Business use of AI apps spans nearly every type of application, including supply chain optimization, process automation, customer service chatbots, virtual assistants, data analysis, logistics monitoring, fraud detection, competitive intelligence and more. But there are risks involved with this new technology. Take, for example:

• Airlines, hotels and online travel businesses are building LLM-powered virtual assistants to let you self-manage your bookings. But what if the organization rushed that application to market without considering supply chain vulnerabilities in the app ecosystem – including corrupt AI and machine learning (ML) packages and model vulnerabilities?

• Pharmaceutical enterprises are trying to use their past research, trials and outcomes to train models, thereby accelerating their ability to take their next drug to the market. But what if the organization leverages an open-source model that was trained on poisoned data, leading to incorrect or misleading trial results?

• Real estate companies are building online apps to help you find your next property and build the most appropriate offer based on the market data. But what if the application was subject to prompt injection attacks that let bad actors arbitrage the market at the expense of everyday home buyers?

No matter where you may sit on the AI adoption spectrum, it’s clear that the businesses that are embracing AI are winning a competitive edge. But it’s not as easy as plugging an AI model into your existing infrastructure stack and calling it a win. You’re adding a whole new AI stack, including the model, supply chain, plug-ins and agents – and then giving it access to sensitive internal data for both training and inference. This brings a whole new set of complexities to the security game.

So, how does a business harness the potential of AI without compromising security?

• The journey to securing AI-powered applications starts with discovery. You must be able to see every component of your AI app ecosystem – including AI apps, models, inference and training datasets, and plug-ins.

• Next, you must understand your security posture to identify and remediate against possible risks in the supply chain and the configuration, as well as data exposure risks to your AI apps. By identifying your highest-risk applications, you can investigate your training dataset risks and potential level of risk to your organization.

• Then, you must protect against runtime risks. These are the risks your app is exposed to once it’s deployed and exposed to the outside world. Attackers are aware of the speed at which new AI applications are being developed and rushed to market, and they’ve devised an increasing arsenal of AI-specific attacks in the hopes of exploiting new, untested components and weaknesses in the overall security posture of these applications. Enveloping your AI application components with runtime protection mechanisms helps you shield your model against misuse—like prompt injection techniques to leak your customer data or attackers using your models to generate malware.

The promises of AI can’t be overstated. But the risks must be acknowledged with the same fervor to see it live up to its full potential. A comprehensive security solution will help you confidently build AI-powered apps by securing your journey to AI, from design to build to run.

This article originally appeared on Forbes.

The post The Promise and Perils of Building AI Into Your Business Applications appeared first on Palo Alto Networks Blog.

An integrated, consolidated and coordinated platform provides the paramount advantage of better security outcomes. Consolidating multiple solutions into a unified platform effectively closes the security gaps that rise when deploying individual point products to address specific issues. This is crucial because modern cyberattacks exploit multiple vulnerabilities simultaneously, leveraging AI and machine learning opportunistically.

And there are additional benefits to consider. Existing approaches are creating unnecessary complexity, but platformization simplifies cybersecurity through holistically integrated capabilities and unlocks operational and procurement ROI.

We chose the Palo Alto Networks cybersecurity platform because we wanted to standardize upon one platform, one tool set, one methodology. The standardization was just a big piece of it and the ability to apply it across tens of thousands of devices.

– Palo Alto Networks Customer

Economic Benefits Are a Prerequisite for Any Cybersecurity Solution and Platformization Is No Exception

Platformization provides significant procurement benefits in three key areas, compared to using disparate point products:

1. Reduced effort in selecting and purchasing cybersecurity tools.

2. Decreased overall procurement process duration.

3. Lower total product procurement costs.

Moreover, the integration capabilities of a security platform offer substantial advantages in critical transactions, such as mergers and acquisitions (M&A). For instance, integrating a network security platform with an Enterprise Identity and Access Management (IAM) provider enables IT infrastructure teams to efficiently implement IAM and User-ID related security controls within security policies. Based on various customer scenarios, our internal assessments indicate that organizations can achieve substantial economic benefits by leveraging these three procurement advantages.

Platformization – Unlocking Operational and Procurement ROI

To better understand the effectiveness of the cybersecurity platforms by Palo Alto Networks, IDC conducted interviews with several organizations that utilize these platforms. The study highlighted notable enhancements in the organizations' abilities to detect, assess and respond to security threats, which translated into improved business performance, reduced time commitments from security and IT staff, and lower security-related costs. Feedback from security, IT managers and executives further emphasized the broad-ranging benefits, including significant procurement advantages, underscoring the value and efficiency gains delivered by integrated cybersecurity platforms by Palo Alto Networks. In the study, IDC projected significant average annual benefits of $22,300 per 100 users or $7.33 million per organization. There were key benefits identified:

• Risk Mitigation and Business Productivity – Organizations have fortified their security environments, leading to improved business efficiency. This enhancement has directly boosted net revenue and employee productivity, with gains averaging $16,200 per 100 users annually.
• IT Staff Productivity – With reduced routine demands on security and infrastructure teams, IT staff can prioritize more strategic initiatives. This shift has resulted in average productivity savings of $5,400 per 100 users per year.
• IT Infrastructure Cost Reductions – By consolidating various security functionalities onto a single platform, organizations have streamlined operations and reduced expenses, achieving savings of $700 per 100 users annually.

Adopting a platform approach becomes crucial to streamline procurement processes and bolster efficiency. According to IDC's analysis, participants can anticipate substantial benefits including higher net revenue, increased productivity, staff efficiencies and cost savings. Over a three-year span, these benefits are estimated to a discounted average of $52,500 per 100 users ($17.31 million per organization) after considering investment costs. With an average ROI of 203% over three years and a breakeven point within six months, investing in cybersecurity platforms promises substantial returns.

