Thursday 11 July 2019

Palo Alto Networks Completes Acquisition of RedLock

Palo Alto Systems (New york stock exchange: PANW), the worldwide cybersecurity leader, announced today it has completed its purchase of RedLock Corporation., a cloud threat defense company. For Palo Alto Systems, the transaction will extend its cloud security leadership.

"Using the mixture of RedLock and our existing cloud security choices, we're well-positioned to resolve our customers' hardest challenges of securing a mobile workforce, protecting the general public cloud and stopping advanced threats," stated Nikesh Arora, Chief executive officer of Palo Alto Systems. "Since announcing the transaction, our integration planning teams happen to be trying to combine the strengths of both companies in order to bring a built-in offering to promote rapidly."

Palo Alto Systems already supplies a broad security offering for multi-cloud environments with inline, host-based and API-based security, bolstered through the purchase of Apparent.io in March 2018. The organization presently serves greater than 6,000 cloud customers globally using its cloud security portfolio which includes VM-Series next-generation firewall, Aperture, Apparent, and GlobalProtect cloud service.

Palo Alto Systems will combine the Apparent and RedLock technologies to supply customers with cloud security analytics, advanced threat recognition, continuous security, and compliance monitoring in one offering anticipated early the coming year. The organization expects the new offering allows security teams to reply faster towards the most important threats by replacing manual investigations with automated, real-time removal and reports that highlight an organization's cloud risks.



Palo Alto Systems compensated roughly $173 million in cash, excluding purchase cost adjustments, to get RedLock.

About Palo Alto Systems


We're the worldwide cybersecurity leader, noted for always challenging the safety established order. Our mission would be to safeguard our method of existence within the digital age by stopping effective cyberattacks. It has provided us with the privilege of securely enabling thousands of organizations as well as their customers. Our pioneering Security Operating Platform emboldens their digital transformation with continuous innovation that seizes the most recent breakthroughs in security, automation, and analytics. By delivering a real platform and empowering an increasing ecosystem of change-makers like us, we offer impressive and innovative cybersecurity across clouds, systems, and cellular devices.

Palo Alto Systems and also the Palo Alto Systems emblem are trademarks of Palo Alto Systems, Corporation. within the U . s . States as well as in jurisdictions around the world. Other trademarks, trade names or service marks used or pointed out herein fit in with their particular proprietors.

Forward-Searching Statements


This pr release contains "forward-searching" statements that derive from Palo Alto Systems management's beliefs and assumptions as well as on information presently open to management. Such forward-searching statements include statements concerning the chance to increase Palo Alto Systems leadership in cloud security the expected together with your purchase of RedLock, Corporation. to all of us and customers of Palo Alto Systems and RedLock the expectation for any smooth customer transition experience and also the anticipated timing of merely one combined offering early the coming year. These forward-searching statements are susceptible to the safe harbor provisions produced through the Private Securities Litigation Reform Act of 1995. There's a significant quantity of factors that may cause actual leads to differ materially from statements produced in this pr release, including risks connected with cool product and subscription releases, including our limited operating history risks connected with managing our rapid growth our ability being an organization to get and integrate others, product or technologies inside a effective manner the potential risks connected with new items and subscription and support choices, such as the discovery of software bugs our capability to attract and retain new clients delays within the development or discharge of new subscription choices, or even the failure to timely develop and get market acceptance of recent products and subscriptions in addition to existing products and subscription and support choices quickly evolving technological developments looking for network security products and subscription and support choices period of sales cycles and general market, political, economic and business conditions.  Additional risks and uncertainties are incorporated underneath the captions "Risks" and "Management's Discussion and Analysis of monetary Condition and Outcomes of Operations," within our annual set of Form 10-K filed using the Registration ("SEC") on September 13, 2018, that is on our website at investors.paloaltonetworks.com as well as on the SEC's website at world wide web.sec.gov. More information may also be established in other filings that people make using the SEC every so often. All forward-searching statements within this pr release derive from information open to us by the date hereof, and we don't assume any obligation to update the forward-searching statements presented to reflect occasions that occur or conditions which exist following the date which these were made in order to update why actual results could differ materially from individuals anticipated within the forward-searching statements, even when new information opens up later on.

