segurança com disrupçãopalo alto networks platform network security advanced endpoint protection...

Segurança com Disrupçãonas Universidades Portuguesas

Paulo VieiraSales Manager Portugal

✉️ pvieira@paloaltonetworks.com

THE DIGITAL AGE

DIGITAL TRANSFORMATIONFOR COMPETITIVE ADVANTAGE

NO SLOWDOWN

HIGHLY AUTOMATED ADVERSARY

CYBER MOONSHOT CHALLENGE

National Security Telecommunications Advisory Committee

OFFICE OF THE CISO

CONSUMING CYBERSECURITY IS BECOMING IMPOSSIBLE

AUTOMATION, ORCHESTRATION, AND LEVERAGE

NO SINGLE ENTITYCAN DO ALL INNOVATION

INNOVATION THATCAN BE CONSUMED

Cortex

Mobile UsersBranch Office

Next-Generation Firewall

Campus

ServersEndpoints Cloud Data Center

CortexTM

CortexTM Data Lake

3rd PARTY

AUTOFOCUSHUNTING

MAGNIFIERBEHAVIORAL ANALYTICS

ENABLING INNOVATIVE SECURITY APPS

Reporting and

Visualization

IoT Security

Automation and

Orchestration

Malware

DetectionAnalytics

Threat

Intelligence

Detection and

Response

Identity

Application

Framework

IoT SECURITY APPS TO PROTECT CONNECTED DEVICES

Fingerprint and

monitor IoT

devices

Support specialized

devices across

multiple industries

Control access

to quickly stop

unauthorized activity

SECOPS TO AUTOMATE WORKFLOWS

Contain threats faster

with orchestrated

enforcement

Streamline operations

by coordinating actions

for third-party products

Improve efficiency

by removing

manual processes

ANALYTICS APPS TO FIND SOPHISTICATED THREATS

Detect stealthy

threats with machine

learning

Access rich

data and threat

intelligence easily

Automate

enforcement to

stop threats

JOIN THE GROWING ECOSYSTEM

CLOUDNETWORK ENDPOINT

CORTEX XDR: BREAKING SECURITY SILOS

CortexTM Data Lake

CortexTM XDR

DETECTION & RESPONSE FOR NETWORK, ENDPOINT AND CLOUD

Automatically detect attacks

using rich data & cloud-

based behavioral analytics

Accelerate investigations

by stitching data together

to reveal root cause

Tightly integrate with

enforcement points to stop

threats & adapt defenses

AppApp name

Protocol

URL and Domain

Response Size

Response Code

Referrer

COLLECT AND CORRELATE RICH DATA

Collect rich data for

behavioral analytics & AI

Automatically correlate data to gain

context for investigations

User & Host

Network

Threat Intel

Endpoint

NetworkTCP port

Source IP

Country

Dest IP

Sent Bytes

Received BytesThreat

IntelligenceMalware hashes

Malicious IPs

Phishing URLs

URL Categories

User & HostUser name

Hostname

Organizational unit

Operating system

Mac address

EndpointFile update

Process name

MD5/SHA Hash

File path

Registry change

Malware verdict

CLI arguments

SECURE YOUR ORGANIZATION WITH CORTEX XDR & TRAPS

Rapidly Investigate

• Root cause analysis

• Timeline analysis

• Integrated threat intel

Prevent

• Market-leading network, endpoint, cloud security

Respond & Adapt

• Integrated enforcement

• Adaptable rules

Automatically Detect

• Behavioral analytics with machine learning

• Customizable detection

• Automated threat hunting

AUTOMATICALLY DETECT ATTACKS WITH BEHAVIORAL ANALYTICS

Cortex XDR profiles behavior to find

anomalies indicative of attack

Malware Behavior

Attackers often perform 1,000s of actions, but each one may look innocent

Command and Control

Internal Reconnaissance

Cortex

Data Lake

Cortex

ACCELERATE & SIMPLIFY INVESTIGATIONS

Investigate any alert with one click

Automatically reveal the root cause & chain of events

Review threat intel, forensic timeline & context

chrome.exe

ENV21\Sauron

7zFM.exe cmd.exe powershell.exe wscript.exe

Clicks on URL in phishing email Downloads 7zip file 7zip runs *.pdf.bat file in zip *pdf.bat file creates Virtual basic

