Palo Alto GlobalProtect Portal/Gateway Interface

Overview

GlobalProtect Portal/Gateway Interface is Palo Alto’s enterprise VPN solution and a part of their suite of security applications, allowing enforcement of security policies on mobile user endpoints.

DeliverySoftware
CategoryNetworking
FunctionRemote Access (VPN)
ManufacturerPalo Alto Network
PrevalenceMedium

Notable Details

  • Use of solutions to both facilitate and secure remote work will continue to dramatically increase until the needs of the remote workforce are met. We can also expect the increased usage of these technologies to continue even after the crisis wanes.
  • GlobalProtect and other VPNs have had glaring vulnerabilities in the past. Implementations that remain unpatched against those vulnerabilities, and potential new vulnerabilities, open up networks to attack.
    • A report from ClearSky Security uncovered a campaign waged by Iranian state sponsored hackers using vulnerabilities in VPNs, including GlobalProtect, to gain access to dozens of organizations around the world.

Detection

RiskIQ detects Palo Alto GlobalProtect Portal/Gateway Interface through routine mass scanning of the entire IPv4 address space. Performing port scans across the Internet gives RiskIQ deep visibility into how the Internet changes. RiskIQ currently looks for over 110 unique ports across every system responsive online. Observations and metadata collected from these port scans are saved within the RiskIQ Internet Intelligence Graph and made available to customers.

Trending

Visibility: 73,540 IP addresses and 2,234 Host

Active detections past 30 days