Download the IDC report to see and unlock the economic benefits of cybersecurity platforms by Palo Alto Networks.

Follow our Platformization series for more insight on cybersecurity platforms.

The post The Procurement and Operational Benefits of a Cybersecurity Platform appeared first on Palo Alto Networks Blog.

To improve patient outcomes and experiences, today’s healthcare organizations are increasingly adopting innovative technologies, such as AI, Cloud, and IoT. While beneficial, these technologies increase risk by expanding the attack surface. Protecting the sensitive data at the heart of modern healthcare operations requires a robust cybersecurity strategy. But every healthcare company is unique. Accenture and Palo Alto Networks have joined forces to help healthcare organizations tailor strong cyber defenses to their individual requirements. Our partnership helps ensure that every member of the healthcare ecosystem can safeguard its sensitive data and provide continued availability of care operations.

Customized Healthcare Security Roadmap

To meet the healthcare industry’s unique needs, Palo Alto Networks and Accenture recently created a custom-tailored Healthcare Security Roadmap. Our collaborative approach provides access to the best-in-class AI and security technologies alongside deep industry expertise and dedicated resources, enabling our partnership to deliver comprehensive protection for healthcare organizations.

The Healthcare Security Roadmap applies a Unit 42 intelligence-led approach to security transformation and incident response, informed by Accenture’s and Palo Alto Networks’ expertise in performing full-scale cybersecurity transformations for healthcare organizations. We calibrate defenses to counter the most prominent threats and attacks against healthcare organizations.

The engagement includes a comprehensive evaluation of the client’s on-premises and cloud environments. We perform threat profiling, network threat assessments, cloud and data security evaluations, and vulnerability discovery across cloud workloads and hosts to move healthcare organizations toward a more robust data protection strategy. There are eight modules included:

A collaborative incident response workshop takes place with the relevant executives with actual scenarios Palo Alto Networks Unit 42 has responded to in the past. The assessment is designed to be low-touch, ensuring little disruption to IT operations. At the end of the evaluation, clients receive a detailed report with findings, highlighting the most urgent issues and providing practical solutions for a clear path to improved security.

The Healthcare Security Roadmap enables clients to collaborate with Accenture and Palo Alto Networks to identify and analyze cloud-based vulnerabilities, and enhance the organization's understanding of its security posture and incident response capabilities. When a major payer worked with Accenture and Palo Alto Networks to implement advanced security measures, they were able to reduce the number of security incidents they saw by 40%. Our clients’ real-world experiences highlight the effectiveness of this engagement for enhancing data security and operational resilience.

The Need to Calibrate Defenses for Present-Day Threats

The adoption of new technologies in Healthcare, including AI, and the increasing value of healthcare data make the industry a prime target for cyberattacks. Healthcare organizations must prioritize continuous improvement and vigilance to stay ahead of emerging threats.

One example is large-scale cloud migration. Nearly 46% of healthcare organizations cite security concerns as a primary barrier to cloud adoption. The complexity of managing compliance across various platforms and regions further complicates the landscape, so healthcare providers and payers need to think strategically about enhancing cloud security.

Data breaches also remain a persistent threat in the healthcare sector. Breaches can be devastating, costing their victims in this sector an estimated average of $10.1 million. According to a Ponemon Institute report, 56% of healthcare organizations have experienced a data breach caused by a third-party vendor. These breaches compromise patient privacy and undermine trust in healthcare institutions, highlighting the critical need for effective supply chain security strategies.

The high value of medical data makes healthcare organizations a prime target for cybercriminals. Cyber attacks can disrupt healthcare services, compromise patient safety, and even interrupt the ability to provide care to patients. Healthcare security teams must stay vigilant and adopt proactive measures to mitigate threats.

A Collaborative Approach — Palo Alto Networks and Accenture

The right cybersecurity strategy can mitigate both compliance and data security risks – all while protecting patient privacy. With AI-powered technologies and deep industry expertise, Accenture and Palo Alto Networks make it faster and easier for organizations to level up their security posture. Our partnership empowers clients to navigate the complexities of cybersecurity and protect critical assets and patient data. In particular, the Healthcare Security Roadmap equips healthcare organizations with the knowledge and tools they need to build proactive defenses and create a secure and resilient future.

The comprehensive Healthcare Security Roadmap assessment provides actionable solutions tailored to each organization’s unique needs. If you’re interested in taking proactive steps toward securing critical systems and data, contact your Accenture security partner or Palo Alto Networks industry expert today. We look forward to discussing how our joint solutions can enhance your cybersecurity posture.

The post Strengthening Cybersecurity in Healthcare appeared first on Palo Alto Networks Blog.

As modern businesses evolve with today’s digital landscape, artificial intelligence (AI) has emerged as a transformative force, reshaping the way we work and redefining roles across industries. As we stand on the cusp of a new technological revolution, it’s becoming increasingly clear that AI will serve as a catalyst for innovation, efficiency and productivity.

We’ll explore how Palo Alto Networks has built an integration with OpenAI’s ChatGPT Enterprise Compliance API to empower organizations with the transformative potential of AI while supporting the critical need for robust data and threat protection.

AI Access Security and ChatGPT Enterprise

In May, Palo Alto Networks introduced AI Access Security to help organizations safely harness the power of generative AI (GenAI) applications. With AI Access Security, hundreds of GenAI apps are categorized and mapped to generate bespoke risk scores that help InfoSec teams make swift and informed decisions. This tool empowers businesses to monitor the adoption and usage of both sanctioned and shadow AI applications; actively helps prevent sensitive data leaks; and, defends against AI-generated malicious responses.

