As a cyber security professional who works for an IT company, being offered the opportunity to attend a technology-focused cyber security conference was always going to be a ‘no brainer’, especially when that conference was being hosted by one of our main technology vendors – Palo Alto Networks. The fact that said conference was also being hosted in sunny Las Vegas was merely a coincidental benefit in the midst of the UK’s long, cold, and wet Spring!
Of course, we will always remain vendor-neutral when it comes to recommending the appropriate technology for a customer’s business at Ideal. But we like innovation – I like innovation - and it has to be said that the ‘Prevention’ approach towards cyber security offered by Palo Alto Networks is certainly that.
A platform-based prevention approach
When we think of ‘defence in depth’ from a cyber security perspective, we generally think of protecting the ingress points to our networks – namely the network boundary and user PCs. Generally speaking, the technologies available include (but are not limited to) firewalls, URL filtering, intrusion detection systems, intrusion prevention systems, sandboxing, anti-virus, and anti-malware.
Potentially confusing isn’t it?
Wouldn’t it be a lot simpler from a management perspective to have access to all of these technologies as part of a single platform? This is certainly the trend we are seeing from at least two of our vendors, and at Ignite 2016 I learnt more about the platform-based prevention approach that Palo Alto Networks are following.
Watch this short video (2m 49 sec) to get a summary of their view:
Security is fabric
At Ignite 2016 Palo Alto Networks’ CEO Mark McLaughlin made a very clear statement during his keynote speech: “Security is fabric”. For someone who lives and breathes security as part of their job, that really is music to my ears.
(I should add at this point – for balance - in my opinion it is always best practice to implement a dual-skinned approach to firewall prevention, with a different vendor providing your external firewall to any potential internal firewall.)
He then went on to explain that Palo Alto Networks feel that they would be fighting a losing battle if they didn’t follow a prevention orientation / philosophy.
Lee Klarich (Executive VP of Product Management) elaborated on this theme in his own keynote speech. He described attack prevention as being focused on 4 main areas:
- Complete visibility
- Reduction of attack surface area
- Prevention of all known threats
- Prevention of new threats
So what makes Palo Alto Networks’ approach different?
This preventative approach is perhaps what differentiates Palo Alto Networks from many others in the market.
Parts of the industry have previously suggested that prevention was not possible, that endpoint protection software was not effective at stopping virus attacks, that monitoring and detection were the only true effective defence, that everything is insecure and will be forever.
Nir Zuk (Palo Alto Networks’ Founder and CTO, and also the principal developer of the first stateful inspection firewall and the first intrusion prevention platform) does not agree with these views at all. His view on prevention was best explained when he stated that the industry in general is great at stopping known attacks, but not unknown / zero day attacks.
Palo Alto Networks argue that this is where a product like TRAPS (advanced endpoint protection) comes into its own - in that it protects not only against both known bad and unknown malware ), it also protects against zero day attacks that exploit everyday office applications such as Word, Excel, and Adobe Reader through hidden code within seemingly innocent files.
Being different is not a bad thing (or at least that’s what my parents used to tell me), but we need to see past a vendor’s marketing machine before we can make a judgement call on whether that differentiation is actually a good thing.
If you would like to find out more about the Palo Alto Networks Next Generation Security Platform (Threat Intelligence Cloud, Next Generation Firewall, Advanced Endpoint Protection) then please get in contact.
Get in touch to find out more – call us on 01273 957500 or send us a message
Header image credit: Tomasz Dunn/Flickr, Creative Commons
Blog post image credit: Adrian Clarke