Hey, thanks for joining us. My name is Garrett Hamilton. I'm a project manager here at Palo Alto Networks. Today we'll be talking about preventing successful attacks using wildfire. We have this next generation security platform. It's the best of breed with all of our capabilities from endpoint to SAS to firewall. But really, the reason that we cover the entire platform with security technology is because we want to focus on having complete visibility first and foremost. We want complete visibility into the applications running with app ID, into what users are doing on your network with user ID, and we also want to be able to look into encrypted traffic like SSL. Starting with this, if we think about it from the perspective of your network, let's take a look at what the firewall does with this traffic. The next Asian firewall is an example, can be a hardware device, it can be a virtual device that could even work in your own private Cloud or public Cloud infrastructure, whatever your Cloud strategy might be. But what we want to focus on here is we want to be able to take a look at this traffic trying to enter the network. That really starts with lessening the attack service. Before we even talk about preventing known or unknown threats, we really want to focus on actually lessening the blow or lessen the attack surface that someone can leverage against your network. As an example, we use file blocking profiles to recommend stopping unknown executables from entering into your network. What we can do there if we identify an unknown executable that's coming from an unknown website, we can actually not allow that traffic to come in and simply hold it or even block it if it becomes a threat. We've talked a lot about executables and oftentimes that's where customers are first drawn to preventing or lowering their attack surface. Now, there's also because of the visibility applications and we can do a lot of things with applications. As an example, applications are being utilized in your network all day, every day by your users. We have the ability to identify business applications. We also have the ability to block known bad applications from being used, and we even have the capability to take a look into the application, just prevent certain functionality. As an example, you might want to allow users to go to Facebook, not use certain apps, then Facebook payment profiles something of that nature. Now, the benefit of that is we also can go ahead and utilize what the users have access to, including applications themselves, as well as have vision into that encrypted traffic which is becoming more prevalent. In fact, we're seeing over 40 percent usage of SSL traffic within our customer environments today. Again, these are ways that we can lower the attack surface for our customers with the increased visibility of our next duration security platform. Bear in mind, this is just a few of the many best practice strategies that we can implement in our customer environment. But we haven't even started talking about preventing known threats. More focused on the known threats, we have several capabilities that allow us on our firewalls to do things like IPS, AV, URL filtering. The list goes on IDS. Now, the main focus of all these technologies is to stop known threats, eliminate the use of fishing in your environment, prevent exploits from being delivered, and really send those attacks back where they came from. There are many capabilities they provide on the next generation firewall. But at the end of the day, attackers are not trying to get into your firewall. They're trying to get into your network, into your users. There's two areas that are highly effective for the attacker to gain access to. One area is your end point. Now we have a technology called traps that gives us visibility and prevention capabilities on the endpoint. If you think about it from this perspective, it's likely our users are not always on your network and there is always the potential for a threat offline that the firewall might not have visibility into right away. In those cases, we need to provide that visibility back to our next security platform. We also need to be able provide prevention. Traps leverages exploit technique prevention using exploit prevention models. It also leverages machine learning and integration with wildfire to stop today's malware threats. You can think of malware as executables and you can think of exploits as today's trusted applications were delivered to you, targeted for a vulnerability. Now, that's the traps product. There is one more aspect that's becoming more popular and becoming more of a threat in today's customer environments. If you think about it, you've heard a lot about shadow IT, I've heard a lot about SAS applications, and in fact, you might not even know what SAS applications are being used in your environment today. How do we secure that? Well, in order to properly secure that, we need to be able to start with visibility. Any of those SAS applications and what exists? We use a product called aperture. Aperture provides us the visibility, the control of the data in those SAS environments. If you want to think of it as data loss prevention as an example, and also provides prevention capabilities and identification of known threats and unknown threats within the SAS application itself. If you think about it for a second, I have a box account and box being highly targeted today by attackers really provides us the capability to attack that user at a much broader scale. First, we must need to lock down the application. Secondly, we need to be able to identify what type of threats might be getting filtered through. We're providing a background on the individual components of the next security platform. We have the firewall, traps on the endpoint, aperture for the subspace applications, each providing visibility and prevention. However, there is a way to integrate this entire platform, and how we do that is by leveraging the wildfire threat intelligence Cloud. WildFire is a sandboxing technology that uses multiple methods of detection of unknown threats in order to provide protection to the rest of the next-generation security platform. Some of those are leveraging machine learning, static analysis, and dynamic analysis, to not only identify threats but produce verdicts and protections and as part of that, a key component of leveraging WildFire is to also get information and feedback. That's going to come in the form of reporting. We've only talked about one component of WildFire. WildFire as part of a threat intelligence Cloud, as part of that reporting mechanism, as part of this integration, is going to seamlessly integrate with the Firewalls, Traps, and Aperture, identifying those unknowns and turning them into known of good, unknowns of bad, but also we talked about the protection being delivered and when we deliver those protections, you probably want to know a little bit more about them. In order to provide more intelligence, we leverage our solution autofocus which really provides visibility into the data that WildFire sees, and allows you to take action and respond to potential threats around the world, maybe not even impacting your own customer environment or your own networks. We also have our Unit 42 team who is constantly providing intelligence and making sure that the protections we provide are addressing all variations of the attack that is being used today, and even in the future and then, I mentioned URL filtering earlier. But URL filtering, one of our subscriptions on the firewall, also leverages WildFire, and WildFire leverages URL filtering to identify new, known, and unknown threats in the customer's threat landscape. There's been a lot covered with the wildfire through our intelligence club, but an example will probably help. Example that will dive into covering the entire platform. WildFire can analyze many different file types, Mac binaries, executables, documents, APKs, we'll just use an example of an executable hitting the WildFire threat intelligence cloud. We'll say it's coming from Traps. Now, when it hits the WildFire threat intelligence cloud, it's going to go through a series of capabilities in terms of detection, machine learning as an example, static analysis, and dynamic analysis. Machine learning and static analysis allow us to be very very fast. Within seconds of analysis, we can provide a verdict. However, in order to create protections for our next secure platform, deliver them across the entire customer's environment, we need perform dynamic analysis. Dynamic analysis is really important because that's going to go ahead and give us feedback that we then integrate and deliver to our firewalls in the form of IPS sensors, threat AV sensors and WildFire prevention and by the way, I didn't touch on this, but also you URLs. The idea here is that this is an entire closed loop of prevention capability. If I have X sample identified, I'm going to produce protections to prevent variants of X sample across the entire customer environment. Very dynamic, and it's really important to note the dynamic nature of our WildFire cloud, because today's cybersecurity tax are incredibly dynamic and this cover is an example of a single customer's environment, but part of having a global WildFire threat intelligence cloud, is that we benefit from the intelligence of our thousands and thousands of customers, partners, and even threat alliances like the Cyber Threat Alliance. Now, that provides us the ability to scale around the world and provide capabilities of protection globally and to summarize, [inaudible] cybersecurity platform provides visibility into traffic across the entire platform. We've outlined best practices to enforce. We've also talked about how the [inaudible] platform can touch on stopping known threats, and leveraging WildFire to turn unknown into known quickly and dynamically, allowing us to protect the attack wherever it may be across the customer's network. Now, to really sum this all up, by leveraging the next cybersecurity platform and utilizing wildfire as the intelligence and analysis aspect of that. It allows our customers to prevent attacks at each stage of the attack life cycle. Thanks for joining. For more videos like these and to learn more about WildFire and the rest of the pilot in our next cybersecurity platform, go and head to our website. Thank you.
