It’s not often a company has an opportunity to disrupt an entire industry…. twice. When we introduced the first next-generation firewall back in 2007 we set out on a path to redefine the network security market. Today, over 19,000 organizations rely on Palo Alto Networks to protect their networks against the most sophisticated, targeted attacks.
We take our responsibility to those organizations very seriously, and today we’re announcing an important next step: Advanced Endpoint Protection. If we’ve learned anything from the recent round of breaches, it’s that endpoints remain highly vulnerable to attacks. Even the most advanced network security architectures can’t protect against every threat vector. And legacy endpoint security approaches that rely on prior knowledge of the threat, or active scanning, are simply ill equipped to protect organizations from this new era of attacks.
Today marks the official launch of Traps, an Advanced Endpoint Protection solution that truly tears the covers off traditional approaches and exposes them for what they are: misguided attempts at addressing a very real problem. This isn’t just a product launch. This is the beginning of a new market: a market defined by its ability to turn the tides and rebuild lost confidence, and a market grounded on the principle that attacks can be prevented.
This new Advanced Endpoint Protection market will be defined by solutions that can deliver on the following: …Continue reading
Almost all UTMs or so-called next-generation firewalls have URL filtering capability, but they are not well integrated enough to utilize URL categories in a security policy. By taking advantage of URL categories, you will gain granular control of your network.
If you are unfamiliar with how to use URL categories in your security policy, the following tips can help. These tips provide you with powerful ways to protect your network and improve your bandwidth efficiency.
First, after logging into your Palo Alto Networks Next-Generation Firewall, click the “Policies” tab. Then, in the list of options on the left, click “Security.”
A “URL Category” column will appear (Figure 1).
Figure 1: URL Category in the security policy. …Continue reading
Session Traversal Utilities for NAT (STUN) is a network protocol with standardized methods that enables an internal network address space host employing Network Address Translation (NAT) to determine its Internet-facing/public IP address.
STUN has several legitimate uses, including enablement of NAT traversal for voice over IP (VOIP), messaging, video, and other IP-based interactive communication. As an example, Palo Alto Networks wrote a blog post back in 2010 covering how STUN works with VOIP. The standard ports for STUN include 3478 for TCP and UDP, as well as 5349 for TLS. In the information security tradition of turning things on their side and looking for interesting findings, this post focuses on the misuse of STUN by malware and associated trending.
The impetus for closer inspection of malware’s use of this protocol was a Stop Malvertising report on Dyreza, which noted how the banking trojan employed STUN to determine an infected host’s public IP behind a NAT. While the variant analyzed included a fallback mechanism of reaching out to icanhazip.com in the event STUN didn’t work, its inclusion of STUN functionality still caught our attention.
To start our investigation we searched the Palo Alto Networks WildFire platform for samples flagged as malware that had communicated with the STUN servers listed in the Stop Malvertising report: …Continue reading