Palo Alto Networks: defending against machines, with machines

Get a free Techzine subscription!

Classic hackers with hoodies that attack companies or organizations are a thing of the past. Today, cyberattacks are increasingly automated by machines. According to the American security company Palo Alto Networks, companies and organizations should leave the fight against these malicious machines to other machines. Thinking about how exactly to secure is also in need of change, as Techzine was told at the end of last year at the European partner and customer event Ignite ’18.

Anyone as a company or organization who thinks that hackers still consist of eccentric figures with hoodies in attic rooms, whether organized or not, is wrong. According to Palo Alto Networks, this stereotype really belongs to the past. Attackers are using more and more automation, machines, to launch attacks, and this is now happening on a scale that was not previously visible.

With these machines, hackers or other malicious people are now attacking not only corporate networks on a large scale but also the software that makes these networks what they are. These include targeted attacks on operating systems, but also other specific protocols that are necessary for the functioning of the networks and therefore cannot be blocked preventively. More specifically, these include command-and-control attacks to the physical injection of malware. According to Palo Alto Networks’ specialists, everything is completely automatic. In short, it is now machines that attack machines.

Humans lose to machines

The U.S. supplier of cybersecurity solutions considers it important that the fight against these malignant machines is given the highest priority. The question, however, is how this should be done. According to Palo Alto Networks, many companies try to combat these kinds of machine attacks by using old or more traditional combat methods. For example, by counteracting the attacking machines with an average of fifteen to twenty years of Security Information and Event Management (SIEM) technology in combination with human security analysts.

This leads to nothing, of course, as Palo Alto Networks critically states during his event. Nowadays, people are no longer a match for machines. Machines and process automation do their job very well, and people are not up to the task. Yet the American security company still sees this happening a lot, with all the accompanying consequences.

Machines have to fight against machines

How, then, is the fight against machines to be fought? Simply put, Palo Alto Networks’ answer is to prepare other machines for this. Machines have to compete with machines. Machine learning has to prepare defensive machines for this battle, as René Bonavie, Chief Marketing Officer (CMO) at Palo Alto Networks tells us.

To enable this machine learning to do its job as well as possible, Palo Alto Networks has developed a strategy that collects large amounts of data fully automatically, without human intervention. According to Bonvanie, machines no longer carry out attacks ‘through the front door’, but instead look up the side windows or even the sewers. This means that many fragmented tracks are left behind, not all of which can be found by humans. By now bringing all these fragments together in a large dataset, it is easier to automatically bring these puzzle pieces together, analyze them and finally come up with a solution.

Collecting data in the cloud

The next question is: where does Palo Alto Networks automatically extract and store all these fragments? Bonvanie is very clear about this. The data are automatically delivered by the supplier’s customers and stored in a cloud environment. The software solutions of the security specialist have been developed in such a way that these datasets are delivered automatically and completely encrypted. Palo Alto Networks also automatically extracts the deviating data from these datasets and adds them to the large central database in complete anonymity. The CMO of Palo Alto Networks emphasizes that these data can no longer be traced back to individual customers.

The security company then releases a number of algorithms onto the datasets that investigate whether the deviating data lead to certain risks. For example, the question is whether the deviating data has been discovered before, whether the data belongs to a certain malware campaign, whether this campaign was successful and what possible next steps might be.

The algorithms automatically come up with the answers to these questions, without human intervention, and send them back to the customers. With the answers, they can then stop the attacks in question. In this way, it is machines that take care of the security for the customers with the help of machine learning and thus engage in the battle with the attacking machines. Moreover, as the CMO emphasizes, this security does not apply to each individual customer, but via a cloud environment to all customers of the American specialist.

Palo Alto Networks Application Framework

The supplier has developed its Application Framework, among other things, for an automated fight against malware. This platform enables users to quickly access, evaluate and ultimately apply the best new security solutions from Palo Alto Networks itself or from specially selected partners. The Application Framework (AF) consists primarily of proprietary infrastructure, that of third-party developers, MSSPs and the end-users themselves to quickly build and deliver innovative cloud-based security services via various cloud-based APIs, services, computing power and native access to customer-specific data environments.

In addition, the platform has customer-specific data storage provided by the US security specialist’s Logging Service, which enables threat intelligence to be shared across the entire platform. Finally, the AF consists of specific cloud-based applications that further expand the capabilities of the platform, such as collaboration between different applications, providing and sharing context and threat intelligence, and stimulating and enforcing automated responses to detected threats.

Other changes also necessary

In addition to the large-scale use of machines, powered by machine learning, as the pre-eminent means of combating automated malware attacks, according to Palo Alto Networks, a change in the way companies think about security is also certainly necessary.

Until now, companies have focused too much on the endpoints, such as physical or virtual firewalls and agents for devices or private and public cloud environments, that provide security. This layer of security is no longer necessary, Palo Alto Networks points out, because they only serve for better insight, reporting, detection and protection, prevention, behavioral analysis, or sandboxing. In short, the things we want to do within cybersecurity. They are only a means to carry out security. In addition, this does not make it possible to combat the aforementioned machines.

According to Palo Alto Networks, what really matters is the outcome of the above security tools and what can be done with them. In other words, the data that these devices provide, whether virtual or not, and by which these results are processed. In short, the application layer.

Focus on the application layer

In their cybersecurity strategy, companies and organizations should not focus on the resources, but on the services that make good security possible and automate it. The focus should, therefore, be on what exactly is the best service to gain insight into data, or which offers the best compliance. This has to be done quickly because hackers do not sit still and are constantly adapting. According to Palo Alto Networks, the data from the entire IT stack must also be used for this purpose.

If this is done properly, starting a new security service is just ‘converting a button’. Only then, according to the American cybersecurity provider, can we really take on the battle with the machines.

Biggest challenge in the coming years

According to the security specialist, this new line of thought or ‘mindset’, combined with the knowledge that these are now machines that we have to combat, will be the biggest challenge for companies and organizations in the field of cybersecurity in the coming years. Companies must be able to find an answer to new threats within a very short period of time. Not by hiring more people, but by implementing a new, automated, security architecture, according to Palo Alto Networks. We will certainly keep an eye on how the American supplier will continue to help with this in the coming years.