Presentation is loading. Please wait.

Presentation is loading. Please wait.

Palo Alto Networks Customer Presentation

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Palo Alto Networks Customer Presentation"— Presentation transcript:

1 Palo Alto Networks Customer Presentation
Click to edit Master text styles Second level Third level Fourth level Fifth level November 2009 Ozan Ozkara 1 1

2 About Palo Alto Networks
Founded in 2005 by a world-class team with strong security and networking experience Innovations: App-ID, User-ID, Content-ID Builds next-generation firewalls that identify and control more than 850 applications; makes firewall strategic again Global footprint: presence in 50+ countries, 24/7 support © 2009 Palo Alto Networks. Proprietary and Confidential. 2 2

3 Applications Have Changed – Firewalls Have Not
The gateway at the trust border is the right place to enforce policy control Sees all traffic Defines trust boundary Need to Restore Visibility and Control in the Firewall © 2009 Palo Alto Networks. Proprietary and Confidential. 3 3 3

4 Applications Carry Risk
Applications can be “threats” P2P file sharing, tunneling applications, anonymizers, media/video Applications carry threats SANS Top 20 Threats – majority are application-level threats Applications & application-level threats result in major breaches – Pfizer, VA, US Army © 2009 Palo Alto Networks. Proprietary and Confidential.

5 Application Control Efforts are Failing
Palo Alto Networks’ Application Usage & Risk Report highlights actual behavior of 900,000 users across more than 60 organizations Bottom line: despite all having firewalls, and most having IPS, proxies, & URL filtering – none of these organizations could control what applications ran on their networks Applications evade, transfer files, tunnel other applications, carry threats, consume bandwidth, and can be misused. Applications carry risks: business continuity, data loss, compliance, productivity, and operations costs Applications are built for accessibility. 57% of the applications found – both business and consumer – use port 80, port 443 or port hop to simplify access Applications that enable users to circumvent security are common. Proxies (81), remote desktop access (95%) and encrypted tunnel applications were detected across the participants File sharing usage is rampant. P2P file sharing was found in 92% of the time, browser-based file sharing continues to gain in popularity (76%) Controls are failing. 100% of the customers had firewalls, while 87% had added security (IPS, Proxy, URLF) Page 5 | © 2009 Palo Alto Networks. Proprietary and Confidential. © 2009 Palo Alto Networks. Proprietary and Confidential. 5 5 5

6 Sprawl Is Not The Answer
Internet “More stuff” doesn’t solve the problem Firewall “helpers” have limited view of traffic Complex and costly to buy and maintain Putting all of this in the same box is just slow Page 6 | © 2009 Palo Alto Networks. Proprietary and Confidential.

7 The Right Answer: Make the Firewall Do Its Job
New Requirements for the Firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Protect in real-time against threats embedded across applications 4. Fine-grained visibility and policy control over application access / functionality 5. Multi-gigabit, in-line deployment with no performance degradation © 2009 Palo Alto Networks. Proprietary and Confidential. 7 7 7

8 Identification Technologies Transform the Firewall
App-ID Identify the application User-ID Identify the user Content-ID Scan the content © 2009 Palo Alto Networks. Proprietary and Confidential. 8 8

9 Purpose-Built Architecture: PA-4000 Series
03/05/07 Purpose-Built Architecture: PA-4000 Series Content Scanning Engine RAM Content Scanning HW Engine Palo Alto Networks’ uniform signatures Multiple memory banks – memory bandwidth scales performance Dedicated Control Plane Highly available mgmt High speed logging and route updates 10Gbps CPU 1 CPU 2 CPU 3 CPU 16 RAM Dual-core CPU RAM . . Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) RAM RAM SSL IPSec De-Compression HDD 10Gbps QoS Route, ARP, MAC lookup NAT 10 Gig Network Processor Front-end network processing offloads security processors Hardware accelerated QoS, route lookup, MAC lookup and NAT Control Plane Data Plane © 2009 Palo Alto Networks. Proprietary and Confidential. 9 9 9

10 Enables Visibility Into Applications, Users, and Content
Page 10 | Page 10 | © 2008 Palo Alto Networks. Proprietary and Confidential. © 2009 Palo Alto Networks. Proprietary and Confidential. © 2008 Palo Alto Networks. Proprietary and Confidential. 10 10

