Critical application visibility and control with Palo Alto Networks

Transcription

1 Critical application visibility and control with Palo Alto Networks Zion Ezra InnoCom LTD Zion Ezra VP Security InnoCom LTD

2 Select InnoCom Vendors NETWORK SECURITY Next Generation Firewall Next Generation Cyber Attacks Cloud based Web Security HIGH SPEED NETWORKING WAN Optimization Giga Load Balancers n WLAN & MOBILE SECURITY Security Smart Phones & Tablet Security

3 About Palo Alto Networks Palo Alto Networks is the Network Security Company World-class team with strong security and networking experience - Founded in 2005, first customer July 2007, top-tier investors Builds next-generation firewalls that identify / control 1,300+ applications - Restores the firewall as the core of enterprise network security infrastructure - Innovations: App-ID, User-ID, Content-ID Global momentum: 5,300+ customers - August 2011: Annual bookings run rate is over US$200 million*, cash-flow positive last five consecutive quarters A few of the many enterprises that have deployed more than $1M Page Palo Alto Networks. Proprietary and Confidential. (*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable orders received during the fiscal period. Palo Alto Networks fiscal year runs from August 1st until July 31st.

4 ability to execute 2010 Magic Quadrant for Enterprise Network Firewalls Cisco Juniper Networks McAfee Fortinet Check Point Software Technologies Stonesoft WatchGuard NETASQ 3Com/H3C SonicWALL phion Astaro Palo Alto Networks Source: Gartner niche players visionaries completeness of vision As of March 2010 Page Palo Alto Networks. Proprietary and Confidential.

5 2011 Magic Quadrant for Enterprise Network Firewalls Source: Gartner Page Palo Alto Networks. Proprietary and Confidential.

6 Gartner: Palo Alto Networks is a Leader Enterprises need next-generation firewalls - In 2010 and 2011, Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms that provide the capability to detect and block sophisticated attacks, as well as enforce granular security policy at the application (versus port and protocol) level. - As enterprises increase the use of Web-based applications with more complex connections within applications, more complex data centers and more data being presented to customers firewalls have had to keep up with features and performance to meet these changing needs. - Less than 5% of Internet connections today are secured using NGFWs. By year-end 2014, this will rise to 35% of the installed base, with 60% of new purchases being NGFWs. Gartner notes: - Palo Alto Networks' high-performance NGFW functionality continues to drive competitors to react in the firewall market. It is assessed as a Leader mostly because of its NGFW design, redirection of the market along the NGFW path, consistent displacement of Leaders and Challengers, and market disruption forcing Leaders to react. Page Palo Alto Networks. Proprietary and Confidential.

7 About the Founder 2005-today Founder and CTO at Palo Alto Networks - Next Generation Firewall CTO at NetScreen/Juniper Founder and CTO at OneSecure - World s first Network IPS Principal Engineer at Check Point Software

8 Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government Media / Entertainment / Retail Service Providers / Services Mfg / High Tech / Energy Education Page Palo Alto Networks. Proprietary and Confidential

9 InnoCom Customers - Palo Alto Networks Government Hi Tech נתיב משרד ראש הממשלה Health & Finance Media & Communication Industry & Retail Service Providers

10 11 The Modern Threats & attacks

11 Known Attacks

12 The 5 Steps for Smart Attacks bait exploit download back channel steal protection is needed at all stages

13 Applications Carry Risk Applications can be threats P2P file sharing, tunneling applications, anonymizers, media/video Applications carry threats Qualys Top 20 Vulnerabilities majority result in applicationlevel threats Applications & application-level threats result in major breaches RSA, Comodo, FBI Page Palo Alto Networks. Proprietary and Confidential.

14 exploits come in thru many applications

15 Application Control Efforts are Failing Palo Alto Networks Application Usage & Risk Report highlights actual behavior of 900,000 users across more than 60 organizations - Applications are built for accessibility - Tools that enable users to circumvent security are common - File sharing usage P2P and browser-based is rampant - Controls are failing All had Firewalls, many had IPS, proxies, & URL filtering Applications carry risks: business continuity, data loss, compliance, productivity, and operations costs Page Palo Alto Networks. Proprietary and Confidential.

