Matt Mellen, security architect at Palo Alto Networks, will host an online roundtable September 12, during which participants will discuss such issues as blocking connections from countries you don’t do business with or enabling Domain Name System (DNS) sinkholing.
We caught up with Matt to find out more about this webinar and the value Fuel members will get from attending.
Fuel: What are some common misconceptions about how to reduce your attack surface?
Mellen: One common misconception is that all you need to do is deploy the Next Generation security platform and the network is secure. Don’t get me wrong — the Next Generation platform automates many processes that would need to be done manually in conjunction with point security devices. However, reducing the attack surface — even with an integrated security platform — is a continuous process that requires thoughtful planning. The Next Generation firewall alone provides hundreds of security capabilities. You can turn on many of them with the click of a button, whereas others require more careful planning with a phased approach. I’m going to cover some of those capabilities in my upcoming webinar and try to help you prioritize which you may want to implement first.
Another misconception I’ve heard is the assumption that it is difficult to migrate from IP/Port/Protocol security policies to App-ID and User-ID based security policies. The solution to any big challenge is always to break it up into smaller increments that can be achieved incrementally. The same applies here. Customers who go through the process of evaluating their data flows and implement App-ID and User-ID based rules are taking advantage of one of the industry-changing capabilities that the Next-Generation firewall provides.
Fuel: What is your favorite best practice in reducing your attack surface?
Mellen: I think that by far, the ‘best’ best practice in reducing your attack surface is to incorporate App-ID and User-ID into your data flow rules. This can have a significant impact on your organization’s ability to stop cyberattacks on your network. Having worked in a security operations environment, the DNS sinkhole capability is a close second because it makes it much easier to identify infected hosts on the network (plus it’s pretty easy to enable).
Fuel: What should participants do to prepare for the online roundtable?
Mellen: Come prepared to participate — this is intended to be a discussion! And ask yourself if there are any capabilities you are concerned about enabling.
Fuel: How can Fuel users benefit from this online roundtable?
Mellen: The materials I’ll be presenting will outline many capabilities that the security platform provides, organized into four relative ‘maturity levels.’ Perhaps you’ll learn of a new capability that you weren’t aware of — that you’ve already purchased.
Fuel: What is the key takeaway that attendees can expect from this online roundtable?
Mellen: The security platform provides many security capabilities you can enable. This online roundtable discussion will suggest the ones your organization should prioritize first, by focusing on the most common methods of attack.