10 Things To Test In Your Future NGFW: Automation

Share and earn Cybytes
Facebook Twitter LinkedIn Email

This post is part of a blog series where we examine the 10 things to test in your future next-generation firewall. These 10 points will help ensure your next firewall matches the needs of your organization in its current and future states.  


Lean on Automation to Prevent Difficult to Identify and Fast-Changing Threats

With attackers employing more and more automation, security teams are seeing more security events across throughout their organizations every minute. Someone must sift through many security events to identify which are high-risk, determining the point of entry that is likely compromised. Once identified, this information must be turned into an actionable response to mitigate an attack before it succeeds – and before sensitive data leaves the organization.


Why Should You Advocate and Test This Capability?

Done manually, the process of analyzing and correlating vast numbers of security events is difficult to scale. Security teams can easily drown in alerts and miss the critical, actionable ones. Even actionable information depends on human intervention, which slows mitigation and increases the likelihood of error. To move quickly enough to mitigate an attack before it succeeds, security tools and services should be able to identify the attack, then generate and distribute protections automatically, as well as integrate with other tools to set off the next action in your workflow.


Move Beyond the Status Quo

As attacks have become automated, the security tools used to discover them must be agile enough to identify known and never-before-seen threats, as well as prevent them more quickly than they can progress through the attack lifecycle. To do so, every step in the process, from discovery to full prevention, should be automated.

Known threats must be pre-emptively blocked without degrading firewall performance or impacting business productivity. Security tools must also analyze and identify malicious behavior – ideally within a cloud environment in order to take advantage of elastic compute and scalability – to prevent never-before-seen threats.

A secure cloud environment also ensures that new analytics and prevention controls can be rolled out without causing service interruption or requiring new hardware or manual updates across an organization. It centralizes decision support in a way that all firewalls, clouds and endpoints can get the latest data from a single, trusted source.

Once a new threat has been identified, protections should be automatically generated and implemented across all technologies to provide consistent coverage across the organization. They should also be distributed to all customers in the shared threat intelligence community to stop the spread of the attack.

With knowledge of the malicious behavior of the newly discovered threat, security tools must also use automation to identify potentially infected endpoints within your environment before any sensitive data can be exfiltrated. Using automated data correlation, the tools should identify and surface hosts on your network exhibiting any of the same malicious behavior as the threat.

True automation goes beyond providing information and allows you to configure automated actions. Some organizations may want to automate the immediate quarantine of potentially infected hosts. This can be done by moving a host to a policy that denies it access to all parts of the network while retaining connectivity for remediation efforts. Others may take a more nuanced approach by automatically applying multi-factor authentication to a potentially infected host so that, if attackers gain access to it, they cannot access corporate data or applications.

Automation enables organizations to act against threats without waiting for human intervention, improving response time and, if implemented appropriately and in conjunction with the right tools, preventing successful attacks. A security vendor that offers automation allows security teams to move away from basic operational tasks and focus on strategic efforts that directly benefit the organization. Reducing human intervention reduces avoidable errors, ultimately enabling a more secure security posture.


Recommended RFP Questions

  • Does your security vendor support the capability to automatically generate prevention signatures across the attack lifecycle for all data relevant to attacks?
  • Can your firewall correlate and identify infected hosts in the network, and quarantine them to limit their access in the network?
  • Can your firewall trigger multi-factor authentication to prevent credential abuse and secure critical applications?
  • Can your firewall correlate the threats seen in the network with information obtained from global threat intelligence?

Learn more about the 10 things to test for in your future NGFW.       

The post 10 Things To Test In Your Future NGFW: Automation appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?