Palo Alto Networks Redefines Detection and Response with Cortex XDR 2.0

Cortex XDR extended to third-party data sources with a new unified platform experience for best-in-class prevention, detection, investigation and response

Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, introduced Cortex XDR™ 2.0 — an advancement of the industry’s only detection and response platform that runs on fully integrated endpoint, network and cloud data. As the market’s first and leading XDR product, Cortex XDR 2.0 continues to extend the category definition with the addition of third-party data for analytics and investigations, while unifying prevention, detection, investigation and response in one platform experience for unrivaled security and operational efficiency.

“With Cortex XDR, we set out to eliminate the blind spots created by disjointed products and help organisations stop the most sophisticated attacks through deep analytics and enhanced visibility. In nine months, we’ve enabled organisations to reduce alert volumes by 50X and speed investigation time by 8X, ultimately filtering out the noise and allowing analysts to focus on the most critical threats,” said Lee Klarich, chief product officer at Palo Alto Networks. “With the addition of third-party data, a unified platform experience and new endpoint security improvements in Cortex XDR 2.0, we are further enhancing the power of the Cortex XDR platform and extending its prevention, detection, investigation and response capabilities across the customer’s entire environment.”

Palo Alto Networks unveiled significant platform advancements that help organisations defend their enterprise with unrivaled data and deep analytics:

  • Open to third-party data: Cortex XDR’s patented behavioral analytics capabilities have been extended to logs collected from third-party firewalls, enabling detection across multi-vendor environments while integrating third-party firewall alerts into a unified incident view.
  • Seamless platform experience: Prevention, detection, investigation and response capabilities have been unified into a single platform, with a complete rebuild of the Traps™ management service into Cortex XDR. The new management console has end-to-end support for all capabilities previously part of Traps and Cortex XDR, spanning endpoint policy management, security events review and endpoint log analysis melded with detection, investigation and response.
  • AI-driven malware prevention: Cortex XDR’s new machine learning-driven local analysis engine is customised for continuous learning and prevention. Powered by the world’s most expansive training set from WildFire®, the engine delivers the industry’s highest malware detection rates and includes a unique agile framework for rapid model updates to stay ahead of attackers’ evolving techniques.
  • New device control capability: The new Device Control module, the first in a series of new endpoint protection platform modules, will give organisations granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices.

Customer and Analyst Quotes

  • “As a small team, we desperately needed a tool that filtered through all the noise to help us scale,” said Ryan Kramer, enterprise network architect for the State of North Dakota. “What we’re seeing with Cortex XDR is exactly that. It’s helping us filter out irrelevant alerts and other noise while elevating critical alerts that give us new threat intelligence we didn’t have before.”
  • “A major contributing factor in the speed of threat detection and response is the amount of time it takes to assemble alert and activity data from endpoint, network, cloud and other security controls, which are traditionally spread across various point products,” said Dave Gruber, senior analyst for the Enterprise Strategy Group. “An XDR approach automates this process, correlating the data in one place to give analysts immediate context to understand the scope of the attack and drive faster investigation and remediation.”

Cortex™ is the industry’s most comprehensive product suite for security operations, empowering enterprises with best-in-class detection, investigation, automation and response capabilities. To learn how to move security operations forward, please join us for a live discussion on December 10, 2019.

Availability

Cortex XDR 2.0 will be available in December. Cortex XDR third-party logs and alert ingestion are available for select third-party products now. For more information, please visit https://www.paloaltonetworks.com/cortex/cortex-xdr.

About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organisations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organisations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Cortex, Cortex XDR, Traps, WildFire and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks Delivers the Industry’s Most Comprehensive Secure Access Service Edge

Extends Prisma Access with new SD-WAN and DLP capabilities

Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, has announced new cloud-delivered software-defined wide area network (SD-WAN) and data loss prevention (DLP) capabilities in Prisma™ Access, the industry’s most comprehensive secure access service edge (SASE) platform. As a complete SASE solution, Prisma Access delivers end-to-end networking and security services from a globally distributed cloud platform.

