We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJanae Lodes
Modified over 2 years ago
Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager
Agenda Corporate Overview Why a NGFW? Key Technologies, Architecture Review, Wildfire Web Interface Model Review 2011 Gartner Report Review © 2011 Palo Alto Networks. Proprietary and Confidential.Page 2 |
About Palo Alto Networks Palo Alto Networks is the Network Security Company World-class team with strong security and networking experience - Founded in 2005, first customer July 2007, top-tier investors Builds next-generation firewalls that identify / control ~1450+ applications - Restores the firewall as the core of enterprise network security infrastructure - Innovations: App-ID, User-ID, Content-ID Global momentum: 7,500+ customers August 2011: Annual bookings run rate is over US$200 million*, cash-flow positive last five consecutive quarters (*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable orders received during the fiscal period. Palo Alto Networks fiscal year runs from August 1st until July 31st. A few of the many enterprises that have deployed more than $1M © 2011 Palo Alto Networks. Proprietary and Confidential.Page 3 |
Applications Have Changed; Firewalls Have Not © 2011 Palo Alto Networks. Proprietary and Confidential.Page 4 | Need to restore visibility and control in the firewall BUT…applications have changed Ports Applications IP Addresses Users Packets Content The firewall is the right place to enforce policy control Sees all traffic Defines trust boundary Enables access via positive control
Applications Carry Risk © 2011 Palo Alto Networks. Proprietary and Confidential.Page 5 | Applications can be threats P2P file sharing, tunneling applications, anonymizers, media/video Applications carry threats Qualys Top 20 Vulnerabilities – majority result in application- level threats Applications & application-level threats result in major breaches – RSA, Comodo, FBI
Enterprise 2.0 Applications and Risks Widespread © 2011 Palo Alto Networks. Proprietary and Confidential.Page 6 | Palo Alto Networks latest Application Usage & Risk Report highlights actual behavior of 1M+ users in 1253 organizations - More enterprise 2.0 application use for personal and business reasons. - Tunneling and port hopping are common - Bottom line: all had firewalls, most had IPS, proxies, & URL filtering – but none of these organizations could control what applications ran on their networks
Technology Sprawl & Creep Are Not The Answer More stuff doesnt solve the problem Firewall helpers have limited view of traffic Complex and costly to buy and maintain © 2011 Palo Alto Networks. Proprietary and Confidential.Page 7 | Internet Putting all of this in the same box is just slow
The Right Answer: Make the Firewall Do Its Job © 2011 Palo Alto Networks. Proprietary and Confidential.Page 8 | New Requirements for the Firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Protect in real-time against threats embedded across applications 4. Fine-grained visibility and policy control over application access / functionality 5. Multi-gigabit, in-line deployment with no performance degradation
Why Visibility & Control Must Be In The Firewall © 2011 Palo Alto Networks. Proprietary and Confidential.Page 9 | Port Policy Decision App Ctrl Policy Decision Application Control as an Add-on Port-based FW + App Ctrl (IPS) = two policies Applications are threats; only block what you expressly look for Implications Network access decision is made with no information Cannot safely enable applications IPS Applications Firewall PortTraffic Firewall IPS App Ctrl Policy Decision Scan Application for Threats Applications ApplicationTraffic NGFW Application Control Application control is in the firewall = single policy Visibility across all ports, for all traffic, all the time Implications Network access decision is made based on application identity Safely enable application usage
What You See…with Port-Based FW + Application Control Add-on © 2011 Palo Alto Networks. Proprietary and Confidential.Page 10 |
What You See with a True Next-Generation Firewall © 2011 Palo Alto Networks. Proprietary and Confidential.Page 11 |
Your Control With Port-based Firewall Add-on © 2011 Palo Alto Networks. Proprietary and Confidential.Page 12 |
Your Control With a Next-Generation Firewall » The ever-expanding universe of applications, services and threats » Traffic limited to approved business use cases based on App and User » Attack surface reduced by orders of magnitude » Complete threat library with no blind spots Bi-directional inspection Scans inside of SSL Scans inside compressed files Scans inside proxies and tunnels Only allow the apps you need Safely enable the applications relevant to your business © 2011 Palo Alto Networks. Proprietary and Confidential.Page 13 |