Similarly, OpenAI developed and launched ChatGPT Enterprise, an enterprise-grade offering that enables companies to leverage AI capabilities while maintaining strict control over sensitive information.

With our integration with ChatGPT Enterprise, organizations can enhance security outcomes and help with regulatory compliance by gaining clear visibility into sensitive data within their ChatGPT Enterprise workspace, including conversations and metadata used to build custom GPTs. Businesses can easily identify potential data exposure risks by tracking sensitive information shared with GPTs; monitor access to GPTs to prevent overly permissive sharing of sensitive data; and foster better security hygiene by educating end users to assist with robust data protection across the organization.

Customers will be able to identify sensitive data shared in prompts, responses and files across their ChatGPT Enterprise workspaces and author policies to flag potential risks in near real-time.

AI Access Security Enables Safe GenAI Adoption

In today’s interconnected digital world, uncovering hidden dangers and securing users and data across all GenAI applications and platforms is paramount. That’s why AI Access Security has one of the most comprehensive and up-to-date app dictionaries with over 500 GenAI apps and 60+ AI-specific attributes. Delivered as an extension of Palo Alto Networks data security solution, AI Access Security is natively integrated with the Strata Network Security platform. It not only reduces data and security risks across all GenAI apps, but simplifies management, reduces complexity and ensures sensitive data remains protected regardless of where it resides or how it’s accessed.

Redefining the Future of GenAI Security, Today

Our integration with ChatGPT Enterprise hopes to revolutionize data security for organizations everywhere. Businesses continue to adopt GenAI as part of core business processes. This integration between AI Access Security and ChatGPT Enterprise offers an additional layer of data and AI security that allows organizations to operate with even greater confidence.

Low friction. High confidence. Strong Security.

To learn more about AI Access Security, schedule an executive briefing or speak with our team about how Palo Alto Networks can help your cyber transformation become a reality.

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this blog. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post Announcing OpenAI ChatGPT Enterprise Compliance Integration appeared first on Palo Alto Networks Blog.

Palo Alto Networks is a top sponsor and supporter of the Network and Security Operations Center (NOC/SOC) at Black Hat USA 2024 in Las Vegas, NV. Black Hat is a premier cybersecurity conference that brings together security professionals, researchers and leaders to discuss the latest threats, trends and technologies in information security. The event features hands-on training, briefings on the latest in information security research, and networking opportunities for professionals at all career levels.

Dive into the heart of innovation and explore cutting-edge Precision AI™ technology by Palo Alto Networks at Booth #1632 in the business hall. Network with InfoSec professionals, gain insights from thought leaders, experience our immersive demos, and discover new open-source tools at the Arsenal.

The Battle to Defeat AI Threats Is Happening at Booth #1632

Immerse yourself in the comprehensive security solutions of Palo Alto Networks through live demos and in-booth theater sessions. Our team of experts will showcase real-world attack techniques, innovative defense strategies and our latest product advancements powered by Precision AI.

• Experience Cortex®, our unified SecOps platform.
• Discover Prisma® Cloud, the Code to Cloud™ platform.
• Learn from the expertise of Unit 42®, our team of expert security advisors dedicated to creating an intelligence-driven, response-ready organization.
• Explore how Palo Alto Networks Cloud-Delivered Security Services instantly stops zero day threats and secures your entire network.
• Learn how your organization can protect your AI applications, models and data against a new wave of threats with AI Runtime Security.
• Discover how AI Access Security reduces data and security risks to empower organizations to securely adopt and use GenAI applications.

Staying Ahead in Today’s Digital Landscape

Threats are accelerating in scale, sophistication and speed. Our products, powered by Precision AI, can help you stay ahead of cybercriminals by enabling you to counter AI-enabled threat actors, secure AI by design, and simplify security with generative AI. Our carefully curated sessions will not only prepare your teams to handle current threats but also empower them to anticipate and adapt to future challenges. By integrating AI-driven strategies and focusing on real-world scenarios, we enable your organization to stay ahead in the cybersecurity race.

Let the Cache Cache and Let the WebAssembly Assemble: Knockin’ on Chrome’s Shell

Briefing Session

Wednesday, August 7 | 10:20 AM - 11AM

Exploiting the Chrome browser with V8 JavaScript engine vulnerabilities has become increasingly difficult due to the V8 team’s continuous security improvements, especially for the introduction of V8 Sandbox. This presentation discloses the full V8 exploit chain used against Google Chrome and Microsoft Edge to break both V8 and V8 Sandbox at Pwn2Own Vancouver 2024, ending Chrome's three-year unbroken streak.

We will detail how a single JavaScript object creation can trick the V8 engine, discuss universal techniques for converting an out-of-bounds read vulnerability into a highly reliable exploit, and share our novel V8 Sandbox escape technique.

AI vs AI: Using Precision AI Technology to Counter AI-Enabled Threat Actors

Lunch & Learn Session

Wednesday, August 7 | 12:05 – 1:30 PM

Join Scott Fanning, vice president of product management at Palo Alto Networks, for this lunch and learn session as he discusses how threat actors are taking advantage of the advent of AI and how network security must evolve to fight back.

Navigating the Threat Landscape: War Room Best Practices for the Next Major Threat

Sponsored Session

Wednesday, August 7 | 1:30 – 2:20 PM

Join our Cortex and Unit 42 teams to master threat intelligence and rapid response planning while analyzing strategic War Room activities for effective security event preparation and response.

