Wednesday, 7 August 2019

Americans Want to Protect Their Information, But Unsure Where to Start

A brand new paid survey from Palo Alto Systems and YouGov reveals that Americans continue to be unclear about what it really means safe on the web, despite a wish to discover security guidelines. Data demonstrated that 66% of american citizens believe they’re already doing all they are able to to avoid losing their information, yet only 27% always make an effort to verify the identity of the unknown sender when receiving an e-mail - that is generally referred to as top threat vector for attackers.

Palo Alto Systems partnered with YouGov and Dr. Jessica Barker, a specialist within the human instinct of cybersecurity, to poll over 1,300 Americans to understand more about human behavior as it requires cybersecurity. The discrepancy between consumers’ thought that they’re already doing all they are able to to remain safe, despite the absence of security understanding, highlights a significant requirement for companies to complete more to have their customers protected and educated.

Other key findings include:

  • Gap between responsibility and action: 62% of american citizens feel they must be accountable for the safety of the private data, yet only 24% indicated they operate a computer scan his or her first reaction after getting together with a hyperlink they feel to become malicious.
  • Insufficient security education: 28% of american citizens say they've never took part in cybersecurity training, and 16% admit to participating only annually.
  • Readiness to understand: 47% of american citizens think learning more about the things they can perform to safeguard their and themselves families online will make them feel safer.


“The fact we have made tremendous strides when it comes to cybersecurity technology today, when compared with once the internet was youthful, doesn't get people free for general online safety,” stated Ron Howard, chief security guard at Palo Alto Systems. “This idea is much like vehicle safety. Technologies have improved mightily to enhance the security of driving modern cars, but motorists still need to stick to the posted speed limit and put on their safety belts. For cybersecurity, individuals are unsure how you can put on their cyber safety belts, and companies should dedicate sources to educating and training their workforce in security guidelines.”



The internet study also polled individuals EMEA, South america, and Canada.

Typically, approximately one fourth (26%) from the greater than 10,000 EMEA adults surveyed prefer their cybersecurity to become managed by AI as opposed to a human. Italia has got the most confidence in counting on AI (38%), whilst in the United kingdom only 21% of individuals prefer AI over humans to safeguard their digital method of existence.

Inside a poll in excess of 1,000 Brazilian adults, 52% prefer cybersecurity to become managed by artificial intelligence (AI) as opposed to a human. Furthermore, 62% cut back time fretting about their data security because of cybersecurity technology.

Inside a poll in excess of 1,000 Canadian adults, greater than two-thirds (66%) stated they use the same degree of security across all their personal devices (e.g., Computers, laptops, smartphones, tablets), and most half (56%) feel they’re doing all they are able to to avoid losing their information.

“Trust is really essential in cybersecurity. People wish to be positively involved in better protecting themselves online, plus they embrace technology that supports them within this. The understanding acquired may then be used in other parts of their lives, most significantly, work,” stated Dr. Jessica Barker.

At any given time when cybersecurity and privacy are in the centre of crucial technological, economic, and political debates, it's more essential than ever before that customers learn to stay secure. Companies everywhere happen to be walking up efforts to leverage artificial intelligence and machine understanding how to automate their security processes, but humans remain a vital vulnerability. For consumers and companies to remain secure, organizations overall have to step-up and educate their workers in cybersecurity.

Monday, 5 August 2019

A More Secure Everywhere. From Containers to Serverless and Beyond

Today is definitely an exciting day for Palo Alto Systems and it is customers once we complete our purchase of Twistlock. Adding Twistlock further strengthens our abilities in cloud security and can help customers accelerate their journey towards the cloud with consistent and comprehensive security across public, private and hybrid cloud deployments. This really is hot from the heels in our purchase of PureSec, an innovator in protecting serverless applications.

Most contemporary applications utilize a mixture of platform like a service (PaaS), VMs, serverless along with other sources provided by cloud providers. The acquisitions of Twistlock and PureSec further advance Prisma leadership in cloud security by supplying customers having a comprehensive group of security protections over the entire continuum of cloud workloads.

With Twistlock and PureSec area of the Prisma cloud security suite, customers may benefit from all of these abilities:

  1. Twistlock, the best choice in container security, brings vulnerability management, compliance and runtime defense for cloud-native applications and workloads.
  2. PureSec empowers enterprises to embrace serverless technologies, for example AWS Lambda, Google Cloud Functions, Azure Functions and IBM Cloud Functions, without compromising on security, visibility and governance.