Tuesday 9 July 2019

Palo Alto Networks Secures FedRAMP Milestone

Palo Alto Networks® (New york stock exchange: PANW), the worldwide cybersecurity leader, today announced its WildFire® adware and spyware prevention service has achieved Federal Risk and Authorization Management Program, or FedRAMP, Ready status. This extends Palo Alto Systems capability to supply the advanced threat prevention and analysis abilities of WildFire to U.S. federal agencies because they more and more move their applications and assets towards the cloud.

Using the White-colored House's lately released Cloud Smart Strategy, adopting an efficient, risk-based method of cloud security is top-of-mind for U.S. federal agencies. Palo Alto Systems is dedicated to offering advanced cybersecurity protections to assist U.S. government and affiliated organizations meet their demands because they proceed to adopt cloud technologies.



WildFire instantly detects and stops unknown attacks, helping thousands of customers avoid the latest threats from effectively transporting out attacks within their systems. The service delivers automated prevention measures in as couple of as 5 minutes following first discovery all over the world.

"We're proud to attain FedRAMP Ready status for WildFire. This latest milestone is really a signal from the confidence the U.S. public sector has in WildFire's capability to identify and safeguard against cyberthreats," stated John Davis, v . p . and federal chief security guard at Palo Alto Systems, and v . p . of Palo Alto Systems LLC. "Once we go into the final stage from the FedRAMP authorization process, we expect to dealing with federal agencies to boost the safety of the operations and demanding data within the cloud."

FedRAMP supplies a standardized method of security assessment, authorization and continuous monitoring for U.S. government agencies' utilization of cloud-based services and products. Federal agencies rely on the program to assist safeguard the confidentiality and integrity of information.

Sunday 7 July 2019

Palo Alto Networks Named a Leader in Zero Trust Report

Palo Alto Networks® (New york stock exchange: PANW), the worldwide leader in cybersecurity, announced today it's been positioned like a leader in "The Forrester Wave™: Zero Trust eXtended (ZTX) Ecosystem Providers, Q4 2018," a brand new report printed by Forrester Research, Corporation.

Palo Alto Systems was one of the 14 select vendors that Forrester evaluated because of its Q4 2018 The Forrester WaveTM report. Forrester evaluated the vendors according to criteria within the groups of current offering, strategy and market presence. Within this evaluation, Palo Alto Systems was reported like a Leader and earned the greatest score within the strategy category.

Based on the Forrester report, Palo Alto Systems "is constantly on the comprehend the causes of using Zero Trust technologies and also the technical steps required to enable Zero Trust for enterprises. The organization has acquired and integrated tooling from organizations which have strong cloud abilities (Apparent.io and RedLock), user analytics (Magnifier [Lightcyber]), and endpoint security (Traps), all while making certain that buyers are involved in both proper alignment and optimal tool use."

Friday 5 July 2019

Palo Alto Networks Integrates RedLock and VM-Series With Amazon Web Services Security Hub

Palo Alto Systems (New york stock exchange: PANW), the worldwide leader in cybersecurity, announced today the combination of RedLock® and VM-Series for AWS® Security Hub, a brand new security service from Amazon . com Web Services, Corporation.

Palo Alto Systems emblem (PRNewsFoto/Palo Alto Systems, Corporation.) (PRNewsfoto/Palo Alto Systems, Corporation.)

Palo Alto Systems helps organizations with confidence move their applications and knowledge to AWS with inline, API-based and host-based protection technologies that actually work together to reduce chance of loss of data and business disruption. Building on native AWS security abilities, these protection technologies integrate in to the cloud database integration lifecycle, making cloud security frictionless for development, security and compliance teams.