script for Windows script engine

Attempts C2 connection

Traps alert

RESPOND & ADAPT TO THREATS

Apply knowledge gained to detect

future threats & ease investigations

Easily stop threats through tight

integration with enforcement points

Block attacks with firewall external

dynamic lists

Isolate the endpoint using Traps

Create new rule to detect known

bad activity

Cortex

Data Lake

Cortex XDR

PALO ALTO NETWORKS ACADEMY

O QUE REPRESENTA AS ACADEMIAS PARA PORTUGAL

• 8 academias em Portugal

1 academia Regional

• 46 Instrutores formados para dar os cursos completos

• Mais de €1,7M em equipamentos nas 8 academias.

• 80 Alunos já com o nível de PCNSE

Your Environments Are so Diverse

3 EVOLUTIONS OVER 10 YEARS

WHAT WE HAVE ACCOMPLISHED FY18

TOP 20 Companies

using Artificial

Intelligence

”Palo Alto Networks is activelyusing AI and Machine Learning tobeat the bad guys”.

Gartner Market Share

We are #1 in theenterprise networksecurity market shareaccording to Gartner.

Fortune Future 50

The worlds forward-looking innovative companies that are in best shape to the change the future.

WHAT WE HAVE ACCOMPLISHED FY18

*Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D’Hoinne, and Rajpreet Kaur, May 2016

Strong industry leadership position

innovation

sharing

automation

More flexibility

on usage

More ease of

deployment

software

A NEW MODEL

RADICALLY DIFFERENTOUTCOMES

OBRIGADO

PALO ALTO NETWORKS PLATFORM

NETWORK SECURITY ADVANCED ENDPOINT PROTECTION CLOUD SECURITY

WildFireThreat Prevention URL Filtering AutoFocus Logging Service Magnifier MineMeld

CLOUD-DELIVERED SECURITY

SERVICES

Threat Intelligence

WildFire

Global and Regional

Cloud-based zero-day

malware analysis

engine

AutoFocus

Acquiring contextual

intelligence providing

correlation and

aggregation

“Lens into WildFire”

MineMeld

Turn contextual

intelligence from

AutoFocus and 3rd Party

sources into automated

prevention measures

Detection Investigation Respond

MALWARE, WF-AV, URLS, DNS, AUTO-C2

EVERY 5 MINUTES

STATIC

ANALYSIS

FIREWALLS TRAPS APERTURE CYBER THREAT

ALLIANCE

PARTNER

INTEGRATIONSVM-SERIES

DYNAMIC

ANALYSIS

MACHINE LEARNING BARE METAL

DYNAMIC UNPACKING

NETWORK TRAFFIC

PROFILING

MAGNIFIER

GLOBAL

PROTECT

WILDFIRE

THREAT

PREVENTION

FILTERING

AUTOFOCUS

Cumulative total unique files processed

Samples

Artifacts

Per month

300M+Never before seen samples

every month demonstrates

our unique data set

26,000+WildFire Customers growing

every month

45%Malware detected by

WildFire is unknown in

Virus Total

40%Zero-day malware detected by

WildFire were not seen by the top

six antivirus vendors at the time of

detection

230KNew high quality protections delivered

daily to the platform within 5 minutes

1- PE, PE64 (Windows)

2- Android APK

3- DLL (Windows)

4- PDF (Adobe)

5- ELF (Linux)

IP, DNS, C2, URL, WF-AV

Top file type trends

Malware delivered over applications other than web and email

(FTP, SMB)

1.1MAverage Malware variants covered from a

single WildFire signature

Protections Delivered:

