Presentation is loading. Please wait.

Presentation is loading. Please wait.

NOTES to presenter  Slides 3-6 are very different than what you may have seen before. Review the animation and practice them – there are some speaker.

Similar presentations


Presentation on theme: "NOTES to presenter  Slides 3-6 are very different than what you may have seen before. Review the animation and practice them – there are some speaker."— Presentation transcript:

1 NOTES to presenter  Slides 3-6 are very different than what you may have seen before. Review the animation and practice them – there are some speaker notes. The purpose is to set the stage for complete contextual awareness, leading to what we do and why it is different.  You can then refer back to the context datapoints throughout the entire deck. 1 | ©2014, Palo Alto Networks. Confidential and Proprietary.

2 Palo Alto Networks Technology Update

3 context | ˈ kän ˌ tekst| noun the circumstances that form the setting for an event, statement, or idea, and in terms of which it can be fully understood and assessed 3 | ©2014 Palo Alto Networks. Confidential and Proprietary.

4 context intelligence action 4 | ©2014 Palo Alto Networks. Confidential and Proprietary.

5 5 | ©2014, Palo Alto Networks. Confidential and Proprietary. 344 KB file-sharing URL category pdf file type roadmap.pdf file name bjacobs user prodmgmt group canada destination country source IP destination IP tcp/443 destination port SSL protocol HTTP protocol slideshare application slideshare-uploading application function

6 344 KB 6 | ©2014, Palo Alto Networks. Confidential and Proprietary. unknown URL category exe file type shipment.exe file name fthomas user finance group china destination country SSL protocol HTTP protocol web-browsing application source IP destination IP tcp/443 destination port

7 Secondary Payload Spread Laterally Custom C2 & Hacking Data Stolen Exploit Kit Contact New Domain ZeroAccess Delivered C2 Established Hides within SSL New domain, no reputation Payload evades AV C2 hides using non- standard ports No signature for custom malware Hides in plain sight Payload evades C2 signatures Exfiltration via RDP & FTP 7 | ©2014 Palo Alto Networks. Confidential and Proprietary.

8 Context: A Unique Approach to Protecting your Network  Scans ALL applications (including SSL traffic) to secure all avenues in/out of a network, reduce the attack surface area, and provide context for forensics  Prevents attacks across ALL attack vectors (exploit, malware, DNS, command & control, and URL) with content-based signatures  Detects zero day malware & exploits using public/private cloud and automatically creates signatures for global customer base 8 | ©2014 Palo Alto Networks. Confidential and Proprietary.

9 Traditional Bolt-on Approach App Control Application Signatures Port/Protocol Networking, policy, management, reporting Firewall- Source/Dest, User Port/Protocol Networking, policy, management, reporting IPS IPS Signatures, IPS Decoder Port/Protocol Networking, policy, management, reporting Antivirus/ AV Signatures Decoder & Proxy Port/Protocol Networking, policy, management, reporting L2 L3 L4 L5 L6 L7 9 | ©2014 Palo Alto Networks. Confidential and Proprietary.

10 PA gbps network connection oracle datacenter app credit card data security zone finance group 10 | ©2014 Palo Alto Networks. Confidential and Proprietary.

11 Security Performance Drivers Increasing sophistication of application level attacks, insatiable appetite for more bandwidth drive the need for scalable high performance security Internet Gateway Secure all users on all devices Requires 10+ Gbps Data Center Secure all apps, control access for all users & devices Requires 20+ Gbps Network Segmentation Contain and protect internal resources Requires Gbps 11 | ©2014 Palo Alto Networks. Confidential and Proprietary.

12 PA-7050: The Fastest Next-generation Firewall  Safely enable all applications; full next-generation firewall capabilities  Ground-breaking application layer performance  Simple yet flexible chassis architecture 12 | ©2014 Palo Alto Networks. Confidential and Proprietary.

13 Our Unique Approach Applied Across the Network All Applications, All Attack Vectors, All Threats Segmentation Isolate critical data, business functions Enable applications based on users Block known/unknown threats Gateway Visibility into all traffic Enable apps to reduce exposure Block known/unknown threats Datacenter Validate business applications & users Find rogue/misconfigured apps High speed threat prevention 13 | ©2014 Palo Alto Networks. Confidential and Proprietary.

14 Scalable, Purpose-built Architecture 14 | ©2014 Palo Alto Networks. Confidential and Proprietary.

15 PA-7050: Performance and Capacities Summary PA-7050 SystemPA-7000 NPC Firewall Gbps (App-ID)12020 Threat Gbps (DSRI) Threat Gbps (Full)6010 Firewall PPS (Millions)7212 IPSec VPN Gbps24 4 New sessions per second720, ,000 Max sessions (Millions)24 4 Virtual systems (base/max 2 )25/ | ©2013, Palo Alto Networks. Confidential and Proprietary. PA-7050 requires PAN-OS 6.0 All PAN-OS features are supported except Netflow DSRI and full threat metrics will be published

16 NGFW Throughput vs. Advertised Max 16 | ©2014 Palo Alto Networks. Confidential and Proprietary. Source: Performance metrics are from public facing datasheets for fully loaded Palo Alto Networks PA-7050, Check Point 61000, Juniper SRX 5800 and Fortinet 5140B

17 NGFW Security Performance Relative to Max 17 | ©2013, Palo Alto Networks. Confidential and Proprietary. Source: Performance metrics are from public facing datasheets for fully loaded Palo Alto Networks PA-7050, Check Point 61000, Juniper SRX 5800 and Fortinet 5140B

18 Scalable Linear performance and interface density with each added card High speed backplane supports future network processing cards Scalable Linear performance and interface density with each added card High speed backplane supports future network processing cards Simple & Flexible Chassis Architecture Flexible Flexible and dynamic load distribution across multiple network processing modules allows seamless scalability Flexible Flexible and dynamic load distribution across multiple network processing modules allows seamless scalability Simple Single system view for administration – all PAN-OS features supported System-wide subscriptions and support provide predictable cost model Simple Single system view for administration – all PAN-OS features supported System-wide subscriptions and support provide predictable cost model 18 | ©2014 Palo Alto Networks. Confidential and Proprietary.