AWS Security Hub is made to provide users having a comprehensive look at their high-priority security alerts and compliance status by aggregating, organizing and prioritizing alerts, or findings, from multiple AWS services, for example Amazon . com GuardDuty™, Amazon . com Inspector, and Amazon . com Macie™ in addition to using their company APN security choices. The findings will be visually summarized on integrated dashboards with actionable graphs and tables. Our joint customers may use these collaborative efforts to assist verify their applications and knowledge feel at ease.

  • RedLock integration: RedLock by Palo Alto Systems further protects AWS deployments with cloud security analytics, advanced threat recognition and compliance monitoring. RedLock continuously collects and correlates log data and configuration information from AWS Config, AWS CloudTrail®, Amazon . com Virtual Private Cloud (Amazon . com VPC®) flow logs, AWS Inspector and Amazon . com GuardDuty to discover and send security and compliance alerts towards the AWS Security Hub console. The RedLock integration with AWS Security Hub provides additional context and centralized visibility into cloud security risks, allowing people to gain actionable insights, identify cloud threats, reduce risk and remediate occurrences, without impeding DevOps.
  • VM-Series integration: The VM-Series next-generation firewall complements AWS security groups beginning with lowering the attack surface through application control policies, after which stopping threats and knowledge exfiltration within permitted traffic. The VM-Series integration with AWS Security Hub uses an AWS Lambda function to gather threat intelligence and send it towards the firewall being an automatic security policy update that blocks malicious activity. Because the Ip information changes, the safety policy is updated without administrative intervention.


"The Palo Alto Systems product integrations help customers verify their users, applications, and knowledge feel at ease via a single pane of glass. The RedLock integration enables people to monitor advanced threats because of common cloud misconfigurations, stolen credentials, and malicious user and network activities, as the VM-Series integration automates policies to bar malicious activity," stated Varun Badhwar, senior v . p . of merchandise and engineering for public cloud security at Palo Alto Systems. "With increased companies relocating to the cloud, it's vital the alert data they receive offers them with actionable insights to effectively combat cyberattacks."

About Palo Alto Systems


We're the worldwide cybersecurity leader, noted for always challenging the safety established order. Our mission would be to safeguard our method of existence within the digital age by stopping effective cyberattacks. It has provided us with the privilege of securely enabling thousands of organizations as well as their customers. Our pioneering Security Operating Platform emboldens their digital transformation with continuous innovation that seizes the most recent breakthroughs in security, automation, and analytics. By delivering a real platform and empowering an increasing ecosystem of change-makers like us, we offer impressive and innovative cybersecurity across clouds, systems, and cellular devices.

Wednesday 3 July 2019

Life at Palo Alto Networks: Connecting Communities

I had been a government contractor within the Electricity position for over two decades before beginning with Palo Alto Systems. Having a background in software development, management, and technical training, I discovered my new house with Palo Alto Systems Unit 42. We’re they that detects new threats, details them, identifies the danger, and shares by using the to higher safeguard all digital environments.

After I came aboard, the very first task I had been handed was our efforts round the Cyber Threat Alliance. The CTA was our response to how you can disseminate information throughout a business attempting to address new threats emerging every single day. It's an organization using the perspective that unless of course we share our information, share the threats we're facing, we'll fail. It’s this organization that allows us to utilize others which are uniting for that common good. We're collaborating, which provides for us more use of data than we'd ever have the ability to compile by ourselves. We're discussing our data, our perspectives to locate better solutions together. It’s been amazing to obtain on telephone calls with competitors and also have intelligent, collaborative conversations because we all know many of us are within this fight together.

This isn’t only the CTA however the industry in general that expects this sort of behavior. I’ve learned a great deal from dealing with others and government departments. They, consequently, study from us. I have seen us move ahead on solutions that safeguard our customers and our digital method of existence.  I’m proud to get results for a business that centers its focus on humbleness - the humbleness to inquire about help, interact to recognize solutions, and discover them, together.

