Presentation on theme: "Palo Alto Networks Product Overview"— Presentation transcript:
1 Palo Alto Networks Product Overview Data ConnectorsMarch 7, 2013
2 Safe HarborThis presentation contains “forward-looking” statements that are based on our management’s beliefs and assumptions and on information currently available to management. Forward-looking statements include information concerning our possible or assumed future results of operations, business strategies, financing plans, competitive position, industry environment, potential growth opportunities, potential market opportunities and the effects of competition.Forward-looking statements include all statements that are not historical facts and can be identified by terms such as “anticipates,” “believes,” “could,” “seeks,” “estimates,” “intends,” “may,” “plans,” “potential,” “predicts,” “projects,” “should,” “will,” “would” or similar expressions and the negatives of those terms. Forward-looking statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, performance or achievements to be materially different from any future results, performance or achievements expressed or implied by the forward-looking statements. Forward-looking statements represent our management’s beliefs and assumptions only as of the date of the prospectus. You should read the prospectus, including the Risk Factors set forth therein and the documents that we have filed as exhibits to the registration statement, of which the prospectus is a part, completely and with the understanding that our actual future results may be materially different from what we expect. Except as required by law we assume no obligation to update these forward-looking statements publicly, or to update the reasons why actual results could differ materially from those anticipated in the forward-looking statements, even if new information becomes available in the future.
3 Palo Alto Networks at a Glance Corporate highlightsFounded in 2005; first customer shipment in 2007Safely enabling applicationsAble to address all network security needsExceptional ability to support global customersExperienced technology and management team850+ employees globallyRevenue$MMFYE JulyEnterprise customersJul-10Jul-11Disruptive Network Security Platform: We have been described by Gartner as a disruptive security platform because in 2007 we brought to market the first next generation firewall to classify traffic based on application, regardless of the port, protocol, encryption or other evasive tactic.Safely Enabling Applications: this means more than allowing or blocking – it means using business-relevant elements such as the application identity, who is using the application, and the type of content or threat as a more meaningful way to control network access and grow your business. This means you can build firewall policies to allow the application but apply function control, or bandwidth shaping, or threat prevention to the application.Able to Address All Network Security Needs: Platform and rich firewall feature-set that can protect the perimeter, datacenter, distributed enterprise – secure enablement policies based on application, user and content.Exceptional Growth and Global Presence: Refer to the charts on the right for growth, and we have a direct presence in more than 80 countries and support centers, hardware depots distributed worldwide.Experienced Technology and Management Team: The technology team drives our innovation and our continued efforts at disrupting the network security market – they are our most valued team members. The management team brings a rich history of steering a rapidly growing dynamic company like ours.Nov-12
4 Applications Have Changed, Firewalls Haven’t This slide establishes the problem. It is very similar to the original broken FW slide, but now the apps are in logical positions (perimeter or datacenter), allowing you to talk to either opportunityUse interesting examples that are not Facebook and Twitter to show that applications have changes firewalls have not.Use examples of applications that may use evasive techniques to simplify use and in so doing, avoid detection.Use applications that change state as added functions are used – they are hard for UTMS to identify, control and enable.Examples: AV vendors in the late 90s started using port 80 (it is a C/S app), AIM prompted you to find an open port, BitTorrent and Skype hop ports, use encryption, MS Lync uses 443, 3489 and a host of ports above 50,000, SharePoint and function control use a range of web ports, but it is not a web app (it uses Office! SAP, Oracle, DropBox, Box.net (Image 1)The ramifications of these changes result in an increase in business and security risks - applications act as (1) a threat vector ( delivering a video URL but is really malware) and (2) they are threat targets (SQL injection attacks), and (3) they act as the command and control/exfiltration avenue.Network security policy is enforced at the firewallSees all trafficDefines boundaryEnables accessTraditional firewalls don’t work any more
5 Applications: Threat Vector and a Target OPTIONAL slide Threat ramifications: Applications are a threat vector (malware) and a target (exploits)Threats target applicationsUsed as a delivery mechanismApplication specific exploits
6 Applications: Payload Delivery/Command & Control OPTIONAL slide exfiltrationExfiltration ramifications: Today’s threats are applications – their command/control/exfiltration requires network communications. Apps can act as the conduit for data theft.Applications provide exfiltrationConfidential dataThreat communication
7 Encrypted Applications: Unseen by Firewalls OPTIONAL slide SSL and SSH: more and more applications use encryption, rendering existing FWs useless.What happens traffic is encrypted?SSLProprietary encryption
