Sun Tzu Series #7 of 10. “In Ancient Times Those Known….” Palo Alto Networks-New Champion in the Malware Wars.

10 Jun

ancient cyber-defense method

As the famous military strategist Sun Tzu said in his Art of War written 2,400 years ago: “In ancient times those known as good warriors prevailed when it was easy to prevail.” Fifteen years ago it was easy for a good programmer to build a good firewall. It is no longer easy to prevail in the malware wars. Malware has become a profitable business.

On Monday, June 4, 2012, as a guest of Bank Leumi USA, I attended the Cyber Defense Symposium in Santa Clara. Having just finished cleaning up two (2) separate malware attacks on my website and blog, I was very interested in the current state of cyber defense.

The most innovative and engaging presentation was by Nir Zuk, the Founder and CTO of Palo Alto Network. His talk was on Modern Malware: The Evolving Threat Landscape.

Nir Zuk Background? Previously, Nir was CTO at NetScreen Technologies (acquired by Juniper Networks), Co-Founder & CTO at OneSecure, and principal engineer at Check Point Software Technologies.

His Radical Concept.The traditional firewall is obsolete.  Its sole purpose is to keep a network secure by analyzing the data packets in the incoming and outgoing network traffic and determining whether the packets should be allowed through or not based on a predetermined set of rules. The old firewalls (most of the ones in use currently) identify the traffic by the port # or the IP address, but popular ports, #80 and #443, for example, are no longer traffic specific. You are going to need new hardware and new software. Nir’s new firewall needs identifies the user, identifies the application and figures out what the user is doing with the application based on the application content because every document coming into an organization can be an attack. Nir’s firewall scans every document coming into an organization based on content (specifically looks for credit card numbers, social security numbers or other financial data) and automatically generates multiple signatures which can be delivered within an hour.

Modern Malware Attack. Modern malware is a business done by organized crime and state-sponsored terrorists. The “enemy” is no longer the lone, bored, teenage hacker looking for thrills by seeing if he can enter or bring down a website or business. The modern enemy has a business plan (to make money illegally by collecting credit card numbers, bank account numbers, passwords, social security numbers), employees (talented developers) and management (savvy crime bosses).

Anatomy of a Modern Attack according to Nir. The attacker attacks by taking over the end-user’s machine by following five (5) steps:

  1. bait an end user using a PDF file which may arrive by Skype or some other trusted source (note the malware does not arrive in an email)
  2. exploit a vulnerability (put the attack in a PDF document of interest to the end user and send it from a trusted source)
  3. download a backdoor (the enemy code is very small and it’s sole purpose is to create a backdoor)
  4. establish a back channel
  5. the enemy can now enter at will and explore and steal
Takeaway: It is no longer “easy to prevail” because malware has become a sophisticated (illegal) growth industry, the enemy has changed so your firewall must radically change.
 
This website and its content are copyright of Marisa’s Poetry Corner – © [www.marisaspoetry.com] [2012]. All rights reserved.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

No comments yet

Leave a Reply