Fred Streefland, Chief Security Officer of Palo Alto Networks, Northern and Eastern Europe, has no doubts: not making a risk assessment is the greatest risk. Together with Fred and Umberto Pirovano, Manager, Systems Engineering at Palo Alto Networks, we wanted to intensify the debate.
Risk Assessment: we speak to two specialists from Palo Alto Networks Edge9 about this: how should a risk assessment be carried out to be efficient?
Fred Streefland: Effective cybersecurity needs a holistic approach that begins with risk assessment, evaluation to identify the company's crown jewels, assets and protected information. It may be intellectual property, credit card details, person identification information, or delicate medical or industrial information.
The next step is to evaluate the hazards of assault that threaten these assets. A pragmatic strategy is to bring 10-15 staff from various departments together in a company's room and brainstorm cyber hazards. At the same moment, employees need to assess the probability of these hazards materializing. Each risk and the probability of its occurrence is allocated a value, then the effect is determined when another value happens and is allocated. The threat value is calculated by the two numbers multiplying.
Edge9: What to do once this value has been obtained?
FS: Once the hazards are calculated, the board chooses which funds to allocate in order to prevent them. The benefit of creating these values is that the board of managers can take choices rather than the CISO (Chief Information Security Officer, Ed.). Risk management is, after all, one of its primary tasks.
Let's take the example of an employee leaving the company: the risk that he will leave with his login details is considered quite high, so it can be expected that he should go to IT before moving on from human resources, ask for username and password to be deleted and a document confirmed to confirm it. While this method adds some bureaucracy, it helps to decrease the risk of assaults.
The adoption of two-factor authentication for delicate information is another option to decrease the danger. Unfortunately, few businesses can carry out a valid risk assessment in today's globe. By addressing particular issues as they occur, cybersecurity has developed to date. And this has meant that each business has 34 safety products on average, each with its own silo, over the past 10 years. CISOs seek individual alternatives to substitute firewall or antivirus software for this purpose. But this only complicates the architecture of cybersecurity.
Edge9: Which Palo Alto Networks solutions can assist the department of CISO and IT in conducting an appropriate risk assessment?
Umberto Pirovano: In relation to cybersecurity solutions capable of effectively and consistently protecting networks, endpoints and clouds, Palo Alto Networks offers instruments to verify the Security Operating Platform's pre-and post-adoption risk concentrations, including SLR, BPA and PPA.
SLR (Security Lifecycle Review) reports can be produced, saved as PDFs at any moment, and used in safety checks to evaluate threat exposure. These accounts provide a high-level perspective of the apps being used on the network (including SaaS apps), the websites accessed by customers, and the file kinds they share. They also define and contextualize vulnerabilities, malware, and C2 diseases (command-and-control) present in the network.
Best Practice Assessment (BPA) is another free SaaS instrument for Palo Alto Networks clients and associates that involves two components, a heat map that measures the implementation of Palo Alto Networks ' security capacities in the absolute or relative client market and a best practice assessment that identifies risks and demonstrates how near we are to adopting allb Finally, the PPA, Prevention Posture Assessment (PPA): it is a collection of questionnaires that assist identify gaps in safety risk prevention in all fields of network and safety architecture. Not only does the PPA help to define all hazards, but it also offers comprehensive suggestions on how to avoid them and fill the gaps. The assessment, led by an experienced sales engineer from Palo Alto Networks, enables to identify the regions of biggest danger where prevention operations can be focused. On firewalls and on Panorama, you can operate PPA.
Edge9: How can solutions from Palo Alto Networks assist businesses strengthen the safety instruments used and what is recommended by Palo Alto Networks to overcome fragmentation?
UP: The technological silo model has demonstrated not to be appropriate for the avoidance of increasingly structured and automated threats to solve punctual safety issues. Palo Alto Networks ' approach, which has always been focused on prevention through the Security Operating Platform, is to provide integrated out - of-the-box alternatives that cover network safety, endpoints, user and network behavior assessment and cloud in a standardized and automatic manner, in any client adoption stage and with any technological model (IaaS, PaaS, SaaS, co-operative). Integrating these alternatives, automating them, maximizing the use of AI and ML are basic elements to address the cybersecurity problems of today.
Edge9: Which, from the Palo Alto Networks point of perspective, are the primary hazards to be addressed once the risk assessment activity is conducted?
UP: Maximum visibility of threats is important because you can't protect what you don't see; a Zero Trust strategy that enables restricted use of resources and an automated approach to behavioral analysis and automatic remediation problems. Following these methods, all environments need to be managed and sanitized, be it network security, endpoints, and cloud.
Another basic element is the capacity to automate the procedures of threat hunting, assessment and remediation as much as possible: in this respect, the implementation by Palo Alto Networks of a SOAR technology (Security Orchestration, Automation and Response) as Demisto is highly effective in terms of time decrease and individuals devoted to such tasks.