8 Technology Sprawl and Creep Aren’t the Answer “More stuff” doesn’t solve the problemFirewall “helpers” have limited view of trafficComplex and costly to buy and maintainDoesn’t address applicationsUTMInternetIMDLPIPSProxyURLAVExplain why customers have deployed all of these devices – the control that once existed in the firewall has eroded over time.UTMs exist for the sole purpose of consolidating devices to save moneyUTMs suffer from performance issues, multiple policies, silo-based scanning, multiple databases, logs, etcUTMs are all stateful inspection based – the all make their first decision on port.This is not our value-addEnterprise Network
9 The Answer? Make the Firewall Do Its Job 1. Identify applications regardless of port, protocol, evasive tactic or SSL2. Identify and control users regardless of IP address, location, or device3. Protect against known and unknown application-borne threats4. Fine-grained visibility and policy control over application access / functionality5. Multi-gigabit, low latency, in-line deploymentFrom day 1, Firewalls have always been designed to be the traffic cop on the network. Over time, they did not keep pace with the changes in L7 traffic – both applications and threats.Need to re-store the firewall to what it was originally designed to do – be a traffic cop that controls all apps, both known and unknown, not ports. On all ports, all the timeAny user, any platform, any locationContent scanning and threat prevention (known and unknown)999
10 Why Visibility & Control Must Be In The Firewall IPSApp Ctrl Policy DecisionScan Application for ThreatsApplicationsApplicationTrafficNGFW Application ControlApplication control is in the firewall = single policyVisibility across all ports, for all traffic, all the timeImplicationsNetwork access decision is made based on application identitySafely enable application usageApplication Control as an Add-onPort-based FW + App Ctrl (IPS) = two policiesApplications are threats; only block what you expressly look forImplicationsNetwork access decision is made with no informationCannot safely enable applicationsFirewallIPSApplicationsTrafficPortPort Policy DecisionApp Ctrl Policy DecisionOptional slide…..
11 Making the Firewall a Business Enablement Tool Applications: Enablement begins with application classification by App-ID.Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect.Content: Scanning content and protecting against all threats, both known and unknown, with Content-ID and WildFire.Classifying all applications, across all ports, all the time with App-ID. Palo Alto Networks next-generation firewalls are built upon App-ID, a traffic classification technology that identifies the applications traversing the network, regardless of port, encryption (SSL or SSH) or evasive technique employed. The knowledge of exactly which applications are traversing the network, not just the port and protocol, then becomes the basis for all security policy decisions. Unidentified applications, typically a small percentage of traffic yet high in potential risk, are automatically categorized for systematic management, which can include policy control and inspection, threat forensics, creation of a custom App-ID, or submission of a packet capture App-ID for development.Tying users and devices, not just IP addresses to applications with User-ID and GlobalProtect. The application identity is tied to the user through User-ID, allowing organizations to deploy enablement policies that are not based solely on the IP address. These policies can then be extended to any device at any location with GlobalProtect. User-ID integrates with a wide range of enterprise user repositories to provide the identity of the Microsoft Windows, Mac OS X, Linux or Android, iOS users accessing the application. GlobalProtect ensures that the remote user is protected consistently, in the same manner as they would be if they were operating on the local network. The combined visibility and control over a users' application activity means organizations can safely enable the use of Oracle, BitTorrent, or Gmail, or any other application traversing the network, no matter where or how the user is accessing the network.Protecting against all threats, both known and unknown, with Content-ID and WildFire. To protect against a blend of known exploits, malware and spyware as well as completely unknown and targeted threats, organizations can first reduce the threat footprint through an explicit deny policy for unwanted applications. Content-ID can then be used to protect the applications and associated features by blocking known vulnerability exploits, viruses, and spyware in the allowed traffic. Content-ID addresses common threat evasion tactics by executing the prevention policy using the application and protocol context generated by the decoders in App-ID. Custom or unknown malware that is not controlled through traditional signatures is addressed through WildFire, which executes unknown files and monitors for more than 100 malicious behaviors in a virtualized sandbox environment. If malware is found, a signature is automatically developed and delivered to the user community.
12 WildFire Architecture Running in the cloud lets the malware do things that you wouldn’t allow in your network.Updates to sandbox logic without impacting the customer10 Gbps Threat Prevention and file scanningAll traffic, all portsWeb, , FTP and SMBStream-based malware engine to perform true inline enforcement
13 Single Pass Platform Architecture Use the same language from the original SP3 slide,Purpose built – use a racing vehicle analogy – any racing vehicle; a car, a motorcycle, what ever. They go fast because of the sum or their parts = engine, suspension, tires, body, driver.We did the same thing – built SW that was as efficient as possible, using a single pass to perform the heavy lifting (L7 classification and inspection) Operations once per packet - Traffic classification (app identification), Content scanning – threats, URLs, confidential data = One policy.– then we married it to a HW platform that scales upwards and downwards using dedicated processors for NW, Security (cavium multi-core), threat and management. Separate data/control planes for built-in resiliency.
