Fortinet appoints Glenn Maiden as director of threat intelligence, FortiGuard Labs Australia and New Zealand

Fortinet has appointed Glenn Maiden as director of threat intelligence at FortiGuard Labs Australia and New Zealand. Glenn’s role will focus on threat intelligence sharing to help Australian and New Zealand organisations protect themselves from current and emerging threats.  

With a strong background in defence, intelligence, security and federal government, Glenn has led a wide variety of cybersecurity activities including penetration testingsystems engineering as well as risk assessments and cyber operations. While in the Australian Intelligence Community (AIC), Glenn supported intelligence collection, processing and reporting.  

Glenn has also held roles with the Australian Taxation Office (ATO), where he was the agency’s cybersecurity advisor, and with Lockheed Martin, where he ran cyberoperations for the organisation’s Defence Centralised Processing project. Prior to joining Fortinet, Glenn worked at Cisco, where he ran a national-level program to raise Australia’s overall cyber posture. His focus was on accelerating Australian cybersecurity education and building effective partnerships to realise mutual success.  

At FortiGuard Labs, Glenn will head up threat intelligence operations for Australia and New Zealand. FortiGuard Labs builds the security intelligence that underpins advanced security technologies like artificial intelligence, antivirus, intrusion prevention, and email and web security.  

Glenn Maiden, director of threat intelligence, FortiGuard Labs, said, “Threat intelligence sharing is a crucial aspect of minimising the harm caused by cybersecurity breaches in Australian and New Zealand organisations. Effective threat intelligence sharing can help cybersecurity professionals take a more strategic and proactive approach to protecting their organisations. This can help overcome challenges posed by skills shortages and disparate cybersecurity postures characterised by point solutions that create complexity.  

“By integrating threat intelligence into their cybersecurity posture, organisations can reduce their risk and optimise their security investments, focusing on the controls that will make a real difference.” 

FortiGuard Labs aims to help organisations move away from tactical, responsive approaches to cybersecurity towards a more integrated approach. With more than 200 dedicated researchers and analysts reviewing a constant stream of threat-related data, FortiGuard Labs takes the human cost out of trying to defend organisations’ networks.  

Glenn Maiden said, “Threat intelligence is an extraordinarily valuable tool in the fight against cybercriminals. It’s possible to point to any number of situations in which organisations have avoided significant damage and losses due to timely threat intelligence informing their response to attacks. When organisations have a plethora of point solutions in place, it becomes more difficult to integrate threat intelligence into the cybersecurity ecosystem. It’s important to choose cybersecurity solutions that incorporate a security fabric that extends across the business and leverages threat intelligence for a more effective defence.”  

-ENDS- 

About FortiGuard Labs
FortiGuard Labs is the global threat intelligence and research organisation at Fortinet. Its mission is to provide our customers with the global threat intelligence and contextualised analysis needed to protect them from malicious cyberattacks. To do so, FortiGuard Labs employs over 200 threat researchers and analysts in 31 countries around the world and utilises one of the most effective and proven artificial intelligence (AI) and machine learning (ML) systems in the industry. This platform analyses approximately 10 billion events every day to generate actionable threat intelligence updates for Fortinet products and to keep our customers up-to-date with the latest threat identification and protection information available. Additionally, FortiGuard Labs maintains an integrated threat intelligence ecosystem with over 200 security intelligence partnerships and collaborations. The combination of our industry-leading research and analyst team, innovative and proven AI and ML systems, and extensive security intelligence ecosystem enables Fortinet to provide the leading-edge detection and protection our customers and partners need. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs. 

 About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers our customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networked, application, multi-cloud, or edge environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 440,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning company, the Fortinet Network Security Expert (NSE) Institute has one of the largest and broadest cybersecurity training programs in the industry. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs 

Fortinet announces new Engage partner program

New program will recognise partner commitment to certifications and specialisations

Sydney —Fortinet has announced a fundamental change to its partner program globally, which will see partners recognised for their hard work and focus. The new partner program, called Fortinet Engage, is designed to better prepare Fortinet partners to effectively engage and succeed in today’s new security environment.

Jon McGettigan, regional director, Australia, New Zealand, and the Pacific Islands, Fortinet, said, “The changes to the partner program are in direct response to an evolving marketplace. The way security is positioned to end-customers needs to be tailored depending on their circumstances. And, security sales teams need to ensure their understanding of their customers’ environments is strong and comprehensive. This often requires ongoing training, education, and certification.

“Fortinet believes it’s important to recognise partners’ efforts to keep up with the new challenges and opportunities, and to help them more efficiently engage with their customers to establish and maintain brand loyalty.”

The new partner program replaces the old partner tiers with four levels of partner engagement:

  1. Advocate: entry-level partners who are interested in starting a partnership with Fortinet. This level of engagement has limited requirements but also limited benefits.
  2. Select: these partners cater to the small and medium business (SMB) market and are committed to delivering superior security solutions and services designed to meet the unique security concerns of smaller businesses.
  3. Advanced: able to handle a variety of implementation requirements, these partners have met staff certification standards combined with proven success at delivering the full spectrum of Fortinet solutions.
  4. Expert: this designation is reserved for proven Fortinet solution experts who demonstrate consistently high revenue and the delivery of the full spectrum of Fortinet solutions, and have a staff of highly trained and certified Fortinet experts who can manage the most complex customer deployments.