Adoption of cloud technology and increased user mobility have fundamentally changed the way that network and security infrastructure must be built. The emerging SASE model addresses limitations of traditional architectures by converging networking and security in the cloud. According to Gartner, “Enterprise demand for cloud-based SASE capabilities, and market competition and consolidation, will redefine enterprise network and network security architectures and reshape the competitive landscape”

“As applications are increasingly delivered from the cloud and users become more mobile, organisations are being forced to rethink the way they deploy networking and security,” said Lee Klarich, chief product officer at Palo Alto Networks. “To connect and secure organisations now and in the future, we believe that networking and security must converge in the cloud. Unlike traditional approaches to SD-WAN that compromise on security, add complexity and deliver unpredictable performance when users are accessing cloud applications, Prisma Access delivers a simple, secure and high-performance SD-WAN fabric from the cloud.”

Leading companies already rely on Prisma Access for its consistent delivery of comprehensive networking and security services, including IPsec VPN, SSL VPN, cloud-delivered malware analysis, DNS Security, and URL filtering capabilities. Prisma Access also provides inline SaaS application visibility and control and integrates with Prisma SaaS for API-based protection, delivering a complete multi-mode CASB.

With the introduction of new SD-WAN features and a DLP service, Palo Alto Networks is both enhancing the Prisma Access platform and extending its industry-leading SASE capabilities:

  • New Prisma Access SD-WAN service: Traditional approaches to SD-WAN expose organisations to security risks, deliver unreliable end-to-end performance and increase network complexity. With this release, Palo Alto Networks is delivering a simple, reliable and secure end-to-end SD-WAN infrastructure, with Prisma Access operating as the cloud-based SD-WAN hub and next-generation firewalls operating as the SD-WAN appliances in the branch.
  • New cloud-based management user interface: Existing Palo Alto Networks customers have enjoyed the ability to manage Prisma Access from their familiar Panorama™ management console, which enables consistent security policy to be applied across physical and virtual firewalls, as well as the cloud. For customers born in the cloud, Palo Alto Networks is introducing a reimagined workflow-based interface, delivered as a service from the cloud, to simplify the process of configuring and managing SASE.
  • New SaaS service-level agreements: As organisations adopt cloud-based services, service-level agreements are essential in defining a service provider’s commitment to critical areas like performance, availability, security and more. Prisma Access is the only cloud-delivered SASE offering that guarantees the performance of SaaS application access, extending the existing uptime and security processing performance SLAs.
  • New advanced DLP service: Ensuring comprehensive data protection and governance is an essential capability of any SASE solution. The new advanced DLP service for Prisma Access helps mitigate the risk of data exfiltration and non-compliance by discovering, monitoring and protecting sensitive data. The new DLP engine will initially support Prisma Access and Prisma SaaS to detect data in motion over the network and at rest in public cloud storage locations. The service will become available across all Palo Alto Networks products in the future, enabling consistent data protection across the enterprise.

*Gartner, The Future of Network Security Is in the Cloud, 30 August 2019

Customer quotes

  • “For the past few years, we’ve relied on Prisma Access to transform the way we connect and secure our mobile users,” said Josh Dye, senior vice president of Global Information Security at Jefferies. “We are excited to see Palo Alto Networks take Prisma Access to the next level with the introduction of SD-WAN and the other new capabilities. We believe Prisma Access is now the most complete secure access service edge offering we have seen in the market.”
  • “Palo Alto Networks has enabled Moody’s to transform into dynamic global enterprise, leveraging public cloud and SaaS-based services to accelerate our business objectives,” said George Kurian, senior vice president of Cybersecurity Services at Moody’s. “The secure access service edge delivered by Prisma Access has been key to our cloud transformation, allowing us to provide secure access to our public cloud and SaaS services to all of our users, regardless of location. With Prisma Access, we can now stand up branch locations immediately and integrate them into our corporate network overnight, at a fraction of the previous cost.”