Identification Technologies Transform the Firewall © 2011 Palo Alto Networks. Proprietary and Confidential.Page 14 | App-ID Identify the application User-ID Identify the user Content-ID Scan the content
Single-Pass Parallel Processing (SP3) Architecture © 2011 Palo Alto Networks. Proprietary and Confidential.Page 15 | Single Pass Operations once per packet - Traffic classification (app identification) - User/group mapping - Content scanning – threats, URLs, confidential data One policy Parallel Processing Function-specific parallel processing hardware engines Separate data/control planes Up to 20Gbps, Low Latency
INSERT WILDFIRE SLID HERE © 2011 Palo Alto Networks. Proprietary and Confidential.Page 16 |
Transforming The Perimeter and Datacenter © 2011 Palo Alto Networks. Proprietary and Confidential.Page 17 | Perimeter Datacenter Same Next-Generation Firewall, Different Benefits…
Comprehensive View of Applications, Users & Content Application Command Center (ACC) - View applications, URLs, threats, data filtering activity Add/remove filters to achieve desired result © 2010 Palo Alto Networks. Proprietary and Confidential.Page 18 | Filter on Facebook-base Filter on Facebook-base and user cook Remove Facebook to expand view of cook
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 19 | PAN-OS Core Firewall Features Strong networking foundation - Dynamic routing (BGP, OSPF, RIPv2) - Tap mode – connect to SPAN port - Virtual wire (Layer 1) for true transparent in-line deployment - L2/L3 switching foundation - Policy-based forwarding VPN - Site-to-site IPSec VPN - SSL VPN QoS traffic shaping - Max/guaranteed and priority - By user, app, interface, zone, & more - Real-time bandwidth monitor Zone-based architecture - All interfaces assigned to security zones for policy enforcement High Availability - Active/active, active/passive - Configuration and session synchronization - Path, link, and HA monitoring Virtual Systems - Establish multiple virtual firewalls in a single device (PA-5000, PA- 4000, and PA-2000 Series) Simple, flexible management - CLI, Web, Panorama, SNMP, Syslog Visibility and control of applications, users and content complement core firewall features PA-500 PA-2020 PA-2050 PA-4020 PA-4050 PA-4060 PA-5060 PA-5050 PA-5020
2011 Magic Quadrant for Enterprise Network Firewalls © 2011 Palo Alto Networks. Proprietary and Confidential.Page 20 | Source: Gartner, December 14, 2011 Palo Alto Networks' high- performance NGFW functionality continues to drive competitors to react in the firewall market. It is assessed as a Leader mostly because of its NGFW design, redirection of the market along the NGFW path, consistent displacement of Leaders and Challengers, and market disruption forcing Leaders to react.
2010 Magic Quadrant for Enterprise Network Firewalls © 2011 Palo Alto Networks. Proprietary and Confidential.Page 21 | Palo Alto Networks Check Point Software Technologies Juniper Networks Cisco Fortinet McAfee Stonesoft SonicWALL WatchGuard NETASQAstaro phion 3Com/H3C completeness of vision visionaries ability to execute As of March 2010 niche players Source: Gartner
Continual Customer Driven Innovation © 2011 Palo Alto Networks. Proprietary and Confidential.Page 22 | App-ID: Traffic classification by application; all ports, all the time SSL decryption/inspection, control unknowns, PCAPs, App override, function enablement, custom App-IDs, QoS, PBF, SSH control… User-ID: User identity becomes pervasive; visibility, policy, logging and reporting Active Directory, terminal services, LDAP, eDirectory, XML API… Content-ID: Single engine stream-based scanning of allowed content Exploits, viruses, confidential data, botnets, modern malware… Enterprise-Class Platform: Scalable, deployable, predictable Dual-plane architecture; single pass software, function specific processing, tap mode, Vwire, L2/L3/mixed mode, IPv6… Customer Count 20072011
Addresses Three Key Business Problems Identify and Control Applications - Visibility of ~1450+ applications, regardless of port, protocol, encryption, or evasive tactic - Fine-grained control over applications (allow, deny, limit, scan, shape) - Addresses the key deficiencies of legacy firewall infrastructure Prevent Threats - Stop a variety of threats – exploits (by vulnerability), viruses, spyware - Stop leaks of confidential data (e.g., credit card #, social security #, file/type) - Stream-based engine ensures high performance - Enforce acceptable use policies on users for general web site browsing Simplify Security Infrastructure - Put the firewall at the center of the network security infrastructure - Reduce complexity in architecture and operations © 2011 Palo Alto Networks. Proprietary and Confidential.Page 23 |
