We returned back energized from Palo Alto Networks’ Ignite 2016 annual user and partner conference with a better understanding of how the next generation cyber security solutions are keeping up with the “new generation” of adversaries that exploit secular trends such as mobility, social media adoption and expansion, and Internet of Things (IoT) to breach an organization’s network.
An interesting concept of “the fourth industrial revolution” was put forth during the keynote to highlight the digital age that has driven unprecedented productivity, but at the same time exposed substantial attack surface for adversaries to operate. Palo Alto Networks’ view is that an ideal security platform to address the challenges of the new digital age has to be native with superior security, extensible, automated, consistent and leveraged. In other words, what would a comprehensive security posture look like for a Global 2000 organization with such a platform? This is the same line of thinking that has driven Bradford Networks’ vision to address some of the security challenges of the fourth industrial revolution by integrating with Palo Alto Networks next-generation security products:
Visibility& Lockdown – You can’t prevent what you can’t see. In other words, a highly effective prevention approach starts with “complete visibility” of endpoints, network, users and applications. At Bradford Networks, visibility is paramount. Every endpoint can be profiled and every network port can be locked down. When you combine this with metadata such as user, application and network connections, and store this information in a central repository called live inventory of network connections (LINC), it aids in security analytics and forensics efforts. Often, the most effective first step in securing the network is to make the network footprint smaller. We do this by dynamically enabling network access based on metadata in LINC.
Segmentation – A critical piece of a comprehensive prevention approach, network segmentation allows organizations to group applications and like data together for access by a specific group of users. In the event of a breach, this best practice prevents modern malware from moving laterally into the part of network with sensitive data. Our network access policy engine dynamically adjusts network access based on contextual information – the “who, what, where and when” that’s tied with a network connection. This implicitly creates a narrow footprint of accessible network to mitigate malware’s lateral movement.
Automation – In the eventuality of a breach, security prevention platforms should not only have some level of native automation and intelligence, but should also integrate with third-party solutions to shorten containment time and accelerate incident response. Enterprise customers are demanding integration capabilities between all security vendors to improve endpoint visibility, limit false positives, and contain compromised or vulnerable endpoints, with or without an agent, in real-time. In essence, this is about bridging the gap between the SOC and the NOC by automating functions that are handled manually as it crosses silos of information. The adversaries are employing automation and intelligence in the attacks – so it’s imperative for an organization to deploy some level of automated threat response to counter the adversaries.
We garnered great insight from various sessions and cyber security topics discussed at Ignite 2016, and are already looking forward to participating in Ignite 2017 in Vancouver, BC.