Shellshock Exploit Prevention Using Palo Alto Networks IPS
The Threat Prevention feature of Palo Alto Networks firewalls protects your network in several ways. One of these is an Intrusion Prevention System (IPS) that enables you to block known vulnerabilities at the network gateway.
This approach to intrusion prevention helps to protect your network by detecting and blocking known attack signatures for security vulnerabilities. A recent example of an exploitable security vulnerability is Shellshock, the name given to a vulnerability in Bash that allows remote code execution.
As software vendors work to release security patches (in some cases several patches as the first ones did not fully address the security flaws) Palo Alto Networks is able to rapidly release an IPS signature update to block the attack.
This type of early detection and prevention is critical when security vulnerabilities are first disclosed, because it does not take very long for attackers to build automated tools to find and exploit vulnerable hosts. Meanwhile you may be stuck waiting for patches from vendors, trying to identify all of your systems that may be vulnerable, and following your change management process to roll out the updates without disrupting your business.
This Palo Alto Networks IPS signature update is already saving customers from potential exploit. Here is an example from one of our customers where attackers are trying to scan systems for the vulnerability. The customer is located in Australia and the attack source is Latvia.
This gives the customer the breathing room to fully investigate and update their internal systems while still being protected from the Shellshock vulnerability being exploited.
To find out more about how Palo Alto Networks firewalls can protect your network contact us or book a free test drive.