Below is a resilience recommendation our customers have implemented recently to start you off on the path towards security improvement. Risk: Impact: MItigate: To learn more about this URL category, visit: https://live.paloaltonetworks.com/t5/Management-Articles/Command-and-Control-C2-FAQ/ta-p/178617 See another example here. Resilience is our way of making you better even when there aren’t any security incidents. At its core, resilience is comprised of recommendations that describe: A specific security risk The potential impact, and The steps to mitigate it Resilience recommendations do one of two things – disrupt attackers or enable defenders. Recommendations that disrupt attackers prevent threats from successfully performing their intended goal, while recommendations that enable defenders allow your team (including us) to respond more effectively when they do. Resilience recommendations cover a broad spectrum of security content from Windows settings that reduce the exposure of plain text credentials in-memory to specific configurations for getting the most out of your firewall or endpoint detection and response (EDR) solution. Learn how to disrupt attackers and enable defenders using resilience on the exe blog.
Palo Alto Networks firewalls that use the default configuration for the 'command-and-control' URL category may not alert, block or log some malicious activity for your defenders.
Details:
Palo Alto Networks released a new URL category called ‘command-and-control’ on October 25th, 2017 to distinguish beaconing activity from malware downloads. At the time of release, only clients running PAN-OS 8.0.2+ with content 783+ had this category automatically set to “block”. PAN firewalls that did not meet these criteria were set to allow the traffic by default. This could result in traffic related to a compromise passing through without any alerting, blocking, or logging of the activity.
MEDIUM
Ensure the Command-and-Control URL category is not set to “allow”, and instead is set to BLOCK or ALERT.
What is resilience?
Sed ut perspiciatis unde omnis iste natus error sit voluptatem!
Nemo enim ipsam voluptatem quia voluptas sit odit aut fugit!
Ut enim ad minima veniam, quis nostrum exercitationem ullam!
Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem.
Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit
Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem.
"Et harum quidem rerum facilis est et expedita distinctio!"
"Nam libero tempore, cum soluta nobis est eligendi."
"Temporibus autem quibusdam et aut officiis debitis!"