Sponsored Post: Jorge Mastere – Sr. Manager, Business Development – Palo Alto
One way to look at changes in enterprise security in the era of the cloud is that the velocity of security events has shot up dramatically. Networks have become more open than ever, because so many employees are working remotely, and your business is connected to multiple cloud services.
As a result, complex security decisions must be made at enterprise scale, and at all levels of your network. They must also be as up to date as possible on the threat landscape. The only way to keep up is to automate. One way to do that is to use machine learning (ML) and artificial intelligence (AI) to locate, analyze, and protect against threats automatically.
Next-Generation Firewall (NGFW)
A Next-Generation Firewall (NGFW) combines conventional firewall capabilities with other network protection techniques, among them intrusion prevention system (IPS), deep packet inspection, and application firewalls. They consolidate many advanced network security techniques into a single platform.
You deploy an NGFW where you would put a conventional firewall, such as at the perimeter of the network. But in a modern network you would also want to put one at points where you connect to various clouds and even on each network segment. Virtual NGFWs are available to deploy on completely virtualized networks.
Traditionally, the NGFW vendor provides updates, or definitions, to customers in a manner similar to antivirus updates: The vendor’s threat team analyzes new threats, writes descriptions of them in a language that the NGFW can use to provide protection, and sends them out periodically to customer devices. With evolving threats, this model is not providing all the protection you need.
To help organizations outpace these evolving threats, a large NGFW vendor is regularly receiving intelligence on customer network traffic—normal and otherwise. The first thing the ML-based model does is analyze all the events and establish a baseline of what is normal network traffic and behavior. Thereafter, it can identify deviations from this norm and investigate the anomaly. ML can quickly analyze a huge number of variables to investigate the attack, including threat intelligence from outside the NGFW’s own dataset to protect against zero-day injection attacks.
All these capabilities give ML-based systems a leg up in identifying unknown threats, the kind human analysts are most likely to miss.
Secure Access Service Edge (SASE)
The expansion of cloud services and then of remote work made the conventional “data center behind the firewall” architecture untenable, leading to rapid adoption of a new class of network security known as Secure Access Service Edge or SASE.
SASE is a technology born to facilitate organizations demand immediate, uninterrupted access for their users, no matter where they are located. Users and other networks connect to the enterprise through the SASE service, which authenticates the user and connects them to the requested service, either in the enterprise or a cloud provider. While it does this, it inspects traffic for malicious or otherwise abusive behavior, and enforces other business policies like data loss prevention (DLP) to prevent sensitive data from being exploited.
Like NGFW, it’s a service that combines numerous network security technologies into a convenient, manageable package that solves real-world problems. Also, as with NGFW, the threats against which SASE secures are moving targets.
A SASE service will monitor for and block client-based attacks of many different types, from cross-site scripting in the browser to a SQL injection from a database application. New types of attacks appear frequently, but new instances of attacks appear continuously, and ML allows SASE to block them more effectively and efficiently.
Security Intelligence at Scale
Cyberthreats will continue to increase in volume and complexity with threat actors developing new ways to avoid detection. Machine learning turns out to be well suited to the challenge.
In today’s enterprise network security, the only way to keep up with the scale of evolving attacks is ML-based systems that coordinate a global intelligence network and your own traffic to provide optimal security for your systems and users.
Palo Alto Networks is a worldwide cybersecurity company dedicated to helping modern enterprises function efficiently and securely in a cloud environment. Learn more at paloaltonetworks.com.