Professional Documents
Culture Documents
Santiago Polo
Sr. Systems Engineer
Palo Alto Networks, Inc.
About Palo Alto Networks
Infection
Escalation
Exfiltration Exfiltration
Challenges to Traditional Security
• Threats coordinate multiple techniques,
while security is segmented into silos
- Exploits, malware, spyware, obfuscation all part of a
patient, multi-step intrusion
• Encrypted Traffic
• SSL is the new standard
Circumventors and Tunnels
• Proxies
Encryption (e.g. SSL) • Reverse proxies are hacker favorites
• Remote Desktop
• Increasingly standard
• Compressed Content
• ZIP files, compressed HTTP
• Context is Key
- Clear visibility into all URLs, users,
applications and files connected to a
particular threat
“Okay, but what about unknown and
targeted malware?”
Time required to
capture 1st sample of
malware in the wild
Total Time
Exposed
Time required to
create and verify
malware signature
Refreshed Malware
Page 13 | © 2011 Palo Alto Networks. Proprietary and Confidential.
Controlling Unknown Malware Using the
Next-Generation Firewall
• Introducing WildFire
- New feature of the Palo Alto Networks NGFW
- Captures unknown inbound files and analyzes them
for 70+ malicious behaviors
- Analysis performed in a cloud-based, virtual sandbox
Overview
Threat Type Botnet, similar to the notorious ZeuS banking
botnet
CNET/Download.com
• Strong reputation for providing safe
downloads of shareware and freeware
that are verified to be malware free.
• In early December 2011 WildFire
began identifying files from
Download.com as containing spyware.
• CNET had begun providing software
downloads in a wrapper that installed
subtle spyware designed to track
shopping habits Changed security settings
• Changed a variety of client and Changed proxy settings
browser security settings
Changed Internet Explorer settings
Installed a service to leak
advertising and shopping data over
HTTP POSTs.
An Integrated Approach to Threat Prevention
Decreasing Risk