Presentation on theme: "Palo Alto Networks Jay Flanyak Channel Business Manager"— Presentation transcript:
1Palo Alto Networks Jay Flanyak Channel Business Manager firstname.lastname@example.org
2Palo Alto Networks at a glance Corporate highlightsFounded in 2005; first customer shipment in 2007Safely enabling applications and preventing cyber threatsAble to address all enterprise cybersecurity needsExceptional ability to support global customersExperienced team of 1,300+ employeesQ1FY14: $128.2M revenue; 14,500 customersRevenues$MMFYE JulyEnterprise customersJul-11Jul-12Jul-13
4Magic Quadrant for Enterprise Network Firewalls “Palo Alto Networks continues to both drive competitors to react in the firewall market and to move the overall firewall market forward. It is assessed as a Leader, mostly because of its NGFW design, direction of the market along the NGFW path, consistent displacement of competitors, rapidly increasing revenue and market share, and market disruption that forces competitors in all quadrants to react.”Gartner, February 2013In this MQ Gartner is validating that the next-generation firewall has gone mainstream, stating "Advances in threats have driven mainstream firewall demand for next- generation firewall capabilities. Buyers should focus on the quality, not quantity, of the features and the R&D behind them."With our placement in the upper right for the 2nd consecutive Gartner is validating that we are a leader in the enterprise FW market: "Palo Alto Networks continued through 2012 to generate the most firewall inquiries among Gartner customers by a significant margin. Palo Alto Networks was consistently on most NGFW competitive shortlists, and we observed high customer loyalty and satisfaction from early adopters."We came to market in 2007 with an innovative, disruptive firewall solution and a singular focus on customers, which Gartner validates in the MQ: "Palo Alto Networks continues to both drive competitors to react in the firewall market and to move the overall firewall market forward.”As far as what not to say – stick to the script, do NOT:1. Put words in Gartner's mouth.2. Anticipate future MQ positions.3. Talk about other vendors. We have plenty of strong stuff in the bullets below.
5Many Third Parties Reach Same Conclusion Gartner Enterprise Network Firewall Magic QuadrantPalo Alto Networks leading the marketForrester IPS Market OverviewStrong IPS solution; demonstrates effective consolidationNetworkWorld TestMost stringent NGFW test to date; validated sustained performance and key differencesNSS TestsIPS: Palo Alto Networks NGFW tested against competitors’ standalone IPS devices; NSS RecommendedFirewall: traditional port-based firewall test; Palo Alto Networks most efficient by a wide margin; NSS RecommendedNGFW: Palo Alto Networks best combination of protection, performance, and value; NSS Recommended (1 of only 3)
6Applications Get Through the Firewall Use interesting examples that are not Facebook and Twitter to show that applications have changes firewalls have not. They use evasive techniques to simplify use and avoid detection.AV in the late 90s started using port 80 (it is a C/S app), AIM prompted you to find an open port, BitTorrent and Skype hop ports, use encryption, MS Lync uses 443, and a host of ports above 50,000, SharePoint and function control use a range of web ports, but it is not a web app (it uses Office! SAP, Oracle, DropBox, Box.netNetwork security policy is enforced at the firewallSees all trafficDefines boundaryEnables accessTraditional firewalls don’t work any more
7Applications Get Through the Firewall: Threats Threat ramifications: Applications are a threat vector and a targetThreats target applicationsUsed as a threat vectorApplication specific exploits
8Applications Get Through the Firewall: Exfiltration Exfiltration ramifications: Today’s threats are applications – their command/control requires network communications. Apps can act as the conduit for data theft.Applications provide exfiltrationThreat communicationConfidential data
9Applications Get Through the Firewall: Encryption SSL and SSH: more and more applications use encryption, rendering existing FWs useless.What happens traffic is encrypted?SSLProprietary encryption
10Technology Sprawl and Creep Aren’t the Answer “More stuff” doesn’t solve the problemFirewall “helpers” have limited view of trafficComplex and costly to buy and maintainDoesn’t address application control challengesUTMInternetIMDLPIPSProxyURLAVthe control that once existed in the firewall has eroded over time.UTMs exist for the sole purpose of consolidating devices to save money – just google the IDC definition from 2004UTMs suffer from performance issues, multiple policies, silo-based scanning, multiple databases, logs, etcUTMs are all stateful inspection based – the all make their first decision on port.We are not a utm.Enterprise Network
11The Answer? Make the Firewall Do Its Job 1. Identify applications regardless of port, protocol, evasive tactic or SSL2. Identify and control users regardless of IP address, location, or device3. Protect against known and unknown application-borne threats4. Fine-grained visibility and policy control over application access / functionality5. Multi-gigabit, low latency, in-line deployment111111
