We are pleased to welcome guest blogger Lars Meyer of Consigas. Based in Dublin, Ireland, Consigas is a Palo Alto Networks Elite Authorized Training Center that specializes in consultancy and virtual training.
The whitepaper from the SANS Institute “Beating the IPS” shows that any Intrusion Prevention System from any vendor can be evaded. The same is true for any other threat prevention techniques from classic AntiVirus to newer technologies like Sandboxing as none of them provide total security on their own.
The good news is that hackers face exactly the same challengeas there isn’t a single attack technique that allows them to accomplish their final objective, of exfiltrating data or taking control of IT resources for criminal activity. Nowadays an attack is a sophisticated, stealthy and continuous process, compromised of a chain of multiple steps that an attacker has to successfully go through in order to accomplish his goal.
To achieve 100 percent security is not possible, but that’s not an issue as long as you keep your IT infrastructure defendable. A good analogy is the human immune system. A healthy lifestyle will keep us fit, but it doesn’t provide total protection from viral infections. However being sick isn’t the end of the world as long as the body is able, or with medical intervention,enabled to effectively defend itself and mitigate the impact of the infection. There is however a big difference between humans and an IT system. We know when we feel sick and we instinctively know when to go to the doctor. Getting this level of insight into an IT infrastructure is difficult, and at the same time there isn’t such a thing as a magic box which instinctively protects your network all on its own.
The solution is what I like to call the magic sauce, which is to put the right combination of threat prevention techniques together to make it close to impossible for an attacker to evade all of them. Palo Alto Networks Next-Generation Firewall isn’t a magic box either, but you can do magic with it if you use it in the right way, along with the other key components of the Palo Alto Networks security platform, including the Threat Intelligence Cloud and Advanced Endpoint Protection, and leverage its full potential.
For more information check out our Consigas blog post “Network Security Best Practices for Palo Alto Networks Next-Generation Firewalls” where we go through every single step of the Cyber Kill Chain to explain the most common attack techniques to infiltrate both data centers and end-user devices as well as the best practices to mitigate the attack.