Information-security executives this year need to move past their traditional “legacy mindset of locking and blocking” to a flexible approach tailored to employees' application requirements and usage, the local head of security firm Palo Alto Networks has advised.
Speaking to CSO Australia in the wake of Palo Alto's acquisition of security startup Morta Security, Australia-New Zealand country manager Armando Dacal said the long-running focus on port-based blocking had proved inadequate as attackers increasingly used masking techniques to work their way around such controls.
Next-generation firewalls (NGFWs) allowing administrators to classify traffic based on applications, by contrast, did away with traditional stateful-inspection techniques to facilitate the creation of security policies “that maps the way your business runs”, Dacal explained.
“It really boils down to the specific user and the content they should be accessing,” he continued, noting the importance of new security thinking as cloud-computing investments increasingly complicated the security picture.
“Cloud is a moving target, and more and more of enterprises' critical data is sitting outside of their network,” Dacal said. “This is why it's absolutely critical to have a security posture that addresses the way your business actually runs.”
That includes the use of policies to manage users “irrespective of the device or platform they're running on” rather than focusing on network traffic alone, he continued. “We see 2014 as being a critical year for security leaders in making that shift to a world where you safely enable applications that your employees are looking to use.
“It's a much stronger security architecture and strategy, and we continue to see more and more being done with the technology every day. It's critical that enterprise leaders address that.”
Palo Alto will eventually build on its Morta acquisition to expand its threat-intelligence capabilities, but in the meantime the company has built out its WildFire NGFW offering with additional features that it says are optimised to detect unknown malware, zero-day exploits and advanced persistent threats.
The technology's 'closed loop' approach uses an ongoing feedback loop to detect known and unknown security compromises based on behaviour and file analysis. Malware controls are continually built and refined, then added to the evolving malware defence.
Such capabilities will become increasingly important as exploding mobile malware volumes force CSOs into a reckoning of their mobile ambitions, Dacal said.
“The reality is that users are bringing devices onto the network, and that enterprises need to find ways of enabling the applications that employes want to use, but enabling them safely. That's really at the heart of what every CSO is thinking about.”