From Exploit to Shield: Attacking Generative AI Apps to Create Cyber Resilience

Sponsored Session

Wednesday, August 7 | 2:35 – 3:25 PM

Explore emerging threats to generative AI with Michael Sikorski, CTO of Unit 42, and Mike Spisak, technical managing director of Unit 42, at Palo Alto Networks. See how attacks bypass security, manipulate AI content and compromise data through live demos.

Cloud Offensive Breach and Risk Assessment (COBRA)

Arsenal Session

Thursday, August 8 | 10:10 - 11:20 AM

Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multicloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors, including external and insider threats, lateral movement and data exfiltration, COBRA enables organizations to gain insights into their security posture vulnerabilities. COBRA is designed to conduct simulated attacks to assess an organization's ability to detect and respond to security threats effectively.

Securing Black Hat’s NOC: The Critical Role of Palo Alto Networks

The network and security operations center (NOC/SOC) at the Black Hat USA Conference serves the critical role of ensuring that the conference's entire bespoke network is running smoothly and efficiently, as well as detecting and responding to any security threats. As a trusted partner, Palo Alto Networks has officially supported Black Hat 21 times over the last seven years at their conferences around the world. Together with the other NOC partners, Arista, Cisco, Corelight, Lumen and NetWitness, we provide enterprise-class network security, security automation, threat hunting and visibility into one of the most dangerous networks in the world.

To see the team in action, the Black Hat NOC will be streamed live via the conference Twitch channel, or you can visit and tour the NOC on-site. With the help of partners like Palo Alto Networks, Black Hat is able to provide a strong network and security infrastructure that allows attendees to focus on learning and networking without worrying about their cybersecurity.

Unwind at Our After-Hour Events

As the expo day winds down, gear up for an exhilarating evening of relaxation, delicious food and drinks, socializing with your peers at our evening events.

Attend Our Networking SOCial @ KUMI

Wednesday, August 7 | 6 – 8PM

Experience a modern approach to Japanese Cuisine and specialty libations as you mingle with a who’s who of cybersecurity leaders and experts from across the world. Register for our Networking SOCial now.

From Ice Age to AI: The Future of the SOC is Here @ minus5 & 1923 Prohibition Bar

Wednesday, August 7 | 7 – 10PM

Escape the ice age of outdated security operations and step into the future with Palo Alto Networks at our exclusive after-hours party. Test your knowledge in a thrilling game of collective battle cards featuring infamous threat actors and explore the Unit 42 War Room, where you’ll interact with incident responders as they take on a live breach. Register now for From Ice Age to AI: The future of the SOC is here.

Strengthening Cybersecurity Through Strategic Partnerships

Strong Partnerships are critical in helping organizations improve their security posture and embrace the potential of AI.

At Black Hat, we’re teaming with strategic partners across our ecosystem to show how we’re amplifying the innovations and cutting-edge cybersecurity solutions we provide through our partnerships. To discover the depth of these collaborations, visit our booth at Black Hat 2024 and explore firsthand how these alliances redefine security standards.

For more information about Palo Alto Networks cybersecurity solutions and our support of the Black Hat NOC, visit Booth #1632 or the NOC on-site in rooms Surf E&F. Visit our event page for more details.

The post Proud Diamond Sponsor at Black Hat USA appeared first on Palo Alto Networks Blog.

In 2022, the Supreme Committee for Delivery & Legacy partnered with Palo Alto Networks Unit 42 to secure the football World Cup in Qatar. The event's global scale made it a high-priority target for ransomware, state-sponsored attacks and threat actors looking to disrupt the games. Ensuring smooth operations during the event required thorough cybersecurity preparation and was crucial in maintaining a secure environment amidst the heightened cyberthreat landscape. We carried forward these experiences when introducing the Unit 42 Paris 2024 Cyber Vigilance Program.

Choose the Right Coach

Every great athlete has a coach, and for the Paris 2024 Games, Unit 42 was the cybersecurity coach for many organizations through the Unit 42 Cyber Vigilance Program. This invitation-only program delivers advanced threat intelligence, real-time threat monitoring and incident response expertise to help ensure a safe and secure experience while providing a blueprint for CISOs to secure their organizations against emerging cyberthreats.

The program delivers:

• Threat Intelligence – Unit 42 gathered global threat intelligence and delivered the Cyberthreats to Paris 2024 Threat Report to stay ahead of potential threats, ensuring they know their opponent’s likely moves before they make them.
• Crisis Simulations – Just as practice makes perfect, the Unit 42 team hosted CISOs for a day of scenario-based simulations, derived from recent cyber incidents, ensuring they were well prepared to navigate security challenges that they could potentially face.
• Incident Response – All participants were provided with a Unit 42 Incident Response Retainer. In addition, Unit 42’s incident response team will be on ready-standby to respond if any malicious activity occurs that requires additional expertise.
• Continuous Monitoring – Unit 42 will have a Special Operations Room in Paris, staffed with Incident Response and Threat Intelligence experts that will continue monitoring threats in real-time and providing updates to program members.