Prisma is the industry’s most complete cloud security offering for today and tomorrow. It provides unprecedented visibility into data, assets and risks in the cloud; consistently secures access, data and applications without compromises; enables speed and agility as organisations embrace the cloud; and reduces operational complexity and cost with a radically simple architecture. For more information, please visit www.paloaltonetworks.com/prisma.

Availability
Prisma Access, SD-WAN, cloud-based management UI and new SaaS SLAs are available now. DLP is available for evaluation. For more information, please visit https://www.paloaltonetworks.com/prisma/access.

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organisations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organisations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Prisma, Panorama and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

More than half of Australian Enterprises Have Misplaced Confidence in their Cloud Service Providers’ Security

SYDNEY, Australia – Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, released a report that uncovers the truth about the state of cloud security among large enterprises across Asia-Pacific including Australia, with many cases where perception doesn’t match the reality when it comes to securing the cloud.

Conducted by Ovum Research, the report shows that large enterprises, defined as those with more than 200 employees, are not prepared for cloud-related cybersecurity threats, and more importantly, make the assumption that public cloud is secure by default. In fact, 56 per cent of security decision-makers in large Australian enterprises believe that security provided by their cloud service providers is sufficient to protect them from cloud-based cyber threats.

“Organisations need to recognise that cloud security is a shared responsibility,” said Sean Duca, vice president and regional chief security officer, Asia-Pacific and Japan at Palo Alto Networks. “While cloud providers are responsible for the security of their infrastructure, the onus is on companies themselves to secure their data and applications stored in that infrastructure.”

Large Organisations Have Many Security Tools, but Lack a Unified View of Security

Among the Australian companies surveyed, 52 per cent operate with more than 10 security tools to secure their cloud. However, having numerous security tools creates a fragmented security posture, adding further complexity to managing security, especially if the companies are operating in a multi-cloud environment. The multi-cloud approach creates a dangerous lack of visibility that is prevalent in 69 per cent of large organisations in Australia, according to Ovum.

The report highlights the ubiquity of multi-cloud deployments in large organisations that calls for a unified view of all cloud-native services, and recommends it is ideal for organisations to have a central console that uses technologies such as artificial intelligence to help prevent known and unknown malware threats, and quickly remediate accidental data exposure when it arises.

Large Organisations Lack Cloud Security Audits and Training

The need for automation is further underscored by the study, which revealed that large enterprises do not have enough time and resources to dedicate to cloud security audits and training.

87 per cent of organisations have either never conducted a security audit or do not do it on a yearly basis. Furthermore, more than quarter of audits do not include cloud assets and 79 per cent of organisations conduct internal audits only. Besides audits, there is also inadequate cloud security training for both IT and non-IT staff. More than two thirds (68 per cent) of Australian organisations do not provide cybersecurity training to IT security employees on a yearly basis. It is, therefore, not surprising that staff outside of IT departments receive even less training – 86 per cent of non-IT professionals do not receive cybersecurity training on a yearly basis.

Despite organisations’ inability to provide more frequent audits and security training for IT teams and employees, it is encouraging to see 37 per cent of Australian organisations surveyed use threat intelligence and analytics to identify new threats and take necessary action. A further 16 per cent of Australian organisations have also equipped themselves with real-time threat monitoring capabilities.

In order to be truly secure in cloud environments, it is pertinent for organisations in Asia-Pacific to be cognisant of cloud security best practices, which include:

  • Building security into the cloud environment from the get-go; security should be an enabler to accelerate cloud adoption.
  • Developing consistent security policies across all types of cloud deployments, which can be implemented properly through the help of tools that provide a unified view of all cloud assets and the threats they face.
  • Allowing for frictionless deployment and easy scalability in multi-cloud environments, bridging the gap between highly controlled security teams and highly agile development teams.
  • Increasing audits and training for employees, both IT and non-IT.
  • Automating threat intelligence with natively integrated, data-driven, analytics-based approaches (leveraging machine learning/artificial intelligence) to avoid human error.