Partners will also be able to customise their Fortinet support to match their business model. There are three broad categories of business model:

  1. Integrators primarily sell on-premise solutions.
  2. Market Place partners are cloud-certified specialists who secure customers using a different consumption model.
  3. MSSP partners sell managed services.

Partners can receive specialised support for any of these business models or in any combination of the three. Each of the four levels of engagement is available regardless of business model; however, the partner can only hold one level of engagement at a time.

In addition to level of engagement and business model, partners can select an area of specialisation to receive additional support and benefits. These specialisation areas include:

  • dynamic cloud
  • secure access and branch
  • secure SD-WAN
  • data centre.

Customised training, certifications, and programs are available for each of these specialisations and additional new specialisations, such as operational technology (OT), zero trust network access, and security operations, are slated for release in the future.

Aaron Bailey, chief information security officer, The Missing Link, said, “We’re excited to see the launch of Fortinet’s Engage partner program. Since 2013, The Missing Link has invested heavily in Fortinet training and certification to become a leading provider, and the results speak for themselves. Fortinet has consistently been one of our fastest-growing vendors, year after year. The granularity and specificity of this program lets partners choose which areas and capabilities they wish to specialise in. We look forward to continuing to invest in Fortinet to ensure The Missing Link can continue to provide the best level of service, innovation, and security to its clients.”

Jon McGettigan said, “The new Fortinet Engage partner program is designed to support and benefit partners to help them maximise their opportunities in the ways that make the most sense to them. By recognising specific levels and areas of specialisation for partners, it’s easier for our partners to get the support they require and for end-user customers to choose the partner they want to work with.

“Fortinet is about helping partners accelerate their growth and deliver market-leading security solutions to a broader range of customers. We look forward to continuing to work closely with our partners to develop strong relationships that drive revenue and opportunity.”

-END-

About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers our customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networked, application, multi-cloud or edge environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 440,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning company, the Fortinet Network Security Expert (NSE) Institute has one of the largest and broadest cybersecurity training programs in the industry. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Fortinet introduces self-learning artificial intelligence appliance for sub-second threat detection

 

FortiAI leverages Deep Neural Networks to automate threat detection and remediation, expanding Fortinet’s AI-driven security offerings

John Maddison, EVP of products and CMO at Fortinet, said, “Fortinet has invested heavily in FortiGuard Labs cloud-based AI-driven threat intelligence, allowing us to detect more threats, more quickly and more accurately. FortiAI takes the artificial intelligence knowledge from FortiGuard Labs and packages it specifically for on-premises deployments. This gives customers the power of FortiGuard Labs directly in their environment, with self-learning AI to identify, classify and investigate sophisticated threats in sub-seconds.”

News summary

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced FortiAI, a first-of-its-kind on-premises appliance that leverages self-learning Deep Neural Networks (DNN) to speed threat remediation and handle time consuming, manual security analyst tasks. FortiAI’s Virtual Security Analyst™ embeds one of the industry’s most mature cybersecurity artificial intelligence – developed by Fortinet’s FortiGuard Labs – directly into an organisation’s network to deliver sub-second detection of advanced threats.

Organisations face an uphill battle

Security architects confront many challenges when it comes to discovering and remediating threats, including:

  • Cybercriminals are becoming more sophisticated. While traditional cyber threats continue, sophistication of advanced attacks – often enabled by artificial intelligence, machine learning and open source communities – are increasing. As a result, organisations and their defenses are challenged to keep pace with threat evolution.
  • The attack surface is expanding. Millions of new applications, growing cloud adoption and the increase in connected devices are creating billions of edges that security teams need to properly protect and manage. Organisations are challenged to keep pace with the threat volume resulting from many potential entry points.
  • Security teams are constrained due to the cyber skills shortage. The cybersecurity industry faces a skills gap that has become a top emerging risk for organisations. There are not enough skilled professionals available to properly triage, investigate and respond to the growing number of threats – potential and actual – making it easier for cybercriminals to outpace legacy security processes and tools.

Self-learning AI adapts organisations’ threat protection

To address these challenges faced by security professionals today, Fortinet is unveiling FortiAI Virtual Security Analyst™ to accelerate threat remediation. FortiAI handles many of the time consuming, manual tasks currently expected of security professionals, preserving their time for higher value security functions. FortiAI’s self-learning capabilities continue to get smarter once deployed in an organisation’s network.

FortiAI leverages Deep Learning known as Deep Neural Networks, which mimic neurons in the human brain, to make complex decisions based on its scientific analysis of threats specific to the organisation where it is deployed. As FortiAI’s artificial intelligence continues to mature, organisations benefit from having FortiAI’s Virtual Security Analyst™ effectively transform and adapt threat protection.

