The Next Generation Cyber Security in the 4

The Next Generation Cyber Security in the 4 th Industrial Revolution Alvin Tan Regional Head

Today’s Problem World of Cybersecurity = World of Technology (IT, OT and Io. T) The world of technology and the world of the security designed to protect technology are moving in opposite directions

6 Major Trends Simpler and Easier More Convenient Fewer People Natively Integrated More Automated Designed to Prevent World of Technology

6 Major Trends More Difficult More Complicated More People World of Cybersecurity Simpler and Easier More Convenient Fewer People Isolated Natively Integrated Mostly Manual More Automated Reactive Response Designed to Prevent World of Technology

6 Major Trends More Difficult More Complicated Simpler and Easier More Convenient More People Fewer People “U-Turn” 5 | © 2015, Palo Alto Networks. Confidential and Proprietary. Isolated Natively Integrated Mostly Manual More Automated Reactive Response Designed to Prevent

Preventing Successful Attacks COMPLETE VISIBILITY REDUCE ATTACK SURFACE CONSISTENT ACROSS ALL BUSINESS LOCATIONS HEADQUARTERS © 2018 Palo Alto Networks Inc. Confidential BRANCH OFFICES PREVENT NEW THREATS PREVENT KNOWN THREATS DATA CENTER/ PRIVATE CLOUD PUBLIC CLOUD SAAS MOBILE USERS IOT

We need a different approach to Network Defence Single Pass Parallel Processing (SP 3™) DNS detection for outbound DNS Internet Enterprise network APT detection for port 25 APTs APT detection for port 80 APTs 7 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

We need a different approach to Endpoint Defence Multi-method prevention rather than multi-agent on the endpoint ANTIVIRUS EDR HOST FW Malware APPLICATION CONTROL Exploit HOST IPS EXECUTION RESTRICTIONS MACHINE LEARNING LOCAL ANALYSIS RECONNAISSANCE CODE EXECUTION HOST APT SANDBOX KNOWN MALWARE DYNAMIC ANALYSIS MEMORY CORRUPTION ESCALATION

Bringing both approaches to the Cloud Application WEB INLINE Protect and Segment Cloud Workloads APP Web Server HOST Secure OS & App Within Workloads App Server Iaa. S On-Premise Paa. S Object Storage Caching API Database API Continuous Security & Compliance

Leveraging the Cloud DYNAMIC ANALYSIS MACHINE LEARNING STATIC ANALYSIS BARE METAL MALWARE SIGNATURES WINDOWS EXECUTABLES EVERY 24 HOURS JAVA, EXE, DLL, ZIP, PDF, DOC, FLASH, APK, DMG, PKG, MACH-O FIREWALLS 10 | © 2017, Palo Alto Networks. All Rights Reserved.

Leveraging the Cloud DYNAMIC ANALYSIS MACHINE LEARNING STATIC ANALYSIS BARE METAL MALWARE, URL’S, DNS, C&C MALWARE SIGNATURES 1, 000/DAY 230, 000 / DAY WINDOWS EXECUTABLES EVERY 24 HOURS JAVA, EXE, DLL, ZIP, PDF, DOC, FLASH, APK, DMG, PKG, MACH-O FIREWALLS 11 | © 2017, Palo Alto Networks. All Rights Reserved. 5 MINUTES

Getting Consistent Security Everywhere DYNAMIC ANALYSIS MACHINE LEARNING STATIC ANALYSIS BARE METAL MALWARE, URL’S, DNS, C&C 1, 000/DAY 230, 000 / DAY WINDOWS EXECUTABLES EVERY 24 HOURS 5 MINUTES JAVA, EXE, DLL, ZIP, PDF, DOC, FLASH, APK, DMG, PKG, MACH-O HEADQUARTERS 12 | © 2017, Palo Alto Networks. All Rights Reserved. BRANCH OFFICES DATA CENTER/ PRIVATE CLOUD PUBLIC CLOUD SAAS MOBILE USERS IOT

Indicators of Compromise vs Indicators of Attack IP Address MD 5 Hash 13 | © 2017, Palo Alto Networks. All Rights Reserved. Attack URL

Mapping a Campaign - Operation Lotus Blossom Separate, but overlapping infrastructure Each targeted nation largely has its own C 2 servers Connected by email addresses used to register domains

DISRUPTING THE CONSUMPTION MODEL URL FILTERING THREAT PREVENTION THREAT HUNTING THREAT INTEL CLOUD SANDBOX API & Application Framework BEHAVIORAL ANALYTICS THREAT SYNDICATION AND TRANSLATION AUTOMATED THREAT PREVENTION SERVICES IN-HOUSE APP DATA FROM LOGS & TELEMETRY 3 rd PARTY APP HEADQUARTERS BRANCH OFFICES DATA CENTER/ PRIVATE CLOUD PUBLIC CLOUD SAAS MOBILE USERS IOT

atan@paloaltonetworks. com