Learn More

  • The Asia-Pacific Cloud Security Study’ report features analysis and best practices that can be implemented to help companies in Asia-Pacific protect themselves from cloud-based threats.

Note to Editors

The survey was conducted amongst 500 respondents from various vertical industries of large businesses with over 200 employees across five countries in Asia-Pacific. There were 100 respondents per country in Australia, China, Hong Kong, India and Singapore.

The companies surveyed needed to have 200+ employees and all had to be using public cloud as a minimum. The respondents to the survey ranged from owners to business directors and C-level executives, all of whom had to be either the final decision-maker or influencer when it came to the organisations’ cloud strategy.

For more information on Palo Alto Networks cloud security offerings, visit https://www.paloaltonetworks.com/cloud-security.

###

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks introduces Demisto v5.0

Reimagined features deliver customisable and scalable security enhancements

 

Palo Alto Networks has announced new enhancements to its comprehensive Security Orchestration, Automation, and Response (SOAR) platform, Demisto. Demisto v5.0 enables security analysts to tailor the way they visualise incident and indicator flows, allowing security teams to better manage and automate incident response.

 

Key updates to Demisto v5.0 include:

  •  Reimagined User Interface
    •  Brand new UI that streamlines global navigation while also enhancing the delivery of information within each incident
  • Enhanced Threat Intelligence
    • Access rich indicator intelligence from integrated sources and take action in a scalable manner
  • Database Scaling
    • Install the Demisto app server and databases on separate machines. Multi-tier configurations let you scale your environment and manage resources efficiently
  • SOAR on the fly
    • Introduction of chat support in the mobile application, letting you update relevant stakeholders on-the-go and ability to manage notifications from the web app, choosing to receive updates on email, Slack, Mattermost, or the mobile app

 

Rishi Bhargava, VP Product Strategy, Demisto, a Palo Alto Networks company comments: “Demisto v5.0 is packed with new features suggested to us by our community of customers, partners, and independent users. We’ve also introduced changes that facilitate improved load management and scaling of resources, ensuring that organisations are secure irrespective of the pace at which they grow.

“Back in 2015 we recognised that security teams wilt under dual pressures every day: an ever-increasing volume of security alerts, and insufficient resources to address these alerts. Over the past four years, our customers have seen us as the only platform that has combined security orchestration, incident management, and real-time collaboration to make their lives easier. Automating as much as possible hands time back to security teams to investigate, learn and improve, and sometimes just take a deep breath. Since joining forces with Palo Alto Networks, we have accelerated our go-to-market and made inroads into use cases outside of traditional security operations.”

Demisto v5.0 is available today for both enterprise customers and community users. For more information, please visit https://blog.paloaltonetworks.com/2019/10/cortex-demisto-v5-soar/.

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit https://www.paloaltonetworks.com

Palo Alto Networks, Demisto, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

SOURCE Palo Alto Networks, Inc.

Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub

Sydney, Australia – Cybersecurity solutions provider Palo Alto Networks has announced the integration of RedLock and VM-Series for AWS Security Hub, a new security service from Amazon Web Services.

Palo Alto Networks helps organisations move their applications and data to AWS with inline, API-based and host-based protection technologies that work together to minimise risk of data loss and business disruption.

Building on native AWS security capabilities, these protection technologies integrate into the cloud application development lifecycle, making cloud security frictionless for development, security and compliance teams.

AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status by aggregating, organising and prioritising alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from other APN security offerings.

The findings are then visually summarised on integrated dashboards with actionable graphs and tables.

Customers can use these collaborative efforts to help verify that their applications and data are secure.

  • RedLock integration: RedLock by Palo Alto Networks further protects AWS deployments with cloud security analytics, advanced threat detection and compliance monitoring. RedLock continuously collects and correlates log data and configuration information from AWS Config, AWS CloudTrail, Amazon Virtual Private Cloud (Amazon VPC) flow logs, AWS Inspector and Amazon GuardDuty to uncover and send security and compliance alerts to the AWS Security Hub console. The RedLock integration with AWS Security Hub provides additional context and centralised visibility into cloud security risks, allowing customers to gain actionable insights, identify cloud threats, reduce risk and remediate incidents, without impeding DevOps.