FortiAI levels the playing field

Fortinet’s Deep Neural Networks (DNN) approach enables FortiAI to revolutionise threat protection by:

  • Automating time-consuming manual investigations to identify and classify threats in real time: Organisations using legacy security processes combined with limited security staff find it difficult to perform manual investigations for each threat alert. This creates additional risks including a data breach or security incident due to slow response time. To solve this, FortiAI automates investigations using DNN to identify the entire threat movement and uncover patient zero and all subsequent infections in a sub-second.
  • Transforming security processes for instant detection and remediation of attacks: FortiAI’s Virtual Security Analyst™ significantly reduces the time organisations are exposed to threats by scientifically analysing characteristics of threats and generating an accurate verdict to accelerate threat response.
  • Delivering tailored threat intelligence to significantly reduce false positives: False positives are a burden for security analysts to investigate and it is time consuming to determine threats versus non-threats. Through tailored threat intelligence, FortiAI learns new malware features as it adapts to new attacks instantaneously and reduces false positives.

On-premises protection for air gapped networks

Another key distinction of FortiAI is that it offers on-premises AI suitable for organisations that have air gapped networks. Operational technology environments, government agencies and some large enterprises must adhere to strict compliance regulations and/or security policies that limit their network’s connection to the internet. FortiAI with its self-learning AI model does not require internet connectivity to learn and mature, enabling organisations with closed environments or stringent security policies to stay ahead of threats.

Fortinet’s AI-driven technologies automate threat protection

Fortinet has a longstanding history of helping customers strengthen their security posture by leveraging artificial intelligence. Some of the existing Fortinet offerings and services, complemented by the new FortiAI, that leverage various forms of AI, such as least squares optimisation and Bayesian probability metrics, include:

  • FortiGuard Labs Threat Intelligence: FortiGuard Labs uses proven advanced AI and machine learning to gather and analyse over 100 billion security events every day. This threat intelligence produced by FortiGuard Labs is delivered to customers through its subscription services available for a range of Fortinet’s products, including the flagship FortiGate NGFWs. As a result, customers benefit from artificial intelligence deployed in global labs for faster threat prevention.
  • FortiSandbox: Fortinet is the first security vendor to introduce AI to sandboxing to automate breach protection. FortiSandbox includes two machine learning models to its static and dynamic analysis of zero-day threats, improving the detection of constantly evolving malware, such as ransomware and cryptojacking. Through the use of a universal security language to categorise malware, FortiSandbox also connects discussions between network and security teams, leading to more integrated and improved security operations.
  • FortiEDR: Fortinet’s FortiEDR uses machine learning to automate the endpoint protection against advanced threats with real time orchestrated incident response functionalities. Customers also benefit from more control of network, user and host activity within their environments.
  • FortiInsight: FortiInsight uses machine learning analytics to effectively monitor endpoints, data movements and user activities to detect unusual, malicious behaviour and policy violations attributed to insider risk.
  • FortiWeb: To better protect web applications and APIs, FortiWeb applies machine learning to tailor a unique defense for each application. As a result, FortiWeb can quickly block threats while minimising the false positives that may interfere with end user experience.
  • FortiSIEM: FortiSIEM leverages machine learning to recognise patterns in typical user behavior like location, time of day, devices used and specific servers accessed. FortiSIEM can then automatically notify security operations teams when anomalous activities occur, like concurrent logins from separate locations.

As cyber criminals look to exploit the expanding digital attack surface with sophisticated attacks, the breadth and depth of the Fortinet Security Fabric’s AI-driven technology provides customers with unparalleled threat prevention, detection and response that can be instant and automated.

Supporting quotes

“Deploying FortiSandbox to protect our organisation against zero-day threats was seamless through Fortinet’s Security Fabric platform. FortiSandbox secures our perimeter, client and mail servers, and ultimately is protecting our assets from advanced unknown threats. Leveraging FortiSandbox’s AI-driven capabilities has helped us keep pace with AI-driven threats, all while providing an easy and simplified way to configure and manage our security.” – Dario Palermo, System and Network Administrator at Ente Autonomo Volturno

Additional resources

About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers our customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networked, application, multi-cloud or edge environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 440,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning company, the Fortinet Network Security Expert (NSE) Institute has one of the largest and broadest cybersecurity training programs in the industry. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Copyright © 2020 Fortinet, Inc. All rights reserved. The symbols ® and denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiADC, FortiAP, FortiAppMonitor, FortiASIC, FortiAuthenticator, FortiBridge, FortiCache, FortiCamera, FortiCASB, FortiClient, FortiCloud, FortiConnect, FortiController, FortiConverter, FortiDB, FortiDDoS, FortiExplorer, FortiExtender, FortiFone, FortiCarrier, FortiHypervisor, FortiIsolator, FortiMail, FortiMonitor, FortiNAC, FortiPlanner, FortiPortal, FortiPresence , FortiProxy, FortiRecorder, FortiSandbox, FortiSIEM, FortiSwitch, FortiTester, FortiToken, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLCOS and FortiWLM.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialise or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.

Business enthusiasm over innovation and emerging tech tempered by cybersecurity and workforce concerns, new CompTIA report reveals

Businesses in Australia identify innovation as a top priority and are intrigued by the potential of emerging technologies, according to a new report from CompTIA, the leading trade association for the global information technology (IT) industry.

At the same time, concerns about cybersecurity readiness and the struggle to find enough workers with the right skills to meet their workforce needs add a measure of caution to their expectations and plans for 2020, CompTIA’s “International Trends in Technology and Workforce” finds.