Understand Your Competition

Just as athletes must thoroughly understand their competition to prepare effectively, organizations supporting the Paris 2024 Olympics must recognize and mitigate these cyberthreats to ensure the event's success. The Unit 42 report on Cyberthreats to the Paris 2024 Olympics highlights the various risks that could disrupt the event:

• Financially Motivated Cybercrime – Financially motivated crime is likely to present the highest and most sustained threat throughout the event, with cyber-enabled fraud being a particularly prevalent means to obtain illicit funds from enterprises and individuals alike. While ransomware operators are less likely to target the Olympics directly, an attack on a widely used third party could cause significant disruption to the Games or local services.
• Cyber Disruption by State-Sponsored Actors & Hacktivists – Politically motivated digital sabotage by both state-sponsored threat actors and hacktivists is likely a top concern, given previous incidents at past games. There is a high potential for geopolitical tensions surrounding the event and the ability for such a virtual attack to cause severe disruption or even physical harm. Russian-aligned cyberthreat actors remain a particular concern in this area.
• Espionage – Cyber Espionage, although less overt, remains a concern, particularly regarding state-sponsored threats conducting digital surveillance on dissidents, activists or persons of interest.

Preparation — the Key to Success

No athlete should jump into competition without a proper warm-up, and no CISO should approach a major event without thorough preparation. Cyberthreats don’t stretch or jog, but they certainly can cause pain if you're not properly prepared. With its global attention, the Paris 2024 Olympics is a prime target for cybercriminals.

CISOs and their teams play a pivotal role in safeguarding the integrity and success of such high-profile events. To enhance preparedness and resilience, ensure the safety of critical services and protect sensitive assets during the Olympics, CISOs should take specific precautions:

• Deploy Advanced Threat Detection Solutions – Identify and block intrusion activities and conduct regular training and simulation exercises for incident response teams to ensure preparedness.
• Ensure Complete Visibility of Your Attack Surface – 75% of ransomware attacks and breaches fielded by Unit 42’s Incident Response Team result from a common culprit – internet-facing attack surface exposure. Deploying solutions that provide centralized, near real-time visibility can help organizations identify and mitigate vulnerabilities before they can be exploited.
• Monitor Abnormal Activity – Strengthen monitoring systems to detect and respond to suspicious activities in real-time. Don’t forget to monitor for unusual access to your cloud environments, as threat actors are increasingly exploiting them.
• Protect Your Supply Chain – Prevent vendor cybersecurity gaps from disrupting operations and impacting your operations. Regularly audit and monitor cybersecurity practices of vendors to ensure they comply with security standards and are not vulnerable to exploitation.
• React Quickly – Moving quickly to address security alerts can significantly limit damage. Security teams take an average of about six days to resolve a security alert, and over 60% of organizations take longer than four days to resolve security issues. Establish communication channels with relevant stakeholders, including government agencies, law enforcement and other organizations involved in the event, and participate in threat intelligence sharing initiatives to stay informed about emerging threats and best practices.
• Maintain an Incident Response Plan – Develop and regularly update incident response plans tailored to the specific threats identified in the report. Organizations that continuously review, update and test their incident response plans (ideally with input from cybersecurity experts) are much more likely to respond effectively to and contain an active attack.

Let the Games Begin

The countdown to Paris 2024 has begun and so has the urgency to bolster cyber defenses. The Unit 42 Paris 2024 Cyber Vigilance Program stands as a testament to the power of proactive cybersecurity strategies in protecting global events. Whether protecting a global event or ensuring smooth operations during “normal” conditions, by learning from past experiences and implementing cutting-edge security measures, CISOs can help ensure their organizations are well prepared to face the challenges ahead.

For more information about Unit 42, please visit the Unit 42 page, and for the latest threat intelligence, go to our Unit 42 Threat Research page.

The post Going for Gold — Cybersecurity Training for the Paris 2024 Olympics appeared first on Palo Alto Networks Blog.

As cyberthreats evolve and proliferate, healthcare organizations are increasingly recognizing the need to embrace artificial intelligence (AI) in their cybersecurity efforts. This can be especially difficult due to the inherent challenges of integrating new technologies into their complex and often legacy-laden environments.

And, as AI continues to evolve, its impact on healthcare cybersecurity is becoming increasingly significant. To explore this critical intersection, we spoke with Tapan Mehta, Healthcare and Pharma Life Sciences Executive, Strategy and GTM, about the challenges, opportunities and future of AI in protecting healthcare infrastructure and data.

The Current State of AI in Healthcare Security

While AI has made substantial inroads in medical diagnostics and treatment, its application in healthcare cybersecurity is still in its nascent stages. However, the potential for AI in healthcare security is immense. Mehta notes:

"AI is a perfect match for ingesting [internet of things] IoT data, as the devices generate such huge amounts of data that we couldn't access before, or we couldn't access in real time. This capability is crucial as healthcare organizations face an ever-expanding attack surface. Additional examples of where AI is being used include medical imaging analysis, predictive analytics for population health management, and virtual health assistants and chatbots.”

Unique Challenges in Healthcare Cybersecurity

The healthcare industry faces unique cybersecurity challenges stemming from its traditionally cautious approach to new technology adoption, which is coupled with the highly sensitive nature of its data. The sector has been slower to embrace cutting-edge technologies compared to other industries. It still grapples with a complex mix of legacy systems, gradual digital transformation and the integration of connected devices (medical, OT and IoT). This cautious, often piecemeal approach to modernization, combined with the critical nature of patient data and care delivery, creates a distinctive and vulnerable cybersecurity landscape. Mehta comments further:

“Unlike other industries, the healthcare industry is usually not at the forefront of cutting-edge technology because of the nature of the industry, because of patient privacy and data security. There's this ‘wait-and-watch’ mindset. Healthcare organizations want to see what other industries are doing and how they're adopting AI.

So when we think about AI in healthcare, I would say it is very much in its early infancy. And to use the baseball analogy, I would say it's like inning one or two of this journey in the healthcare space. And it again centers back to regulatory requirements as well, including patient privacy and data security and everything related to that.”