16 Enterprise 2.0 Applications and Risks Widespread Palo Alto Networks latest Application Usage & Risk Report highlights actual behavior of 1M+ users in 1253 organizations - More enterprise 2.0 application use for personal and business reasons. - Tunneling and port hopping are common - Bottom line: all had firewalls, most had IPS, proxies, & URL filtering but none of these organizations could control what applications ran on their networks Page Palo Alto Networks. Proprietary and Confidential.

17 Users Will Find A Way Remote Access RDP 80% - 27 variants found 95% of the time SSH telnet LogM ein 53% 62% 76% Team View er 42% External Proxies - 22 variants found 76% of the time CGIProxy PHProxy CoralCDN FreeGate 15% 30% 30% 27% Glype Proxy 14% Encrypted Tunnels - Non-VPN related found 30% of the time Source: Palo Alto Networks Application Usage and Risk Report, Spring 2010 Tor 15% Ham achi 13% UltraSurf 9% Gbridge 3% Gpass 3% 00% 20% 40% 60% 80%

18 From The news Page Palo Alto Networks. Proprietary and Confidential.

19 Why Visibility & Control Must Be In The Firewall Application Control as an Add-on Traffic Firewall Port IPS Port-based FW + App Ctrl (IPS) = two policies Applications are threats; only block what you expressly look for Port Policy Decision Applications App Ctrl Policy Decision Implications Network access decision is made with no information Cannot safely enable applications NGFW Application Control Application control is in the firewall = single policy Visibility across all ports, for all traffic, all the time Implications Network access decision is made based on application identity Safely enable application usage Traffic Firewall Applications App Ctrl Policy Decision Application IPS Scan Application for Threats Page Palo Alto Networks. Proprietary and Confidential.

20 HTTP: Universal Application Protocol HTTP is 64% of enterprise bandwidth Most HTTP traffic is client/server (54%) proxies cannot deal with it Browser-based applications are 46% - some work with proxies and some don t Web browsing is 23% All HTTP Applications Browser-based Applications Web Browsing Page Palo Alto Networks. Proprietary and Confidential.

21 Application Control vs. Blocking Blocking applications, even if possible, is not the answer Yes, there are harmful applications that need to be blocked Many Web 2.0 applications are useful - Enhancing productivity - Giving competitive advantage to the business It s all about visibility and control - Who is using what? - Control and secure modern applications - Control features use

22 Palo Alto Palo Alto Next Generation FW Page Palo Alto Networks. Proprietary and Confidential.

23 Palo Alto Networks Next-Generation Security Device New Requirements for Security Device 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Granular visibility and policy control over application access / functionality 4. Protect in real-time against threats embedded across applications 5. Multi-gigabit, in-line deployment with no performance degradation Page Palo Alto Networks. Proprietary and Confidential.

24 Palo Alto Networks Exceeds NGFW Requirements In Defining the Next-Generation Firewall, Gartner describes what Palo Alto Networks already delivers Application Awareness and Full Stack Visibility App-ID Identifies and controls applications Integrated Rather Than Co-Located IPS Content-ID includes full IPS, without compromising performance Extra-Firewall Intelligence to Identify Users User-ID brings AD users and groups into firewall policy Standard First-Generation Firewall Capabilities Packet filtering, state, flexible NAT, IPSec, SSL VPNs, etc. Support bump in the wire Deployments Gartner s Recommendations Move to next-generation firewalls at the next refresh opportunity whether for firewall, IPS, or the combination of the two. Page Palo Alto Networks. Proprietary and Confidential.

25 Unique Technologies Transform the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content Page Palo Alto Networks. Proprietary and Confidential.

26 App-ID: Comprehensive Application Visibility Policy-based control more than applications distributed across five categories and 25 sub-categories Balanced mix of business, internet and networking applications and networking protocols ~ 5-10 new applications added weekly Page Palo Alto Networks. Proprietary and Confidential.

27 User-ID: Enterprise Directory Integration Users no longer defined solely by IP address - Leverage existing Active Directory infrastructure without complex agent rollout - Identify Citrix users and tie policies to user and group, not just the IP address Understand user application and threat behavior based on actual AD username, not just IP Manage and enforce policy based on user and/or AD group Investigate security incidents, generate custom reports Page Palo Alto Networks. Proprietary and Confidential.

