What We Learned at Palo Alto Networks’ Ignite 22 Conference

Effective IT security isn’t only about defending all the attack surfaces an enterprise creates. You can’t mount a defense without first collecting those entities, knowing where they are, and monitoring them 24/7. This is an especially difficult chore for enterprises with thousands or hundreds of thousands of network connections.

This is exactly what the new version of Palo Alto Networks’ Cortex Xpanse purports to fill: taking a continuous roll call of potential network vulnerabilities and providing automated attack-surface management. Cortex added capabilities when PA Networks acquired Expanse in 2020. It developed a respected detection and response platform that monitors and manages cloud, network, and endpoint events and data. The software combines incident prevention, detection, analysis, and response.

Ignite 22

As for news from PA Networks’ Ignite 22 conference in Las Vegas, the Santa Clara, Calif.-based company today introduced an AI-powered and automated feature for Cortex called Active Attack Surface Management (ASM). The company said that this new capability for Xpanse gives defenders an array of tools that not only see exposures instantly but also shut them down automatically — before an attack can happen, and with no human labor required.

“In over 60% of ransomware attacks that we respond to, the origin is not someone clicking on a link. It’s actually an unintentionally insecure system that exposes them (the company) — such as a remote desktop protocol to the internet that gets automatically exploited,” CTO of Cortex at Palo Alto Networks Matt Kraning told TNS.

“IT itself is actually the new attack surface,” he said. “You still need to train your employees to have good passwords, to not click on links, etc. You still need to do that. But now attackers are automating everything and looking for — and finding — holes. This is especially true with things like the move to the cloud, where anyone with a credit card in your organization can now be an IT systems administrator if they want to be. Take your credit card, go to Amazon. They’ll give you IT!”

Cyberattackers now exploit weaknesses in target organizations extremely quickly — sometimes within minutes of a new vulnerability being disclosed, Kraning said. “Most security teams try to find these weaknesses as best they can, but because they are doing this with manual tools, they quickly fall behind,” he said.

Counterattacking

To automatically counteract hackers, Kraning said, Xpanse ASM features the following new tools:

• Active Discovery: This refreshes the platform’s internet-scale database several times a day and uses supervised machine learning to accurately map these vulnerabilities back to an organization. This helps them get an outside-in view of their network — the same view attackers have.
• Active Learning: Xpanse continuously processes discovery data, mapping new systems to the people responsible for each system. Active Learning continuously analyzes and maps the streamed discovery data to understand and prioritize top risks in real time. As a result, customers can stay ahead of attackers by closing down the riskiest exposures quickly, Kraning said
• Active Response: Automated remediation is key to staying ahead of attackers, saving response time in the SOC (security operations center) by eliminating the manual step of merely creating a ticket for analysts who then must spend multiple hours of manual effort actually tracking down the owner of the affected system and resolving the vulnerability.

Cortex Xpanse is available today, Kraning said. The platform is used by organizations such as the Department of Defense with Internet Operations Management capabilities.

Google, PA Networks Join to Develop New Zero Trust Package

Google Cloud and Palo Alto Networks revealed on Dec. 13 they are partnering to provide a new cloud-delivered Zero Trust Network Access (ZTNA) 2.0 solution.

Using the Google Cloud network, PAN said, the ZTNA package will enable users to work securely from anywhere regardless of device type. With PAN’s Prisma Access, users get ZTNA 2.0 security for all devices, branch offices, and applications. Google’s BeyondCorp Enterprise Essentials enables secure access to applications and resources for unmanaged devices. Combined threat intelligence and machine learning (ML) features automatically detect and remediate threats to users, applications or enterprise data.

This week marks the 10th anniversary of Palo Alto Networks’ Ignite Conference, being held today through Thursday. More than 2,500 cybersecurity professionals are expected to attend in person at the MGM Grand in Las Vegas, along with thousands more virtually. The event features 100+ breakout sessions, and numerous product training and certifications will be offered.