The added value of Artificial Intelligence for your firewall
A traditional firewall, even with automated response features, can only act on the bad rating of a threat. Sometimes, individual behaviors may seem non-malicious, but if they are seen over time, they might be part of a multi-step intrusion. They are often used by attackers to perform automatic reconnaissance with the goal of finding valuable resources.
A Next-Generation Firewall with AI protects you against:
Silent, stealth usage of compromised endpoints;
Risky behavior leading to intrusions because of human errors;
Malicious insiders having months of low profile damageable activity, after a sudden change of behavior;
Targeted attacks typically multi-staged and looking for valuable data, and the costliest at the end;
Slow investigation, with manual endpoint forensics, takings days or weeks to block threats;
Detection and response solutions just don’t work because they are not based on big data that depend on fast software release cycles and because they are based on manually defined correlation rules, hard to develop and giving high rates of false positives
AI automates and orchestrates security analysis by:
Integrating metadata of collected logs of the firewalls and applying attack detection algorithms to them to uncover risky behaviors;
Defining device and user profile in order to have a baseline which is specific enough;
Automating investigation steps by automatically gathering more information, using Wildfire to analyze suspect executables implied and hunting the impacted systems in the customer environment;
- Automating response to Palo Alto Networks’ firewalls by blocking compromised devices and restricting access to uncovered malicious sites.
Palo Alto Networks Magnifier – Behavioral Analytics based on AI
Palo Alto Networks’ Magnifier is an application framework allowing for hunting down and stopping attacks quickly with cloud-delivered analytics and machine learning.
Magnifier uncovers malicious actions by identifying anomalies that indicate active attacks. This is done through user and device behavior analytics. The rich data that is collected from the Next-Generation Security Platform, which has attack detection algorithms, allows you to detect post-intrusion activity with precision.
Features of Magnifier Behavioral Analytics:
- Collect the rich network, endpoint and cloud data needed for behavioral analytics without deploying new network appliances or agents with Palo Alto Networks’ Logging Service.
- Accurately identify advanced targeted attacks, malware, malicious insiders and compromised endpoints with supervised and unsupervised machine learning.
- Rapidly confirm threats by reviewing actionable alerts with investigative detail and leverage the Next-Generation Firewall to block threats before the damage is done.
As depicted above, once a malware has been installed, the next stages of the attack might consist of allowed operations that look innocent individually.
However, machine learning can help detect those changes in behavior (e.g. more connections to more servers, or much bigger traffic to the same server), and fire an alert while automatically analyzing which elements are used for that attack and remediating it on the firewall level.