28 Content-ID: Real-Time Content Scanning Detect and block a wide range of threats, limit unauthorized data transfer and control non-work related web surfing Stream-based, not file-based, for real-time performance - Uniform signature engine scans for broad range of threats in single pass - Vulnerability exploits (IPS), viruses, and spyware (both downloads and phone-home) Block transfer of sensitive data and file transfers by type - Looks for CC # and SSN patterns - Looks into file to determine type not extension based Web filtering enabled via fully integrated URL database - Local 20M URL database (76 categories) maximizes performance (1,000 s URLs/sec) - Dynamic DB adapts to local, regional, or industry focused surfing patterns Page Palo Alto Networks. Proprietary and Confidential.

29 NSS Labs, the world s largest security and performance testing lab, have recently completed in-depth IPS testing of the Palo Alto Networks next-gen firewall. Our solution was tested against 1,179 live exploits in what was the industry's most comprehensive IPS test to date. The results were crystal clear and provided the hard proof of what our nextgeneration firewalls can really do. Key results include: The highest IPS block rate in recent history (93.4%) 100% resistance to IPS evasion techniques Simple IPS configuration and tuning Provided all the above while exceeding the datasheet performance metrics by 115% Page Palo Alto Networks. Proprietary and Confidential.

30 Palo Alto Networks: IPS, Protection + Performance Strong threat prevention - NSS: 93.4% block rate, 100% resistance to evasion, 115% of rated performance - The only IPS that catches threats on non-standard ports - Scan inbound and outbound SSL (decrypt) and compressed traffic - Assure only authorized applications are using network resources - Allow SSH,RDP but only for authorized staff Page Palo Alto Networks. Proprietary and Confidential.

31 Single-Pass Parallel Processing (SP3) Architecture Single Pass Operations once per packet - Traffic classification (app identification) - User/group mapping - Content scanning threats, URLs, confidential data One policy Parallel Processing Function-specific hardware engines Separate data/control planes Up to 10Gbps, Low Latency Page Palo Alto Networks. Proprietary and Confidential.

32 PA-5000 Series Architecture Highly available mgmt High speed logging and route update Dual solid-state drives Quad-core CPU Control Plane 80 Gbps switch fabric interconnect 20 Gbps QoS engine QoS RAM RAM SSD SSD Switch Fabric Switch Fabric Signature Match HW Engine Stream-based uniform sig. match Vulnerability exploits (IPS), virus, spyware, CC#, SSN, and more 40+ processors 30+ GB of RAM 10Gbps Separate high speed data and CPU 1 control planes CPU 2 Security Processors High density parallel processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) 20Gbps Data Plane 10Gbps... CPU RAM CPU CPU... CPU RAM CPU CPU RAM RAM 1 2 Flow control Signature Match De- De- SSL 20 IPSec Gbps SSL IPSec Compress. firewall throughput Compress. Route, ARP, MAC lookup RAM RAM RAM RAM 10 Gbps threat prevention throughput 4 Million concurrent sessions NAT SSL Signature Match IPSec CPU 12 RAM RAM RAM RAM RAM RAM De- Compress. Network Processor 20 Gbps front-end network processing Hardware accelerated per-packet route lookup, MAC lookup and NAT Page Palo Alto Networks. Proprietary and Confidential.

33 Traditional Multi-Pass Architectures are Slow IPS Policy AV Policy URL Filtering Policy IPS Signatures AV Signatures Firewall Policy HTTP Decoder IPS Decoder AV Decoder & Proxy Port/Protocol-based ID Port/Protocol-based ID Port/Protocol-based ID Port/Protocol-based ID L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting Page Palo Alto Networks. Proprietary and Confidential.

34 Powerful Policy-Based Control Browse more than 1300 applications based on name, category, technology or characteristic Immediately translate results into positive enforcement model firewall rules Policy enforcement by end-user / group identities from Active Directory or IP address Page Palo Alto Networks. Proprietary and Confidential.

35 Palo Alto Palo Alto Network Sniffer Page Palo Alto Networks. Proprietary and Confidential.

36 Visibility into Applications, Users & Content Filter on Skype User hzielinski Remove Skype to expand view of hzielinski Page Palo Alto Networks. Proprietary and Confidential.