Smart medical devices often lack robust privacy controls and security features, while many medical IoT devices transmit unencrypted data. The mixing of IoT/OT and IT assets on healthcare networks, combined with the prevalence of outdated operating systems on medical devices, creates a complex and vulnerable environment. To that end, Mehta explains how the modern care model is evolving, further expanding the resultant threat landscape:

“It is no longer confined to the four walls of the hospital, which I'm going back to five, six years ago. That's how you typically receive care. You have to go to the hospital, but that care model has shifted dramatically, moving from an acute care setting to an ambulatory care setting or outpatient setting to what we call a hospital-at-home or home setting.

In other words, providing a very high level of quality care regardless of where the patient is located. And you have a scenario where that model has transcended the hospital's walls. It opens up the exposure area or the attack surface.”

The proliferation of internet-connected medical devices and mobile apps handling protected health information (PHI) and personally identifiable information (PII), without proper safeguards, further compounds these risks.

Moreover, the healthcare sector's reliance on legacy systems, many of which are no longer supported by manufacturers, introduces persistent vulnerabilities. These outdated systems cannot receive critical security updates, leaving healthcare networks exposed to evolving cyberthreats. This combination of factors – rapid technological adoption, inadequate security measures and legacy system vulnerabilities – makes healthcare organizations particularly attractive targets for cybercriminals, underscoring the critical need for robust, AI-driven cybersecurity solutions in this sector.

Mehta emphasizes the gravity of the situation: "It's no longer a question of if a healthcare organization will be targeted, it's a question of when they will be targeted." This reality underscores the urgent need for robust AI-powered security solutions in healthcare.

How AI Is Transforming Healthcare Cybersecurity

Despite being in its early stages, AI is already making significant contributions to healthcare cybersecurity:

Threat Detection – AI algorithms can analyze vast amounts of data from multiple sources, identifying patterns and anomalies that may indicate a cyberthreat. This capability is particularly valuable in detecting sophisticated attacks that might evade traditional security measures.

Automated Response – AI can help automate initial containment actions when a threat is detected, significantly reducing response times. Mehta explains, "AI is really, really good at scaling up a solution to these billions of IoT devices, which is very hard for a human being to do."

Predictive Analytics – By analyzing historical data and current trends, AI can help predict and prevent potential security breaches before they occur.

Data Enrichment – AI can rapidly process and correlate data from various sources, including threat intelligence feeds, providing security analysts with enriched, contextual information to make more informed decisions.

Anomaly Detection in IoT/OT Devices – Given the large number of IoT devices in healthcare settings, AI can monitor device behavior patterns and quickly identify unusual activities that may indicate a compromise.

Natural Language Processing for Threat Intelligence – AI can analyze unstructured data from various sources to identify emerging threats specific to the healthcare sector.

Adaptive Security Policies – AI can continuously learn from new data and adjust security policies in real-time, ensuring that defenses evolve alongside new threats.

Behavioral Analysis – AI can establish baselines of normal user and system behaviors, flagging deviations that might indicate insider threats or compromised accounts.

Automated Vulnerability Management – AI can prioritize patching and remediation efforts by assessing the criticality of vulnerabilities in the context of the healthcare organization's specific environment and threat landscape.

Challenges in Implementing AI for Healthcare Cybersecurity

While AI holds great promise, its implementation in healthcare cybersecurity is not without significant challenges. The unique nature of healthcare cybersecurity creates a complex threat landscape for AI adoption:

Regulatory Compliance – Healthcare organizations must navigate complex regulations, such as HIPAA and GDPR, when implementing AI solutions. Mehta notes, "We're kind of flying the plane and fixing it, if you may, as we're flying that plane," referring to the evolving regulatory landscape around AI in healthcare.

Data Quality and Bias – AI models are only as good as the data they're trained on. Ensuring high-quality, unbiased data is crucial for effective AI-powered security solutions. In healthcare, where data can be highly variable and context-dependent, this challenge is particularly acute. Biased or incomplete datasets could lead to AI systems that are less effective for certain patient populations or types of healthcare facilities. This is particularly true as healthcare organizations continue to consider the usage of LLMs as part of their clinical and operational workflows.

Skills Gap – Mehta points out, "Healthcare organizations don't necessarily have the bench for this level of talent. Where cybersecurity is a very specific skill set that you need, if you're trying to layer that with AI, that pool gets even narrower." This shortage of professionals with both healthcare domain knowledge and AI expertise can significantly hinder the implementation and ongoing management of AI-driven security systems.

Integration with Legacy Systems – Many healthcare organizations rely on legacy systems that may not be compatible with modern AI technologies. Integrating AI solutions with these older systems without disrupting critical healthcare services presents a significant technical challenge.

Ethical Considerations – The use of AI in healthcare raises unique ethical concerns, particularly around patient privacy and data use.

Cost and Resource Allocation – Implementing AI solutions can be expensive, requiring significant upfront investment in technology and training. For many healthcare organizations operating on tight budgets, justifying these costs can be challenging.

Transparency and Explainability – In healthcare, where decisions can have life-or-death consequences, the "black box" nature of some AI algorithms poses a challenge. Ensuring that AI-driven security decisions are transparent and explainable is crucial for building trust and meeting potential regulatory requirements.

The Future of AI in Healthcare Cybersecurity

Looking ahead, Mehta envisions a future where AI plays an increasingly critical role in healthcare cybersecurity. He predicts, "Moving forward, I do see there is going to be further integration and leverage of AI for IoT. More scalable, more automation, more intelligent and faster identification and detection."

However, he also emphasizes the importance of human oversight:

"For example, when a medical device or system is hacked, not only can we lose sensitive information, but also it can impact the operation, which can mean life or death in the cases of healthcare and critical infrastructure. Therefore, the accuracy of AI is extremely crucial."

