1
5/18/2015
Application Economy
Consumerization of IT
Decreasing
Visibility
and Control
Rate of Change/Complexity
2
5/18/2015
RECONNAISSANCE
Identify a specific target within an organization:
Third-party sites to
Enterprise Security
Channel Profile Protecting Critical Assets
Sandboxing is enough
Leading a new era in cybersecurity by
protecting thousands of enterprise,
3
5/18/2015
RECONNAISSANCE
Identify the tools used to protect an organization
EXPLOITATION
4
5/18/2015
EXPLOITATION Exploit
COMMON TOOLS
Remote Shell
Direct access to the OS
as logged in user
Keylogger
Audio Capture
Screen Capture
Webcam Capture
5
5/18/2015
COMMON TOOLS
COMMON TOOLS
6
5/18/2015
Active
Easilymarketplace
purchase
fortools.
attacks:
Conversations
Remote access
ontools.
each aspect
ofMalware.
the kill-chain.
Discuss
Exploits.tactics
A tool for creating Botnets on AndroidEtc.[]
with $4,000
other
attackers.
7
5/18/2015
AUTOFOCUS
8
5/18/2015
Gap between
having data &
Produces using it
overwhelming
amounts of data
Growing security
investment
Small Security
Operations
9
5/18/2015
DEFINING CONTEXT
Context
10
5/18/2015
1% SHELL CREW
Ransomware FakeAV
Generic.dropper
Downloader.generic Virus.Win32
Malware.binary Malware.generic
99% Trojan.downloader
Malware.generic
Virus.Win32
Spybot
Generic.backdoor
FakeAV Generic.dropper
Commodity attacks
AUTOFOCUS
Threat intelligence service
identifies the important
attacks through additional
information and context.
11
5/18/2015
AUTOFOCUS ARCHITECTURE
WildFire
12
5/18/2015
KEY USE-CASES
Unique or targeted Context around Context around incidents
indicators of compromise on your network
events
223.144.191.23
premier.espfootball.com
Espionage group XYZ
Click fraud
bank-card90.no-ip.com
Related indicators
mutex:mediaCenter Banking trojan
domain:wincc-ctrl.com
Energy sector
Espionage
DEMO
13
5/18/2015
COMMUNITY ACCESS
The Community Access program
provides free limited-time free
access to current Palo Alto
Networks customers:
Full access to the new AutoFocus
service.
Gain prioritized, actionable
intelligence into the attacks you
must respond to.
Full context on attacks, including
adversaries and campaigns.
Contribute to the future of the
service and the threat intelligence
of all AutoFocus users.
To request an invitation visit:
www.paloaltonetworks.com/autofou
s
Cloud
14
5/18/2015
NEXT-GENERATION SECURITY
PLATFORM
THREAT
INTELLIGENCE
CLOUD
AUTOMATED
NATIVELY
EXTENSIBLE
INTEGRATED
15
5/18/2015
16