The survey of business and technology professionals in Australia and 13 other countries identified business priorities for 2020, as well as perceptions of emerging technologies, cybersecurity, workforce skills, professional development strategies, and the future of work.

Tim Herbert, executive vice president for research and market intelligence, CompTIA, said, “The ingredients for innovation have never been more accessible, and tech hubs can now be found in nearly every corner of the globe. While the research points to momentum on many fronts, there remains much work to be done in helping businesses and workers navigate the path ahead.”

The business of technology

With global spending on hardware, software, services and telecom projected to reach nearly $5.2 trillion globally this year, with $93 billion in Australia alone, it’s evident that technology has a growing and integral role in business operations.(1)  95 per cent of Australian companies rate technology as a primary or secondary factor in reaching their business objectives.

The large majority of companies (87 per cent) turn to outside providers to assist with their technology requirements. Consulting and strategy services, cybersecurity, software development, web design and e-commerce and repair and maintenance are among the most common outsourced services. A majority of companies (62 per cent) also report that they get excellent or good return on investment (ROI) from their technology spending.

Emerging tech momentum builds

One half of Australian businesses have a positive view of emerging technology, while another 18 per cent take a middle-ground position, expressing equal parts excitement and trepidation. Both percentages are slightly lower than the global results (54 per cent mostly excitement, 21 per cent equal parts excitement and trepidation).

At the other end of the spectrum one in three Australian companies report mostly feelings of trepidation about emerging tech. Risk aversion, budget constraints and a lack of a clear business case are among the primary factors that are causing some organisations to take a go-slow approach.

Although still far from mainstream adoption, the emerging technologies with the highest rates of implementation globally are the Internet of Things and big data.

Cybersecurity disconnects

Nearly 7 in 10 firms describe their cybersecurity as completely or mostly satisfactory. This indicates much room for improvement, especially with the remainder describing their firms’ approach as simply adequate or inadequate. For many companies in Australia the perception that current cybersecurity efforts are “good enough” is the top challenge to devoting more attention and resources to the issue. A lack of understanding of new cybersecurity threats is another challenge for companies. Given the projected high growth rates for emerging technologies expected over the next several years, the need for businesses to re-evaluate their approaches to cybersecurity is even more apparent.

Workforce challenges

Skills gaps remain an ongoing challenge at most organisations, with 46 per cent of Australian firms reporting that situation has grown more challenging over the past two years. That’s the same percentage as the corresponding global result.

The research confirms the distinction between the generic use of the phrase “skills gap” and the more nuanced discussion of “workforce gaps” that encompass location, pay, soft skills, perceptions, innovation and more.

Interestingly, 18 per cent of Australian employers acknowledge that unrealistic expectations with skills and experience contribute to exaggerated perceptions of the skills gap. Another 53 per cent acknowledge it is somewhat of a factor.

CompTIA’s “International Trends in Technology and Workforce” report is the result of an online survey of 1,554 business and technology professionals in Australia, Brazil, Canada, China, India, Ireland, Japan, the Middle East (Oman, Saudi Arabia and United Arab Emirates), the Netherlands, Thailand, the United Kingdom, and the United States. The complete report, including country specific data, is available at https://www.comptia.org/content/research/international-trends-workforce-cybersecurity-emerging-tech.

-END-

About CompTIA

The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5.2 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce. Visit www.comptia.org to learn more.

References: 

(1) International Data Corporation (IDC), ICT Spending Forecast, https://www.idc.com/promo/global-ict-spending/forecast

Palo Alto Networks Redefines Detection and Response with Cortex XDR 2.0

Cortex XDR extended to third-party data sources with a new unified platform experience for best-in-class prevention, detection, investigation and response

Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, introduced Cortex XDR™ 2.0 — an advancement of the industry’s only detection and response platform that runs on fully integrated endpoint, network and cloud data. As the market’s first and leading XDR product, Cortex XDR 2.0 continues to extend the category definition with the addition of third-party data for analytics and investigations, while unifying prevention, detection, investigation and response in one platform experience for unrivaled security and operational efficiency.

“With Cortex XDR, we set out to eliminate the blind spots created by disjointed products and help organisations stop the most sophisticated attacks through deep analytics and enhanced visibility. In nine months, we’ve enabled organisations to reduce alert volumes by 50X and speed investigation time by 8X, ultimately filtering out the noise and allowing analysts to focus on the most critical threats,” said Lee Klarich, chief product officer at Palo Alto Networks. “With the addition of third-party data, a unified platform experience and new endpoint security improvements in Cortex XDR 2.0, we are further enhancing the power of the Cortex XDR platform and extending its prevention, detection, investigation and response capabilities across the customer’s entire environment.”

Palo Alto Networks unveiled significant platform advancements that help organisations defend their enterprise with unrivaled data and deep analytics:

  • Open to third-party data: Cortex XDR’s patented behavioral analytics capabilities have been extended to logs collected from third-party firewalls, enabling detection across multi-vendor environments while integrating third-party firewall alerts into a unified incident view.
  • Seamless platform experience: Prevention, detection, investigation and response capabilities have been unified into a single platform, with a complete rebuild of the Traps™ management service into Cortex XDR. The new management console has end-to-end support for all capabilities previously part of Traps and Cortex XDR, spanning endpoint policy management, security events review and endpoint log analysis melded with detection, investigation and response.
  • AI-driven malware prevention: Cortex XDR’s new machine learning-driven local analysis engine is customised for continuous learning and prevention. Powered by the world’s most expansive training set from WildFire®, the engine delivers the industry’s highest malware detection rates and includes a unique agile framework for rapid model updates to stay ahead of attackers’ evolving techniques.
  • New device control capability: The new Device Control module, the first in a series of new endpoint protection platform modules, will give organisations granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices.