What Healthcare Needs from AI

Mehta's insights underscore the need for a balanced approach that leverages AI's capabilities while maintaining human expertise and oversight. As we move forward, healthcare organizations must invest in AI-powered security solutions, develop the necessary talent, and stay ahead of evolving regulations to protect sensitive patient data effectively.

As Mehta concludes:

Security needs to be automated and real-time in the era of AI. As we face new challenges and zero-day threats, we need to innovate new solutions at a much faster pace. And that's also where the opportunities will come to improve quality of care and access to care.

Ready to Learn More?

Adopt GenAI securely and confidently with Unit 42 AI Security Assessment.

The post AI Provides an Rx for Cybersecurity in Healthcare appeared first on Palo Alto Networks Blog.

Today, Palo Alto Networks was recognized for the second straight year as a Leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE. We were also positioned both highest in the Ability to Execute and furthest in Completeness of Vision. We believe we are a Leader because we go beyond traditional SASE with a future-proof solution that helps address the complexities of a hybrid workplace.

A SASE Solution for the Future of Work

The 2024 recognition as a Leader in the Gartner Magic Quadrant for Single-Vendor SASE comes shortly after our acknowledgment as a Leader in the 2024 Gartner Magic Quadrant for Security Service Edge (SSE). Earlier this year, we introduced Prisma SASE 3.0, representing a paradigm shift in SASE:

• Securing Any User, Device or App, Anywhere – Prisma SASE is the industry's only SASE solution that secures both managed and unmanaged devices through a natively integrated enterprise browser in minutes, extending protection to anywhere for devices, users and even branches.
• Leveraging AI-Powered Data Security – Prisma SASE’s AI-powered Document Classification combines the strengths of machine learning models with the power of LLM-based natural language understanding, further enhancing our DLP solution to help keep customer data secure.
• Providing a Seamless Digital Experience – Prisma SASE App Acceleration is the only solution that securely understands each user's journey inside the app and proactively computes the dynamic content for that user, enabling application performance up to 5x faster for users everywhere, including those in branches.

By extending protection to unmanaged devices and incorporating advanced data security and performance optimization capabilities, Prisma SASE empowers organizations to confidently navigate the complexities of today’s dynamic work environment. This future-proof solution allows CISOs and CIOs to embrace a secure and productive work model without sacrificing agility or user experience.

Leading a New Era of SASE

The shift to an on-the-go, cloud-driven world was a necessary business decision. However, many of the solutions deployed in the initial rush to support this shift had prioritized immediate needs rather than a cohesive, long-term strategy. As a result, companies end up with multiple secure access tools, all with different policies, network sensors and management panes in place. This creates challenges in making sense of it all, ensuring policy consistency, and achieving a unified view of your network security.

As organizations look ahead, the limitations of a patchwork SASE approach become increasingly clear. These existing SASE solutions may have initially sufficed, but the compromises inherent in disconnected solutions will hinder your future growth:

• Security Gaps – Contractors, third-party collaborators and BYOD devices introduce unique security risks that might not be fully covered by your current solutions.
• Inadequate Data Protection – Limited data classification capabilities can leave you vulnerable to potentially damaging data breaches.
• Inconsistent Application Performance – Legacy SASE models may struggle to deliver the seamless user experience that modern dynamic applications demand, which impacts productivity.

The ideal solution is to adopt a complete, fully integrated SASE solution to address the totality of your work requirements. Only a converged solution with unified management, data and AI-powered security can optimize hybrid work performance alongside uncompromising protection.

Palo Alto Networks — Staying Ahead of Tomorrow’s Threats

When Palo Alto Networks was the only vendor to be recognized as a Leader in the inaugural 2023 Gartner Magic Quadrant for Single-Vendor SASE, we believe we had been given the responsibility of setting a standard customers would seek as they established SASE as a critical component of their transformation to a hybrid, cloud-based world. Our recognition as Leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE, in our opinion, represents that continued commitment to staying ahead of tomorrow’s threats.

To explore more about our recognition and what it means for your strategy to secure any user, any device and any application, download a complimentary copy of the 2024 Gartner Magic Quadrant for Single-Vendor SASE.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Palo Alto Networks.

Gartner, Magic Quadrant for Single-Vendor SASE, 3 July 2024, Andrew Lerner, Jonathan Forest, Neil MacDonald, Nat Smith, Charlie Winckless

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

The post Palo Alto Networks a Leader Again in Gartner Single-Vendor SASE Report appeared first on Palo Alto Networks Blog.

Unveiling the Duality: Harnessing AI's Potential While Safeguarding Cloud-Native Security

AI-generated code promises to reshape cloud-native application development practices, offering unparalleled efficiency gains and fostering innovation at unprecedented levels. However, amidst the allure of newfound technology lies a profound duality – the stark contrast between the benefits of AI-driven software development and the formidable security risks it introduces.

As organizations embrace AI to accelerate workflows, they must confront a new reality – one where the very tools designed to streamline processes and unlock creativity also pose significant cybersecurity risks. This dichotomy underscores the need for a nuanced understanding between AI-developed code and security within the cloud-native ecosystem.

The Promise of AI-Powered Code

AI-powered software engineering ushers in a new era of efficiency and agility in cloud-native application development. It enables developers to automate repetitive and mundane processes, like code generation, testing and deployment, significantly reducing development cycle times.

