Presentation is loading. Please wait.

Presentation is loading. Please wait.

Palo Alto Networks Product Overview

Similar presentations

Presentation on theme: "Palo Alto Networks Product Overview"— Presentation transcript:

1 Palo Alto Networks Product Overview
Data Connectors March 7, 2013

2 Safe Harbor This presentation contains “forward-looking” statements that are based on our management’s beliefs and assumptions and on information currently available to management. Forward-looking statements include information concerning our possible or assumed future results of operations, business strategies, financing plans, competitive position, industry environment, potential growth opportunities, potential market opportunities and the effects of competition. Forward-looking statements include all statements that are not historical facts and can be identified by terms such as “anticipates,” “believes,” “could,” “seeks,” “estimates,” “intends,” “may,” “plans,” “potential,” “predicts,” “projects,” “should,” “will,” “would” or similar expressions and the negatives of those terms. Forward-looking statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, performance or achievements to be materially different from any future results, performance or achievements expressed or implied by the forward-looking statements. Forward-looking statements represent our management’s beliefs and assumptions only as of the date of the prospectus. You should read the prospectus, including the Risk Factors set forth therein and the documents that we have filed as exhibits to the registration statement, of which the prospectus is a part, completely and with the understanding that our actual future results may be materially different from what we expect. Except as required by law we assume no obligation to update these forward-looking statements publicly, or to update the reasons why actual results could differ materially from those anticipated in the forward-looking statements, even if new information becomes available in the future.

3 Palo Alto Networks at a Glance
Corporate highlights Founded in 2005; first customer shipment in 2007 Safely enabling applications Able to address all network security needs Exceptional ability to support global customers Experienced technology and management team 850+ employees globally Revenue $MM FYE July Enterprise customers Jul-10 Jul-11 Disruptive Network Security Platform: We have been described by Gartner as a disruptive security platform because in 2007 we brought to market the first next generation firewall to classify traffic based on application, regardless of the port, protocol, encryption or other evasive tactic. Safely Enabling Applications: this means more than allowing or blocking – it means using business-relevant elements such as the application identity, who is using the application, and the type of content or threat as a more meaningful way to control network access and grow your business. This means you can build firewall policies to allow the application but apply function control, or bandwidth shaping, or threat prevention to the application. Able to Address All Network Security Needs: Platform and rich firewall feature-set that can protect the perimeter, datacenter, distributed enterprise – secure enablement policies based on application, user and content. Exceptional Growth and Global Presence: Refer to the charts on the right for growth, and we have a direct presence in more than 80 countries and support centers, hardware depots distributed worldwide. Experienced Technology and Management Team: The technology team drives our innovation and our continued efforts at disrupting the network security market – they are our most valued team members. The management team brings a rich history of steering a rapidly growing dynamic company like ours. Nov-12

4 Applications Have Changed, Firewalls Haven’t
This slide establishes the problem. It is very similar to the original broken FW slide, but now the apps are in logical positions (perimeter or datacenter), allowing you to talk to either opportunity Use interesting examples that are not Facebook and Twitter to show that applications have changes firewalls have not. Use examples of applications that may use evasive techniques to simplify use and in so doing, avoid detection. Use applications that change state as added functions are used – they are hard for UTMS to identify, control and enable. Examples: AV vendors in the late 90s started using port 80 (it is a C/S app), AIM prompted you to find an open port, BitTorrent and Skype hop ports, use encryption, MS Lync uses 443, 3489 and a host of ports above 50,000, SharePoint and function control use a range of web ports, but it is not a web app (it uses Office! SAP, Oracle, DropBox, (Image 1) The ramifications of these changes result in an increase in business and security risks - applications act as (1) a threat vector ( delivering a video URL but is really malware) and (2) they are threat targets (SQL injection attacks), and (3) they act as the command and control/exfiltration avenue. Network security policy is enforced at the firewall Sees all traffic Defines boundary Enables access Traditional firewalls don’t work any more

5 Applications: Threat Vector and a Target
OPTIONAL slide Threat ramifications: Applications are a threat vector (malware) and a target (exploits) Threats target applications Used as a delivery mechanism Application specific exploits

6 Applications: Payload Delivery/Command & Control
OPTIONAL slide exfiltration Exfiltration ramifications: Today’s threats are applications – their command/control/exfiltration requires network communications. Apps can act as the conduit for data theft. Applications provide exfiltration Confidential data Threat communication

7 Encrypted Applications: Unseen by Firewalls
OPTIONAL slide SSL and SSH: more and more applications use encryption, rendering existing FWs useless. What happens traffic is encrypted? SSL Proprietary encryption

