October 2019

Cloud Security – Implementing AI and Automation

Martin Schauf from Palo Alto Networks on AI, automation, and a zero trust policy to protect cloud environments in enterprises.

Cloud Security – Implementing AI and Automation

© erdikocak | istockphoto.com

Watch the 3-minute video here or on Youtube, or read the transcript below.

Transcript

dotmagazine: What are your top 3 tips for enterprises when it comes to cloud security? 

Martin Schauf: First of all, prevention is absolutely key. You can prevent successful cyber attacks by 95 percent if you have the right prevention in place. That means you have to have the right visibility and control of applications. You have to have a solution in place which is able to look in the layer 7 – the layer for applications – and to see what’s going on there. That is the most important thing. 

And you should establish a zero trust model in your network. PCs, for instance, iPads, or something else – you have to mistrust them. You have to look at it and establish and implement a zero trust model.

The second point from my point of view is: Use artificial intelligence and machine learning to stop sophisticated attacks. So that means, if some systems are not patched in the right way and the attackers are inside, they try always to move laterally. That means you have to stop them, but you can’t see it, because the attacker is normally using classical tools on the Windows PC that are normally not sanctioned at all. So that is a problem. And because of that artificial intelligence helps you to look at it, identify it, to profile the users, and the behaviors of course. And you can see if somebody from the IT department is doing PowerShell commands for instance, or all of a sudden somebody from the HR department – and that is abnormal, is suspicious, and has to be stopped. Period.

The third point is: Automated investigations and accelerated reactions. So that means you have to have a solution in place that allows you to combine all the log information from the endpoint, from the network – firewalls for instance, and from the cloud – virtual firewalls and cloud systems. You have to combine all this log data to identify wrong behavior for instance. But if something bad is happening, the automatic investigation helps you to correlate all of the events.

So that is really important: to have solutions in place for automated investigations and to accelerate reactions to stop attacks, because if the attack goes through your network, the outbreak can be very, very fast. And that’s not good. Within minutes, you can infect thousands of hosts, right now, and that should be stopped.

 

Martin Schauf is a Senior Systems Engineering Manager, and has been at Palo Alto Networks since November 2015. He is head of Presales Organisation for Enterprise, Commercial, and Channel Systems Engineers in Germany. He has been active in the IT industry for more than 20 years, as a Systems Engineer and as an Alliance and Systems Engineering Manager.

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.