11 PAN-OS Core Firewall Features
Visibility and control of applications, users and content complement core firewall features Strong networking foundation Dynamic routing (OSPF, RIPv2) Tap mode – connect to SPAN port Virtual wire (“Layer 1”) for true transparent in-line deployment L2/L3 switching foundation VPN Site-to-site IPSec VPN SSL VPN QoS traffic shaping Max/guaranteed and priority By user, app, interface, zone, IP and scheduled Zone-based architecture All interfaces assigned to security zones for policy enforcement High Availability Active / passive Configuration and session synchronization Path, link, and HA monitoring Virtual Systems Establish multiple virtual firewalls in a single device (PA-4000 & PA-2000 Series only) Simple, flexible management CLI, Web, Panorama, SNMP, Syslog, XML API PA-4060 PA-4050 PA-4020 PA-2050 PA-2020 PA-500 © 2009 Palo Alto Networks. Proprietary and Confidential. 11 11

12 Flexible Deployment Options
Visibility Transparent In-Line Firewall Replacement Application, user and content visibility without inline deployment IPS with app visibility & control Consolidation of IPS & URL filtering Firewall replacement with app visibility & control Firewall + IPS Firewall + IPS + URL filtering © 2009 Palo Alto Networks. Proprietary and Confidential.

13 Enterprise Device and Policy Management
Intuitive and flexible management CLI, Web, Panorama, SNMP, Syslog Role-based administration enables delegation of tasks to appropriate person Panorama central management application Shared policies enable consistent application control policies Consolidated management, logging, and monitoring of Palo Alto Networks devices Consistent web interface between Panorama and device UI Network-wide ACC/monitoring views, log collection, and reporting All interfaces work on current configuration, avoiding sync issues Intuitive and flexible management options CLI, Web and Panorama central management application SNMP, Syslog Panorama central management application Panorama is a central management application enabling consolidated management, logging, and monitoring of Palo Alto Networks devices Consistent web interface with device, simplifying learning curve and obviating need for client software installation Provides network-wide ACC/monitoring views, log collection, and reporting All management interfaces work with latest config, avoiding out of sync issues common with multi-level management Automated Updates Automatic install or staging of updates App-ID signatures Threat signatures Software maintenance releases Zero-downtime upgrading of signatures and maintenance releases © 2009 Palo Alto Networks. Proprietary and Confidential. 13 13

14 Addresses Three Key Business Problems
Identify and Control Applications Visibility of over 850 applications, regardless of port, protocol, encryption, or evasive tactic Fine-grained control over applications (allow, deny, limit, scan, shape) Fixes the firewall Prevent Threats Stop a variety of threats – exploits (by vulnerability), viruses, spyware Stop leaks of confidential data (e.g., credit card #, social security #) Stream-based engine ensures high performance Simplify Security Infrastructure Fix the firewall, rationalize security infrastructure Reduce complexity in architecture and operations © 2009 Palo Alto Networks. Proprietary and Confidential.

15 Thank You Click to edit Master text styles Second level Third level
Fourth level Fifth level 15 15

16 Additional Information
Speeds and Feeds, Deployment, Customers, TCO, Support, and Management

17 Palo Alto Networks Next-Gen Firewalls
10 Gbps FW 5 Gbps threat prevention 2,000,000 sessions 4 XFP (10 Gig) I/O 4 SFP (1 Gig) I/O PA-4050 10 Gbps FW 5 Gbps threat prevention 2,000,000 sessions 16 copper gigabit 8 SFP interfaces PA-4020 2 Gbps FW 2 Gbps threat prevention 500,000 sessions 16 copper gigabit 8 SFP interfaces PA-2050 1 Gbps FW 500 Mbps threat prevention 250,000 sessions 16 copper gigabit 4 SFP interfaces PA-2020 500 Mbps FW 200 Mbps threat prevention 125,000 sessions 12 copper gigabit 2 SFP interfaces PA-500 250 Mbps FW 100 Mbps threat prevention 50,000 sessions 8 copper gigabit © 2009 Palo Alto Networks. Proprietary and Confidential 17

18 Leading Organizations Trust Palo Alto Networks
Health Care Financial Services Government Media / Entertainment / Retail Service Providers / Services Education Mfg / High Tech / Energy © 2009 Palo Alto Networks. Proprietary and Confidential