37 Palo Alto Palo Alto Rich reports Page Palo Alto Networks. Proprietary and Confidential.

38 Demo (offline) Traffic Log Page Palo Alto Networks. Proprietary and Confidential.

39 Enables Executive Visibility Page Palo Alto Networks. Proprietary and Confidential.

40 PAN-OS Features Visibility and control of applications, users and content are complemented by core firewall features Strong networking foundation - Dynamic routing (OSPF, RIPv2) - Site-to-site IPSec VPN - SSL VPN for remote access - Tap mode connect to SPAN port - Virtual wire ( Layer 1 ) for true transparent in-line deployment - L2/L3 switching foundation QoS traffic shaping - Max/guaranteed and priority - By user, app, interface, zone, and more Zone-based architecture - All interfaces assigned to security zones for policy enforcement High Availability - Active / Active - Configuration and session synchronization - Path, link, and HA monitoring Virtual Systems - Establish multiple virtual firewalls in a single device (PA-4000 Series only) Simple, flexible management - CLI, Web, Panorama, SNMP, Syslog PA-4060 PA-4050 PA-4020 PA-2050 PA-2020 PA-500 Page Palo Alto Networks. Proprietary and Confidential.

41 Enterprise Device and Policy Management Intuitive and flexible management - CLI, Web, Panorama, SNMP, Syslog - Role-based administration enables delegation of tasks to appropriate person Panorama central management application - Shared policies enable consistent application control policies - Consolidated management, logging, and monitoring of Palo Alto Networks devices - Consistent web interface between Panorama and device UI - Network-wide ACC/monitoring views, log collection, and reporting All interfaces work on current configuration, avoiding sync issues Page Palo Alto Networks. Proprietary and Confidential.

42 NGFW for mobile devices

43 Today: Quality of Security Tied to Location botnets Enterprise Network Security Security Based on Best-Practices Full-Featured NGFW and Threat Prevention No Network Security Security Based on Best-Effort Exposed to threats, risky app usage and more Page Palo Alto Networks. Proprietary and Confidential.

44 Introducing GlobalProtect Users never go off-network regardless of location All firewalls work together to provide cloud of network security How it works: - Small agent determines network location (on or off the enterprise network) - If off-network, the agent automatically connects the laptop to the nearest firewall via SSL VPN - Agent submits host information profile (patch level, asset type, disk encryption, and more) to the gateway - Gateway enforces security policy using App-ID, User-ID, Content-ID AND host information profile Page Palo Alto Networks. Proprietary and Confidential.

45 Zero Day Attacks Protection

46 a sandbox at the core

47 Flexible Deployment Options Transparent In-Line Firewall Replacement Ultimate segmentation Datacenter 1 Datacenter 2 Segment C Segment A Segment B IPS with app visibility & control Consolidation of IPS & URL filtering Firewall replacement with app visibility & control Firewall + IPS Firewall + IPS + URL filtering Controls applications & users for datacenter resource access IPS with app visibility & content control

48 Palo Alto Networks: IPS Protection + Performance Strong threat prevention - NSS: 93.4% block rate, 100% resistance to evasion, 115% of rated performance - The only IPS that catches threats on non-standard ports - Scan inbound and outbound SSL (decrypt) and compressed traffic - Assure only authorized applications are using network resources - Allow SSH,RDP but only for authorized staff Page Palo Alto Networks. Proprietary and Confidential.

49 Palo Alto Networks Next-Gen Firewalls PA Gbps FW/10 Gbps threat prevention/4,000,000 sessions 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit PA Gbps FW/5 Gbps threat prevention/2,000,000 sessions 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit PA Gbps FW/2 Gbps threat prevention/1,000,000 sessions 8 SFP, 12 copper gigabit PA Gbps FW/5 Gbps threat prevention/2,000,000 sessions 4 XFP (10 Gig), 4 SFP (1 Gig) PA Gbps FW/5 Gbps threat prevention/2,000,000 sessions 8 SFP, 16 copper gigabit PA Gbps FW/2 Gbps threat prevention/500,000 sessions 8 SFP, 16 copper gigabit PA Gbps FW/500 Mbps threat prevention/250,000 sessions 4 SFP, 16 copper gigabit PA Mbps FW/200 Mbps threat prevention/125,000 sessions 2 SFP, 12 copper gigabit PA Mbps FW/100 Mbps threat prevention/50,000 sessions 8 copper gigabit Page Palo Alto Networks. Proprietary and Confidential

50 the innovative approach

51 extend security to all network traffic

52

53

54 Thank You Zion Ezra VP Sales

55 POC and AVR Report Page Palo Alto Networks. Proprietary and Confidential.

56 AVR Report Page Palo Alto Networks. Proprietary and Confidential.

57 AVR Report Page Palo Alto Networks. Proprietary and Confidential.

58 UTM Is Still Sprawl Just Slower Internet Doesn t solve the problem Firewall helper functions have limited view of traffic Turning on functions kills performance Page Palo Alto Networks. Proprietary and Confidential.