Current Twistlock Customers Still Reap the safety Benefits


If you are a person of Twistlock’s stand-alone offering, you’ll still get the industry’s leading container security abilities for the company with similar concentrate on simplicity, innovation and effectiveness. We’ll continue to purchase this offering, and also the team will stay underneath the direction of Twistlock co-founder and Chief executive officer, Ben Bernstein. With time, you will see more payoff for your investment once we integrate Twistlock into Prisma and supply the largest and many consistent security abilities across private and public clouds.



Prisma™ by Palo Alto Systems - including best-in-class abilities from Twistlock and PureSec - may be the industry’s most satisfactory cloud security offering for today and tomorrow. It offers unparalleled visibility into data, assets and risks within the cloud consistently safeguards access, data and applications without compromises enables agility and speed as organizations embrace the cloud and reduces operational complexity and price having a significantly simple architecture.

It doesn't matter how your company is benefiting from the cloud, Prisma safeguards your finish-to-finish cloud journey:

  • Secure Access: Make the most of secure accessibility cloud from branch offices as well as for mobile users in almost any place in the world without compromising the consumer experience.
  • Secure SaaS: Gather data protection, governance and compliance to securely enable SaaS application adoption.
  • Secure Public Cloud: Get continuous security monitoring, compliance validation and cloud storage security abilities across multi-cloud environments. Plus, simplify security operations through effective threat protections enhanced with comprehensive cloud context.
  • VM-Series Virtualized Next-Generation Firewall: Embedding the VM-Series inside your database integration existence cycle to enhance native security services can prevent loss of data and business disruption, allowing your public cloud migration to accelerate.


A Far More Secure Everywhere


We’re excited to include Twistlock’s and PureSec’s technologies to the cloud security suite and welcome two exceptional teams that bring additional cloud expertise to Palo Alto Systems.

Saturday, 3 August 2019

How Western Asset Management Is Mitigating Cloud Threats

Banking, investment management and FinTech have constantly committed to technology upgrades, data analytics and differentiated product choices within an more and more competitive and evolving investment landscape. A current Accenture survey found 90% of banking respondents proclaiming that cloud enables and accelerates innovative adoption. Of individuals surveyed, 60% say cloud-based entrants will challenge traditional companies shackled through the limitations of the on-premises agility, storage, and computing abilities.

Western Asset Management (WAM) is presently exceeding expectations regarding innovation inside a highly competitive market. The “active” investment management industry that WAM services involves constantly managed funds and portfolios, time-sensitive transactions and decision-making based on fast-altering market conditions. With a number of options available, clients expect compressed charges with regards to managing their cash.

By embracing an agile development process and moving DevOps towards the cloud, WAM’s application delivery continues to be transformed for application deployment and product. Several years ago, when the risk management team desired to develop and test new risk models or algorithms, groups of hardware, networking also it sources will have to be scheduled. Now, within the cloud, instances could be spun up in the push of the mouse, and sandbox environments for testing purposes could be produced and destroyed instantly before pushing to production.



Managing security, risk and regulatory compliance can be tough within an agile, dynamic cloud atmosphere. Western Asset Management’s DevOps and security teams accepted the competitive challenges, understanding the requirement for a properly-architected, cloud-native security solution.

We lately sitting lower with David Pace, who accounts for Global Information Security at Western Asset Management (WAM), a set-earnings investment firm as well as an independent affiliate of Legg Mason, managing funds exceeding $420 billion across nine offices worldwide. The difficulties they faced being an organization moving towards the cloud were eliminating risks, discovering when users misconfigured cloud sources, and alerting for threats on the network-level within their public cloud atmosphere.

The first deployment of Prisma Public Cloud (formerly RedLock) gave WAM immediate understanding of their environments, for example identifying administrator accounts without multi-factor authentication (MFA) enabled. They could better approach cloud peace of mind in a competent, scalable manner. Rather of counting on outdated manual ways of getting log data into systems to evaluate, they are able to now depend on Prisma Public Cloud to recognize, prioritize and pinpoint where risks exist and mitigate them as quickly as possible.

Pace and the team discovered three major benefits throughout their look at Prisma Public Cloud:

  • Effective security governance abilities
  • Out-of-the-box compliance and auditing features
  • Unparalleled network visibility


His team presently has visibility to their entire cloud infrastructure, letting them see and recognize threats which are targeting their cloud atmosphere in the outdoors, in addition to threats that could be via inside their cloud atmosphere heading out. Pace presently has a 360° look at his atmosphere in a single centralized interface where he and the team can run reports in addition to issue and process alerts in tangible-time for you to remediate any problems that may arise.