Customer and Analyst Quotes

  • “As a small team, we desperately needed a tool that filtered through all the noise to help us scale,” said Ryan Kramer, enterprise network architect for the State of North Dakota. “What we’re seeing with Cortex XDR is exactly that. It’s helping us filter out irrelevant alerts and other noise while elevating critical alerts that give us new threat intelligence we didn’t have before.”
  • “A major contributing factor in the speed of threat detection and response is the amount of time it takes to assemble alert and activity data from endpoint, network, cloud and other security controls, which are traditionally spread across various point products,” said Dave Gruber, senior analyst for the Enterprise Strategy Group. “An XDR approach automates this process, correlating the data in one place to give analysts immediate context to understand the scope of the attack and drive faster investigation and remediation.”

Cortex™ is the industry’s most comprehensive product suite for security operations, empowering enterprises with best-in-class detection, investigation, automation and response capabilities. To learn how to move security operations forward, please join us for a live discussion on December 10, 2019.

Availability

Cortex XDR 2.0 will be available in December. Cortex XDR third-party logs and alert ingestion are available for select third-party products now. For more information, please visit https://www.paloaltonetworks.com/cortex/cortex-xdr.

About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organisations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organisations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Cortex, Cortex XDR, Traps, WildFire and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks Delivers the Industry’s Most Comprehensive Secure Access Service Edge

Extends Prisma Access with new SD-WAN and DLP capabilities

Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, has announced new cloud-delivered software-defined wide area network (SD-WAN) and data loss prevention (DLP) capabilities in Prisma™ Access, the industry’s most comprehensive secure access service edge (SASE) platform. As a complete SASE solution, Prisma Access delivers end-to-end networking and security services from a globally distributed cloud platform.

Adoption of cloud technology and increased user mobility have fundamentally changed the way that network and security infrastructure must be built. The emerging SASE model addresses limitations of traditional architectures by converging networking and security in the cloud. According to Gartner, “Enterprise demand for cloud-based SASE capabilities, and market competition and consolidation, will redefine enterprise network and network security architectures and reshape the competitive landscape”

“As applications are increasingly delivered from the cloud and users become more mobile, organisations are being forced to rethink the way they deploy networking and security,” said Lee Klarich, chief product officer at Palo Alto Networks. “To connect and secure organisations now and in the future, we believe that networking and security must converge in the cloud. Unlike traditional approaches to SD-WAN that compromise on security, add complexity and deliver unpredictable performance when users are accessing cloud applications, Prisma Access delivers a simple, secure and high-performance SD-WAN fabric from the cloud.”

Leading companies already rely on Prisma Access for its consistent delivery of comprehensive networking and security services, including IPsec VPN, SSL VPN, cloud-delivered malware analysis, DNS Security, and URL filtering capabilities. Prisma Access also provides inline SaaS application visibility and control and integrates with Prisma SaaS for API-based protection, delivering a complete multi-mode CASB.

With the introduction of new SD-WAN features and a DLP service, Palo Alto Networks is both enhancing the Prisma Access platform and extending its industry-leading SASE capabilities:

  • New Prisma Access SD-WAN service: Traditional approaches to SD-WAN expose organisations to security risks, deliver unreliable end-to-end performance and increase network complexity. With this release, Palo Alto Networks is delivering a simple, reliable and secure end-to-end SD-WAN infrastructure, with Prisma Access operating as the cloud-based SD-WAN hub and next-generation firewalls operating as the SD-WAN appliances in the branch.
  • New cloud-based management user interface: Existing Palo Alto Networks customers have enjoyed the ability to manage Prisma Access from their familiar Panorama™ management console, which enables consistent security policy to be applied across physical and virtual firewalls, as well as the cloud. For customers born in the cloud, Palo Alto Networks is introducing a reimagined workflow-based interface, delivered as a service from the cloud, to simplify the process of configuring and managing SASE.
  • New SaaS service-level agreements: As organisations adopt cloud-based services, service-level agreements are essential in defining a service provider’s commitment to critical areas like performance, availability, security and more. Prisma Access is the only cloud-delivered SASE offering that guarantees the performance of SaaS application access, extending the existing uptime and security processing performance SLAs.
  • New advanced DLP service: Ensuring comprehensive data protection and governance is an essential capability of any SASE solution. The new advanced DLP service for Prisma Access helps mitigate the risk of data exfiltration and non-compliance by discovering, monitoring and protecting sensitive data. The new DLP engine will initially support Prisma Access and Prisma SaaS to detect data in motion over the network and at rest in public cloud storage locations. The service will become available across all Palo Alto Networks products in the future, enabling consistent data protection across the enterprise.

