Cyber Security Team

Since the beginning of the Internet TCP and UDP port numbers have been used to discriminate between applications crossing a network. Over the last decade there have been two shifts that impact the security of networks. Firstly, many applications have shifted to using the secure SSL/TLS protocol on its standard port of 443. Secondly, attackers utilise port numbers of benign applications to run their nefarious services. In both instances the reuse of standard port numbers blind traditional firewalls to the actual application traversing the network.

Palo Alto Networks’ AppID technology both looks at the TCP/UDP ports of a session and also the actual data crossing the network to determine the application in question. This permits the firewall to discern valid applications on the same port or detect prohibited applications hijacking a normally acceptable port number.

If you plan to migrate from a port-based firewall policy such as on a Cisco ASA we can manage the discovery of applications and customise your policy to match the applications you use, following Palo Alto Networks best practice.

Traditionally, if any control on the source of a session was implemented on a firewall, the permitted source addresses would be large blocks of IP address space - ensuring all the users that required access to a resource were permitted. Unfortunately, this would often also permit access to a large number of users who are not authorised to access the resource. UserID on a Palo Alto Networks firewall allows control at the level of an individual - permitting access to critical resources to all authorised staff whist denying access to others.

Environments with UserID in use enjoy the added benefit of firewall log entries including the account details of the user who initiated the session - simplifying fault or security incident resolution.

If UserID is not already implemented within your estate we can help integrate your Active Directory system with your Palo Alto Networks firewalls - allowing the existing group memberships of your staff to be leveraged to provide your teams with only the access they require.

Deep-packet inspection of in-line traffic flows is one of the huge benefits of deploying Palo Alto Networks firewalls - permitting the firewall to perform the role of a traditional IDS/IPS. Packets are analysed at the application level to ensure that suspicious payloads camouflaged within legitimate content are not delivered to end-users. The signatures that define the threats are constantly updated by Palo Alto Networks and their team of cyber security threat researchers - Unit 42.

As with all IDS/IPS platforms the key to successful deployment is tuning and monitoring. Receiving too many alerts for low level incidents leads support staff to ignore them as “noise.” Alarms should be meaningful and actionable. We can assist your team in defining the right level of alerting and tune policies to match your environment.

The world of cybercrime is a fast-moving environment where new variants of malware are released continually. For detection systems this means a delay between a new piece of malware being released on the internet and being detected with an anti-malware update released. Wildfire overcomes this by automatically delivering suspicious files to a ring-fenced sandbox environment which allows any malware present to run and be observed doing so. An automatic update can then be generated and sent back to both the organisation who submitted the sample and all other Palo Alto Networks Wildfire customers.

Wildfire is available as either a cloud service - the base version of which is included in a firewall’s Threat Prevention licence - or as an on-premise appliance. We can help you determine which deployment is appropriate for your environment and help ensure targeted attacks are stopped at the network perimeter.

GlobalProtect provides seamless VPN connectivity to roaming users utilising SSL and IPSEC VPN technology.

The agent resides on the user's laptop and can be configured to initiate a connection as soon as it detects that it is not connected to the corporate network - from that point directing all client network data to your Palo Alto Networks firewall.

This ensures that not only your users have access to the corporate resources but they also have the same level of protection and control away from the corporate network as they are provided in the office.

Using GlobalProtect technology we can deliver a secure, transparent VPN into your organisation - providing both a secure environment and an efficient solution maximising the productivity of your staff.

Panorama is a firewall management platform which allows the automation of policy deployment to multiple firewalls using shared elements including objects, security policy and device configuration. This reduces the amount of time spent administering your firewalls whilst ensuring your firewalls are always in synchronisation.

Panorama can also be configured as a centralised log platform for your firewalls - providing end-to-end visibility of packets crossing your network.

If you are not already using Panorama or only partially using it within your estate we can migrate all of your current firewall configurations to a central Panorama system - providing ongoing cost savings through increased team efficiency and a more consistent security policy.