如何在数字时代预防⺴⽹网络威胁 
 耿强
 Palo Alto Networks⼤大中华区技术总监 Challenges Facing – the Evolution of Attack In the news… Real Malware Threat What this looks like in the real world, specifically, Los Angeles Appear as a SaaS in Cloud 
 More than 40 Ransomware Major attacking vectors Spear Phishing Watering Hole Phishing Mail & Targeted Attack Spear Phishing Email Target Attacker Backdoor Access Ransomware Exploit Document
 （MSOffice， PDF，js） Encrypt Data Watering Hole Attack Compromise specific types of website http://... Best Practices to prevent Ransomware 1. 2. 3. 4. 5. 6. 7. 8. 9. Update latest Security patch or update for OS and Application. Prevent / control using high risk applications Full Visibility for Network and Application, including HTTPS traffic Local file inspection and analyze (block malware download and delivery and encryption key) Advance Email threat control (Spam, Phishing mail quarantine) APT Sandboxing Protection with URL update on 0-day Threats Advanced EndPoint Protection on UNKNOWN Threats Regular Data Backup, even Offline data copy Employee Security Awareness Defense Path 1. Delivery 2. Malware Download 3. Infection and C2 Callback Web proxy SMTP relay Storage Mail Server App Server Endpoint ! ! ! ! ! Wildfire Signature Signature: af12e45b49cd23... Malware URL: yyyreryuhh.ru C2 Server: 48.67.234.25:443 68.57.149.56:80 d4.mydns.cc b1.mydns.cc ... Complete Office 365 Security APERTURE SANCTIONED GLOBALPROTECT WILDFIRE NEXT GEN FIREWALL TOLERATED CONSUMER UNSANCTIONED 6 12 ADVERTISING Comprehensive SaaS Reporting 13 Gathering the Intelligence Intelligence with context 900M session WildFireTM Threat
 Intelligence Cloud 800M samples URL intelligence 180B artifacts Dynamic DNS 50+ third
 party feeds WildFire intelligence correlated Policy detects unknown
 threats on Gateway and Endpoint 32,000 devices worldwide 3.5M samples per day 30k unique malware per day Over 9000 Paying Customers for WildFire (That’s over double our nearest competitor) Prevention Platform Confirmed New threat (5min) Lots of file Sources Lots of Customers Potential Threat Potential Threat Known Exploit Techniques Expected Threats Expected Applications Expected Users Exploit Prevention Modules Founding Members: Purpose: The Cyber Threat Alliance is a group of cyber security practitioners that have chosen to share threat information with each other for the purpose of improving defenses against advanced cyber adversaries across member organizations and their customers. Additional members: Barracuda Networks Inc., ReversingLabs, Telefónica, Zscaler. Expansive partner ecosystem Virtualization Networking Mobility Security analytics 17 Enterprise security Keung Kang SE Manager – Greater China 
 kkang@paloaltonetworks.com 18