*Gartner, The Future of Network Security Is in the Cloud, 30 August 2019

Customer quotes

  • “For the past few years, we’ve relied on Prisma Access to transform the way we connect and secure our mobile users,” said Josh Dye, senior vice president of Global Information Security at Jefferies. “We are excited to see Palo Alto Networks take Prisma Access to the next level with the introduction of SD-WAN and the other new capabilities. We believe Prisma Access is now the most complete secure access service edge offering we have seen in the market.”
  • “Palo Alto Networks has enabled Moody’s to transform into dynamic global enterprise, leveraging public cloud and SaaS-based services to accelerate our business objectives,” said George Kurian, senior vice president of Cybersecurity Services at Moody’s. “The secure access service edge delivered by Prisma Access has been key to our cloud transformation, allowing us to provide secure access to our public cloud and SaaS services to all of our users, regardless of location. With Prisma Access, we can now stand up branch locations immediately and integrate them into our corporate network overnight, at a fraction of the previous cost.”

Prisma is the industry’s most complete cloud security offering for today and tomorrow. It provides unprecedented visibility into data, assets and risks in the cloud; consistently secures access, data and applications without compromises; enables speed and agility as organisations embrace the cloud; and reduces operational complexity and cost with a radically simple architecture. For more information, please visit www.paloaltonetworks.com/prisma.

Availability
Prisma Access, SD-WAN, cloud-based management UI and new SaaS SLAs are available now. DLP is available for evaluation. For more information, please visit https://www.paloaltonetworks.com/prisma/access.

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organisations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organisations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Prisma, Panorama and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

More than half of Australian Enterprises Have Misplaced Confidence in their Cloud Service Providers’ Security

SYDNEY, Australia – Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, released a report that uncovers the truth about the state of cloud security among large enterprises across Asia-Pacific including Australia, with many cases where perception doesn’t match the reality when it comes to securing the cloud.

Conducted by Ovum Research, the report shows that large enterprises, defined as those with more than 200 employees, are not prepared for cloud-related cybersecurity threats, and more importantly, make the assumption that public cloud is secure by default. In fact, 56 per cent of security decision-makers in large Australian enterprises believe that security provided by their cloud service providers is sufficient to protect them from cloud-based cyber threats.

“Organisations need to recognise that cloud security is a shared responsibility,” said Sean Duca, vice president and regional chief security officer, Asia-Pacific and Japan at Palo Alto Networks. “While cloud providers are responsible for the security of their infrastructure, the onus is on companies themselves to secure their data and applications stored in that infrastructure.”

Large Organisations Have Many Security Tools, but Lack a Unified View of Security

Among the Australian companies surveyed, 52 per cent operate with more than 10 security tools to secure their cloud. However, having numerous security tools creates a fragmented security posture, adding further complexity to managing security, especially if the companies are operating in a multi-cloud environment. The multi-cloud approach creates a dangerous lack of visibility that is prevalent in 69 per cent of large organisations in Australia, according to Ovum.

The report highlights the ubiquity of multi-cloud deployments in large organisations that calls for a unified view of all cloud-native services, and recommends it is ideal for organisations to have a central console that uses technologies such as artificial intelligence to help prevent known and unknown malware threats, and quickly remediate accidental data exposure when it arises.

Large Organisations Lack Cloud Security Audits and Training

The need for automation is further underscored by the study, which revealed that large enterprises do not have enough time and resources to dedicate to cloud security audits and training.

87 per cent of organisations have either never conducted a security audit or do not do it on a yearly basis. Furthermore, more than quarter of audits do not include cloud assets and 79 per cent of organisations conduct internal audits only. Besides audits, there is also inadequate cloud security training for both IT and non-IT staff. More than two thirds (68 per cent) of Australian organisations do not provide cybersecurity training to IT security employees on a yearly basis. It is, therefore, not surprising that staff outside of IT departments receive even less training – 86 per cent of non-IT professionals do not receive cybersecurity training on a yearly basis.

Despite organisations’ inability to provide more frequent audits and security training for IT teams and employees, it is encouraging to see 37 per cent of Australian organisations surveyed use threat intelligence and analytics to identify new threats and take necessary action. A further 16 per cent of Australian organisations have also equipped themselves with real-time threat monitoring capabilities.

In order to be truly secure in cloud environments, it is pertinent for organisations in Asia-Pacific to be cognisant of cloud security best practices, which include:

  • Building security into the cloud environment from the get-go; security should be an enabler to accelerate cloud adoption.
  • Developing consistent security policies across all types of cloud deployments, which can be implemented properly through the help of tools that provide a unified view of all cloud assets and the threats they face.
  • Allowing for frictionless deployment and easy scalability in multi-cloud environments, bridging the gap between highly controlled security teams and highly agile development teams.
  • Increasing audits and training for employees, both IT and non-IT.
  • Automating threat intelligence with natively integrated, data-driven, analytics-based approaches (leveraging machine learning/artificial intelligence) to avoid human error.

Learn More

  • The Asia-Pacific Cloud Security Study’ report features analysis and best practices that can be implemented to help companies in Asia-Pacific protect themselves from cloud-based threats.

Note to Editors

The survey was conducted amongst 500 respondents from various vertical industries of large businesses with over 200 employees across five countries in Asia-Pacific. There were 100 respondents per country in Australia, China, Hong Kong, India and Singapore.