8 Technology Sprawl and Creep Aren’t the Answer
“More stuff” doesn’t solve the problem Firewall “helpers” have limited view of traffic Complex and costly to buy and maintain Doesn’t address applications UTM Internet IM DLP IPS Proxy URL AV Explain why customers have deployed all of these devices – the control that once existed in the firewall has eroded over time. UTMs exist for the sole purpose of consolidating devices to save money UTMs suffer from performance issues, multiple policies, silo-based scanning, multiple databases, logs, etc UTMs are all stateful inspection based – the all make their first decision on port. This is not our value-add Enterprise Network

9 The Answer? Make the Firewall Do Its Job
1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify and control users regardless of IP address, location, or device 3. Protect against known and unknown application-borne threats 4. Fine-grained visibility and policy control over application access / functionality 5. Multi-gigabit, low latency, in-line deployment From day 1, Firewalls have always been designed to be the traffic cop on the network. Over time, they did not keep pace with the changes in L7 traffic – both applications and threats. Need to re-store the firewall to what it was originally designed to do – be a traffic cop that controls all apps, both known and unknown, not ports. On all ports, all the time Any user, any platform, any location Content scanning and threat prevention (known and unknown) 9 9 9

10 Why Visibility & Control Must Be In The Firewall
IPS App Ctrl Policy Decision Scan Application for Threats Applications Application Traffic NGFW Application Control Application control is in the firewall = single policy Visibility across all ports, for all traffic, all the time Implications Network access decision is made based on application identity Safely enable application usage Application Control as an Add-on Port-based FW + App Ctrl (IPS) = two policies Applications are threats; only block what you expressly look for Implications Network access decision is made with no information Cannot safely enable applications Firewall IPS Applications Traffic Port Port Policy Decision App Ctrl Policy Decision Optional slide…..

11 Making the Firewall a Business Enablement Tool
Applications: Enablement begins with application classification by App-ID. Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect. Content: Scanning content and protecting against all threats, both known and unknown, with Content-ID and WildFire. Classifying all applications, across all ports, all the time with App-ID. Palo Alto Networks next-generation firewalls are built upon App-ID, a traffic classification technology that identifies the applications traversing the network, regardless of port, encryption (SSL or SSH) or evasive technique employed. The knowledge of exactly which applications are traversing the network, not just the port and protocol, then becomes the basis for all security policy decisions. Unidentified applications, typically a small percentage of traffic yet high in potential risk, are automatically categorized for systematic management, which can include policy control and inspection, threat forensics, creation of a custom App-ID, or submission of a packet capture App-ID for development. Tying users and devices, not just IP addresses to applications with User-ID and GlobalProtect. The application identity is tied to the user through User-ID, allowing organizations to deploy enablement policies that are not based solely on the IP address. These policies can then be extended to any device at any location with GlobalProtect. User-ID integrates with a wide range of enterprise user repositories to provide the identity of the Microsoft Windows, Mac OS X, Linux or Android, iOS users accessing the application. GlobalProtect ensures that the remote user is protected consistently, in the same manner as they would be if they were operating on the local network. The combined visibility and control over a users' application activity means organizations can safely enable the use of Oracle, BitTorrent, or Gmail, or any other application traversing the network, no matter where or how the user is accessing the network. Protecting against all threats, both known and unknown, with Content-ID and WildFire. To protect against a blend of known exploits, malware and spyware as well as completely unknown and targeted threats, organizations can first reduce the threat footprint through an explicit deny policy for unwanted applications. Content-ID can then be used to protect the applications and associated features by blocking known vulnerability exploits, viruses, and spyware in the allowed traffic. Content-ID addresses common threat evasion tactics by executing the prevention policy using the application and protocol context generated by the decoders in App-ID. Custom or unknown malware that is not controlled through traditional signatures is addressed through WildFire, which executes unknown files and monitors for more than 100 malicious behaviors in a virtualized sandbox environment. If malware is found, a signature is automatically developed and delivered to the user community.

12 WildFire Architecture
Running in the cloud lets the malware do things that you wouldn’t allow in your network. Updates to sandbox logic without impacting the customer 10 Gbps Threat Prevention and file scanning All traffic, all ports Web, , FTP and SMB Stream-based malware engine to perform true inline enforcement

13 Single Pass Platform Architecture
Use the same language from the original SP3 slide, Purpose built – use a racing vehicle analogy – any racing vehicle; a car, a motorcycle, what ever. They go fast because of the sum or their parts = engine, suspension, tires, body, driver. We did the same thing – built SW that was as efficient as possible, using a single pass to perform the heavy lifting (L7 classification and inspection) Operations once per packet - Traffic classification (app identification), Content scanning – threats, URLs, confidential data = One policy. – then we married it to a HW platform that scales upwards and downwards using dedicated processors for NW, Security (cavium multi-core), threat and management. Separate data/control planes for built-in resiliency.