 

  • VM-Series integration: The VM-Series next-generation firewall complements AWS security groups by first reducing the attack surface through application control policies, and then preventing threats and data exfiltration within allowed traffic. The VM-Series integration with AWS Security Hub uses an AWS Lambda function to collect threat intelligence and send it to the firewall as an automatic security policy update that blocks malicious activity. As the IP address information changes, the security policy is updated without administrative intervention.

Palo Alto Networks public cloud security products and engineering senior vice president Varun Badhwar says, “The Palo Alto Networks product integrations help customers verify that their users, applications, and data are secure through a single pane of glass.

“The RedLock integration allows customers to monitor advanced threats due to common cloud misconfigurations, stolen credentials, and malicious user and network activities, while the VM-Series integration automates policies to block malicious activity.”

“With more businesses moving to the cloud, it’s critical that the alert data they receive provides them with actionable insights to successfully combat cyber attacks.”

New Zealand utility bolsters security posture, cost savings, and productivity gains with Palo Alto Networks

Paloalto LogoPalo Alto Networks® (NYSE: PANW), the next-generation security company, announced that The Lines Company Ltd, which owns and operates an electricity distribution network on the North Island of New Zealand, moved to the Palo Alto Networks Next-Generation Security Platform as part of a comprehensive revitalisation of its IT infrastructure. The Lines Company’s previous environment relied on firewalls that were complex to manage and failed to protect the utility from today’s cyberthreats. The decision to use Palo Alto Networks slashed network bandwidth consumption by 40 percent, improved IT staff productivity, and helped the company to avoid $50,000 in software upgrades.

Palo Alto Networks gives The Lines Company a completely different approach to network security. Within the previous environment, more than 100 security infections were discovered during a proof-of-concept deployment, requiring over 200 hours in staff time to remediate. URL Filtering from Palo Alto Networks reduced network bandwidth consumption by 40 percent. The Lines Company also streamlined rules management using App-ID™ and User-ID™ technologies, shaving the number of rules it manages by 30 percent.

QUOTE

  • “The visibility we have with the Palo Alto Networks Next-Generation Security Platform is amazing. We have virtually eliminated security infections. Our security risk posture is ten fold what it was before we migrated to Palo Alto Networks. A combination of a great product coupled with an effective businesss partner, Network Service Providers, has allowed TLC to realize significant security and operational gains. ” – Andy Simpson, Head of Information Technology, The Lines Company Ltd

Two Palo Alto Networks next-generation firewalls were placed in a redundant configuration in The Lines Company’s two data centres to allow for high availability services to critical 0800 phone services and user services. The company’s SCADA network is also protected by separate Palo Alto Networks next-generation firewalls. The Next-Generation Security Platform includes Threat Prevention for inspecting and stopping cyberthreats that move laterally across the networks, and Palo Alto Networks WildFire,™ a cloud-based threat analysis service. It also provides URL Filtering (PAN-DB) that keeps protections synchronized across the attack lifecycle with the latest threat intelligence on phishing and malware sites. Additionally, the technology includes GlobalProtect™ network security for endpoints that protects the mobile workforce against cyberattacks, evasive application traffic, malicious websites, command-and-control traffic, and both known and unknown threats.

About The Lines Company

The Lines Company owns and operates the electricity distribution network in the King Country region of New Zealand’s North Island. The distribution area covers 13,700 km2 and is one of the largest network areas in New Zealand with no major urban centre. This makes TLC a specialist in providing power to out of the way places, from the iron sands of the west coast to the highest points in the North Island of New Zealand (the Turoa and Whakapapa skifields on Mount Ruapehu). As well as keeping power flowing to homes and businesses in the region TLC also provide a full range of electrical contracting service. Several hydro generation schemes are also owned and operated by TLC.

