

Granular SearchesDetailed Analysis

Export Capabilities

3rd Party FeedsCorrelation

API


58

More

Customers

More

Protection

BetterHigh-Fidelity

Protection

More

Context


AutoFocus tag group samples

Increase YoY

Ransomware: 75%

25%Increase in Android APK

files YoY

32%Malware Increase

YoY

• Non-Email : 100%

• Traditional Email: -23%

• Web-browsing : 235%

• Gmail: 136%

Increase in email applications

delivering malware YoY

16%Increase in malware delivered

over encrypted traffic YoY

Cryptomining: 1500%

Virlock Qhost Upatre Cosmic DukeAutoFocus top malware families seen in last 6 months

AutoFocus Trends

Threat Intelligence

WildFire

Global and Regional


malware analysis

engine

AutoFocus



correlation and

aggregation


MineMeld

Turn contextual

intelligence from



prevention measures



The MineMeld Application for AutoFocus

Drive automated

prevention for Palo

Alto Networks devices

or ingestion into other

security systems

Multi-source threat

intelligence by

aggregating any third-

party provider into

AutoFocus

Correlate and

validate intelligence

against all other

providers

& native AutoFocus

intel store

© 2018, Palo Alto Networks. All Rights Reserved .

MineMeld Ecosystem

200+ Sources ExportIntegrated Platform

AutoFocus | MineMeld

3rd Party Vendors


PAN-OSEDL’s

63

More

Customers

More

Protection

BetterAutomated

Protection


More

Context

3rd Party

Feeds


Automated Protection #1

WildFire

5 min updates

WF-AV, C2, DNS, URL

230K protections daily

Near Real Time

1Automated Protection #2

API, External Dynamic List

5min updates

IP, URL, Domain

Better Policy Management

23rd Party Solutions

EDR | SIEM | IR Systems | O365

Automated Protection #3

API/External Dynamic List

White List OR Black List

Operational Efficiency

3

And More..

Next Generation

Security Platform

High-Fidelity IOC’s

URL

Domain

IP

Hash

Regex

AutoFocus3rd Party Intelligence Correlation and

Aggregation

•JSON

•JSON-SEQ

•STIX/TAXII

Next-Generation Firewall

Automated Prevention Touch Points Continuous Response

3Touchpoints

Automated Response

Export


MINEMELD

Documents

Segurança com DisrupçãoPALO ALTO NETWORKS PLATFORM NETWORK SECURITY ADVANCED ENDPOINT PROTECTION CLOUD SECURITY Threat Prevention URL Filtering WildFire AutoFocus Logging Service