“Our senior IT management has the arrogance now within our cloud team having the ability to leverage Prisma Public Cloud for that compliance, security governance, auditing and network visibility that people get. The Return on investment just been immense - allowing our business to operate faster, and much more efficiently by leveraging new cloud services - that previously we might not have had the ability to secure correctly.” - David Pace, Global Information Security at WAM

WAM’s future plans with Prisma Public Cloud are mainly centered on expanding the combination across multiple cloud platforms. Initially deployed on AWS, WAM’s DevOps teams intend to expand to Microsoft Azure and Google Cloud Platform. Getting the opportunity to leverage Prisma Public Cloud across their multi-cloud atmosphere can give Pace and the team one holistic view regarding what’s happening and assist them to precisely assess risk.

For organizations moving towards the cloud or searching to consider cloud-computing technologies, Pace recommends leveraging an item for example Prisma Public Cloud that gives visibility to their cloud atmosphere for comprehensive user auditing, compliance reporting, and identification of dangerous behaviors or misconfigurations. Considering that, organizations can be assured their public cloud environments feel at ease. With Prisma Public Cloud, users will gain actionable insights, combined with the confidence that any threats that could promote themselves could be pinpointed and remediated rapidly.

Thursday, 1 August 2019

Principles to Selecting the Right Cloud Security Solution

I lately had the chance to talk with Palo Alto Systems Senior Director of Worldwide Public Cloud Security SEs, Allan Kristensen, who brings 15  experience building impressive solutions engineering (SE) teams. The Palo Alto Systems SE team has firsthand understanding from the unique and various cloud security challenges that potential customers are searching to resolve.

According to my conversation with Allan, listed here are seven essential concepts to help you while you evaluate and pick the best cloud security offering for the multi-cloud environments, spanning AWS, Azure, and Google Cloud Platform.

Principle One: Multi-cloud support - AWS, Azure, and GCP at least


Within our experience, greater than three-quarters in our customers possess a multi-cloud strategy - not initially, but certainly lower the street. Knowing that, it’s vital that you pick a solution that may span clouds and deliver truly integrated multi-cloud support - having a centralized approach that seamlessly unifies visibility across all of your cloud environments today and later on.



Principle Two: 100% SaaS-based and API driven - no agents or proxies


One HundredPercent API-based SaaS option would be the only method you are able to effectively manage the dynamic, distributed nature of cloud environments. Our experience implies that customers attempting to leverage agent or proxy-based point products introduce considerable friction and finish track of security blind spots. There's way too much overhead, risk, and manual work needed to deploy and keep non-API based products.

Principle Three: Continuous resource discovery


You cannot safeguard that which you can’t see. It’s vital that you pick a solution that continuously monitors and dynamically finds out your cloud sources, for example virtual machines, database instances, storage buckets, users, access keys, security groups, systems, gateways, snapshots, and much more. A centralized and auto-updating inventory that displays the safety and compliance status of each and every deployed resource is foundational for any truly effective cloud security strategy.

Principle Four: Automated resource monitoring


Essential is the solution’s capability to instantly apply robust security policies and quickly remediate misconfigurations to make sure adherence for your corporate-defined security policies. These abilities must take care of all of the key risk vectors inside your cloud environments, including:

  • Configuration checks: Recent research from Unit 42 highlights that 32% of organizations openly uncovered a minumum of one cloud storage service. Configuration checks help ensure any deployed cloud resource is correctly configured and within defined guardrails in addition it's not necessary any configuration drift across your AWS, Azure, and GCP public cloud environments
  • Network activities: Exactly the same Unit 42 research also implies that 11% of organizations presently have cryptojacking activities within their environments. To make sure you have total visibility into suspicious network traffic and activities, your selected solution must have the ability to continuously monitor your cloud environments. It isn't enough to simply have configuration and compliance checks in position, since these is only going to let you know so what can fail, not what's going wrong.
  • User and access key monitoring: Unit 42 data also signifies 29% of organizations experienced potential account compromises, which could not just result in loss of data but additionally losing control, and eventually confidence inside your cloud environments. User behavior analytics (UBA) along with other machine learning (ML)-based abilities might help identify sneaky activities, for example hijacked credentials. These abilities help customers search for and alert on anomalous activities. Without UBA, it’s extremely difficult to identify sophisticated attacks over time.


Host vulnerability and threat recognition monitoring: It’s vital that you pick a cloud security offering that may correlate and contextualize threat and vulnerability data from organizations.

