We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMaya Leap
Modified about 1 year ago
New Solutions to New Threats
The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential
Security Technology Hasn’t Kept Up The gateway on the trust border is the right place to exert control - All traffic goes through - Defines trust boundary Strategy is sound… BUT… - Can only see ports, protocol, and IP address - Blind to applications, users, and content - Blind to dynamic, multipronged threats Execution is flawed Collaboration / Media SaaS Personal Page 3 | © 2008 Palo Alto Networks. Proprietary and Confidential
Threat Prevention Must Get Smarter Stop threats - Block bad applications - Block a widening array of threats (exploits, viruses, spyware downloads and phone home) Enable business - Safely enable applications - Don’t slow down business traffic – i.e., manage risk at speed of business One policy = no gaps Page 4 | © 2008 Palo Alto Networks. Proprietary and Confidential
About Palo Alto Networks Founded in 2005 by Nir Zuk, inventor of stateful inspection technology World class team with strong security and networking experience Builds next generation firewalls with innovative identification technologies that manage applications, users, and content Named Gartner Cool Vendor in 2008; 2008 Best of Interop Grand Prize Page 5 | © 2008 Palo Alto Networks. Proprietary and Confidential
Our Identification Technologies Change the Game App-ID Identify the application User-ID Identify the user Content-ID Scan the content Page 6 | © 2008 Palo Alto Networks. Proprietary and Confidential
Traditional Multi-Pass Architectures Port/Protocol-based ID L2/L3 Networking, HA, Config Management, Reporting Port/Protocol-based ID HTTP Decoder L2/L3 Networking, HA, Config Management, Reporting URL Filtering Policy Port/Protocol-based ID IPS Signatures L2/L3 Networking, HA, Config Management, Reporting IPS Policy Port/Protocol-based ID AV Signatures L2/L3 Networking, HA, Config Management, Reporting AV Policy Firewall Policy IPS Decoder AV Decoder & Proxy Page 7 | © 2008 Palo Alto Networks. Proprietary and Confidential
PAN-OS Architecture L2/L3 Networking, HA, Config Management, Reporting APP-ID CONTENT-ID Policy Engine Application Protocol Detection and Decryption Application Protocol Decoding Heuristics Application Signatures URL Filtering Real-Time Threat Prevention Data Filtering Page 8 | © 2008 Palo Alto Networks. Proprietary and Confidential
Real-Time Content Scanning With Content-ID Stream-based, not file-based, for real-time performance - Dynamic reassembly Uniform signature engine scans for broad range of threats in single pass Threat detection covers vulnerability exploits (IPS), virus, and spyware (both downloads and phone-home ) Time File-based ScanningStream-based Scanning ID Content Buffer File Time Scan File Deliver Content ID Content Scan Content Deliver Content Page 9 | © 2008 Palo Alto Networks. Proprietary and Confidential
Purpose-Built Hardware: PA-4000 Series Flash Matching HW Engine Palo Alto Networks’ uniform signatures Multiple memory banks – memory bandwidth scales performance Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Dedicated Control Plane Highly available mgmt High speed logging and route updates 10Gbps 10 Gig Network Processor Front-end network processing offloads security processors Hardware accelerated QoS, route lookup, MAC lookup and NAT. 10Gbps Control Plane Data Plane Page 10 | © 2008 Palo Alto Networks. Proprietary and Confidential
Adds Up to Superior Performance Performance Remote Office/ Medium Enterprise Large Enterprise PA-2000 Series 1Gbps; 500Mbps threat prevention PA-4000 Series 500Mbps; 200Mbps threat prevention 2Gbps; 2Gbps threat prevention 10Gbps; 5Gbps threat prevention 10Gbps; 5Gbps threat prevention (XFP interfaces) Page 11 | © 2008 Palo Alto Networks. Proprietary and Confidential
Flexible Deployment Options Application Visibility Transparent In-Line Firewall Replacement Connect to span port Enables threat and application visibility without inline deployment Connect to span port Enables threat and application visibility without inline deployment Deploy transparently behind existing firewall Enables application control and threat prevention without networking changes Deploy transparently behind existing firewall Enables application control and threat prevention without networking changes Replace existing firewall Enables threat prevention, application and network visibility and control, consolidated policy, high performance Replace existing firewall Enables threat prevention, application and network visibility and control, consolidated policy, high performance Page 12 | © 2008 Palo Alto Networks. Proprietary and Confidential
App-ID enables visibility and control over applications - Safe usage Traditional perimeter security technology hasn’t kept up with change in threats SPA Next Gen Firewall delivers - Performance - Single policy - TCO Summary Page 13 | © 2008 Palo Alto Networks. Proprietary and Confidential
Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
Dynamic Computing & Dynamic Threats Requires Dynamic Security.
Application Usage and Risk Report 7 th Edition, May 2011.
Fortinet Confidential. 2 Fortinet Overview Market-Leading Provider of End-to-End IT Security Solutions Company Stats Founded in 2000 Silicon Valley-based,
Intrusion Prevention anno 2012: Widening the IPS concept.
© 2009 VMware Inc. All rights reserved VMware vShield – Foundation for the Most Secure Cloud Deployments.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye.
Fortinet Confidential Fortinet and Hawaiian Telcom Mike Wysocki - Sales Daryl Jung - SE
Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Identity-based Unified Threat Management One Identity – One Security.
Trends in Endpoint Security by Richard Lau Trends in Endpoint Security by Richard Lau 29 September 2005.
UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls.
Infinigate Security Day September 9 th 2011 Marcel Kooring Business Development Manager.
Winter 2001 VoN Developers Conference -- January 24, 2001 SIP Proxies Jonathan Rosenberg Chief Scientist.
March We think ahead, You go beyond… Prepared by Mona Ramzy Presales team leader
F5 Unified Security Solutions Ralf Sydekum Technical Manager Central & Eastern Europe
Is technology ubiquity a chance to re-connect security? Greg Day Director of Security Strategy.
Firewalls Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Websense Confidential web security | data security | security © 2009 Websense, Inc. All rights reserved. Websense Confidential Websense Hosted Web.
ViPNt ViPNet Product Presentation Infotecs GmbH 2008.
For trusted, first class interactive communications.
1/4/2014 Enterprise to Cloud Mobilize, Secure & Accelerate your Business Customer Date `
Title A Practical Approach to Advanced Threat Detection and Prevention.
Ravi Rao Senior Program Manager Microsoft Corporation WSV303.
Cyber Security in Evolving Enterprise Environments TechNet International 09 Adrian R Hartman, PhD Senior Manager & Architect LGS Innovations, Bell Labs.
NETWORKING COMPONENTS ASSIGNMENT 3 CREATED BY JANICE THOMPSON Instructor: James West Course: 4550.
Is Wi-Fi Ready for This?. High Performance Wi-Fi for Education: Planning, Deploying, and Managing Wi-Fi in Campus Environments © 2011 Xirrus, Inc. All.
Joey Snow Technical Evangelist Microsoft Corporation Session Code: WSV207.
Branch Repeater 5.6, 5.7 & VPX Technical Presentation.
© 2016 SlidePlayer.com Inc. All rights reserved.