Important Palo Alto Networks URL Filtering Service Announcement
October 11, 2017
The Palo Alto Networks Support Team circulated the update below last night relating to the Palo Alto Networks URL Filtering service:
A new category has been created for your Palo Alto Networks URL Filtering service. This newly established category, “command-and-control,” previously fell within the malware category in the service. We created this standalone command-and-control category to provide you with more targeted visibility into threats.
As a best practice, we strongly urge you to take action as soon as possible by setting the policy action for this new command-and-control category to BLOCK for each security profile.
Background: On September 12, 2017, the command-and-control category was released to your Palo Alto Networks Firewall. This meant that you could visibly see and update profiles for the new command-and-control category on your firewall. However, the firewall has not yet categorized any URLs as command-and-control. This delay is to allow you time to properly update profiles for this new category.
It is important to note that if you do not set the new command-and-control category to BLOCK prior to URLs and domains being categorized as command-and-control by the firewall, any endpoints attempting to connect to command-and-control categorized URLs will be allowed by default.
An exact date for enabling the categorization functionality has not yet been determined, but will be very soon. The rollout is likely to be phased across our geographically dispersed clouds delivering the service. We will provide updates on the exact timeline for the launch of the category functionality in the following FAQ on our Live Community. In the meantime, please take immediate action to set the policy to block for each security profile.
Herjavec Group circulates Palo Alto Networks Security Advisories as this notification warrants attention and may have significance to your Enterprise network environment. If the following advisory is applicable to your environment, Herjavec Group recommends your IT team review the technical details included and monitor your environment for any susceptible systems. Herjavec Group’s analysts are working with Palo Alto to apply detection and mitigation strategies where appropriate. For Managed Services customers, our Managed Services team will engage with the appropriate technical contacts in your respective organizations directly to provide alerts, escalations, actions and or reports based our service agreement with you. If you have questions or concerns, please engage your Herjavec Group account representative directly or contact Herjavec Group.
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across the United States, the United Kingdom, and Canada. For more information, visit www.herjavecgroup.com.