Remaining Innovative inside a Altering Industry


Area of the evolution in our market is evolving not only the way you identify the threats but who's involved with discovering them. I’m excited and inspired through the programs I've been in a position to take part in while working here. I contributed to the development of the first cybersecurity badges for that Girl Scouts. I given to Black Women CODE in California. I’ve attended and symbolized the organization like a speaker at a number of conferences, most lately RSA. I know full well that there's lack of women in the market, so it’s nice to achieve the chance and support from the organization to engage in programs and occasions which are driving an improvement.



The is continually altering, and we must improve, develop new items, and use different organizations to prevent getting stuck inside a rut in addition to ensure we stay innovative. I’ve never witnessed a business grow and expand as effectively once we have before within my career. It’s challenging but I enjoy be challenged - I really like how quickly-paced my work could be, and that i love that situations are always shifting and altering. I’m never bored. Teaching youthful ladies in Girl Scouts how you can stay safe within the digital age helping my mother remotely when she's computer problems and dealing on the team that finds out, analyzes, and reports around the latest threats would be the reasons I wake up every single day and proudly put on my Palo Alto Systems gear.

Monday 1 July 2019

Why We Choose Palo Alto Networks: Secure Cloud Access

Apttus was created within the cloud. We offer AI-driven SaaS choices to the customers, including Quote-to-Cash, Contract Management, Digital Commerce and Supplier Relationship Management solutions. Our “all in” cloud approach helps us better serve our greater than 700 customers around the world.

Some organizations have a hard time learning how to run modern cloud infrastructure. So, understandably, they go ahead and take crawl before you decide to walk, walk prior to running approach. This looks something similar to: Have a lift-and-shift approach and migrate applications “as is” towards the public cloud infrastructure (IaaS) optimize critical factors from the migrated application to leverage the managed services (PaaS) available within the public cloud et al.

We made a decision to bypass the very first two stages and run headfirst into cloud, benefiting from the advantages supplied by Azure, mainly, and AWS. Are going to more with less, benefiting from these platform-as-a-service (PaaS) options. But we wanted a method to ensure secure use of our cloud infrastructure and applications for the global operations.

What Business and Security Issues Were We Searching to resolve?


The bottom line is, we wanted fast, reliable and secure use of our cloud infrastructure driving our business and services, so we needed to make sure that we're able to rapidly debug and resolve customer issues. Before we deployed Palo Alto Systems VM-Series Virtualized Next-Generation Firewalls, we faced two key security challenges.

Insufficient centralized cloud access management

We create pods - basically an accumulation of cloud sources needed to produce a service and run our solutions. With every pod, we spin up an online machine (VM), which functions as jump host and provides operations teams accessibility pod. Today, we've over 100 pods, and every pod access 's time and resource intensive. The present access management model doesn't provide visibility or control and stays an origin hog. A lot of time is wasted, as well as in business, time wasted is money lost.



Slow, insecure and hair-pinned cloud access model

We enforce centralized Virtual private network usage for being able to access cloud sources. Our users and employees would undergo our corporate office to enable them to interact with single sign up (SSO). Then, they'd connect in the corporate office towards the data center. Given we is global, with users and branches in India and many other nations, this introduced latency and slow connectivity in to the system. As a result, we couldn’t effectively trobleshoot and fix, also it grew to become more and more hard to run the company.

Palo Alto Systems VM-Series: A Decentralized Access Gateway to Cloud Sources


That old method of doing things simply wasn’t working. So, we spearheaded an initiative to build up an architecture where operations teams weren’t needed to route with the corporate office in addition to eliminate the requirement for an increase host in each and every pod. In the centre of the new security design sitting Palo Alto Systems VM-Series. We deployed the GlobalProtect subscription on the VM-Series Virtualized Next-Generation Firewalls to do something because the access gateway, and we’re using Panorama because the centralized security manager. Since the VM-Series connects straight into Azure AD for central user termination, we can now manage access and employ just one identity source. Further, we gain granular visibility, control and the opportunity to segment and isolate pods from one another.