Tuesday, 30 July 2019

How to Help SOC Analysts Fight ‘Alert Fatigue’

Palo Alto Systems survey data implies that SOC analysts is only able to handle 14% of alerts generated by security tools. Considering IDC data showing that many alerts are false positives,[1] the outcomes are foreseeable: Alerts get overlooked, analysts spend your time chasing false leads, and actual threats get missed.

Beyond initial prevention, most security tools are made to perform one key function: create and react to alerts. Servers create alerts. Routers create alerts. Firewalls create alerts. Anti-virus tools create alerts. Security teams will frequently setup alert-only policies - instead of block policies - for potentially dangerous processes the company uses regularly.

The hopeful assumption is the fact that analysts will review and catch any suspicious behavior according to individuals alerts. However this strategy falls apart rapidly when analysts begin to receive a large number of low-fidelity alerts each day. It’s worse these alerts originate from siloed security tools that offer little-to-no context about what’s really happening.

Alert fatigue reduction listing


When we eliminate alert-generating sensors and systems, we create security blind spots - yet an excessive amount of details are badly as no information whatsoever. We have to use technology in smarter methods to help solve problems without creating brand new ones. We still alerts, but we want better alerts. What this means is embracing the next concepts when thinking about your tools and procedures:

1. Automation


First, organizations can greatly enhance their alert triage process using automation. Palo Alto Systems believes that Tier 1 (alert triage) security operations can and really should be automated using SOAR technologies, designed to use predefined playbooks to automate response actions. For alert triage, these actions include analyzing a reminder, updating a situation if it is a known issue, opening a situation whether it isn’t a known issue, after which triaging the seriousness of the aware of send it for an analyst. Automating this method greatly reduces the amount of alerts analysts must react to, allowing analysts to invest their energy investigating issues instead of looking at logs.



2. Data stitching


Next, security teams has to start prioritizing integrated tools over siloed ones if they would like to improve visibility. For those who have seven different tools, each searching in a specific slice of the security infrastructure without speaking to one another, the various tools won’t have the ability to provide context that can help with threat hunting and investigations. You will not determine if a number of actions that appear benign by themselves are really being performed inside a sequence that could indicate an foe is in your body. Alternatively, you might spend an hour or so tracking a bit of adware and spyware that snuck past your EPP only to discover it had become blocked from your firewall.

A burglar platform with integrated abilities enables for much greater insight. Cortex Data Lake, for instance, connects endpoint, cloud, and network data together. This integration between security components provides Cortex XDR with the advantage of more enriched telemetry data (for faster analysis and threat hunting) and tainted alerts (to bar actions connected with past malicious behavior).

3. Machine learning


Finally, an EDR tool must have machine learning abilities that let it recognize patterns therefore it can learn and improve. Your EDR should tap into your (hopefully integrated!) data sources to carry on to refine its algorithms for generating high-fidelity, prioritized, specific alerts.

Cortex XDR delivers smarter detections


Cortex XDR has shown it offers the greatest mixture of high-fidelity alerts, what are most helpful for identifying threats, in addition to enriched, correlated telemetry logs for analysis and threat hunting. These kinds of alerts might help organizations stem the ton of false positives so their analysts can concentrate on investigating real threats.

An evaluation of EDR tools using realistic attack emulations in the APT 3 group with the MITRE ATT&CK lately discovered that Cortex XDR and Traps detected probably the most attack techniques of 10 endpoint recognition and response vendors. This evaluation provided among the industry’s first open and objective assessments from the true function and gratifaction from the EDR marketplace.

Using its default configuration throughout the MITRE test, Cortex XDR generated 20 realtime, specific alerts and 82 enriched telemetry logs. Inside a real deployment, customers can provide Cortex XDR much more visibility and context in to the behavior of potential threat actors by connecting additional network and cloud sensors into Cortex Data Lake. Which will further reduce false positives and improve identification of malicious behavior that could otherwise appear benign.

Sunday, 28 July 2019

Three Tips for Breaking into the Cybersecurity Industry

There is a perception you need to have a lot of cybersecurity experience and know-ways to get into this industry. However, the truth is different, which perception could be release. After experience within the tech industry, I began my which you may in cybersecurity captured. Here’s what I’ve learned on my small journey to date.