19 Fix The Firewall – and Save Money!
Capital cost – replace multiple devices Legacy firewall, IPS, URL filtering device (e.g., proxy, secure web gateway) Cut by as much as 80% “Hard” operational expenses Support contracts Subscriptions Power and HVAC Save on “soft” costs too Rack space, deployment/integration, headcount, training, help desk calls Cut by as much as 65% Capital cost reduction. This is pretty straightforward – less boxes means less boxes to buy. For most organizations, where these functions already exist, this comes into play at refresh time – let’s say the customer is looking at IPS, but a firewall refresh is 10 months down the road… On the URL filtering subscription front – this comparison is with renewal list price for Websense Web Filter vs. list price for our URL filtering subscription.  Comparing 4 different scenarios (500/1000/2500/5000 users), the lowest savings was 80% (highest was 88%).  This is cost for annual subscription only (not looking at our hardware or the HW required to run Websense).  We can often save organizations enough money that they can buy our HW too with the Websense renewal budget.  There are other URL filtering vendors that charge less, obviously – so the 80% number will vary. Maintenance and support is a major factor as well. Support for firewall vs firewall is a wash, but if we consolidate the functions that the proxy is performing (or web security gateway that runs the URL filtering database), and we start to look much more cost effective with regard to these fees. IPS annual maintenance/support is a wash, since our threat subscription offsets the maintenance on the standalone IPS box. Other ops costs – For large organizations, rack space and power/HVAC is a big deal. For these customers, we have a more complex spreadsheet in the works (contact product marketing for an early copy). The other pieces (headcount, training, etc.) are largely soft costs that we won’t assign a number to, but sometimes can get folks thinking. © 2009 Palo Alto Networks. Proprietary and Confidential. 19 19

20 Legendary Customer Support Experience
Strong TSE team with deep network security and infrastructure knowledge Experience with every major firewall TSEs average over 15 years of experience TSEs co-located with engineering – in Sunnyvale, CA Premium and Standard offerings Rave reviews from customers Customer support has always been amazing. Whenever I call, I always get someone knowledgeable right away, and never have to wait. They give me the answer I need quickly and completely. Every support rep I have spoken with knows his stuff. -Mark Kimball, Hewlett-Packard Customer support has been extraordinarily helpful – which is not the norm when dealing with technology companies. Their level of knowledge, their willingness to participate – it’s night and day compared to other companies. It’s an incredible strength of Palo Alto Networks. -James Jones, UPMC Page 20 | © 2007 Palo Alto Networks. Proprietary and Confidential © 2009 Palo Alto Networks. Proprietary and Confidential.

21 Single-Pass Parallel Processing (SP3) Architecture
Operations once per packet Traffic classification (app identification) User/group mapping Content scanning – threats, URLs, confidential data One policy Parallel Processing Function-specific parallel processing hardware engines Separate data/control planes Up to 10Gbps, Low Latency © 2009 Palo Alto Networks. Proprietary and Confidential. 21 21

22 Comprehensive View of Applications, Users & Content
Application Command Center (ACC) View applications, URLs, threats, data filtering activity Mine ACC data, adding/removing filters as needed to achieve desired result Filter on Skype Remove Skype to expand view of oharris Filter on Skype and user oharris © 2009 Palo Alto Networks. Proprietary and Confidential.

Download ppt "Palo Alto Networks Customer Presentation"

Similar presentations

Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.

Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Palo Alto Networks Overview

Palo Alto Networks Overview
Business Solutions Network Security Solutions Gateway Security

Business Solutions Network Security Solutions Gateway Security
Palo Alto Networks Product Overview

Palo Alto Networks Product Overview
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Next Generation Network Security Carlos Heller System Engineering.

Next Generation Network Security Carlos Heller System Engineering.
True Unified Threat Management

True Unified Threat Management
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
About Palo Alto Networks

About Palo Alto Networks
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Overview Stewart Varney Bridge IT – 304-736-2800 Wednesday April 6, 2011.

Overview Stewart Varney Bridge IT – Wednesday April 6, 2011.
Palo Alto Networks Solution Overview May 2010 Denis Pechnov Sales, EMEA.

Palo Alto Networks Solution Overview May 2010 Denis Pechnov Sales, EMEA.

Similar presentations

Ads by Google