Clearly, there are many cloud firewalls available for sale. We chose Palo Alto Systems for several distinct reasons:

  • Palo Alto Systems VM-Series has native integration with Azure AD. The combination with Azure AD within the cloud was crucial for Apttus. We’re in a position to centralize charge of all user on/off boarding with Azure AD SSO, including activity and audit trails.
  • The opportunity to manage the firewalls centrally through Panorama was hugely advantageous. Managing all firewalls is important to help keep configuration condition and all sorts of firewall program current. The VM-Series also integrated with this SIEM system for further security monitoring.
  • The VM-Series is deployable through infrastructure as code (IaC). Our cloud infrastructure deployment is performed as “infrastructure as code.” We’re in a position to programmatically decouple and deploy the VM-Series, together with all of those other infrastructure components, within the cloud in a few minutes. It establishes an idempotent practice across all of our regions.


If Little Else, Remember These 3 Key Things


When I pointed out earlier, we dove headfirst in to the cloud running our apps on cloud-based modern infrastructure. So we depend on Palo Alto Systems to allow us to rapidly and safely drive our business forward. While you consider your security and business evolution, I wish to give you a couple of key ideas and suggestions:

  1. With security, separate operations from this: Should you not, you’re prone to sacrifice around the agility gains the cloud affords. It isn't necessary to undergo exactly the same paper processes on sides from the fence. This is also true for big organizations where it might take days, or perhaps several weeks, to completely mix the t’s and us dot the i’s.
  2. You are able to scale peace of mind in cloud. I implore you, its not necessary as numerous access points (or Bat-Signals as I love to make reference to them) to get involved with the body rapidly and safely. Make the most of cloud-native services like Azure AD - it had been created to scale. It is simple to authenticate your users inside the cloud - no connection to on-prem needed.
  3. Choose security choices that may be managed as IaC. We’ve had positive results with Palo Alto Systems using infrastructure as code. We achieve high amounts of security, low latency and improved time for you to resolution for customer care.

Saturday 29 June 2019

NextWave Enhancements Drive Record-Breaking Quarter for Partners

It's a wonderful time to become a NextWave partner. Together, we still seize new growth possibilities. Our disruptive technologies differentiate us in the competition, and our recently enhanced partner program is fueling mutual success.

Whenever we launched our NextWave enhancements in Feb, we highlighted our objectives to improve program versatility, fuel lengthy-term partner growth, and accelerate the transition to partner-delivered services. We delivered eight (8) new profitability initiatives and three (3) new possibilities to help you build or expand the services you provide-brought business, so we automated three (3) significant business systems to optimize partner productivity.

This month, we shown the program’s versatility and our dedication to assisting you maximize profitability by having an additional three incentives that reward you for incorporating our latest innovations to your customer choices.



Your adoption from the NextWave enhancements continues to be phenomenal. In only three several weeks, we’re seeing partners achieve growth levels which are in front of what we should expected this early in to the new program. In Q3 FY19, our most lately completed quarter, partners drove some jaw-shedding results:

  • Nearly 400 partners saw their companies grow by 100% annually
  • Partners initiated an archive-breaking rise in pipeline with 59% YoY growth
  • Partners guaranteed an archive-breaking 2,000  new clients
  • Partner-initiated bookings increased 63% annually


Additionally to the enhanced NextWave program, we lately completed our global partner satisfaction survey the response was unparalleled, and also the answers are much more impressive. Yearly, we invite you to definitely rank every aspect of our funnel strategy. The feedback you provide is crucial to shaping our funnel strategy therefore we stand above altering market dynamics. This season over 4,200 partners completed laptop computer - a business record. The best of this: you rated Palo Alto Systems because the No. 1 cybersecurity vendor within the following critical partnership areas:

  • Profitability
  • Margins
  • Revenue
  • Growth
  • Product satisfaction
  • Expertise possibilities


Once we evolve along with you in to the services-driven economy, we're pleased that all over the world, you've accepted the enhancements we brought to fuel mutual business growth and let more partner-brought services. The expertise chance around Palo Alto Systems product choices ranks 50% more than the following greatest industry vendor. Based on you, we're the obvious leader for brand new growth possibilities, outranking your competition by 300%.