About Palo Alto Networks

Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organisations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organisation’s most valuable assets. Find out more at www.paloaltonetworks.com.

Palo Alto Networks, WildFire, Traps, Panorama, GlobalProtect and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks research shows new twist on old cyberattack method targeting mobile devices

Paloalto LogoPalo Alto Networks® (NYSE: PANW), the next-generation security company, today revealed details of a new “BackStab” attack used to steal private information from mobile device backup files stored on a victim’s computer. A white paper from the company’s Unit 42 threat intelligence team explains how cyberattackers are using malware to remotely infiltrate computers and execute BackStab attacks in an unprecedented fashion.

Used to capture text messages, photos, geographic location data, and almost any other type of information stored on a mobile device in their possession, BackStab has been employed by law enforcement and cyberattackers alike. The Unit 42 white paper shows how BackStab attacks have evolved to leverage malware for remote access and why Apple® iOS devices have been a primary target for attacks, as the default settings in iTunes® store unencrypted backup files in fixed locations and automatically sync devices when they are connected to a user’s computer.

Quote

“Cybersecurity teams must realise, just because an attack technique is well-known, that doesn’t mean it’s no longer a threat. While conducting our research into BackStab attacks, we gathered over 600 malware samples from 30 countries around the world that were used to conduct remote BackStab attacks.”

–          Ryan Olson, director of threat intelligence, Unit 42, Palo Alto Networks

Recommendations

  • iOS users should encrypt their local backups or use the iCloud backup system and choose a secure password.
  • Users should upgrade iOS devices to the latest version, which creates encrypted backups by default.
  • When connecting an iOS device to an untrusted computer or charger via a USB cable, users should not click the “Trust” button when the dialogue box is displayed.

Download the white paper at:

https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html

Subscribe to Unit 42 research updates at

http://researchcenter.paloaltonetworks.com/unit42/

Learn more about Unit 42, the Palo Alto Networks threat intelligence team, at https://www.paloaltonetworks.com/threat-research.html

###

About Palo Alto Networks

Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide.  Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets.  Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks appoints Sean Duca as Vice President & Regional Chief Security Officer for Asia Pacific

June 16, 2015Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, has announced the appointment of Sean Duca as Vice President & Regional Chief Security Officer (CSO) for Asia Pacific.

Duca, who is based in Sydney, Australia, will be responsible for the development of threat intelligence security best practices and thought leadership for Palo Alto Networks in the region. This includes strengthening security initiatives and maintaining good channels of communications and support for Palo Alto Networks’ customers across Asia Pacific. Sean also will be a key addition to the Palo Alto Networks Threat Intelligence team, Unit 42, actively contributing to an APAC perspective on the latest findings of cyber threats.

With more than 17 years of experience in the IT security space, Duca is widely recognised as a thought leader in the technology industry. He has provided expert guidance and advice to the Australian government around online safety issues, and on cybersecurity matters to the public and private sector within Asia Pacific.

QUOTES:

· “I am delighted to welcome Sean to Palo Alto Networks. Sean is recognised as a trusted advisor in the IT security space and has extensive knowledge on threat intelligence and security best practices within Asia Pacific. With his wealth of experience and knowledge, Sean will be an excellent addition to the team, helping to further bolster our position in the Asia Pacific market and better serve the growing needs of enterprises across various industries in the region.”
– Rick Howard, Chief Security Officer, Palo Alto Networks

· “Palo Alto Networks is a disruptive player in the Asia Pacific enterprise security market, being acknowledged as a trailblazer by analyst houses and industry experts and owing much of its momentum to its unique and innovative next-generation security platform. I look forward to helping further strengthen Palo Alto Networks’ position as a leader in the region by engaging directly with customers and industry organisations about today’s cybersecurity challenges, threat intelligence and related topics.”
– Sean Duca, Vice President & Regional Chief Security Officer (CSO) for Asia Pacific.

