WebProNews

Tag: Scott Stevens

  • How Palo Alto Networks Blocks 30,000 New Pieces of Malware Daily Via AI, Machine Learning, and Big Data

    How Palo Alto Networks Blocks 30,000 New Pieces of Malware Daily Via AI, Machine Learning, and Big Data

    “The platform we have uses big data analytics and machine learning in the cloud to process and find all of the unknown malware, make it known and be able to block it,” says Scott Stevens, SVP, Global  Systems Engineering at Palo Alto Networks. “We find 20-30 thousand brand new pieces of malware every day. We’re analyzing millions and millions of files every day to figure out which ones are malicious. Once we know, within five minutes we’re updating the security posture for all of our connected security devices globally.”

    Scott Stevens, SVP, Global  Systems Engineering at Palo Alto Networks, discusses how the company uses AI, machine learning, and big data to find and block malware for its customers in an interview with Jeff Frick of theCUBE which is covering RSA Conference 2019 in San Francisco:

    We Find 20-30 Thousand New Pieces of Malware Every Day

    There are two ways to think about artificial intelligence, machine learning, and big data analytics. The first is if we’re looking at how are we dealing with malware and finding unknown malware and blocking it, we’ve been doing that for years. The platform we have uses big data analytics and machine learning in the cloud to process and find all of the unknown malware, make it known and be able to block it.

    We find 20-30 thousand brand new pieces of malware every day. We’re analyzing millions and millions of files every day to figure out which ones are malicious. Once we know, within five minutes we’re updating the security posture for all of our connected security devices globally.

    Whether it’s endpoint software or it’s our inline next gen firewalls we’re updating all of our signatures so that the unknown is now known and the known can be blocked. That’s whether we’re watching to block the malware coming in or the command-and-control that’s using via DNS and URL to communicate and start whatever it’s going to do. You mentioned crypto lockers and there are all kinds of things that can happen. That’s one vector of using AI NML to prevent the ability for these attacks to succeed.

    Machine Learning Uses Data Lake to Discover Malware

    The other side of it is how do we then take some of the knowledge and the lessons we’ve learned for what we’ve been doing now for many years in discovering malware and apply that same AI NML locally to that customer so that they can detect very creative attacks very and evasive attacks or that insider threat that employee who’s behaving inappropriately but quietly.

    We’ve announced over the last week what we call the cortex XDR set of offerings. That involves allowing the customer to build an aggregated data lake which uses the Zero Trust framework which tells us how to segment and also puts sensors in all the places of the network. This includes both network sensors an endpoint as we look at security the endpoint as well as the network links. Using those together we’re able to stitch those logs together in a data lake that machine learning can now be applied to on a customer by customer basis.

    Maybe somebody was able to evade because they’re very creative or that insider threat again who isn’t breaking security rules but they’re being evasive. We can now find them through machine learning. The cool thing about Zero Trust is the prevention architecture that we needed for Zero Trust becomes the sensor architecture for this machine learning engine. You get dual purpose use out of the architecture of Zero Trust to solve both the in-line prevention and the response architecture that you need.

    How Palo Alto Networks Blocks 30,000 New Pieces of Malware Daily

    >> Read a companion piece to this article here:

    Zero Trust Focuses On the Data That’s Key to Your Business

  • Zero Trust Focuses On the Data That’s Key to Your Business

    Zero Trust Focuses On the Data That’s Key to Your Business

    “The fundamental way you look at Zero Trust is it’s an architectural approach to how do you secure your network focused on what’s most important,” says Scott Stevens, SVP, Global  Systems Engineering at Palo Alto Networks. “You focus on the data that’s key to your business. You build your security framework from the data out.”

    Scott Stevens, SVP, Global  Systems Engineering at Palo Alto Networks, discusses Zero Trust in an interview with Jeff Frick of theCUBE which is covering RSA Conference 2019 in San Francisco:

    Zero Trust Focuses On the Data That’s Key to Your Business

    We’ve been working with Forrester for about six years now looking at Zero Trust architecture. The fundamental way you look at Zero Trust is it’s a an architectural approach to how do you secure your network focused on what’s most important. You focus on the data that’s key to your business. You build your security framework from the data out. There are all kinds of buzzword bingo we can play about what Zero Trust means, but what it allows us to do is to create the right segmentation strategy starting in the data center of the cloud and moving back towards those accessing the data and how you segment and control that traffic.

    Fundamentally what we’re dealing with in security are two big problems that we have. First are credential based attacks. Do we have somebody with stolen credentials in the network stealing our data? Or do we have an insider who has credentials but they’re malicious where they’re actually stealing content from the company? The second big problem is software based attacks, malware exploits scripts. How do we segment the network where we can enforce user behavior and we can watch for malicious software so we can prevent both of those occurrences through one architectural framework? I think Zero Trust gives us that template building block on how we build out those networks because everybody’s enterprise network is a little bit different.

    You Need To Start With What’s Most Important.

    We have to build those things together. On the Palo Alto Networks side what we do is Layer 7 enforcement based on identity. Based on who the user is and what their rights are we are able to control what they are allowed access to or what they’re not allowed access to. Of course, if you’ve got a malicious insider or somebody that’s logged in with stolen credentials we can prevent them from doing what they’re not allowed to do. Working here with Forescout, we’ve done a lot of really good integration with them on that identity mapping construct. They help us understand all the identities and all the devices in the network so we can then map that to that user posture and control at Layer 7 what they’re allowed to do or not allowed to do.

    You need to start with what’s most important. Clouds and data centers as a starting point are generally the same. How we segment is actually the same. Sometimes we think that clouds are are more difficult to secure than data centers, but they are the same basically. We’ve got north-south traffic, we have east-west traffic. How do we inspect and how do we segment that? How do we focus on what’s the most important critical data to their business? If we stratify their data sets and their applications that access that data and then move down we may have 50 percent of the applications in their cloud or data center that we don’t micro segment at all because they’re not critical to the business. They’re useful to the employees, but if something goes wrong they’re, no big deal and no impact to the business.

    Micro segmentation isn’t just a conversation of where we have to do things but it’s a conversation contextually in terms of what’s relevant and where is it important to do that and then where do you do a much less robust job? You always have to have inspection and visibility, but there are parts of your network where you’re going to be somewhat passive about it and there are parts of your network that you are going to be very aggressive. These include multi-factor authentication, tight user identity mapping, how do we watch for malware, how do we watch for exploits, all of the different aspects.

    Zero Trust Focuses On the Data That’s Key to Your Business

    >> Read a companion piece to this article here:

    How Palo Alto Networks Blocks 30,000 New Pieces of Malware Daily Via AI, Machine Learning, and Big Data