#1: Be curious and a balanced view


I've dual levels in financial aspects and biochemistry, and my career continues to be largely centered on business planning and technique for products. While Palo Alto Systems have been on my small radar for a while, I had been unsure if it might be a healthy because cybersecurity would be a new frontier for me personally. Being curious and keeping a balanced view are concepts I’ve resided by, and just what I learned throughout the procedure is the fact that cybersecurity isn’t just for individuals well experienced within the field. Rather, diversity of understanding, disciplines, and skills is welcomed and needed!



I met a wide variety of individuals from a wide variety of backgrounds. Speaking together helped me understand that this can be a mission-driven company and when you question the established order and are curious about making the planet a much safer place, there's an chance for you.

#2: Be bold and consider the worldwide impact


Standing on the InfoSec team at Palo Alto Systems has gave me a distinctive experience because I’m personally driven by our pursuit to improve our way of life within the digital age. Nowadays, this news highlights cybercrimes every day. With two youthful kids, I constantly consider how you can encourage myself along with other parents to educate their children to become safer online. At Palo Alto Systems, our mission impacts everyday lives. It’s not only about protecting companies and our digital information. Cybersecurity surrounds us. Working at Palo Alto Systems, many of us are linked to this mission and every action we take - each job we all do aligns towards the problem of “why.” It’s a unifying mission that builds a more powerful company, from both an item perspective along with a team perspective.

Being a member of the larger picture using the ultimate objective of helping people is exactly what drives me.

#3: Embrace change and also the chance ahead


As our digital lives be complex, the difficulties we're searching to resolve are altering. Every facet of our lives, and exactly how we communicate, has changed a lot in the last couple of many continuously achieve this. It’s becoming clearer that there's a substantial and legit requirement for cybersecurity to maintain. That’s why is seo so dynamic and the like a distinctive chance.

Cybersecurity continues to be a comparatively new and greenfield space. The difficulties are continually evolving, and also the solutions to those complex challenges are waiting to become discovered by experts within and outdoors of the profession. It’s likely to have a diverse group of backgrounds to tackle this. This market is ripe for chance.

Two Weapons to Help U.S. Govt Combat Cyberthreats

Federal agencies face a conundrum: Those are the targets of relentless cyberattacks yet lack enough skilled personnel to combat them. Condition-affiliated actors, responsible in excess of 1 / 2 of public administration data breaches1 combine never-before-seen adware and spyware along with other strategies to infiltrate agencies and steal data or disrupt operations. With lots of a large number of new threats produced every single day,2 agencies have a problem maintaining.

Advanced threat prevention (ATP) products were designed to combat new threats. Regrettably, procuring, installing, configuring, and managing additional hardware introduces additional time and operational overhead. As threats rise in number and variety, agencies must undertake pricey, time-consuming deployments making architectural or operational changes to help keep pace.

This is where the very first weapon, cloud-delivered services, might help. Cloud-delivered adware and spyware analysis and prevention offers quick deployment, easy configuration, global visibility, and auto-scaling as threats increase. Palo Alto Systems just announced the foremost and only cloud-delivered adware and spyware prevention service approved to be used for that U.S. government. WildFire adware and spyware prevention service, offered like a subscription with Palo Alto Systems next-generation firewalls, has become Federal Risk and Authorization Management Program (FedRAMP) approved. What this means is U.S. federal agencies can release capital and operating expenses formerly employed for purchasing, deploying, and managing on-premises threat recognition and analysis hardware while making certain data privacy and availability through security controls that meet stringent needs.

WildFire combines cloud delivery having a second weapon-automation-to identify and stop both highly targeted and blanket attacks from impacting agencies. U.S. government departments take advantage of:

Quick prevention: WildFire leverages real-time data in the industry’s largest global threat discussing community and keep agency information private. A collection of complementary analysis engines uses machine learning along with other advanced abilities to uncover never-before-seen threats. If WildFire identifies a brand new threat, it instantly creates and delivers protections against that threat to network, endpoint, and cloud sensors in as couple of as 5 minutes after discovey all over the world. Cloud-based detonation chambers scale with demand, supplying faster identification and distribution of recent countermeasures.

Efficient security operations: WildFire constantly and instantly creates and delivers protections to counter the most recent threats-no humans needed. These automated protections lead to less occasions per analyst hour (EPAH) for brief-staffed InfoSec and network teams. WildFire also saves SOC teams time with detailed understanding of identified threats, indicators of compromise, and just how these were blocked across traffic and protocols.

Reduced cyber risk: Using more than 29,000 customers all over the world adding sample files and URLs, WildFire can safeguard agencies from threats prior to the agencies ever discover their whereabouts. Agencies may also never miss an update or exhaust analysis capacity.