Top Banner

Click here to load reader

PALO ALTO NETWORKS AND CYBERX · PDF file Palo Alto Networks The Palo Alto Networks® Security Operating Platform prevents successful cyberattacks through intelligent automation. Our

Jul 13, 2020




  • Key Benefits of Integration

    The CyberX platform uniquely combines a

    deep, embedded understanding of industrial

    devices, protocols, and applications with

    continuous monitoring and ICS-aware

    behavioral analytics, asset and network

    topology discovery, risk and vulnerability

    management, automated threat modeling,

    and threat intelligence.

    Palo Alto Networks Next Generation Firewall

    for ICS provides highly granular visibility into

    traffic at the application and user levels as well as being able to apply these parameters

    in policy.

    The CyberX platform integrates with the

    Palo Alto Networks Next Generation Firewall

    through XML API’s.

    The Challenge Companies with critical industrial infrastructure are increasingly concerned about

    ICS/SCADA cyberattacks by nation-states and cybercriminals.

    As IT and Operational Technology (OT) networks become increasingly connected

    to support digitalization and collection of real-time intelligence from production

    operations, this has increased the attack surface and hence the risk from both

    targeted attacks and malware.

    While downtime in a traditional IT environment can result in the lack of business

    continuity, breaches in OT environments can have far more devastating impacts

    including costly production outages, catastrophic safety failures, environmental

    damage, and theft of corporate IP.

    CyberX The CyberX platform provides continuous monitoring with specialized behavioral

    analytics that were purpose-built for detecting unauthorized or suspicious ICS/

    SCADA traffic. The platform incorporates patented, ICS-aware self-learning engines that automatically inventory and profile assets, identify vulnerabilities, and detect a wide range of threats in real-time — without relying on rules or

    signatures, specialized skills, or prior knowledge of the environment. Plus, it

    uses passive monitoring to ensure zero impact on the ICS/SCADA network.

    Palo Alto Networks The Palo Alto Networks® Security Operating Platform prevents successful

    cyberattacks through intelligent automation. Our platform combines network

    and endpoint security with threat intelligence and accurate analytics to help

    streamline routine tasks, automate protection and prevent cyber breaches. Tight

    integrations across the platform and with ecosystem partners deliver consistent

    security across clouds, networks and mobile devices, natively providing the right

    capabilities at the right place across all stages of an attack lifecycle. Because

    our platform was built from the ground up with breach prevention in mind – with

    important threat information being shared across security functions system-

    wide – and architected to operate in modern networks with new technology

    initiatives like cloud and mobility, customers benefit from better security than legacy or point security products provide and realize better total cost of



  • CyberX’s integration with Panorama™ enables joint customers to rapidly block sources

    of malicious traffic in ICS/SCADA networks

    Five Key Use Cases for Prevention • Unauthorized PLC changes: An update to the ladder logic or firmware of a device. Can represent a legitimate activity or an

    attempt to compromise the device by inserting malicious code, such as a RAT or parameters causing the physical process —

    such as a spinning turbine — to operate in an unsafe manner.

    • Protocol Violation: An unpermitted packet structure or field value that violates the protocol specification. Can represent a misconfigured application or a malicious attempt to compromise the device – for example, by causing a buffer overflow condition in the target device.

    • PLC Stop: A command that causes the device to stop functioning, thereby risking the physical process that is being controlled

    by the PLC.

    • Malware found in the ICS network: ICS-specific malware that manipulates ICS devices via their native protocols, such as TRITON and Industroyer. CyberX also detects IT malware that has moved laterally into the ICS/SCADA environment, such as Conficker, WannaCry, and NotPetya.

    • Scanning malware: Reconnaissance tools that collect data about system configurations in a pre-attack phase. For example, the Havex Trojan scans industrial networks for devices using OPC (a standard protocol used by Windows-based SCADA systems to communicate with ICS devices)

    Palo Alto Networks + CyberX Joint customers of Palo Alto Networks® and CyberX are now looking for a way to rapidly block malicious traffic detected by the CyberX platform. Together, we’ve developed an off-the-shelf integration that automatically creates new policies in Palo Alto Network next- generation firewalls, based on contextual information provided by the CyberX platform. A 1-click “confirmation mode” prompt ensures a human in the loop at all times.

  • Rapid Creation of Asset-Based Policies CyberX has also developed an integration with the Palo Alto Networks Security Operating Platform that facilitates automatic creation

    of fine-grained, ICS-aware policy templates using tags, based on the type of asset.

    Using passive Network Traffic Analysis (NTA), the CyberX platform automatically discovers all assets and their communication behavior, thereby fingerprinting the asset type and associated properties (protocol, vendor, firmware revision level, etc.).

    By automatically tagging devices with their discovered properties — such as device type (HMI, PLC, etc.), and whether they are

    authorized devices or not — the CyberX application enables administrators to rapidly create asset-based policies. Administrators can

    also rapidly create Dynamic Access Groups (DAGs) using these asset-based tags.

    Examples of ICS-aware policies include:

    • “Unauthorized devices are not allowed to communicate between subnets”

    • “HMIs can only communicate with PLCs using the MODBUS protocol”

    • “Only engineering workstations are allowed to program PLCs”

    Integration with the Palo Alto Networks Application Framework Additionally, CyberX has developed an integration with Palo Alto Networks’ Application Framework that leverages Palo Alto Networks sensors that customers already have deployed.

    The application maps Palo Alto SCADA App-IDs to CyberX’s automatically-generated baseline of all ICS/SCADA network behavior,

    providing extensive detection, visibility, monitoring, and analysis capabilities. This enables security teams to:

    • Easily implement fine-grained policies to prevent malicious or unauthorized activities

    • Accelerate detection and investigation of targeted ICS attacks via deep forensic, threat hunting, and ICS threat modeling


    • Identify vulnerable or compromised OT devices, so they can be rapidly remediated or isolated

    • Alert on suspicious or risky behaviors such as PLC programming changes and network scanning

    About CyberX Founded by military cyber-experts with nation-state expertise defending critical infrastructure, CyberX provides the most widely- deployed platform for continuously reducing ICS/SCADA/OT risk.

    Our ICS-aware self-learning engines deliver immediate insights about assets, vulnerabilities, and threats — in less than an hour —

    without relying on rules or signatures, specialized skills, or prior knowledge of the environment.

    CyberX is a member of the Palo Alto Networks Application Framework Community and the IBM Security App Exchange Community, and has partnered with premier solution providers and MSSPs worldwide including Optiv Security, DXC Technology,

    Wipro, and Deutsche-Telekom/T-Systems.

    About Palo Alto Networks We are the global cybersecurity leader, known for always challenging the security status quo. Our mission is to protect our way of

    life in the digital age by preventing successful cyberattacks. This has given us the privilege of safely enabling tens of thousands

    of organizations and their customers. Our pioneering Security Operating Platform emboldens their digital transformation with

    continuous innovation that seizes the latest breakthroughs in security, automation, and analytics. By delivering a true platform and

    empowering a growing ecosystem of change‐makers like us, we provide highly effective and innovative cybersecurity across clouds, networks, and mobile devices. Find out more at

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.