Palo Alto Networks founder Nir Zuk recently addressed the Telefónica Global Security Summit with some thoughts to share on the direction of security and implications of the COVID-19 pandemic. Many people are asking if the pandemic has changed the course of security priorities by creating new trends. So far the lessons learned are that the priorities have not deviated during the pandemic, in fact they have accelerated priorities that were already in the queue for action. Most notably an increase in mobility, software deployment vs hardware, work-from-anywhere and the migration of applications and functionalities to the cloud. All of these topics increase cybersecurity needs. Let’s consider the top three challenges we are seeing and some options for addressing them.
Challenge #1: Migration to the cloud
Moving to the cloud enables organizations to function with less manual and more programmatic security procedures. The ability to apply security earlier in the process, before applications are deployed, allows for a more secure architecture. In most situations there are not a lot of legacy applications in the cloud, giving companies a cleaner start down this path.
Organizations are experimenting with different architectures for cloud infrastructure. Research into the state of cloud native security shows that 80% of security professionals feel their cloud environment is constantly shifting. Trying to figure out what or who is in your environment, let alone establishing a baseline for what is normal, can feel chaotic. In order to maintain Zero Trust for cloud, compliance and security teams need tools that can help continuously enforce policies.
With so many organizations constantly changing their cloud architectures, simply cataloging these different environments and ensuring that they adhere to any industry compliance regulations becomes increasingly time-consuming.
Solution: In order to maintain a Zero Trust approach, organizations should look for a cloud native security platform (CNSP) that can provide visibility into all types of workloads and offer policy engines that alert about any misconfigurations across multiple cloud service providers (CSPs). These integrated tools help security, compliance and development teams prevent configuration drift and quickly remediate issues across cloud environments.
Palo Alto Networks’ Prisma Cloud provides a best-of-breed solution that provides security across all compute platforms through multi-cloud visibility helping manage regulatory compliance across multiple environments. Dashboards show ingested data from multiple sources within a single pane of glass, and alerts are automatically prioritized with context. Prisma Cloud then recommends fixes to help users quickly validate workloads and applications.
Challenge 2: Re-architecting the WAN
Previously, WAN architecture flowed something like this: MPLS to the branch, Client VPNs to the remote user and IPsec to partners. The resulting configurations were costly for Service Providers to deploy and maintain and complex for Enterprises to manage. As a result, higher costs and lower margins impacted organizations providing managed solutions. Enterprises deploying their own solutions had to deal with a higher level of complexity to ensure applications across users were protected in a consistent fashion.
Solution: Cloud-based SASE architecture reduces the requirement to backhaul all data to a centralized data center before routing to the Internet. Now traffic can go directly to the Internet via a worldwide private cloud network with security embedded throughout.
Palo Alto Networks recently launched the industry’s first Next-Generation SD-WAN with numerous innovations, including ML-powered autonomous capabilities; new teleworker, retail and large campus appliances; and further advancements to our powerful secure access service edge (SASE) solution, featuring deeper integration with CloudGenix SD-WAN and Prisma Access cloud-delivered security.
As the only vendor in the industry with both its cloud-delivered security solution and SD-WAN solution recognized as Leaders by Gartner Magic Quadrant reports (Network Firewall and WAN Edge Infrastructure). As a result, we can confidently ensure that organizations who desire a SASE solution can get the best-of-breed cloud-delivered security and SD-WAN solution, seamlessly integrated with no compromises.
Challenge #3: Automation of the SOC
Today’s Security Operations Centers are faced with an ever-increasing amount of data to analyze and manage in order to keep up with changing threat landscapes. This is a huge impact on manpower and can often leave opportunities for security gaps.
We should aspire to a world where humans are the exception as opposed to the rule. Similar to airplanes, which are able to fly themselves, but have humans on board in case they need to intervene.
Solution: We can do this through use of SOAR or security orchestration, automation and response. With the use of machine learning, all data that is collected within the SOC environment can be analyzed in order to implement automation. This increases efficiency, reducing the workload for the humans and allowing them to focus on higher level tasks that require their attention.
Threat intel management has been an unsolved puzzle for a long time. Some security analysts and threat hunting teams still struggle to efficiently and confidently act on relevant indicators of compromise using disjointed threat intel feeds, tools and processes. Because of that, many analysts still spend time collecting feed data from various sources, manually entering it into centralized tools for reference, and eventually processing and pushing the relevant data to third-party enforcement tools for action. This laborious process drains precious resource time and increases mean time to response (MTTR). Faster, more scalable systems are badly needed by the already-stretched teams responsible for defending against highly sophisticated adversaries.
As security orchestration, automation and response (SOAR) platforms are designed to connect disparate systems together and automate manual processes, extending SOAR to provide native threat intel management functionality is a natural progression that solves a lot of these issues. According to Gartner’s Market Guide for Security Orchestration, Automation and Response Solutions, “A large number of security controls on the market today benefit from threat intelligence. SOAR tools allow for the centralized collection, aggregation, deduplication, enrichment of existing data with threat intelligence and, importantly, conversion of intelligence into action”.