Prior to joining Palo Alto Networks, Duca spent 15 years with Intel Security, most recently as the company’s Chief Technology Officer for Asia Pacific. In this role he was responsible for improving and driving the company’s solution strategy and technology vision and steered the development of Intel Security’s reference architectures in close collaboration with customers and partners across the region. Prior to this, Duca held managerial roles at the company with a focus on technology management and sales engineering. Before Intel Security, he was involved in software development, technical support and consulting services for a range of Internet security solutions.

 

About Palo Alto Networks
Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks reveals discovery of unprecedented iOS and OS X malware

Research spotlights new malware family distributed through trojanised and repackaged Apple OS applications

Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, has announced discovery of a new family of Apple OS X and iOS malware exhibiting characteristics unseen in any previously documented threats targeting Apple platforms. This new family, dubbed WireLurker, marks a new era in malware across Apple’s desktop and mobile platforms, representing a potential threat to businesses, governments and Apple customers worldwide.

Among its defining characteristics, WireLurker represents:

  • the first known malware family that can infect installed iOS applications similar to how a traditional virus would
  • the first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning
  • only the second known malware family that attacks iOS devices through OS X via USB
  • the first malware family to automate generation of malicious iOS applications through binary file replacement.

WireLurker malware was discovered by Claud Xiao of Unit 42, the Palo Alto Networks threat intelligence team, and detailed in a report, “WireLurker: A New Era in OS X and iOS Malware.”

Continue reading “Palo Alto Networks reveals discovery of unprecedented iOS and OS X malware”

Palo Alto Networks expands global distribution agreement with Westcon Group

Premier value-added distribution network to provide worldwide push for industry’s fastest-growing enterprise security platform

August 29, 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, and Westcon Group, the value-added distributor of security, unified communications, network infrastructure, and data centre solutions, has announced that the companies have expanded their global distribution agreement. The deal opens up new markets throughout the world for the industry’s fastest-growing enterprise security platform, empowering resellers using highly integrated global distribution capabilities.

Palo Alto Networks and Westcon Group have held regional distribution relationships for several years. As teams and processes align at a global level, the companies will soon do business in more than 40 countries. Over the next few years, Palo Alto Networks and Westcon Group will invest in every theatre to take advantage of shared momentum, providing resellers access to a full technology ecosystem and more efficient global business operations.

Quotes:

 · “Palo Alto Networks has been an important partner in our Security Practice,” said Dolph Westerbos, Chief Executive Officer, Westcon Group. “Unifying our relationship globally just makes sense. This provides our reseller and service provider partners with a broader and more consistent security portfolio around the world, and leverages Westcon’s technical and market expertise to drive new revenue.”

· “For years, Westcon Group has been a valuable ally to Palo Alto Networks,” said Mark McLaughlin, Chairman and Chief Executive Officer, Palo Alto Networks. “We are pleased to have now a major worldwide distribution partner committed to shared success in a global market hungry for a true next-generation enterprise security platform.”

For more:

· read about today’s announcement on the Palo Alto Networks partners blog

· visit Palo Alto Networks at www.paloaltonetworks.com

· visit Westcon Group at www.westcongroup.com

· visit Westcon Group on Facebook and LinkedIn.

 

ABOUT WESTCON GROUP
Westcon Group, Inc. is the value-added distributor of security, unified communications, network infrastructure, and data centre solutions. The company’s teams create unique programs and provide exceptional support to accelerate the business of its global partners. Strong relationships at every level of the Westcon Group organisation enable partners to receive support tailored to their needs. From global logistics and flexible customised financing solutions to pre-sales, technical and engineering assistance, the company works with partners to respond with agility and speed to changing market conditions so they can achieve the fastest time to revenue. Westcon Group’s portfolio of market-leading vendors includes: Cisco, Avaya, Polycom, Check Point, F5, Blue Coat and Palo Alto. For more information, please visit www.westcongroup.com.

ABOUT PALO ALTO NETWORKS

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com.

 

Home