Issue link: https://insights.oneneck.com/i/1458399
62 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. advanced, can purchase plug-and-play threats designed to identify and avoid malware analysis environments. In addition, file and data filtering options — for example, the ability to block files by their actual type and the ability to con- trol the transfer of sensitive data patterns, such as credit card numbers — address important compliance use cases. One of the limitations of traditional antimalware security signa- tures is the ability to protect only against malware that has been previously detected and analyzed. This reactive approach creates a window of opportunity for malware. To supplement this, the data center network security solution should provide the ability to directly analyze unknown executables for malicious behavior. Your network security platform, using integrated security ser- vices, should automatically block known threats. Unknown threats must be automatically analyzed and countered, too. Your organization needs a service that looks for threats at all points within the cyberattack life cycle (see Figure 5-3), not just when threats first enter your network. Blocking known risky file types or access to malicious Uniform Resource Locators (URLs) before they compromise your network reduces your threat exposure. Your network security platform should protect you from known vulnerability exploits, malware, and command-and-control (C2) activity without requiring you to manage or maintain multiple single-function appliances. Signatures should be updated auto- matically as soon as new malware is encountered, keeping you protected while allowing your security and incident response teams to focus on the things that matter. A network security platform that utilizes multiple methods of analysis to detect unknown threats, including static analysis with machine learning, dynamic analysis, and bare metal analysis, is capable of high-fidelity, evasion-resistant discovery. Rather than use signatures based on specific attributes, your network security FIGURE 5-3: Disruption at every step to prevent successful attacks.