Palo Alto Networks SE Summit 2017 Las Vegas | Feb 21- 24, 2017
The yearly SE summit is the biggest technical event of Palo Alto Networks This year, the focus was on the release of the new PanOS 8.0. At this four-day summit, there were 14 breakout sessions during which they provided a technical deep dive into the new features that were released together with this big launch.
In my opinion, the most interesting new features were about automation and threat prevention:
The new PanOS 8.0 allows you to set actions based on log entries. This enables the automation of procedures such as opening a new internal ticket when a certain event like an outage occurs. On top of that, HTTP can be used to prepopulate certain fields. It is even possible to block IPs automatically! When a specific threat is discovered, you can easily populate a dynamic address group with the IP address of the offender, and isolate the infected device without any manual labor.
Stopping credential-based attacks
How to enter a fortified network? The easiest way to gain access to sensitive data, is by stealing credentials and masquerade as a legitimate user. Palo Alto Networks introduced some new features to counter this:
- Speeding up the identification of phishing pages by improving the PanDB URL database.
- Preventing credential loss by checking HTTP(s) POST messages for known credentials used in unfamiliar webpages. By using a special Bloom filter, the firewall can not only check the usernames, but also the full credentials (including passwords) in a secure way.
- Neutralizing the value of the stolen credentials by adding two or multiple factor authentication based on the resources acquired by using GlobalProtect.
Other features worth your while
There were some other interesting features worth mentioning as well:
- Bare metal analysis in Wildfire to trick 0-day malware evaders. The automatic generation of spyware signatures based on payload will drastically decrease the time to recognize 0-day malware.
- Automation in Autofocus to block unwanted traffic. By using an integrated Palo Alto Networks MineMeld instance, you are able to orchestrate the automatic reconfiguration of security policies.
- Updates (in all aspects) related to the cloud, because a wise man once said: “Your data has just left the building”. And of course, all new hardware with impressive specs of the high-end PA5200 series, intermediate PA800 series, and the smallest PA220.
During the General and Breakout sessions, we gained some insights into the roadmap of Palo Alto Networks. Their focus will be on Automation and Threat prevention. Big data is key, in both domains. That is why Palo Alto Networks wants to become the ‘Data Leader’. Data gathering started very modestly with URLs and DNS entries. Wildfire added a huge amount of valuable information and recently, Traps started contributing endpoint related material. With Autofocus, all this is combined. The aim is to keep on adding new inputs and data: they are talking x 100 or more. This way, they want to create better machine learning for threat intelligence with prevention in mind, not just detection. Retroactive discovery will be available thanks to Autofocus and, other tools will be added to expand the possibilities.
In line with this Threat intelligence cloud mindset, Palo Alto Networks started the Cyberthreat Alliance, and is proud to announce that recently both Cisco and Checkpoint joined the team.
Conclusion – as presented by founding father Nir Zuk
Nir Zuk was not able to attend the Palo Alto Networks SE Summit in person but, he used a Zoom session to summarize the general roadmap for Palo Alto Networks. In his well-known no-nonsense style, he emphasized once more that the focus is on big data and threat analysis.