“Some from the new enhancements towards the NextWave program are key products we've been requesting to assist Sirius deliver a lot of solutions and services our clients have to drive better engagement and loyalty,” stated Deborah Bannworth, senior v . p . for Proper Alliances, Inside Sales & Maintenance Services from Sirius Computer Solutions, Corporation.

We still listen, learn, and act to aid our NextWave partners in building effective Palo Alto Systems security-based practices. The success you’re seeing in the changes we’ve designed to help grow your company is encouraging. We expect to remaining your lover of preference and winning together!

Thursday 27 June 2019

Google Cloud and Palo Alto Networks: A Closer Look

Most enterprises have hybrid or multi-cloud deployments, and looking after consistent security posture across all deployments is definitely certainly one of their top priorities. In December 2018, we announced an expanded partnership with Palo Alto Systems with just that goal in your mind. With Google Cloud’s native security toolkit and deep integrations with Palo Alto Systems cloud security products like the VM-Series, Prisma Public Cloud, and Prisma SaaS, you are able to define a regular security posture in the search engines Cloud as well as on-premises. Let’s consider a few of these integrations.

Governance and compliance: Prisma Public Cloud (formerly RedLock) provides continuous monitoring and compliance reporting for the resource configurations, network configurations, and user activity on the internet Cloud. It may now identify risks and supply auto-removal across ten core Google Cloud Platform (GCP) services, for example Compute Engine, Google Kubernetes Engine (GKE), and Cloud Storage. Prisma Public Cloud can also be integrated with GCP’s Security Baseline APIalpha , which supplies visibility in to the compliance posture of Google Cloud platform. With this particular integration, customers could possibly get compliance visibility to their full stack.

Additionally, with Cloud Security Command Center integration, customers can incorporate Prisma Public Cloud findings to their single pane of glass view simply by enabling the combination in GCP marketplace.



Security analytics: Together with security governance and compliance assurance, Prisma Public Cloud integrates with VPC flow logs to supply helpful understanding of east-west and north-south traffic flows by correlating data with assorted security intelligence sources.

To safeguard GCP workloads: Palo Alto Systems VM-Series firewalls safeguard both container and compute workloads and could be deployed directly through GCP Marketplace. Deploying the VM-Series with Google Cloud Load Balancers enables horizontal scalability as the workloads grow and availability to safeguard against failure scenarios. VM-Series also uses Cloud Armor to bar malicious IP addresses at Google’s edge, conserving compute cycles that evaluate other critical traffic flows.

To safeguard hybrid containerized workloads: Anthos (formerly Cloud Services Platform) enables you to build and manage modern hybrid applications. Istio is definitely an open service mesh that may be deployed on the internet Kubernetes Engine (GKE) included in Anthos to supply a uniform method to connect, manage, and secure microservices. Using the NGFW policy engine (an Istio mixer adapter produced by Palo Alto Systems) customers can secure east-west traffic according to attributes for example source namespace, source service, destination namespace, destination service and protocol through Panorama. The NGFW policy engine offers detailed telemetry in the service mesh for forensics and analytics. The NGFW policy engine could be deployed to some kubernetes cluster located on-premise or perhaps in the cloud directly with the GCP marketplace.

Data Protection for G Suite: Prisma SaaS (formerly Aperture) is really a SaaS security service that connects straight to SaaS applications for data classification, Loss Of Data Prevention, and threat recognition.  It leverages an out-of-band, API-based approach that allows granular inspection of information resting in G Suite in addition to ongoing monitoring of user activity and administrative configurations.

Find out more about our partnership and integrations at Ignite ‘19:

  • Go to the Google Cloud booth (#603). See our interactive demos for example Google Cloud SCC, Cloud Armor, VPC service controls, and integrations with Palo Alto Systems products.
  • Attend our sessions. On Tuesday, June fourth at 1:00 PM we’ll share an extensive take a look at container security with Google Cloud. On Wednesday, June fifth at 2:10 PM come along to learn to build highly scalable and secure deployments on the internet Cloud.
  • Schedule 1:one time around. Talk to we about whatever security questions you've. Complete this type to schedule time.

