1 Securing the Virtualized Data Center With Next-Generation Firewalls
2 Data Center Evolution Page 2
3 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks to provision security policies versus minutes for workloads Security policies require manual and repetitive steps Policies do not follow VM adds, moves, changes Policies are not tied to VM instantiation Policies cannot track VM movement (server or data center) Lack of visibility into the virtual infrastructure Segmentation of virtualized apps of different trust levels Virtualized traffic may not flow outside of virtualized server (Sharepoint application communicating with SQL database) Page 3
4 But Your Existing Challenges Didn t Go Away Attackers Mobile and remote users Enterprise boundary Partners & Contractors Distributed Enterprise Internal employees New Application Landscape Modern Attacks Page 4
5 A New Paradigm for Security is Needed Deliver all the features that are table stakes: - Safe app enablement, threat protection, flexible integration Must become more dynamic - Security policy must be there when VM is created - Security policy must follow VM movement - Security workflows must be automated//orchestrated so it doesn t slow down the data center Consistent, centralized management - Centralized management is critical - Must be consistent for all environments - physical, hybrid, mixed Page 5
6 Safely Enable All Traffic in the DC WHO WHERE WHAT HOW Security Profile Exploits, malware, spyware User/Group/Device Server/Hardware Application Content Segment applications by function, trust levels, and compliance needs Inspect all traffic between security zones by default Manage unknown traffic Page 6
7 Enabling Applications, Users and Content Applications: Safe enablement begins with application classification by App-ID. Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect. Content: Scanning content and protecting against all threats both known and unknown; with Content-ID and WildFire. Page 7
8 NGFW Platforms for the Data Center PA-5000 Series Just because your network is running faster than ever, doesn t mean you have to give up security and visibility All Palo Alto Networks next-generation firewalls support App-ID, User- ID, Content-ID The PA-5000 Series brings app, user, and content visibility and control to 20 Gbps networks Unmatched performance Extended parallel processing hardware architecture Enterprise- and service provider-specific hardware features
9 Introducing the VM-Series Safe Application Enablement of Intra-Host Traffic VM-100 VM-200 VM ,000 sessions 100,000 sessions 250,000 sessions 250 rules 2,000 rules 5,000 rules 10 security zones 20 security zones 40 security zones Next-generation firewall in a virtual form factor Consistent features as hardware-based next-generation firewall Inspects and safely enables intra-host communications (East-West traffic) Tracks VM creation and movement with dynamic address objects Initial support on VMware platform - ESXi 4.1 and ESXi 5.0 Available in 3 models (VM-100, VM-200, VM-300), and supports 2, 4, 8 CPU cores Licensing by firewall capacity Individual, Enterprise, Service-Provider Page 9
10 VM orchestration When new VMs are created, and assigned to address objects, security policies are in place Page , Palo Alto Networks. Confidential and Proprietary.
11 VM Migration Dynamic address objects tracks VM movement to allow security policy to follow VM Page , Palo Alto Networks. Confidential and Proprietary.