19 Virtualization windows operating system sharepoint container UUID VM instance production data center 19 | ©2014 Palo Alto Networks. Confidential and Proprietary.

20 Transforming network security for the data center ChallengesSolution FW doesn’t see the trafficAutomated, transparent services insertion at workload Incomplete security capabilitiesVirtualized next-generation security supporting PAN-OS TM Static policiesDynamic security policies with VM context

21 VM-Series and VMware NSX Integration 21 | ©2014 Palo Alto Networks. Confidential and Proprietary.

22 VMware vCenter or ESXi Dynamic address groups and VM monitoring NameIPGuest OSContainer web-sjc Ubuntu 12.04Web sp-sjc Win 2008 R2SharePoint web-sjc Ubuntu 12.04Web exch-mia Win 2008 R2Exchange exch-dfw Win 2008 R2Exchange sp-mia Win 2008 R2SharePoint db-mia Ubuntu 12.04MySQL db-dfw Ubuntu 12.04MySQL PAN-OS Security Policy SourceDestinationAction PAN-OS Dynamic Address Groups NameTagsAddresses SharePoint Servers MySQL Servers Miami DC San Jose Linux Web Servers NameTagsAddresses SharePoint Servers SharePoint Win 2008 R2 “sp” MySQL Servers MySQL Ubuntu “db” Miami DC“mia” San Jose Linux Web Servers “sjc” “web” Ubuntu NameTagsAddresses SharePoint Servers SharePoint Win 2008 R2 “sp” MySQL Servers MySQL Ubuntu “db” Miami DC“mia” San Jose Linux Web Servers “sjc” “web” Ubuntu IP Name SharePoint Servers MySQL Servers Miami DC San Jose Linux Web Servers SourceDestinationAction San Jose Linux Web Servers SharePoint Servers ✔ MySQL Servers Miami DC  db-mia Ubuntu 12.04MySQL | ©2014, Palo Alto Networks. Confidential and Proprietary.

23 Introducing VM-Series on Citrix NetScaler SDX VM-Series (running PAN-OS TM ) now supported on SDX and Series: Safely enable applications by apps, users, content Protect against known and unknown threats Address risk and compliance mandates Key use cases (details on next 2 slides): Integrated solution for XA/XD deployments Multi-tenant (business units, application owners, service provider) cloud deployments 23 | ©2013, Palo Alto Networks. Confidential and Proprietary. Citrix NetScaler SDX

24 Consolidated Security and Availability for XenApp/XenDesktop 24 | ©2013, Palo Alto Networks. Confidential and Proprietary. Validated, consolidated security and ADC for XenApp/XenDesktop Secure remote access and high availability Safe application enablement for XenApp/XenDesktop users Unique User-ID & Terminal-Services agent integration Segmentation of XenApp/XenDesktop infrastructure Any User Any Device Anywhere Internet applications Citrix NetScaler SDX with VM-Series On-premise applications Citrix Receiver XenApp/XenDesktop (VDI Environment)

25 Multi-tenant Security and ADC Services 25 | ©2013, Palo Alto Networks. Confidential and Proprietary. Multi-tenant security and availability for enterprises and cloud data centers Dedicated instances of network services for different tenants Addresses independent security and load balancing needs Per application load balancing with dedicated firewalling Firewall ADC Tenant 1 Tenant 2 Tenant 3 Citrix NetScaler with VM-Series

26 WildFire registry changes DNS lookups visited URLs C2 traffic system file tampering RAT download global input 26 | ©2014 Palo Alto Networks. Confidential and Proprietary.

27 Basic WildFireWildFire Subscription WF-500 PAN-OS 5.0PAN-OS 6.0PAN-OS 5.0PAN-OS minute signatures ✓✓ Public Cloud Integrated logging ✓✓✓✓ WF-500 support ✓✓ N/A API access ✓✓ Public Cloud Windows PE (DLL & EXE) ✓✓✓✓✓ PDF ✓✓ Office Documents ✓✓ Java ✓✓ Windows XP ✓✓✓✓✓ Windows 7 ✓✓✓✓✓ Android APK ✓ 27 | ©2014 Palo Alto Networks. Confidential and Proprietary.

28 GlobalProtect patched encrypted storage corporate device OS version jailbroken passcode malware installed 28 | ©2014 Palo Alto Networks. Confidential and Proprietary.

29 HeadquartersBranch Office Home Office Hotel Airport Enterprise-secured with full protection Exposed to threats, risky apps, and data leakage 29 | ©2014 Palo Alto Networks. Confidential and Proprietary.

30 GlobalProtect Mobile Security Solution

31 Summary  New, high performance hardware platforms  Continued innovation in the battle against advanced cyber threats  More security automation in virtualized environments  Expanding further into mobile security 31 | ©2014, Palo Alto Networks. Confidential and Proprietary.

32 Q&A

33


Download ppt "NOTES to presenter  Slides 3-6 are very different than what you may have seen before. Review the animation and practice them – there are some speaker."

Similar presentations


Ads by Google