Tuesday 21 May 2019

Six Essentials for Your Cloud Security Program

In traditional on-premises systems, organizations are responsible for securing everything – from the physical premises to the hardware, operating system, network, and applications.

In cloud deployments, it doesn’t work that way. In public cloud – both infrastructure as a service and platform as a service – security responsibility is shared between the CSP and the customer (you). The provider owns the security of the physical layer and infrastructure aspects of the cloud as well as the aspects of the compute, storage, database, and network and application services they offer. You, the customer, own the security configuration of your own operating systems, network traffic, and firewall settings – plus all security on your own systems that are used to connect to the cloud. To be secure, it’s imperative that you understand the security you own.



With a broad understanding of the Shared Responsibility Model, let’s review six cloud security essentials that must ALWAYS be addressed.

Classify apps and data


Ask yourself which applications and data you have that are critical to running your business. Start your security efforts here. Which apps and data would cause executive leadership, stockholders, or customers to abandon ship if breached? What data, if leaked, could cripple the ability to conduct business or effectively compete? What data would cause regulators to get into a whirr and possibly result in fines or sanctions? Highly coveted business data and government-regulated data must be classified as critical and protected.

Keep an eye on application security


Attackers often target vulnerabilities in your web applications. To ensure your applications are free from software vulnerabilities, you should actively look for vulnerabilities that create security risks. If the applications are open source or off-the-shelf, make sure to patch regularly and be sure to patch critical security flaws immediately. When building your applications, ensure your developers are trained to use secure coding practices and continuously examine the apps for potential flaws. A good place to look for guidance on how to start an application security program is the Open Web Application Security Project (OWASP).

Get user identities and access under control


Put processes in place to manage your user identities. This entails knowing who your users are, what job roles they have, and which applications and resources they should be able to access. It’s important to limit access to only those who have a reasonable need for those resources. When the roles of these people change, change their access. When someone leaves the company, for whatever reason, have their access revoked. This is one of the most important things you can do to keep a good security posture, yet it’s one of the areas that is so often overlooked.

Establish and manage policy and configuration


It’s crucial to establish policies for security checks, settings, and configuration levels for all systems, workloads, and apps. As with vulnerability scans, first and foremost, it’s important to find systems that are out of date, and then check to ensure systems are configured and running in accordance with policy.

If it can be automated, automate it


If there is a security task that can be automated through scripts or cost-effectively offloaded to a security services provider, it should be done. This e-book offers some helpful tips. If you are a smaller organization, scale the advice down to your size, but the precepts remain similar.

Be ready to respond


Of course, being on a steady lookout for security deficiencies in your organization is important, but many organizations, unfortunately, don’t bother to think about what comes next: remediation. When you start looking for security vulnerabilities, what will the organization do to remediate them? When you find violations of policy compliance, how will you quickly close the gap? Be sure to think these through and plan ahead.

Friday 12 April 2019

Applying Zero Trust to Google Cloud Environments


At Palo Alto Networks, we’ve been helping our customers make a dramatic, transformative shift on how they approach security. This journey is not just about the implementation of technologies, but rather a change in the very philosophy on what security is and how it should be designed across the enterprise.

In the past, the traditional perimeter model for security was based on fortifying the demarcation between trusted and untrusted areas of your network. The convention presumed that your users and applications were in the trusted parts, and the internet and threats were in the untrusted parts. This model is fundamentally broken today. Mobile workforces and cloud applications are not inside the trusted part of the network. The model is also broken because it cannot stop a threat actor that is operating within the trusted network. Furthermore, even with the separation between network boundaries in place, conventional port and protocol security lacks the granularity to enable applications and stop attacks from passing back and forth anyway.