12 Automation and Orchestration via REST API Application/service/tenant o Instantiation o Provisioning o Deprovisioning Service state tracking Policy Mapping RESTful XML API over SSL Device Configuration ACC/Report data Automated Compliance Page 12
13 A Comprehensive Approach to Virtualized DC PA-5000 Series VM-Series Safe application enablement Physical Form Factor Virtual Form Factor App-ID, User-ID, Content-ID, GlobalProtect, WildFire Threat protection without performance implications Multi-core hardware. Separate management & data plane. Single pass software architecture Flexible integration Comprehensive networking foundation (routing, VLAN) Integration at layer 1, 2, 3 Single pass software architecture Separate management & data plane. Cloud-readiness Multi-tenancy via virtual systems Multi-tenancy via virtual instances Centralized management, one integrated policy Dynamic objects ties VM movement to policy Cloud orchestration via REST API Panorama with centralized provisioning and logging Page 13
14 Securing The Next-Gen Data Center Requires a Next-Generation Firewall Modern threats, applications, and datacenter architectures are creating network security challenges The dynamic nature of virtualization and cloud requires security to be more agile, and keep up with VM movement Next-generation network security - Safely enables all applications in the datacenter - Protects against all datacenter threats without performance impact - Provides simplified integration into the infrastructure - Ties security policies to VM creation and movement - Security policies orchestrated in line with virtualized workloads Consistent management for virtualized or physical firewalls Page 14
16 Page 16
17 Security and Software-Defined Networking VLAN Palo Alto Networks easily embeds into SDNenabled networks SDN Controller At the gateway, SDN protocols (VXLAN, NVGRE, etc) will be translated to VLANs for context At the host, SDN protocols will be terminated at the hypervisor; dynamic objects + orchestration will provide context Page 17
Securing FlexPod Deployments with Next-Generation Firewalls CHALLENGE The VMware on FlexPod platform is being widely deployed to accelerate the process of delivering virtualized application workloads in
Securing Traditional and Cloud-Based Datacenters With Next-generation Firewalls February 2015 Table of Contents Executive Summary 3 Changing datacenter characteristics 4 Cloud computing depends on virtualization
Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER Summary of Contents Introduction... 3 Intended Audience and purpose of document.... 3 Solution Overview....
VMware vcloud Networking and Security Efficient, Agile and Extensible Software-Defined Networks and Security BROCHURE Overview Organizations worldwide have gained significant efficiency and flexibility
Build a cloud network leveraging best-in-class security and application delivery 2 Introduction With the proliferation of enterprise applications, consumer applications and cloudbased services, IT managers
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
Data Center Micro-Segmentation A Software Defined Data Center Approach for a Zero Trust Security Strategy W H I T E P A P E R Table of Contents Executive Summary... 3 The Software Defined Data Center is
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
With the release of PAN-OS 6.0, we continue to strengthen our leadership through innovation with more than 60 new features to prevent advanced threats, secure virtualized environments, and protect mobile
Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.
Palo Alto Networks In The Data Center: Eliminating Compromise May 2011 Executive Summary In principle, data center network security is easy prevent threats, comply with regulations and enterprise policies,
Set Up the VM-Series Firewall in AWS Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054
Palo Alto Networks Users Group February 2014 Topics of Discussion Syslog configuration, Integration and supported partners Panachrome App Scope Destination NAT Wildfire decision making Pan OS 6.0 brief
Software-Defined Networking: The New Norm for Networks ONF White Paper April 13, 2012 Table of Contents 2 Executive Summary 3 The Need for a New Network Architecture 4 Limitations of Current Networking
_Firewall Palo Alto Networks is the next-generation firewalls that enhance your network security and enable any enterprises to look beyond IP addresses and packets. These innovative firewalls let you see
A Trend Micro White Paper April 2014 PCI DSS 3.0 Compliance How Trend Micro Cloud and Data Center Security Solutions Can Help INTRODUCTION Merchants and service providers that process credit card payments
A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around
SDN Security Considerations in the Data Center ONF Solution Brief October 8, 2013 Table of Contents 2 Executive Summary 3 SDN Overview 4 Network Security Challenges 6 The Implications of SDN on Network
Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization Gateway Use Cases for Virtual Networks with MX Series Routers 1 Table of Contents Executive Summary... 3 Introduction...4
vshield Manager 5.0.1 vshield App 5.0.1 vshield Edge 5.0.1 vshield Endpoint 5.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
WHITE PAPER IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources Table of Contents IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources... 3 Cloud
Windows Server 2012 R2 Networking Technical Scenarios and Solutions Windows Server 2012 R2 Networking - Technical Scenarios and Solutions 1 Table of contents Rethinking Networking with Windows Server 2012
VMware offers dozens of products, but at its core is vsphere, its virtualization platform, and vcenter Server, its management family. Understanding VMware's vsphere, vcenter and vcloud licensing is critical