Palo Alto Networks announces new SD-WAN features for IoT security, compliance support

Cybersecurity vendor Palo Alto Networks has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks.

SD-WAN for IoT security provides device visibility, prevents threats

Prisma SD-WAN with integrated IoT security enables accurate detection and identification of branch IoT devices, Palo Alto Networks stated. It allows customers to enable security controls from within the familiar cloud management for Prisma SASE without the need for additional appliances and sensors to be deployed in the network in order to gain visibility into IoT devices and prevent threats.

“Prisma SD-WAN enables identification of any IoT appliance within a branch network regardless of its supported operating system or the vendor,” the vendor tells CSO. “With 57% of devices with unknown vulnerabilities and 83% of devices running unsupported operating systems, Prisma SD-WAN’s detection capability ensures every IoT device information is sent to Prisma Access to enforce security policies to protect both devices and the applications accessed.”

Prisma SD-WAN provides extra visibility into intra-branch traffic, allowing Prisma Access to provide a rich and accurate IoT inventory, while ensuring IoT devices are egressing application traffic from the branch on encrypted SD-WAN fabric to Prisma Access where they are inspected to ensure zero-trust, Palo Alto Networks said.

On-prem controller for Prisma SD-WAN helps customers meet security compliance requirements

On-prem controller for Prisma SD-WAN helps customers meet their industry-specific security compliance requirements, Palo Alto Networks said. “The Prisma SD-WAN On Premise Controller can be deployed on customer servers as a virtual instance, and manages all SD-WAN visibility, data, and security keys,” the vendor tells CSO. For businesses in certain verticals and areas that require data like network and user information for data conformance, on-prem controller ensures regulatory and compliance standards, the firm adds. “For businesses in areas where data cannot reside in the cloud, Prisma SD-WAN on-prem controller provides the ability to deploy SD-WAN appliances, manage business policies, and view SD-WAN analytics for their day-to-day operations.”

Advanced URL filtering seeks to tackle the rise of modern web attacks

Palo Alto Networks also announced that Prisma Access Cloud SWG now employs advanced URL filtering for the prevention of unknown and evasive MitM and SaaS platform phishing attacks to help address the rise in the sophistication and scale of modern web attacks. “Some highly sophisticated threat actors are using proxies to relay the end user’s original login page to the target server while stealing or scraping login credentials like session tokens, passwords, cookies, or whatever the site is using for authentication,” Palo Alto Networks tells CSO.

The nature of this attack allows adversaries to circumvent any additional multifactor authentication (MFA) that might be present on authentication flows without any detection from the end user or intermediaries, Palo Alto Networks said. “Unlike traditional phishing attacks that simply replicate a login page, MitM attacks use a reverse-proxy server to relay the actual (real) login page directly to the end user’s browser. This makes the threat invisible from the client’s perspective because traditional indicators of compromise, like the age and reputation of the phishing page, are no longer reliable,” the vendor says. By utilizing various HTTP-based signals, Palo Alto Networks claims to be able to generate unique HTTP header signatures that are then used to train its MitM inline model to catch the presence of these attacks. “We then identify whether there’s a proxy and whether it’s been tampered with. Phishing threats of this nature are analyzed and blocked in real time. All this works together to provide real-time analysis and real-time prevention of zero-day MitM phishing threats.”

As for SaaS platform attacks, advanced attackers are increasingly utilizing legitimate SaaS platforms to evade security vendors and carry out phishing, Palo Alto Networks says. “Wix, OneDrive, and Google Drive are some examples of SaaS platforms that are known to have phishing traffic. Since the typical indicators for SaaS platform phishing attacks may be benign, we use other indicators that have more to do with the content of the page, as well as the user’s behavior. We look at the source code, on what platform it’s on, how the form was created, whether it contains any password-specific identifiers, and we also look at the text with OCR and image analysis. This is also powered by a new ML-powered detection model.”

By analyzing screenshots and source code of these web pages, Palo Alto Networks claims it can detect these phishing pages, even when they are hosted on legitimate platforms. “The detector is agnostic of the SaaS platforms which means new platform support automatically gets added.” The new capabilities will be available by May 2023, Palo Alto Networks stated.