The companies surveyed needed to have 200+ employees and all had to be using public cloud as a minimum. The respondents to the survey ranged from owners to business directors and C-level executives, all of whom had to be either the final decision-maker or influencer when it came to the organisations’ cloud strategy.

For more information on Palo Alto Networks cloud security offerings, visit https://www.paloaltonetworks.com/cloud-security.

###

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks introduces Demisto v5.0

Reimagined features deliver customisable and scalable security enhancements

 

Palo Alto Networks has announced new enhancements to its comprehensive Security Orchestration, Automation, and Response (SOAR) platform, Demisto. Demisto v5.0 enables security analysts to tailor the way they visualise incident and indicator flows, allowing security teams to better manage and automate incident response.

 

Key updates to Demisto v5.0 include:

  •  Reimagined User Interface
    •  Brand new UI that streamlines global navigation while also enhancing the delivery of information within each incident
  • Enhanced Threat Intelligence
    • Access rich indicator intelligence from integrated sources and take action in a scalable manner
  • Database Scaling
    • Install the Demisto app server and databases on separate machines. Multi-tier configurations let you scale your environment and manage resources efficiently
  • SOAR on the fly
    • Introduction of chat support in the mobile application, letting you update relevant stakeholders on-the-go and ability to manage notifications from the web app, choosing to receive updates on email, Slack, Mattermost, or the mobile app

 

Rishi Bhargava, VP Product Strategy, Demisto, a Palo Alto Networks company comments: “Demisto v5.0 is packed with new features suggested to us by our community of customers, partners, and independent users. We’ve also introduced changes that facilitate improved load management and scaling of resources, ensuring that organisations are secure irrespective of the pace at which they grow.

“Back in 2015 we recognised that security teams wilt under dual pressures every day: an ever-increasing volume of security alerts, and insufficient resources to address these alerts. Over the past four years, our customers have seen us as the only platform that has combined security orchestration, incident management, and real-time collaboration to make their lives easier. Automating as much as possible hands time back to security teams to investigate, learn and improve, and sometimes just take a deep breath. Since joining forces with Palo Alto Networks, we have accelerated our go-to-market and made inroads into use cases outside of traditional security operations.”

Demisto v5.0 is available today for both enterprise customers and community users. For more information, please visit https://blog.paloaltonetworks.com/2019/10/cortex-demisto-v5-soar/.

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit https://www.paloaltonetworks.com

Palo Alto Networks, Demisto, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

SOURCE Palo Alto Networks, Inc.

Palo Alto Networks research shows new twist on old cyberattack method targeting mobile devices

Paloalto LogoPalo Alto Networks® (NYSE: PANW), the next-generation security company, today revealed details of a new “BackStab” attack used to steal private information from mobile device backup files stored on a victim’s computer. A white paper from the company’s Unit 42 threat intelligence team explains how cyberattackers are using malware to remotely infiltrate computers and execute BackStab attacks in an unprecedented fashion.

Used to capture text messages, photos, geographic location data, and almost any other type of information stored on a mobile device in their possession, BackStab has been employed by law enforcement and cyberattackers alike. The Unit 42 white paper shows how BackStab attacks have evolved to leverage malware for remote access and why Apple® iOS devices have been a primary target for attacks, as the default settings in iTunes® store unencrypted backup files in fixed locations and automatically sync devices when they are connected to a user’s computer.

Quote

“Cybersecurity teams must realise, just because an attack technique is well-known, that doesn’t mean it’s no longer a threat. While conducting our research into BackStab attacks, we gathered over 600 malware samples from 30 countries around the world that were used to conduct remote BackStab attacks.”

–          Ryan Olson, director of threat intelligence, Unit 42, Palo Alto Networks

Recommendations

  • iOS users should encrypt their local backups or use the iCloud backup system and choose a secure password.
  • Users should upgrade iOS devices to the latest version, which creates encrypted backups by default.
  • When connecting an iOS device to an untrusted computer or charger via a USB cable, users should not click the “Trust” button when the dialogue box is displayed.

Download the white paper at:

https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html

Subscribe to Unit 42 research updates at

http://researchcenter.paloaltonetworks.com/unit42/

Learn more about Unit 42, the Palo Alto Networks threat intelligence team, at https://www.paloaltonetworks.com/threat-research.html

###

About Palo Alto Networks

Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide.  Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets.  Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks® announces agreement to acquire Cyvera

 

April 2, 2014Palo Alto Networks® (NYSE: PANW), has announced a definitive agreement to acquire Cyvera, a privately held cybersecurity company located in Tel-Aviv, Israel.  Under the terms of the agreement, Palo Alto Networks will acquire all of the outstanding capital stock of Cyvera for an aggregate purchase price of approximately $200 million (USD). The acquisition is expected to close during the second half of fiscal 2014, subject to customary closing conditions and regulatory reviews.

Named a cool vendor in security by Gartner in 2013 (“Cool Vendors in Security: Infrastructure Protection 2013”)*, Cyvera, which has 55 employees, has developed a highly innovative offering that protects enterprises from cyber threats by using a unique approach to block unknown, zero-day attacks on the endpoint.

The addition of this unique capability to the Palo Alto Networks enterprise security platform will extend customers’ ability to safely enable applications and protect users against known and unknown cyber threats on any device, across any network.