Malware Analysis Engine - Automation

Analysis

Static

Analysis

Dynamic

Analysis

Dynamic

Unpacking

Detect known exploits,

malware, and variants

Find new zero-day

exploits & malware

through execution

Heuristic Engine

Steer evasive malware

to bare metal

Identify VM-aware

threats using hardware

systems

Memory analysis

Machine learning

File anomalies

Malicious patterns

Known malicious code

Custom hypervisor

Behavioral scoring

Multi-version analysis

Full dynamic analysis

Real desktop hardware

No virtual environment

No hypervisor

Continuous Feedback Loop

Bare Metal

Analysis

Network Traffic

ProfilingCustom Hypervisor

Used Twitter to download malware Hosts temperature checks to

bypass legacy sandboxes

Rapid Innovations

Causes crashes in virtual

environment

SARODIP GRAVITYRAT VARIOUS THREATS

EMEA - EU

SOC 2 Type 2 Compliant | Regional Data Privacy | Identical Capabilities | Distributed Research Team

Singapore

Amsterdam

CaliforniaVirginia

WildFire Global Infrastructure

Threat Intelligence

WildFire

Global and Regional

malware analysis

engine

AutoFocus

correlation and

aggregation

MineMeld

Turn contextual

intelligence from

prevention measures

How can we use AutoFocus context to deploy

automated protections?

AutoFocus : Answers to Important Questions

WHOWHATWHEN

WHEREHow does my organization

compare to the rest of the Industry?

Latest Malware in the news, are we

protected?

How long has this being going on?

AutoFocus latest Statistics

Granular SearchesDetailed Analysis

Export Capabilities

3rd Party FeedsCorrelation

Customers

Protection

BetterHigh-Fidelity

Protection

Context

AutoFocus tag group samples

Increase YoY

Ransomware: 75%

25%Increase in Android APK

files YoY

32%Malware Increase

• Non-Email : 100%

• Traditional Email: -23%

• Web-browsing : 235%

• Gmail: 136%

Increase in email applications

delivering malware YoY

16%Increase in malware delivered

over encrypted traffic YoY

Cryptomining: 1500%

Virlock Qhost Upatre Cosmic DukeAutoFocus top malware families seen in last 6 months

AutoFocus Trends

Threat Intelligence

WildFire

Global and Regional

malware analysis

engine

AutoFocus

correlation and

aggregation

MineMeld

Turn contextual

intelligence from

prevention measures

The MineMeld Application for AutoFocus

Drive automated

prevention for Palo

Alto Networks devices

or ingestion into other

security systems

Multi-source threat

intelligence by

aggregating any third-

party provider into

AutoFocus

Correlate and

validate intelligence

against all other

providers

& native AutoFocus

intel store

MineMeld Ecosystem

200+ Sources ExportIntegrated Platform

AutoFocus | MineMeld

3rd Party Vendors

PAN-OSEDL’s

Customers

Protection

BetterAutomated

Protection

Context

3rd Party

Automated Protection #1

WildFire

5 min updates

WF-AV, C2, DNS, URL

230K protections daily

Near Real Time

1Automated Protection #2

API, External Dynamic List

5min updates

IP, URL, Domain

Better Policy Management

23rd Party Solutions

EDR | SIEM | IR Systems | O365

Automated Protection #3

API/External Dynamic List

White List OR Black List

Operational Efficiency

And More..

Next Generation

Security Platform

High-Fidelity IOC’s

Domain

AutoFocus3rd Party Intelligence Correlation and

Aggregation

•JSON

•JSON-SEQ

•STIX/TAXII

Next-Generation Firewall

Automated Prevention Touch Points Continuous Response

3Touchpoints

Automated Response

Export

MINEMELD

segurança com disrupçãopalo alto networks platform network security advanced endpoint protection...

Documents

autofocus launch edition

wildfire · wildfire forestry aircraft media story ideas...

wildfire datasheet - next-generation security platforms ·...

atlanta autofocus vol 5 issue 6

pace: an autofocus algorithm for sar

autofocus #22

autofocus speedlight sb-600

detroit autofocus vol 15 issue 11

hp elite autofocus webcam user’s guide — lea esto —...

autofocus #20

detroit autofocus vol 14 issue 48

understanding camera autofocus

autofocus speedlight sb-28

detroit autofocus vol 14 issue 40

autofocus n°23

minimum entropy sar autofocus

atlanta autofocus vol 4 issue 17

detroit autofocus vol 15 issue 4

bando autofocus 8

autofocus speedlight sb-80dx