14 PAN-OS Core Firewall Features Visibility and control of applications, users and content complement core firewall featuresStrong networking foundationDynamic routing (BGP, OSPF, RIPv2)Tap mode – connect to SPAN portVirtual wire (“Layer 1”) for true transparent in-line deploymentL2/L3 switching foundationPolicy-based forwardingVPNSite-to-site IPSec VPNRemote Access (SSL) VPNQoS traffic shapingMax/guaranteed and priorityBy user, app, interface, zone, & moreReal-time bandwidth monitorZone-based architectureAll interfaces assigned to security zones for policy enforcementHigh AvailabilityActive/active, active/passiveConfiguration and session synchronizationPath, link, and HA monitoringVirtual SystemsEstablish multiple virtual firewalls in a single device (PA-5000, PA-4000, PA-3000, and PA-2000 Series)Simple, flexible managementCLI, Web, Panorama, SNMP, SyslogWide range of platforms, all support core features needed for nw deployment.Possible examples of talk track….Take this slide as an opportunity to talk about VSYS and how we don’t have any feature loss when enabling it as well as don’t need additional products/OS to deploy it.Discuss how reporting is built in to the FW and the same when using Panorama which is mainly used to manage many firewallsExample: discuss QoS and how we can shape traffic during widely viewed events such as March Madness, etc and tie this into our App-ID story1414
15 Next-Generation Firewall Virtualized Platforms PerformanceCores AllocatedFirewall (App-ID)Threat PreventionVPNSessions per Second2 Core500 Mbps200 Mbps100 Mbps8,0004 Core1 Gbps600 Mbps250 Mbps8 Core400 MbpsSpecificationsModelSessionsRulesSecurity ZonesAddress ObjectsIPSec VPN TunnelsSSL VPN TunnelsVM-10050,000250102,50025VM-200100,0002,000204,000500200VM-300250,0005,0004010,000Supported on VMware ESX/ESXi 4.0 or laterMinimum of 2 CPU cores, 4GB RAM, 40GB HD, 2 interfacesSupports active/passive HA without state synchronization. Does not support 802.3ad, virtual systems, jumbo framesExact same feature set available in HW FW is now available in virtualized form factorLicensed by capacities – not CPU or other money sucking scheme.
16 Enterprise-wide Next-Generation Firewall Security PerimeterApp visibility and control in the firewallAll apps, all ports, all the timePrevent threatsKnown threatsUnknown/targeted malwareSimplify security infrastructureData CenterNetwork segmentationBased on application and user, not port/IPSimple, flexible network securityIntegration into all DC designsHighly available, high performanceDistributed EnterpriseConsistent network security everywhereHQ/branch offices/remote and mobile usersLogical perimeterPolicy follows applications and users, not physical locationCentrally managed
17 Addresses Three Key Business Problems Safely Enable ApplicationsIdentify more than 1,500 applications, regardless of port, protocol, encryption, or evasive tacticFine-grained control over applications/application functions (allow, deny, limit, scan, shape)Addresses the key deficiencies of legacy firewall infrastructureSystematic management of unknown applicationsPrevent ThreatsStop a variety of known threats – exploits (by vulnerability), viruses, spywareDetect and stop unknown threats with WildFireStop leaks of confidential data (e.g., credit card #, social security #, file/type)Enforce acceptable use policies on users for general web site browsingSimplify Security InfrastructurePut the firewall at the center of the network security infrastructureReduce complexity in architecture and operations
18 Many Third Parties Reach Same Conclusion Gartner Enterprise Network Firewall Magic QuadrantPalo Alto Networks leading the marketForrester IPS Market OverviewStrong IPS solution; demonstrates effective consolidationNetworkWorld TestMost stringent NGFW test to date; validated sustained performanceNSS TestsIPS: Palo Alto Networks NGFW tested against competitors’ standalone IPS devices; NSS RecommendedFirewall: Traditional port-based firewall test; Palo Alto Networks most efficient by a wide margin; NSS RecommendedNGFW: Palo Alto Networks provides the best combination of protection, performance, and value; NSS Recommended (1 of only 3 NGFW recommended)
19 2013 Gartner Magic Quadrant for Enterprise Network Firewalls “Palo Alto Networks continues to both drive competitors to react in the firewall market and to move the overall firewall market forward. It is assessed as a Leader, mostly because of its NGFW design, direction of the market along the NGFW path, consistent displacement of competitors, rapidly increasing revenue and market share, and market disruption that forces competitors in all quadrants to react.”Gartner, February 2013