Moreover, AI supercharges a culture of innovation by providing developers with powerful tools to explore new ideas and experiment with novel approaches. By analyzing vast datasets and identifying patterns, AI algorithms generate insights that drive informed decision-making and spur creative solutions to complex problems. This is a special time as developers are able to explore uncharted territories, pushing the boundaries of what’s possible in application development. Popular developer platform, GitHub, even announced Copilot Workspace, an environment that helps developers brainstorm, plan, build, test and run code in natural language. AI-powered applications are vast and varied, but with them also comes significant risk.

The Security Implications of AI Integration

According to findings in the Palo Alto Networks 2024 State of Cloud-Native Security Report, organizations are increasingly recognizing both the potential benefits of AI-powered code and its heightened security challenges.

One of the primary concerns highlighted in the report is the intrinsic complexity of AI algorithms and their susceptibility to manipulation and exploitation by malicious actors. Alarmingly, 44% of organizations surveyed express concern that AI-generated code introduces unforeseen vulnerabilities, while 43% predict that AI-powered threats will evade traditional detection techniques and become more common.

Moreover, the report underscores the critical need for organizations to prioritize security in their AI-driven development initiatives. A staggering 90% of respondents emphasize the importance of developers producing more secure code, indicating a widespread recognition of the security implications associated with AI integration.

The prevalence of AI-powered attacks is also a significant concern, with respondents ranking them as a top cloud security concern. This concern is further compounded by the fact that 100% of respondents reportedly embrace AI-assisted coding, highlighting the pervasive nature of AI integration in modern development practices.

These findings underscore the urgent need for organizations to adopt a proactive approach to security and ensure that their systems are resilient to emerging threats.

Balancing Efficiency and Security

There are no two ways about it: organizations must adopt a proactive stance toward security. But, admittedly, the path to this solution isn’t always straightforward. So, how can an organization defend itself?

First, they must implement a comprehensive set of strategies to mitigate potential risks and safeguard against emerging threats. They can begin by conducting thorough risk assessments to identify possible vulnerabilities and areas of concern.

Second, organizations can develop targeted mitigation strategies tailored to their specific needs and priorities, garnering them a clear understanding of the security implications of AI integration.

Thirdly, organizations must implement robust access controls and authentication mechanisms to prevent unauthorized access to sensitive data and resources.

Implementing these strategies, though, is only half the battle: organizations must remain vigilant in all security efforts. This vigilance is only possible if organizations take a proactive approach to security, one that anticipates and addresses potential threats before they manifest into significant risks. By implementing automated security solutions and leveraging AI-driven threat intelligence, organizations will better detect and mitigate emerging threats effectively.

Furthermore, organizations can empower employees to recognize and respond to security threats by providing regular training and resources on security best practices. Fostering a culture of security awareness and education among employees is essential for maintaining a strong security posture.

Keeping an Eye on AI

Integrating security measures into AI-driven development workflows is paramount for ensuring the integrity and resilience of cloud-native applications. Organizations must not only embed security considerations into every development lifecycle stage – from design and implementation to testing and deployment – they must also implement rigorous testing and validation processes. Conducting comprehensive security assessments and code reviews allows organizations to identify and remediate security flaws early in the development process, reducing the risk of costly security incidents down the line.

AI-generated code is here to stay, but prioritizing security considerations and integrating them into every aspect of the development process will ensure the integrity of any organization’s cloud-native applications. However, organizations will only achieve a balance between efficiency and security in AI-powered development with a proactive and holistic approach.

Learn more about enterprise browsers.

This blog was originally published on CSO on June 3, 2024.

The post The Growing Dichotomy of AI-Powered Code in Cloud-Native Security appeared first on Palo Alto Networks Blog.

The fairness and safety guarantees of LLMs, while being crucial to the social impact of its adoption, are equally as important to the cybersecurity challenges they present. Anyone interested in securing or securing adoption of this technology will need to grasp the interplay and distinctions between the concepts of LLM security and LLM fairness.

Security vs. Fairness

Humans and models are collections of actions, behaviors and responses. To say a person is “good” or “bad” is too shallow a classification; the same is true for labeling a model as “biased,” “unfair” or “secure.” It is difficult to articulate what quantifies the threshold of secure and insecure. Nonetheless, there are relative comparisons and imperfect measures, which can guide decision making.

Fairness and security are colloquially interchanged sometimes; however, they are not the same trait. Ensuring fairness when using LLMs is to prevent social harms, particularly to marginalized communities. Security, on the other hand, prevents the LLM from being manipulated to aid malicious intentions.

Ensuring fairness in the model, to prevent social harms, is advancing through numerous collaborative projects across industry, research and non-profit organizations:

1. A survey on bias and fairness in machine learning
2. The UCLA-NLP lab biography of “awesome fairness papers”
3. Exploring how machine learning practitioners (try to) use fairness toolkits.

Our aim at Palo Alto Networks is to provide a companion perspective on security. The term to “secure” a model is still being defined, simultaneously with the discovery of new LLM abilities. Community consensus does not yet exist and governing boards are only just being established.

To illustrate the distinctions and overlap between the fairness and security of an LLM, we describe four scenarios.

As we evaluate announcements, products, claims etc, the methods to measure, rank and mitigate fairness can relate to a model’s security, but it will not be synonymous.

The best set of measures and processes to evaluate what it means to “Secure AI” remains an open question. As cybersecurity professionals, we recognize that security comes from the system, not the individual components.

LLMs are just part of an ecosystem. Securing AI systems will need to occur both at the component and system level to ensure comprehensive security. For more insights that will empower you to safeguard your systems effectively, read Securing Generative AI: A Comprehensive Framework.

The post Fairness and Safety of LLMs appeared first on Palo Alto Networks Blog.