FUEL EDUCATION SERIES

PALO ALTO NETWORKS 101

GOALS

 To support Fuel members in understanding how to get the most out of

your Palo Alto Networks investment, and how to grow your skill set around cybersecurity.
This includes members who:
o Have limited experience with Palo Alto Networks products
o Are currently migrating or have very recently migrated to Palo Alto Networks
o Are considering migrating to Palo Alto Networks
 Provide recommendations for where to start your Palo Alto Networks experience (and how to move
beyond just firewalls).
 Help users continue to benchmark and measure the effectiveness of their efforts and systems.

LEARNING OBJECTIVES

Fuel members who participate in the program will:

 Understand what the major considerations are for building a strong cybersecurity management plan.
 Gain familiarity with the products, services and subscriptions offered by Palo Alto Networks.
 Be able to develop a comprehensive migration strategy for new Palo Alto Networks deployments
 Effectively evaluate their current deployment to ensure it meets their most pressing issues
 Gain insight into the skills needed to be effective in their roles
 Proactively look for ways to measure and improve their deployments, and to make recommendations on
additional expansion options

PROGRAM COMPONENTS

0. BEFORE THE MIGRATION – A NETWORK MANAGEMENT AND CYBERSECURITY PRIMER

1. PALO ALTO NETWORKS ACADEMY
2. WHERE TO START WITH PALO ALTO NETWORKS
3. MIGRATION PROCESS – FIREWALLS
4. AFTER THE FIREWALL - SUBSCRIPTIONS AND SERVICES
5. EVALUATING YOUR CURRENT PALO ALTO NETWORKS DEPLOYMENT
6. BENCHMARKING AND EVALUATION
7. HOW TO STAY UP TO DATE WITH FUEL
BEFORE THE MIGRATION –
A NETWORK SECURITY MANAGEMENT
AND CYBERSECURITY PRIMER
NETWORK SECURITY MANAGEMENT – A BRIEF OVERVIEW

Network security encompasses policies and practices adopted to prevent and monitor unauthorized access,
misuse, modification, or denial of network-accessible resources. Network security covers a variety of computer
networks (public and private) used in everyday jobs; conducting transactions and communications among
businesses, organizations and individuals. Networks can be private, such as within a company, and others which
might be open to public access.

For more information:

https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resourc
es/whitepapers/network-security-management

WHAT IS A FIREWALL?

Historically, a firewall is a network security device which allows and denies traffic between the internal network,
DMZ and the internet via ports. Without any additional protection such as AV, IPS, antispyware etc., the firewall
acts as the demarcation point or “traffic cop” in the network, as all communication should flow through it and it is
where traffic is granted or rejected access. Firewalls enforce access controls through a positive control model,
which states that only traffic defined in the firewall policy is allowed onto the network; all other traffic is denied
1
(known as “default deny”).

WHY ARE WE USING PAL O ALTO NETWORKS?

Beyond the traditional firewall features, Palo Alto Networks offers ‘best-of-breed’ functionality and support for
your organization through their Next-generation firewalls (NGFWs).

Application and malware developers have largely outwitted the long-standing port-based classification of traffic by
building port evasion techniques into their programs. Today, malware piggybacks these applications to enter
networks and became increasingly networked themselves (connected to each other on the computers they
individually infected). Quite often, these infections can lead to the exfiltration of sensitive data and/or,
increasingly, the encryption of internal server (ransomware) resulting in a potentially damaging downtime and/or
ransom

NGFWs act as a platform for network security policy enforcement and network traffic inspection, including the
examination and blocking of viruses, spyware, etc. at before it enters the internal network. Per technology
2
research firm Gartner Inc. , They are defined by the following attributes:

 Standard capabilities of the first-generation firewall: This includes packet filtering, stateful protocol
inspection, network-address translation (NAT), VPN connectivity, et cetera.

1
https://www.paloaltonetworks.com/documentation/glossary/what-is-a-firewall
2
http://blogs.gartner.com/it-glossary/next-generation-firewalls-ngfws/

pg. 2
  Truly integrated intrusion prevention: including support for both vulnerability-facing and threat-facing
signatures (AV, spyware, URL filtering, etc.), and suggesting rules (or taking action) based on IPS activity.
The sum of these two functions collaborating via the NGFW is greater than the individual parts.
 Full stack visibility and application identification: ability to enforce policy at the application layer
independently from port and protocol.
 Extra firewall intelligence: ability to take information from external sources and make improved
decisions. Examples include creating blacklists or whitelists and being able to map traffic to users and
groups using active directory.
 Adaptability to the modern threat landscape: support upgrade paths for integration of new information
feeds and new techniques to address future threats.
 In-line support with minimum performance degradation or disruption to network operations. SSL is
increasingly becoming the standard for good, and bad, traffic on the internet. SSL decryption is already
baked into out NGFW, enabling full visibility into the encrypted traffic

THE CYBERSECURITY DIFFERENCE

Whereas network management has historically been more focused on keeping threats out and information inside,
cybersecurity takes this a step further to identify and address threats outside of the network. This includes staying
informed on the trends and campaigns of current and emerging threats, addressing threats as they occur and using
them to develop future protections, and monitoring traffic that crosses the network perimeter. Additionally, with
the major expansion of cloud applications/services and use of third party devices to access systems, cybersecurity
strategy must now also include multiple layers of protection.