QUOTES

*        “This event marks a key milestone in our strategic enterprise security vision.  It extends our next-generation security platform with a very innovative approach to preventing attacks on the endpoint.  It enables us to accelerate the delivery of the market’s only highly integrated and automated enterprise security platform spanning network, endpoints, and the cloud.  For customers, this translates into the most sophisticated and automated threat prevention for their entire organisation.”
–        Mark McLaughlin, President and CEO of Palo Alto Networks

*        “Much like Palo Alto Networks set out to disrupt the network security market with its next-generation security platform, we founded Cyvera to revolutionise protection for the endpoint – one of the most vulnerable frontiers for cyber-attacks.  We are pleased to join the Palo Alto Networks team and together help enterprise customers tackle the advanced threats they face today.”
–        Uri Alter and Netanel Davidi, co-founders and co-CEO’s of Cyvera   

Cyvera prevents attacks at the right time and place

Zero-day cyber-attacks represent one of the greatest threats to enterprises, governments, and service provider organisations that rely on a vast array of systems, applications, and devices to run their business.  These cyber-attacks often exploit a vulnerability known only to the attacker.  While there are literally tens of thousands of vulnerabilities an attacker can potentially target, there is a significantly smaller number of exploit techniques they may use to exploit that vulnerability.

While patching software can provide an element of protection, it does little to protect organisations against vulnerabilities that have not yet been discovered by the software manufacturer. Simply detecting the presence of malware is also insufficient since malicious activity may have already been initiated and evasion tactics employed to evade detection.  In order to stop zero-day attacks in their tracks, it’s critical to understand the exploit techniques attackers employ.  Cyvera has developed a unique method of performing this real-time prevention against all core attack techniques at the endpoint during the exploitation phase, before the malware has a chance to run.

Advanced threats demand highly integrated, automated, and scalable platform approach 

Today’s sophisticated attacks increasingly rely on a combination of tactics and threat vectors to penetrate an organisation and require a new approach to security. Most organisations still rely on legacy point technologies that address only specific types of attacks, phases of an attack, certain devices, or certain network segments.  Because of the singular nature of these technologies, they are ill-equipped to detect and prevent today’s advanced cyber-attacks.

To address these challenges, Palo Alto Networks developed a new approach: one that begins with positive security controls to reduce the attack surface; blocks all known threats; rapidly detects unknown threats through analysis and correlation of abnormal behaviour; then automatically employs advanced exploit prevention mechanisms and policies back to the front line to ensure previously unknown threats are known to all and blocked.  This approach is designed to prevent threats from penetrating an organisation and greatly reduce the need for costly human remediation.

Adding the unique Cyvera capabilities extends the Palo Alto Networks enterprise security platform to perform next-generation security functions across the network, endpoint, and the cloud.

To learn more about the Palo Alto Networks security platform:

·        Visit our website   
·        Register for the Palo Alto Networks Ignite user conference, March 31 – April 2

ENDS

Safe Harbour

This press release contains “forward-looking” statements within the meaning of Section 27A of the Securities Act and Section 21E of the Exchange Act that are based on the beliefs and assumptions of Palo Alto Networks and on currently available information. Forward-looking statements include information concerning the expectations, beliefs, plans, intentions and strategies of Palo Alto Networks relating to its pending acquisition of Cyvera.  Such forward-looking statements include statements regarding expected benefits to Palo Alto Networks, Cyvera and its respective customers; the impact of the pending acquisition on Palo Alto Networks’ competitive position; and plans regarding Cyvera and Cyvera personnel. These statements reflect the current beliefs of Palo Alto Networks and are based on current information available to Palo Alto Networks as of the date hereof, and Palo Alto Networks does not assume any obligation to update the forward-looking statements to reflect events that occur or circumstances that exist after the date on which they were made. The ability of Palo Alto Networks to achieve these business objectives involves many risks and uncertainties that could cause actual outcomes and results to differ materially and adversely from those expressed in any forward-looking statements.

There are a significant number of factors that could cause actual results to differ materially from statements made in this presentation, including the failure to achieve expected synergies and efficiencies of operations between Palo Alto Networks and Cyvera; the ability of Palo Alto Networks and Cyvera to successfully integrate their respective market opportunities, technology, products, personnel and operations; the failure to timely develop and achieve market acceptance of combined products and services; the potential impact on the business of Cyvera as a result of the acquisition; the ability to coordinate strategy and resources between Palo Alto Networks and Cyvera; the ability of Palo Alto Networks and Cyvera to retain and motivate key employees of Cyvera; Palo Alto Networks’ limited operating history and experience with integrating acquired companies; risks associated with Palo Alto Networks’ rapid growth, particularly outside the United States; rapidly evolving technological developments in the market for network security products; and general market, political, economic and business conditions.  Additional risks and uncertainties are included under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” in the company’s quarterly report on Form 10-Q filed with the SEC on February 24, 2014, which is available on the company’s website at investors.paloaltonetworks.com and on the SEC’s website at www.sec.gov. Additional information will also be set forth in other filings that the company makes with the SEC from time to time. All forward-looking statements in this presentation are based on information available to the company as of the date hereof, and Palo Alto Networks does not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made or to update the reasons why actual results could differ materially from those anticipated in the forward-looking statements, even if new information becomes available in the future.