Automation, closed loop tactics boost enterprise security
Palo Alto Networks has announced enhancements to its enterprise security and Wildfire threat analysis systems that speed up the discovery and elimination of malware, zero-day exploits and advanced persistent threats, according the firm.
The upgrades are designed to address new methods criminals are now using to evade more traditional security measures, including firewalls, intrusion detection and anti-virus systems. Such legacy tools often address only a single type of threat across a limited range of network traffic, says Palo Alto, resulting in high rates of attack and costly damage control measures.
To meet more sophisticated enterprise threats, Palo Alto says a highly automated and scalable “closed loop” approach is required. This includes positive security controls to minimize the attack surface, inspection of traffic to block all known threats and the use of new protections to block all new or previously unknown threats.
The firm says its enhanced enterprise security system is pioneering this approach, starting with a new firewall as the core defense within the network and including advanced detection and analysis features from its WildFire service.
The enhancements include:
- Extended file visibility, where all common file types and applications – encrypted or not– are now detected, sandboxed and filtered.
- Zero-day exploit detection using behavioral analysis. This capability in the WildFire cloud quickly identifies exploits in common applications and operating systems and distributes the intelligence to subscribing customers to prevent future attacks.
- Discovery of malicious domains, which blocks the critical command-and-control phase of an advanced attack by building a global database of compromised domains and infrastructure.
- Single "pane of glass" view into incident response data, providing security administrators information on malware, its behavior and compromised hosts, so that incident response teams can quickly address threats and build proactive controls.
Phil Cummings, security administrator for the Health Information Services – Nova Scotia, said the Palo Alto platform gives the agency an extra layer of security.
“By having our firewall, URL filtering, threat prevention natively integrated and managed from a single dashboard – instead of multiple niche products, we have a clearer picture of our threat landscape. Ultimately, the platform gives us what we need to effectively detect, analyze, block, and, more importantly, quickly remediate issues.”
Connect with the GCN staff on Twitter @GCNtech.