Palo Alto Networks - a weapon in the fight against new threats

The catalog of threats that IT system administrators have to take into account has changed significantly in recent years. Attack vectors, against which up to a point could be protected using traditional firewall and anti-virus protection of workstations, have undergone a significant transformation. Criminals quite quickly learned to bypass traditional security measures and developed techniques thanks to which the hijacking and surveillance of an IT system often takes place unnoticed. APT (Advanced Persistent Threat) threats have become very real. Known and high-profile attacks of this type are sometimes detected after months, and sometimes years, when criminals have already extracted all the data from the systems.

Defending against this type of threat using traditional tools is little that ineffective, it creates a false sense of security, which allows intruders to conduct their activities with complete freedom. The lack of appropriate alerts from security systems means that everyone seems to be safe and there is no need to look at it closely. Most serious security incidents happen not in security-deficient environments, but in security-defective environments. Often, as part of handling a security incident, new tools are launched that immediately detect a whole range of threats and generate a large number of alerts, while traditional antivirus systems and firewalls present in the network do not see anything.

Protection areas

To be aware of the number and complexity of threats for which we must be prepared, it is worth reading, for example, the Miter ATT & CK matrix (https://attack.mitre.org/). Securing the environment against so many attack vectors requires the use of modern tools capable of operating in various areas and, most importantly, being able to respond to rapidly changing threats. Palo Alto Networks solutions, which are highly effective and have the ability to stop advanced attacks, can help us here. Below we will discuss the areas where Palo Alto Networks tools can help us.

DNS security

DNS is a service that is willingly used by cybercriminals. This is due to the fact that it must work in any network. Therefore, it is DNS protocol packets that often tunnel and hide malicious content or confidential data transferred outside the network. It is with the help of DNSs that communication between infected systems and C&C servers often takes place. Securing DNS communication is therefore essential in order to detect malicious activity. Moreover, monitoring of communication at this level makes it possible to detect and break communication with domains that are actively used by malware or other types of threats (e.g. phishing).

Endpoints security

Traditional antivirus protection for workstations is definitely not enough these days. Palo Alto Traps is a tool that proves its advantage over antiviruses perfectly. In detecting threats, this tool is based, among others, on on the analysis of behavior, but most importantly, it uses cloud services (Cortex XDR, WildFire) and artificial intelligence. Thanks to this, it is possible to detect attacks for which there are no traditional file signatures or attacks that take advantage of known vulnerabilities in systems for which manufacturers no longer provide updates (eg Windows XP).

URL Filtering Web Security

Protection of traffic exchanged between users' browsers and the Internet is another important element of security. This is due, firstly, to the popularity of the HTTP protocol, which is most often available in our networks, and, secondly, to the possibility of encrypting this traffic between the client and the server (including the malicious one), which makes it much more difficult to analyze and detect a security incident. It should also be remembered that it is through websites that phishing attacks are most often used by criminals. And it is in this area that Palo Alto Networks solutions show their effectiveness and advantage. They make it possible not only to detect the fact of sharing credentials outside the network, but also, for example, to analyze pictures on a website in order to detect attempts to impersonate known service providers (Microsoft, Google, Facebook, etc.).

WildFire Malware Analysis

The common point of most Palo Alto Networks solutions is their superior WildFire service. It is a cloud-based malware analysis center that can even recognize zero-day attacks using modern machine learning techniques. Malware tracking and incident response professionals know that modern viruses are untraceable from traditional malware signatures. They can dynamically modify their code with each infection or use infrastructure that uses thousands of dynamically registered Internet domains in a single malware campaign. The analysis of this type of threat requires insightful and time-consuming activities, the result of which is the determination of the so-called IOC (indicator of compromise), i.e. characteristics by which malicious activity may be identified. For just one type of malware, there can be hundreds or even thousands of them. Therefore, the fight against this type of threats without a central system that will be able to independently and automatically carry out analyzes based on data collected from all over the world is practically impossible. WildFire is therefore an indispensable tool here, the presence of which in security systems can be successfully replaced by a whole team of analysts.

If you are interested in Palo Alto Networks solutions, please do not hesitate to contact us contact with our sales department. Comprehensive information on TRAPS can be found at PaloAlto Networks website.