Thank You © 2010 Palo Alto Networks. Proprietary and Confidential.Page 24 |
Additional Information Speeds and Feeds, Deployment, Customers, TCO, Support, and Management
Global Support. Local Availability. Enterprise Class. Global support infrastructure - Global TACs (Santa Clara HQ, Dallas, Antwerp, Singapore, Tokyo) - Global Hardware Depots (Santa Clara, Amsterdam, Singapore) Programs and features to address global support demands - On-line Support Knowledge Portal - Premium Support (24 x 7) - Standard Support (8 x 5) - Technical Account Managers - Hardware support/replacement options (standard, premium, 4-hour, on-site spares, and system HA) Integrated approach to services, training, and support © 2011 Palo Alto Networks. Proprietary and Confidential.Page 26 |
Next-Generation Firewalls Are Network Security © 2011 Palo Alto Networks. Proprietary and Confidential.Page 27 |
August 2011: Extraordinary Business Results © 2011 Palo Alto Networks. Proprietary and Confidential.Page 28 | (*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable orders received during the fiscal period. Palo Alto Networks fiscal year runs from August 1st until July 31st.
© 2011 Palo Alto Networks. Proprietary and ConfidentialPage 29 | Palo Alto Networks Next-Gen Firewalls PA-4050 10 Gbps FW/5 Gbps threat prevention/2,000,000 sessions 8 SFP, 16 copper gigabit PA-4020 2 Gbps FW/2 Gbps threat prevention/500,000 sessions 8 SFP, 16 copper gigabit PA-4060 10 Gbps FW/5 Gbps threat prevention/2,000,000 sessions 4 XFP (10 Gig), 4 SFP (1 Gig) PA-2050 1 Gbps FW/500 Mbps threat prevention/250,000 sessions 4 SFP, 16 copper gigabit PA-2020 500 Mbps FW/200 Mbps threat prevention/125,000 sessions 2 SFP, 12 copper gigabit PA-500 250 Mbps FW/100 Mbps threat prevention/50,000 sessions 8 copper gigabit PA-5050 10 Gbps FW/5 Gbps threat prevention/2,000,000 sessions 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit PA-5020 5 Gbps FW/2 Gbps threat prevention/1,000,000 sessions 8 SFP, 12 copper gigabit PA-5060 20 Gbps FW/10 Gbps threat prevention/4,000,000 sessions 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit
Introducing GlobalProtect © 2011 Palo Alto Networks. Proprietary and Confidential.Page 30 | Users never go off-network regardless of location All firewalls work together to provide cloud of network security How it works: - Small agent determines network location (on or off the enterprise network) - If off-network, the agent automatically connects the laptop to the nearest firewall via SSL VPN - Agent submits host information profile (patch level, asset type, disk encryption, and more) to the gateway - Gateway enforces security policy using App-ID, User-ID, Content-ID AND host information profile
A Modern Architecture for Enterprise Network Security Establishes a logical perimeter that is not bound to physical limitations Users receive the same depth and quality of protection both inside and out Security work performed by purpose-built firewalls, not end-user laptops Unified visibility, compliance and reporting © 2011 Palo Alto Networks. Proprietary and Confidential.Page 31 | malware botnets exploits
Redefine Network Security – and Save Money! © 2011 Palo Alto Networks. Proprietary and Confidential.Page 32 | Cut by as much as 80% Cut by as much as 65% Capital cost – replace multiple devices - Legacy firewall, IPS, URL filtering device (e.g. proxy, secure web gateway…) Hard operational expenses - Support contracts - Subscriptions - Power and HVAC Save on soft costs too - Rack space, deployment/integration, headcount, training, help desk calls
Flexible Deployment Options Visibility Transparent In-Line Firewall Replacement Application, user and content visibility without inline deployment IPS with app visibility & control Consolidation of IPS & URL filtering Firewall replacement with app visibility & control Firewall + IPS Firewall + IPS + URL filtering © 2011 Palo Alto Networks. Proprietary and Confidential.Page 33 |
Enables Visibility Into Applications, Users, and Content
A few simple guidelines… Never use PAN in slides, always use Palo Alto Networks. The easiest way to avoid typing that all the time is by using an automatic text expansion tool, such as: - Typinator for Mac OS (19.99) http://www.ergonis.com/products/typinator/ - Texter for Windows (free) http://lifehacker.com/software/texter/lifehacker-code-texter-windows-238306.php Our corporate colors in PowerPoint are: © 2011 Palo Alto Networks. Proprietary and Confidential.Page 36 | GreenBlue
Palo Alto Networks Jay Flanyak Channel Business Manager
Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Palo Alto Networks Markus Laaksonen
Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks.
