Date

By Source

By Technology

By Services

By Audience

Displaying 1 to 30 of 10485

ランサムウェア Saturn vs Traps

パロアルトネットワークスは、ランサムウェア Saturn の検体を入手し、Traps で検証を実施し、防御可能なことを確認しています。本記事では、技術検証した結果のみを記載します。   【ランサムウェア Saturnに感染時の端末画面】 ランサムウェア Saturnに感染すると下記のようにファイルが暗号化され、ポップアップメッセージが表示されます。暗号化されたファイルは「.saturn」の拡張子となります。 感染後に表示されるポップアップメッセージ1感染後に表示されるポップアップメッセージ2暗号化されたファイル   【Trapsの検知画面】 TrapsエージェントがWildFireの脅威情報を取得できない状態(例:ネットワーク未接続状態)においても、 機械学習による静的解析エンジンによりSaturnの起動を阻止することができました。 もちろん、ネットワークに接続されていれば、世界中でリアルタイム解析&共有されたWildFireの脅威情報を利用した検知が可能です。   TrapsのWildFire連携や静的解析エンジンのセキュリティ機能をあえて無効にして、今回入手したSaturnの動作を見てみました。その場合、Trapsは下記の2つの検知を行っています。   ・疑わしいプロセス制御機能(子プロセス制御)の検知  →バックアップから復元できないように、ボリュームシャドウコピーを消す動作をTrapsが検知 ・おとりファイルを利用した、ランサムウェア起動後のファイルの暗号化処理を阻止  →ランサムウェアは実行されてしまったが、実ファイルを暗号化されずに保護することが可能   【子プロセス制御での検知ログ】 静的解析でブロックしたログは以前のBadrabbitと同様のログになりますので割愛しますが、本記事では子プロセス制御の検知についてのログについて解説します。 このSaturnの検体においては、cmd.exeからvssadminを呼び出し、delete shadows /all /quiteコマンドにてボリュームシャドウコピーを削除することにより、バックアップから復元できないようにしている動作をTrapsが疑わしいと見なして検知し、その動作を実行前に阻止していることが確認できます。   ▼検証環境 Windows 7 32bit Traps 4.1.2 Content Update 33-2266   ■検体ハッシュ値  (SHA-256) b3040fe60ac44083ef54e0c5414135dcec3d8282f7e1662e03d24cc18e258a9c  

tmuroi,
  • 0
  • 0

Lightboard Series: PA-3200 Series

  • 0
  • 1

Lightboard Series: PA-220R

  • 0
  • 4

10 Things To Test In Your Future NGFW: Prevent Credential Theft

Users and their credentials are among the weakest links in an organization’s security infrastructure. As such, the majority of breaches involve credential theft at some point in the attack lifecycle. With credential abuse as part of the attackers’ toolset, their chances of successfully breaching go up, and their risk of getting caught goes down.

  • 0
  • 3

What is Cloud Computing?

Cloud-based computing is the delivery of hosted cloud services over the internet, and providers of cloud services maintain the necessary infrastructure to support it. Hosted cloud services include constant online access to servers, networking, software applications, databases and data storage.

  • 0
  • 2

Machine Learning in Cybersecurity

In computing, machine learning is the ability of a system to learn without being programmed to do so. In machine learning algorithms, computers and other machines analyze data using automated robots and make predictions based on pattern recognition.

  • 0
  • 1

Remote Access for ICS and SCADA

White paper discussing how remote access can be supplied to both greenfield or brownfield deployments into an automation network

  • 1
  • 77

Applying VLAN Insertion in ICS/SCADA

Case studies on the Target® and recent Ukraine electrical grid attacks indicate that these attacks were containable or preventable with proper network segmentation.

  • 0
  • 410

Defining the 21st Century Cybersecurity Protection Platform for ICS

In this paper Mario Chiock, Cybersecurity & Disruptive Technology Executive Adviser and Del Rodillas Senior Manager, SCADA and Industrial Controls Cybersecurity go through the nine core capabilities that define this 21st century security platform for industrial control systems.

  • 2
  • 3967

PA-5200 Series Datasheet

Key features, performance capacities and specifications for our PA-5200 Series.

  • 5
  • 50852

Industrial Control Systems

The Security Reference Blueprint for Industrial Control Systems (ICS) enables operators to become compliant with both government and internal governance.

  • 1
  • 1385

PA-3200 Series

Palo Alto Networks® PA-3200 Series of next-generation firewalls comprises the PA-3260, PA-3250 and PA-3220, all of which are targeted at high-speed internet gateway deployments.

  • 0
  • 3316

PA-220R

Palo Alto Networks ® PA-220R ruggedized appliance brings next-generation capabilities to industrial applications in harsh environments.

  • 0
  • 3177

Palo Alto Networks Adds to Its Next-Generation Firewall Lineup With New Hardware That Speeds Decryption and Improves Performance

Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced new hardware and updates to its PAN-OS® operating system that further enable organizations to easily...