According to Gartner’s recent publication: “Prevention Is Futile in 2020: Protect Information via Pervasive
Monitoring and Collective Intelligence”, prevention-centric strategies have become obsolete. Cybersecurity
professionals should be switching to an information and people-centric strategic process, as well as ensuring they
3
have a rapid response plan for when, and not if, attacks happen.

Cybersecurity includes:

 Network protection - detecting and protecting against outside attempts to get into the network
 Up-to-date information - staying informed on how attackers and hackers are improving their efforts
 Intelligence - identifying the sources of outside attacks and protecting against them
 Applications - monitoring the use of applications to avoid unintended breaches from within

TYPES OF THREATS

Exploit Kits have become a cheap commodity and are even being served as software as a service. The days of
“hackers” is over as anyone can purchase DDOS attacks and exploits for very little money.

 Application Layer
 Brute Force
 DDoS
 Known Vulnerability
 Zero Day Exploitation
 Phishing
 Malware
 Rogue Attack
 Watering Hole

3
https://www.gartner.com/doc/2500416?ref=SiteSearch&refval=&pcp=mpe

pg. 3
For more information:

 https://www.paloaltonetworks.com/resources/techbriefs/cybersecurity-survival-guide
 https://www.cpni.gov.uk/advice/cyber/Cyber-Attack-Types/

THE VALUE OF A NETWO RKING BACKGROUND

According to the Bureau of Labor Statistics Occupational Outlook Handbook, many individuals taking on
4
cybersecurity positions come from a networking background. This is tied to their deep knowledge and real-world
experience with the systems they would be protecting. Additionally, while security professional knowledge is
expected to cover multiple technologies, the network is the linchpin of this plan.

CYBERSECURITY STRATEGIC INSIGHT

For some basic primers on key considerations for cybersecurity strategy, there are several reputable organizations
that have materials available for review:

 The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)

o 10 Basic Cybersecurity Measures Best Practices to Reduce Exploitable Weaknesses and Attacks:
https://ics-cert.us-cert.gov/sites/default/files/documents/10_Basic_Cybersecurity_Measures-
WaterISAC_June2015_S508C.pdf
 National Institute of Standards and Technology
o NIST SP 800-150: Guide to Cyber Threat Information Sharing
http://csrc.nist.gov/groups/SMA/forum/documents/aug-2016/tues300_sp800-150_cjohnson.pdf
o Best Security Practices: An Overview http://csrc.nist.gov/nissc/2000/proceedings/papers/022.pdf
 Centre for the Protection of National Infrastructure: https://www.cpni.gov.uk
 Department of Homeland Security: https://www.dhs.gov/topic/cybersecurity

ADDITIONAL RESOURCES

Blogs and Books

 Palo Alto Networks Unit 42 – “Unit 42 is the Palo Alto Networks threat intelligence team. Made up of
accomplished cybersecurity researchers and industry experts, Unit 42 gathers, researches, analyzes, and
provides insights into the latest cyber threats, then shares them with Palo Alto Networks customers,
partners and the broader community to better protect enterprise, service provider, and government
computing environments.”
 http://www.darkreading.com/ - Dark Reading is the home of Black Hat Conferences, and is one of the
major new sources for cybersecurity professionals. You’ll find a little of everything here, at varying levels
of expertise, but most content is built for current cybersecurity professionals.
 http://krebsonsecurity.com/ - While there is specific information on attacks, Brian Kreb’s focus is more on
the impact of these attacks on business practices, economic factors, and government policy. A great
resource for when you need to talk to the “business” side of your organization.
 https://www.schneier.com/ - Bruce Schneier is one of the foremost experts on security technology. Use
this blog to stay up to date on research, reports on major attacks, and overviews of thread detection,
mitigation and prevention strategies.
 http://www.darknet.org.uk/ - The granddaddy of ethically-minded hacking information.

4
http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm#tab-4

pg. 4
  Palo Alto Networks Cybersecurity Canon: https://www.paloaltonetworks.com/threat-
research/cybercanon.html

Videos

 Palo Alto Lightboard Series – Basic cybersecurity concepts and product features, usually in under 15
minutes: https://www.youtube.com/playlist?list=PL3MviDhcGW4uoskNAHE55jEWjh88rORDY
 SecureNinja – Stay up to date on industry events including Def Con, RSA, CES and more.
 TEDTalks: Everyday Cybercrime – A great way to help non-technical employees understand how they
impact security. Share this with your office:
http://www.ted.com/talks/james_lyne_everyday_cybercrime_and_what_you_can_do_about_it

pg. 5