14 PAN-OS Core Firewall Features
Visibility and control of applications, users and content complement core firewall features Strong networking foundation Dynamic routing (BGP, OSPF, RIPv2) Tap mode – connect to SPAN port Virtual wire (“Layer 1”) for true transparent in-line deployment L2/L3 switching foundation Policy-based forwarding VPN Site-to-site IPSec VPN Remote Access (SSL) VPN QoS traffic shaping Max/guaranteed and priority By user, app, interface, zone, & more Real-time bandwidth monitor Zone-based architecture All interfaces assigned to security zones for policy enforcement High Availability Active/active, active/passive Configuration and session synchronization Path, link, and HA monitoring Virtual Systems Establish multiple virtual firewalls in a single device (PA-5000, PA-4000, PA-3000, and PA-2000 Series) Simple, flexible management CLI, Web, Panorama, SNMP, Syslog Wide range of platforms, all support core features needed for nw deployment. Possible examples of talk track…. Take this slide as an opportunity to talk about VSYS and how we don’t have any feature loss when enabling it as well as don’t need additional products/OS to deploy it. Discuss how reporting is built in to the FW and the same when using Panorama which is mainly used to manage many firewalls Example: discuss QoS and how we can shape traffic during widely viewed events such as March Madness, etc and tie this into our App-ID story 14 14

15 Next-Generation Firewall Virtualized Platforms
Performance Cores Allocated Firewall (App-ID) Threat Prevention VPN Sessions per Second 2 Core 500 Mbps 200 Mbps 100 Mbps 8,000 4 Core 1 Gbps 600 Mbps 250 Mbps 8 Core 400 Mbps Specifications Model Sessions Rules Security Zones Address Objects IPSec VPN Tunnels SSL VPN Tunnels VM-100 50,000 250 10 2,500 25 VM-200 100,000 2,000 20 4,000 500 200 VM-300 250,000 5,000 40 10,000 Supported on VMware ESX/ESXi 4.0 or later Minimum of 2 CPU cores, 4GB RAM, 40GB HD, 2 interfaces Supports active/passive HA without state synchronization. Does not support 802.3ad, virtual systems, jumbo frames Exact same feature set available in HW FW is now available in virtualized form factor Licensed by capacities – not CPU or other money sucking scheme.

16 Enterprise-wide Next-Generation Firewall Security
Perimeter App visibility and control in the firewall All apps, all ports, all the time Prevent threats Known threats Unknown/targeted malware Simplify security infrastructure Data Center Network segmentation Based on application and user, not port/IP Simple, flexible network security Integration into all DC designs Highly available, high performance Distributed Enterprise Consistent network security everywhere HQ/branch offices/remote and mobile users Logical perimeter Policy follows applications and users, not physical location Centrally managed

17 Addresses Three Key Business Problems
Safely Enable Applications Identify more than 1,500 applications, regardless of port, protocol, encryption, or evasive tactic Fine-grained control over applications/application functions (allow, deny, limit, scan, shape) Addresses the key deficiencies of legacy firewall infrastructure Systematic management of unknown applications Prevent Threats Stop a variety of known threats – exploits (by vulnerability), viruses, spyware Detect and stop unknown threats with WildFire Stop leaks of confidential data (e.g., credit card #, social security #, file/type) Enforce acceptable use policies on users for general web site browsing Simplify Security Infrastructure Put the firewall at the center of the network security infrastructure Reduce complexity in architecture and operations

18 Many Third Parties Reach Same Conclusion
Gartner Enterprise Network Firewall Magic Quadrant Palo Alto Networks leading the market Forrester IPS Market Overview Strong IPS solution; demonstrates effective consolidation NetworkWorld Test Most stringent NGFW test to date; validated sustained performance NSS Tests IPS: Palo Alto Networks NGFW tested against competitors’ standalone IPS devices; NSS Recommended Firewall: Traditional port-based firewall test; Palo Alto Networks most efficient by a wide margin; NSS Recommended NGFW: Palo Alto Networks provides the best combination of protection, performance, and value; NSS Recommended (1 of only 3 NGFW recommended)

19 2013 Gartner Magic Quadrant for Enterprise Network Firewalls
“Palo Alto Networks continues to both drive competitors to react in the firewall market and to move the overall firewall market forward. It is assessed as a Leader, mostly because of its NGFW design, direction of the market along the NGFW path, consistent displacement of competitors, rapidly increasing revenue and market share, and market disruption that forces competitors in all quadrants to react.” Gartner, February 2013

20 Thank You © 2010 Palo Alto Networks. Proprietary and Confidential.

Download ppt "Palo Alto Networks Product Overview"

Similar presentations

Ads by Google