The world around us is changing faster than ever. The COVID-19 pandemic has almost instantly changed the way we live and work. Businesses, including ours, have had to adapt quickly to enable a massive remote workforce. Unfortunately, cybercriminals have also been quick to adapt to cash in on the pandemic, causing an increased risk of cyberattacks. In a recent report, our Unit 42 research team found that during March and April of this year, on average 1,767 high-risk or malicious COVID-19-themed domain names were created every day.
Here at Palo Alto Networks, we have spent the last several months securing the transition of our global workforce from offices to working remotely, as well as protecting the unmanned devices left back at the office. We believe that the traditional, reactive industry approach to cybersecurity is just not good enough. To secure our digital way of life, both during a pandemic and beyond, we need to be smart and proactively anticipate change. Some of the changes impacting the security of our organizations today include morphing cyberattacks, the proliferation of IoT devices, and the expanding attack surface.
Attackers are getting smarter and using automation to morph attacks and churn out variants of known threats, unidentified to traditional security products. The standard industry response has been to identify and analyze new threats, and then develop signatures for distribution to network security devices. That means there is always a patient zero, the first victim before protection is available. With this approach, significant damage can be done by the time protections are in place.
Proliferation of IoT Devices
Two years ago when I moved to the Bay Area, we had fewer than ten devices – primarily tablets, computers, and phones on our home Wi-Fi. Today, with the addition of our electric cars, door bells, fans, thermostat, irrigation system, and a deluge of other smart devices the volume of Wi-Fi connections in my home has more than tripled. This is exactly what is happening on corporate campuses as well. Seemingly infinite devices in offices, such as electric charging stations, thermostats, and communication and access devices, many of which your security teams have no visibility into, can be un-patched and vulnerable to simple attacks.
Expanding Attack Surface
The adoption of virtualization, containerization, and cloud have greatly expanded the surface for attacks. The interconnectivity of applications has led to an explosion of traffic within and between data centers and clouds, as well as third-party applications and services. Added to this challenge is now the unexpected, large number of employees that need to work remotely. Our employees don’t discern where their applications are hosted. What they need is fast access to these apps, and they expect them to be protected.
Three Ways to Stay Ahead of Attackers
Not only are cyberattacks changing but the way we work will also continue to evolve. We need to be proactively protecting our organizations by staying ahead of attacks, using intelligent network security. Here are three fundamental must-haves:
1. Instant protection from threats, using Machine Learning (ML) and near-real-time protection via signatures
I mentioned earlier that identifying new threats requires a first victim, also referred to as patient zero. Stopping these attacks without a patient zero requires a fundamentally different approach to threat prevention. It requires an intelligent firewall with built in – not sprinkled on – ML capabilities. In addition, attacks that need to be analyzed in the cloud, must have near-real-time protections via signatures that flow to all your firewalls with zero-delay signature updates.
2. Complete, natively integrated IoT security
Protecting unmanaged IoT devices requires an ML-based, signature-less approach. I recently met with one of our customers, a large organization in the home improvement line, that was looking for an IoT security solution. They tested our ML-based product with that of a close competitor. Our IoT Security service identified three times more devices than the competitor, and the customer did not require any additional devices. This functionality must be built right into the firewall as a cloud-delivered security service that can be enabled at any time.
3. Automatic policy recommendations
Through 2023, 99% of firewall breaches will be caused by firewall misconfigurations, according to a Gartner report*. Reducing human error requires machine learning that can analyze vast amounts of telemetry data, and recommend policies based on the data. You should be able to view and approve these policies before adopting them. An NGFW with built-in machine learning can save time and reduce the chance of human error.
The Principle of Strong Cybersecurity
Traditionally, the cybersecurity industry has forced customers to buy point solutions. The result has been a mishmash of products that often don’t communicate effectively and have different user interfaces. In addition, the morphing of attacks, growing number of devices connecting to your network, and the ever-expanding attack surface has made traditional approaches to securing your network insufficient. By embedding ML in the core of the firewall, we’re changing the game. Our vision at Palo Alto Networks is to contribute to creating a world where each day is safer and more secure than the one before.
Learn more about the ML-Powered NGFW and its various consumption choices – physical, virtual, containerized, and cloud-delivered – here.
* Kaur, Rajpreet, Hils, Adam, and Watts, John, “Technology Insight for Network Security Policy Management,” Gartner, Inc., 21 February 2019.