12Zero-day discovery with WildFire™ Anti-malware signaturesDNS intelligenceMalware URL databaseAnti-C2 signaturesGlobal intelligence and protection delivered to all users10Gbps advanced threat visibility and prevention on all traffic, all ports (web, , SMB, etc.)Malware run in the cloud with open internet access to discover C2 protocols, domains, URLs and staged malware downloadsMalware, DNS, URL, and C2 signatures automatically created based on WildFire intelligence and delivered to customers globallyStream-based malware engine performs true in- line enforcementOn-premises WildFire appliance available for additional data privacyWildFireTMSoak sites, sinkholes,3rd party sourcesCommand-and-controlStaged malware downloadsHost ID and data exfilWildFire Appliance(optional)WildFire Users
13Enabling Applications, Users and Content The goal is to use applications, users and content as a means of talking about all 5 technologies and services: app-id, user-id, contentid, globalprotect and wildfire – not just the 3 core ones.This slide includes several good application examples – none of which are Facebook or Twitter .Each example has a user, an app and some content – doc, file, threat – when traversing the FW, those elements are either allowed or blocked for specific groups of users**********************Classifying all applications, across all ports, all the time with App-ID. Palo Alto Networks next-generation firewalls are built upon App-ID, a traffic classification technology that identifies the applications traversing the network, regardless of port, encryption (SSL or SSH) or evasive technique employed. The knowledge of exactly which applications are traversing the network, not just the port and protocol, then becomes the basis for all security policy decisions. Unidentified applications, typically a small percentage of traffic yet high in potential risk, are automatically categorized for systematic management, which can include policy control and inspection, threat forensics, creation of a custom App-ID, or submission of a packet capture App-ID for development.Tying users and devices, not just IP addresses to applications with User-ID and GlobalProtect. The application identity is tied to the user through User-ID, allowing organizations to deploy enablement policies that are not based solely on the IP address. These policies can then be extended to any device at any location with GlobalProtect. User-ID integrates with a wide range of enterprise user repositories to provide the identity of the Microsoft Windows, Mac OS X, Linux or Android, iOS users accessing the application. GlobalProtect ensures that the remote user is protected consistently, in the same manner as they would be if they were operating on the local network. The combined visibility and control over a users' application activity means organizations can safely enable the use of Oracle, BitTorrent, or Gmail, or any other application traversing the network, no matter where or how the user is accessing the network.Protecting against all threats, both known and unknown, with Content-ID and WildFire. To protect against a blend of known exploits, malware and spyware as well as completely unknown and targeted threats, organizations can first reduce the threat footprint through an explicit deny policy for unwanted applications. Content-ID can then be used to protect the applications and associated features by blocking known vulnerability exploits, viruses, and spyware in the allowed traffic. Content-ID addresses common threat evasion tactics by executing the prevention policy using the application and protocol context generated by the decoders in App-ID. Custom or unknown malware that is not controlled through traditional signatures is addressed through WildFire, which executes unknown files and monitors for more than 100 malicious behaviors in a virtualized sandbox environment. If malware is found, a signature is automatically developed and delivered to the user community.Enterprise wide enablement: Safe application enablement policies can help organizations improve their security posture, regardless of the deployment location. At the perimeter, organizations can reduce their threat footprint by blocking a wide range of unwanted applications and then inspecting the allowed applications for threats - both known and unknown. In the datacenter, application enablement translates to confirming the applications users and content are allowed and protected from threats while simultaneously finding rogue, misconfigured applications - all at multi-Gbps speeds. In virtualized datacenter environments, organizations can apply consistent application enablement policies while addressing security challenges introduced by virtual machine movement and orchestration. Expanding outwards to enterprise branch offices and remote users, enablement is delivered through policy consistency - the same policy deployed at the corporate location and is extended, seamlessly to other locations.
14Enabling Applications, Users and Content Applications: Safe enablement begins with application classification by App-ID.Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect.Content: Scanning content and protecting against all threats – both known and unknown; with Content-ID and WildFire.