The right philosophy should challenge the notion of trust in the first place, and implement the necessary controls to enforce least-privileged access – in other words, Zero Trust. For example, never presume something to be trustworthy. Build enabling policies based on the context of the user and application, rather than trying to block everything you don’t want. Don’t presume a file is safe just because it’s not known to be bad. With Zero Trust, we drive policy to enable what is allowed, rather than try to identify every possible permutation of what isn’t.

Toward this end, we have developed a tremendous number of important technologies to establish complete visibility, reduce the attack surface, prevent known attacks, and detect and prevent unknown attacks. Four real-time capabilities at the core of the Palo Alto Networks Security Operating Platform are App-ID, which classifies and identifies applications and functions; User-ID, which automatically assigns identity to otherwise anonymous network flows; Host Protection, which provides device posture and exploit and malware prevention; and Content-ID, which performs inspection of content, in order to detect and prevent malicious actions. All of this rich context is made available to be leveraged in our customers’ security policy and decision-making process.

As part of our customers’ journey to the cloud, we believe that the same Zero Trust philosophy toward security is mandatory, whether that means building their own applications in the cloud with IaaS and PaaS services or consuming pre-built cloud applications through SaaS. Google shares many of the same beliefs, as implemented in BeyondCorp, a framework for securing apps and infrastructure based on the principles of Zero Trust.

We are announcing our commitment to work together with Google to develop integration that makes the implementation of secure cloud applications easier. With respect to BeyondCorp, we believe that our mutual customers will benefit from the integration to address implementation challenges with identifying users, maintaining consistent policy, protecting data and enforcing threat prevention across a diverse landscape of users, workloads and devices.

How does this help secure Google Cloud APIs?


The various DevOps teams within your organization are building Google Cloud applications and interacting with a number of Google Cloud APIs. You want to have the granularity to make sure that every team member has access to the APIs that they need, without having to provide unnecessary levels of access to the most sensitive APIs if it isn’t necessary. Contextual information helps drive policy because the level of access that a person needs may be driven by their individual responsibilities, their role in the organization, or even the device that they use. This is the classic least-privilege problem because you can reduce the attack surface area by limiting access based on context, as long as that context information is available.

The intersection of identity (based on user/device characteristics) and the enforcement of access control policy has traditionally been done at the time of authentication. We believe that working together, we can do better than that. If we can limit access so that unauthorized users never get the chance to make an unauthorized API request in the first place, we can cut the attack surface area, mitigate the risk of credential abuse, and reduce the security alerts for failed authentication. This is possible by working together to integrate our identity/device technologies, and we believe it will significantly improve the overall security of the operating environment.

How does this help secure G Suite?


At Palo Alto Networks, we have been relentlessly focused on building protections for applications and data in the cloud. We have taken innovative approaches toward SaaS applications, in particular, being at the forefront of integrating CASB API protections for data security with our platform for inline security. Our customers are using our platform to identify risks, mitigate threats and protect data across the broad landscape of SaaS applications in use in the enterprise today.

Productivity applications such as G Suite are used by nearly everyone within the organization, and as such, they are accessed by an extremely diverse spectrum of employees and contractors, using a mix of devices that may or may not be owned by the organization. By integrating Palo Alto Networks protections for SaaS applications with G Suite, we can build out the user/device context that drives BeyondCorp policy decisions for access. Employees with managed devices get immediate, full access to their applications, while contractors on non-compliant devices receive different levels of access. Again, by working together so that we can exchange context, while also incorporating our threat and data protection, we can help our customers deploy G Suite securely to all employees.

How does this help secure apps on GCP?


The principles of using contextual access and threat prevention together should be consistently applied from the data center to the cloud, without skipping a beat. We know that different app developers and organizations have different ideas about how they approach security, and that consistent, contextual protection is often hard to achieve. By working together with Google, we want to make sure that, as organizations move their applications from the data center to the cloud, the user experience remains the same and consistently safe, regardless of where the user is located. For users on managed devices, only the authorized user with a compliant device can access the application (whether in the data center, cloud or SaaS). For users on unmanaged devices, we enable access to the application without bringing the device on network, thus maintaining a least-privileged architecture without disrupting business.