Santa Clara, CA
  • 0
  • 312

Palo Alto Networks Secures Networks in Harsh Industrial Environments With New PA-220R Next-Generation Firewall

Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced the introduction of its ruggedized PA-220R next-generation firewall. This new NGFW appliance is designed to...

Santa Clara, CA
  • 0
  • 19

MineMeld not loading after installation

After succesfol installation of MineMeld in a Debian9, by using this article: https://github.com/PaloAltoNetworks/minemeld-ansible   When accessing to HTTPS://IP_Address it stays forever loading (showing the loading "M"). I can't see any error in the logs, services are fine.   Any ideas?

MarcelST,
  • 0
  • 0

Davos 2018: Hot Topics in Cyber Risk

From SecurityRoundtable.org contributor Greg Day: With more world leaders attending, and a large fall of snow, the atmosphere and the village were even more intense this year than my first year at the World Economic Forum meeting in Davos. During the week, I was most fortunate to meet lots of amazing people, from academics and business leaders to politicians.   I...

  • 0
  • 0

Introducing the Ruggedized PA-220R Next-Generation Firewall

Learn more about the PA-220R and our approach to helping our users safely modernize their OT

Del Rodillas,
  • 0
  • 1

Announcing PAN-OS 8.1: Streamline SSL Decryption, Accelerate Adoption of Security Best Practices

Learn about PAN-OS 8.1, the latest version of the software that powers our next-generation firewalls.

Navneet SinghStephanie Johnson,
  • 0
  • 6

Mindmeld Installation issues

Hey guys, having issues with fresh installs of Minemeld. I've had success installing it on a test virtual box however this time I'm deploying in a VMware environment.   This is the message that I get. I've tried removing the packages for clean install and have tried other machines but

vdnguy2,
  • 0
  • 0

Questions on Mindmeld tasks

Hello,   I have one question, for the community.   I can you search for an IP Address in all of your feeds, to find a specific IP.   Thanks,

Troy_Mitchell,
  • 0
  • 0

PAN-OS 8.1: Streamline SSL Decryption, Accelerate Adoption of Security Best Practices

We are pleased to announce PAN-OS 8.1, the latest version of the software that powers our next-generation firewalls. This release, coming soon, enables you to easily adopt application-based security, removes barriers to securing encrypted traffic, simplifies management of large networks and helps you quickly identify advanced threats in conjunction with

reaper,
  • 0
  • 7

xml stream error

Hi, I'm using Soltra Edge to poll the taxii service from MineMeld.  All works well in that the service can be discovered and I can start polling.  Towards the end of the polling (or possibily at the end), the following error is generated in Soltra Edge: "poll failed - xml

PhilipW,
  • 0
  • 2

LiveWeek 16 Feb 2018

 Your Favorite Palo Alto Networks Feature Joe takes a look at one of our more popular community discussions, which asked the Live Community about favorite featuers of the Palo Alto Networks NGFW. Click to read what our members had to say.   Traps Prevents Adobe Flash Player Zero-Day Learn about

editeur,
  • 0
  • 3

Shaping the Future of Transportation With Secure Clouds

Learn how the Palo Alto Networks Next-Generation Security Platform helps the transportation industry get new products and services to market quickly and securely.

Dharminder Debisarun,
  • 0
  • 3

Believe It or Not, There Is an Upside to GDPR

GDPR: It’s the latest four-letter word in compliance circles. The European Union’s General Data Protection Regulation—designed to ensure that companies are protecting personally identifiable information—goes into effect in three short months, and the anxiety among those charged with meeting its terms is palpable. The concern, say data–privacy experts, is warranted. “The new GDPR regulations are a beast, period,” said Jason...

Stephanie Overby,
  • 0
  • 4

Mass unsubscribe

I work for an email marketing company.  We have a sender who sent out 3 separate emails blast to over 1 million contacts.   They had a very high unsubscribe rate.  After our engineering team looked at the logs, we see that all the unsubscribes happened seconds apart but were all different domains. 

NoyesJ,
  • 0
  • 7

3MBridgesetup.exe

Palo Alto Wildfire is categorizing this file hash as benign, however Palo Alto threat vault is categorizing the hash as Name: Virus/Win32.WGeneric.pgmrm. Please help me understand why this is happening.   FIle Hash: 0a2723e95a5de7dec6d6f2f5840ebcc5 https://threatvault.paloaltonetworks.com/?query=193628526   https://www.virustotal.com/#/file/63bb264ba767abb7845c280599baeead67ba5d4fa2877852ab56a04906717257/detection

JP_Sanchez,
  • 0
  • 1

What Is Endpoint Detection and Response?

Endpoint detection and response, or EDR, is the need for continuous suspicious activity detection and monitoring of endpoints to defend against advanced threats.

  • 0
  • 33
Displaying 1 to 30 of 10485