Best Practices for your IT Security
Best Practices for your Security Swiss Army Knife!
If you’ve recently attended a Palo Alto Networks event, you may be familiar with their sessions on best practices for various Palo Alto Networks technologies and security initiatives, which are by far, their most popular and well-attended sessions.
According to Palo Alto Networks, customers have been very interested in how technologies on their platform can be combined to improve their security posture and make lives easier. As a customer once put it, “Their platform is like a Swiss Army knife. There are all these cool tools and features, and you just have to figure out how to combine them to solve the problem at hand.”
- Combine SSL decryption and URL Filtering to easily identify URL categories for decryption and inspection.
- Combine URL Filtering and file blocking to disallow .exe downloads from high-risk URL categories, such as dynamic-DNS or unknown URLs.
- Combine App-ID, User-ID, and Content-ID technologies to identify known versus unknown users, restrict their access to applications housing sensitive data, and enforce strict decryption and threat inspection policies. This combination will make sure that unknown users are not doing anything malicious to your network.
- Combine User-ID and file blocking to help prevent the delivery of malware via watering hole or a spear phishing attack to groups of users who don’t have a business reason for downloading Portable Executable (PE) files types, such as .exe, .dll, and .scr.
Over the years, tons of tips and tricks have been accumulated throughout tens of thousands of customer engagements that they actively recommend to the customer base. Many new ways are still being discovered for how customers combine and use features to solve their problems.
Here are just a few of these recommendations:
- Enable file blocking profiles within your application-based policies and allow only certain file types to be downloaded or uploaded to prevent malware downloads and data exfiltration.
- Utilize the dynamic block list feature on the NGFW to prevent traffic to and from known malicious IPs. Or, better yet, copy the IP addresses that have triggered a number of IPS signatures in a certain amount of time, and paste them into a dynamic block list to help prevent attacks from actively targeting your organization.
- Enable DNS sinkhole functionality on the NGFW to provide your security and IR teams with a list of users and endpoints actively attempting to connect to command-and-control domains, as they’ve very likely been compromised. The sinkhole will block the communication and provide a high fidelity list of users for whom you should probably re-image devices.
- Alert on or disallow SSL traffic over unexpected ports, especially if it’s traffic you aren’t able to decrypt and fully inspect for threats.
- Activate strict threat profiles for Threat Prevention signature sets (IPS, AV, anti-CnC) and leverage WildFire to configure signature updates every 15 minutes within your data center to help prevent lateral movement on east-west traffic and data exfiltration.
Palo Alto Networks use tips like these to help customers better secure their organisations and more fully leverage technology and features within the Palo Alto Networks Next-Generation Security Platform. It’s all about enabling business and preventing breaches.
Work smarter, not harder…
Your organisation may have, or be in the process of investing in the technology but Fast Lane can give you the knowledge and skills to work smarter.
As an authorised Palo Alto Networks training provider, Fast Lane offer the full selection of accredited Palo Alto Networks training courses, which are available from our public schedule delivered from our own training centres, at your site or online.
Choose from the courses below to see you can learn more about using these tools smartly and effectively:
For more information on course details, schedules, special offers and Palo Alto Networks certification paths.
About Fast Lane
Fast Lane is a well-established Learning Partner within the technical space, we are also forerunners in sales enablement and business relevancy training across all IT architectures. Alongside our training division we can offer support on a consultative basis, from conducting preliminary analyses and assessments, to designing future-focused IT solutions. Whatever IT challenges you face, be it Partner accreditation, certification, consultancy projects, tailored training deliveries, or standalone authorised courses we can help!
Fast Lane is represented worldwide in more than 60 countries with subsidiaries in all regions. The firm’s head offices are in London, Berlin, Cary (NC), San Jose de Costa Rica, St. Petersburg, and Singapore.
Fast Lane Consulting & Education Services Limited