Aperture Provides a Glimpse into the Cloud

Jeff Starling[Senior Networking Consultant]

KS Aperture ImageThe use of SaaS (Software as a Service) applications continue to gain popularity as a cost-effective way to provide office automation and data-sharing in today’s business environment.  SaaS services are often described to fall into 2 categories:

  • Sanctioned (allowed and supported by the company),
  • Unsanctioned (utilized by the end user with no control by the IT department).

Palo Alto Networks firewalls can control the access of most unsanctioned SaaS applications through the use of the built-in App-ID function.  But SaaS applications use infrastructure and networks that are not owned by the company.  So how does a security-conscious IT department protect their sanctioned SaaS applications from malware and data loss?

They use the Aperture service by Palo Alto Networks.

Aperture is a cloud-based security solution from Palo Alto Networks designed to protect SaaS applications.  It provides full reporting of daily activities of users and data, and supports a granular access control mechanism to eliminate data exposure and risks.  This service integrates with Palo Alto Network’s WildFire Threat Intelligence database to block known malware, as well as, to identify and block unknown malware.  This level of protection can be accomplished with no change to the local user.  There is no agent to install, and since it is a cloud-based solution, there is nothing to install on the network.

Aperture currently supports the following SaaS applications:KS Aperture Process

  • Box
  • Office 365-One Drive/SharePoint
  • Sales Force
  • Google Drive
  • Github
  • Dropbox
  • Yammer

Contact your Keller Schroeder Account Manager for more information on Aperture and other Palo Alto Networks products.

 


Layered Malware Protection

Schuyler Dorsey, Network Security Consultant


Back in May, Symantec declared antivirus was dead. In the same announcement, they declared their software was less than 50% effective against today’s malware. These revelations caused quite a stir and confusion in the IT community. Some outlets took this to mean antivirus was dead in the sense it was no longer needed. This is certainly not the case and after a recent surge in Game Over Zeus attacks, it is a good time to explore the problems with today’s malware strategies.


The Problem


malware-infectsMany companies rely on traditional antivirus (AV) suites as their primary or sole form of protection against these threats. Once a new virus is created, traditional AV will provide little to no protection against the new virus until a signature is created. For a signature to be created, the AV vendor has to become aware of the new threat, obtain a copy of the virus, study and reverse engineer the virus, create a signature which blocks the virus and update their software with logic on how to remove the virus if it is found.


File-based malware protection is often based on a specific pattern of bytes in the file. Once AV has an updated signature to actively block the malware based on those bytes, evil-doers can use updated AV software to determine the exact string of bytes the AV is using as its signature. They can often alter as little as one byte in their virus and the AV will no longer detect it, as the pattern of bytes is different.


The Solution


What Symantec was truly hinting at was that the use of antivirus as a primary/sole form of malware prevention is dead. We can no longer rely solely on antivirus and must take a layered approach. Two of the most common strategies are next-generation firewalls (NGFW) and advanced malware protection (AMP) solutions.


shieldNGFWs give a company more visibility into their network. They no longer only control traffic based on IP/port but can control based on specific applications as well. The same devices often come with intrusion prevention and antivirus scanning subscriptions to add an additional layer of security to the perimeter.


Advanced malware protection (AMP) products were a direct reaction to the signature problem of AV solutions and targeted attacks. AMP solutions will monitor all files traversing the perimeter and run them in a sandboxed Windows virtual machine. If the behavior of the file is malicious, it will add the hash of the file to its block list and update all devices with the AMP subscription worldwide.


Once NGFWs and AMP devices are added to a company’s network in conjunction with active AV solutions, they have taken a more layered approach to malware defense and have a much better chance of preventing malware infection and more effectively removing an infection from the network.


The Next Step


Keller Schroeder partners with Cisco and Palo Alto Networks which can bring these enhanced layers of protection to networks. Cisco recently acquired Sourcefire to enhance their NGFW line and Palo Alto Networks recently acquired Cyvera to add endpoint security to their portfolio.


Contact your Account Manager at Keller Schroeder for more information about these products and how they might benefit your organization.