Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
February 13, 2023
As today’s cyber threats become more pervasive than ever, the “bad guys” are also growing more sophisticated than ever. We need to be constantly guarded against exploits and vulnerabilities—ready to defend against attacks—all while reducing risk. Enter CDSS, described by Palo Alto Networks as “All in one place and everywhere all at once.”
In this blog post, we will discuss the uses of Cloud Delivered Security Services (CDSS), how they work (including best practices) and what is new with these security subscriptions.
Palo Alto Networks CDSS licenses are available for purchase from Optiv Security based on individual customer need, à la carte. There are also cost-saving bundles that feature, for example, labs and HA pairs. Remember that each firewall in an HA needs to include identical licensing. Once purchased and applied to your firewall, you may verify that license is active under the device tab and the licenses node towards the bottom of the left side of the GUI (Graphical User Interface).
We will review the highlights of the recent changes to CDSS subscriptions so that you can better understand the value of these services and best practices for using them. Below is a comparative overview of the new CDSS offerings and an examination of how to leverage those services to protect your environments. You can utilize these services across the Palo Alto Networks ecosystem on various platforms, including Next-Gen Firewalls (NGFW), Prisma SASE (Secure Access Service Edge), Prisma Cloud, Cortex XDR and Cortex XSOAR.
Threat Prevention (TP) has been part of the Palo Alto Networks Next Generation Firewall (NGFW) foundation from the beginning. This subscription is the essence of protecting your environment from commodity threats and APTs (Advanced Persistent Threats). Threat Prevention leverages signatures used by your NGFWs to protect against specific, known threats, including command and control (C2), malware and other exploits. A core principle of the NGFW is to combine Threat Prevention with App-ID and User-ID to create firewall policies that provide fine-grained protections for your network.
Advanced Threat Protection takes this to the next level, utilizing cloud services to provide inline machine learning for real-time protection from unknown threats. This is the most scalable solution to protect your environment, as you can stay up to date with new exploits not yet seen on the internet. The Advanced Threat Prevention subscription leverages all that is built into the standard Threat Prevention license. This allows your users to be protected without compromising the user experience.
The Palo Alto DNS subscription is intended to be used at your internet gateway. With NGFWs, a DNS Security license provides inline protection for all DNS traffic in real time. Utilizing security policies on the NGFWs, you may customize your responses based on the DNS traffic type that fits your risk profile.
A DNS Security license provides cloud-based analytics that can predict and stop malicious domains instantly via your NGFWs. The machine learning engines can detect and stop new and unknown DNS threats, such as DNS tunneling and rebinding, as well as DGAs (Domain Generation Algorithms).
Known DNS threats are handled via the shared data in Palo Alto DNS Security cloud, utilizing data from Palo Alto’s own threat research and from all customers that deploy Cloud Delivered Security services, including WildFire, URL Filtering and additional third-party sources.
It is important to understand that the “Legacy” URL Filtering subscription is no longer available for purchase. Current subscription owners can continue to utilize URL Filtering as they have in the past until their license expires.
ADV URL utilizes the functionality of “Legacy” URL and includes real-time analysis when running PAN-OS 10.2 or later. This best-in-class web protection uses Palo Alto’s URL database of malicious URLs and the real-time, cloud-based, deep learning engine. This combination allows a NGFW to immediately detect and prevent new and targeted attacks.
ADV URL Filtering is intended to be at your Internet edge, as it protects you from malicious traffic requiring external connectivity, such as malware, phishing and C2.
WildFire was Palo Alto’s first cloud-based engine providing real-time, inline protection. This gave the ability to stop and prevent unknown, malicious traffic from entering an enterprise. The sandbox analysis provided by WildFire will help to prevent zero-day-attacks and APTs (Advance Persistent Threats), easing a business’ risk surface by providing prevention at scale.
Prevention is improved for all Palo Alto Networks customers, as the WildFire data is delivered within seconds to the NGFWs across the globe. This is all accomplished while utilizing cloud analysis and sharing with the inline machine learning modules on the NGFWs. Data shared with the WildFire cloud engine from your NGFWs, such as files and scripts, are all configurable.
Advanced WildFire absorbs all of what “legacy” WildFire utilized but goes deeper, including inline machine learning and automated protections. Updates include access to Intelligent Run-time Memory Analysis, which is a cloud-based advanced analysis engine. It complements existing engines already in use to detect and prevent evasive malware threats. Utilizing this cloud-based detection, highly evasive malware can be more easily targeted. Advanced WildFire also now includes integrations for management and reporting into AIOPs (Algorithmic IT Operations).
*Please note that prior to installing the new ADV WF license, you must first remove your expired WildFire license on the NGFW.
Palo Alto Networks IoT subscription includes protections for Internet of Things (IoT), Internet of Medical Things (IoMT) and Operational Technology (OT) devices. IoT Security is meant to be deployed on the network segment where IoT devices exist, as well as on the Internet edge. These devices pose a large cybersecurity risk, as they are not trustworthy. But they are necessary for some enterprises to exist. These devices are rarely implemented or maintained by an organizational IT unit, let alone known and mitigated by security team—leaving a security gap that should be closed.
The IoT subscription uses machine learning to quickly identify IoT devices in real time. The IoT cloud engine then utilizes crowdsourced data to recognize anomalous activity for these previously unknown devices. This allows for a continuous IoT risk assessment that delivers trust-based policy recommendations to improve the organization’s security posture.
Now you can get visibility into devices that were once unknown and unprotected. The IoT subscription allows for best practice device segmentation to mitigate lateral movement to highly critical devices such as Domain Controllers.
Using SaaS Inline, you provide threat protection for your enterprise and users by blocking unsanctioned SaaS applications and risky user behavior via security policies. This SaaS visibility, along with policy recommendations and App-ID Cloud Engine (ACE), are the primary capabilities of SaaS Security Inline.
There are various flavors for SaaS Security Inline, from NGFWs only to Panorama Managed Prisma Access and, finally, Cloud Managed Prisma Access. These different scenarios provide multiple deployment and management options for you to choose from to meet your enterprise’s needs.
Enterprise DLP is a new and improved integration of the Palo Alto Networks DLP service.
Data is everywhere, and so are users who are at risk for data theft and compromise —which is why we needed a new way to think about enterprise data loss. Enterprise DLP is designed to be used with people, data and networks everywhere and anywhere. This comprehensive service covers:
Enterprise DLP allows for predefined and customizable data identification, which improve accuracy and reduce false positives. Leveraging machine learning in the cloud, sensitive data is automatically discovered using multiple detection methods. This continuous and consistent protection covers all points in your network, NGFW and SASE.
When reviewing the highlights to the new subscriptions, the major differentiator is that “Advanced” Threat Prevention and “Advanced” URL Filtering utilize inline Machine Learning (ML) via cloud analysis. The inline ML is a game changer, in that real-time traffic inspection occurs for protection against unknown threats in seconds.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Let us know what you need, and we will have an Optiv professional contact you shortly.