Palo Alto Networks Product Overview Data Connectors March 7, 2013.
Palo Alto Networks Customer Presentation November 2009 Ozan Ozkara.
What Did You Do At School Today Junior? Ethan West – Palo Alto Networks Systems Engineer.
Application Usage and Risk Report 7 th Edition, May 2011.
Firewall requirements to secure IPv6 networks – finished playing! LANCom seminar, Maribor Ides Vanneuville, Palo Alto Networks – Next-Generation firewall.
© 2007 Palo Alto Networks. Proprietary and Confidential Page 1 | Palo Alto Networks – next page in firewalling It’s time to fix the firewall! Tiit Sokolov.
Next Generation Network Security Carlos Heller System Engineering.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
Next-Generation Firewall Palo Alto Networks. Page 2 | Applications Have Changed, firewalls have not The gateway at the trust border is the right place.
Juniper Networks CONFIDENTIAL 1 MIGRATION FROM SCREENOS TO JUNOS BASED FIREWALL PRESENTER NAME JULY 2014.
NEXT GENERATION FIREWALLS Why NGFWs are Next-Generation FWs?
What’s New in WatchGuard Dimension v1.2 WatchGuard Training.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Secure. Everywhere. ©2012 Zscaler, Inc. All rights reserved. Secure. Everywhere. ©2012 Zscaler, Inc. All rights reserved. Enabling business beyond the.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Check Point & Security Market June 2013.
1 Configuring your VLAN Presented by Gregory Laffoon.
© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.
NSA 240 Overview For End Users. 2 New Challenges To Solve Threats Are Increasing Web 2.0 & SaaS Impacts to servers, users & networks Threats go.
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Palo Alto Networks SLO WUG NG Silvester Drobnič, CHS d.o.o.
© 2007 Palo Alto Networks. Proprietary and Confidential Page 1 | Next Generation Firewalls Nir Zuk Founder and CTO.
PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,
Barracuda Networks Steve Scheidegger Commercial Account Manager
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
Computer Networks TCP/IP Protocol Suite.
The IP Revolution. Page 2 The IP Revolution IP Revolution Why now? The 3 Pillars of the IP Revolution How IP changes everything.
Whats New in Fireware XTM v New Features in Fireware XTM v Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.
Network security Product Group 2 McAfee Network Security Platform.
Nairobi, Kenya, 30 – 31 July 2010 Interoperability Challenges in ISPs Operations Tamer M. Kamel, Networks Operation & Maintenance Division, TE-DATA Egypt.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
What’s New in Fireware XTM v WatchGuard Training.
© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Barracuda Web Filter Introduction. Barracuda Networks Introduction to the Barracuda Web Filter 2 Gateway Web Security Integrated hardware/software appliance.
2 Industry trends and challenges Windows Server 2012: Modern workstyle, enabled Access from virtually anywhere, any device Full Windows experience.
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.
1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.
Macromedia Dreamweaver MX 2004 – Design Professional Dreamweaver GETTING STARTED WITH.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
1 Copyright © 2012 Juniper Networks, Inc. Executive Intro Slide Turn Trends into Opportunities Vertical Wide Michael Tjon-En-Fa Industry,
FedEx Ship Manager® at fedex.com Shipping Administration
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 What is access control list (ACL)? Presented by Mohamad Sanioura – Cisco.
© 2017 SlidePlayer.com Inc. All rights reserved.