59 Traditional Multi-Pass Architectures are Slow IPS Policy AV Policy URL Filtering Policy IPS Signatures AV Signatures Firewall Policy HTTP Decoder IPS Decoder AV Decoder & Proxy Port/Protocol-based ID Port/Protocol-based ID Port/Protocol-based ID Port/Protocol-based ID L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting Page Palo Alto Networks. Proprietary and Confidential.

60 Applications Have Changed Firewalls Have Not The gateway at the trust border is the right place to enforce policy control SaaS Collaboration / Media Personal - Sees all traffic - Defines trust boundary BUT Applications Have Changed - Ports Applications - IP Addresses Users - Packets Content Need to Restore Visibility and Control in the Firewall Page Palo Alto Networks. Proprietary and Confidential.

61 exploit protection many months pass between black-hat discovery, white hat discovery, and protection being available

62 need to protect all applications

63 a sandbox at the core

64 needs user-based access control

65 needs high-speed IPS and AV

66 need to perform across all applications

67 need to block the unknown

68 conclusion: advanced-malware protection belongs in a next generation firewall

69 DEMO

70

71

72 INSANITY doing the same thing over and over again and expecting different results

73 block applications and users

74 the innovative approach

75 extend security to all network traffic

76

77

78 20 Gpbs Firewall, 10 Gbps Threat Prevention

79 Highly available mgmt High speed logging and route update Dual hard drives Signature Match HW Engine Stream-based uniform sig. match Vulnerability exploits (IPS), virus, spyware, CC#, SSN, and more Signature Match RAM RAM RAM Signature Match RAM RAM RAM RAM 10Gbps RAM 10Gbps RAM Quad-core CPU RAM HDD HDD CPU 1 CPU 2... CPU RAM CPU CPU... CPU RAM CPU CPU RAM RAM 1 2 CPU 12 RAM RAM Control Plane SSL IPSec De- Compress. SSL IPSec De- Compress. SSL IPSec De- Compress. 20Gbps 80 Gbps switch fabric interconnect 20 Gbps QoS engine QoS Switch Fabric Switch Fabric Security Processors High density parallel processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Flow control Route, ARP, MAC lookup Data Plane NAT Network Processor 20 Gbps front-end network processing Hardware accelerated per-packet route lookup, MAC lookup and NAT

80 NGFW for mobile devices

81 Source: Gartner (March 2010) As of March 2010

82 RPC SMS SQL SharePoint NetBIOS SMB Data Center Network Security in Transition Port 80 Port 139 Port 135 Port 137 Port 443 Today s network security is based on outdated assumptions Ports Applications IP addresses Users *Plus random high ports Threats > Exploits Applications employ dynamic, random, and heavily-used ports - fundamentally breaking port-based network security Need to Restore Application Visibility & Control in the Firewall Page Palo Alto Networks. Proprietary and Confidential

83 Palo Alto Networks: Protection + Performance Strong threat prevention - NSS: 93.4% block rate, 100% resistance to evasion, 115% of rated performance - The only IPS that catches threats on non-standard ports - Scan inbound and outbound SSL (decrypt) and compressed traffic - Assure only authorized applications are using network resources - Allow SSH,RDP but only for authorized staff Page Palo Alto Networks. Proprietary and Confidential.

84 NGFW: Networking Power and Flexibility Page Palo Alto Networks. Proprietary and Confidential.

85 PA-5000 Series Models and Specifications PA Gbps FW 10 Gbps threat prevention 4 Gbps IPSec VPN 20,000 SSL VPN Users 4,000,000 sessions Up to 225 VSYS (4) SFP+ (10 Gig) I/O (8) SFP (1 Gig) I/O (12) 10/100/1000 PA Gbps FW 5 Gbps threat prevention 4 Gbps IPSec VPN 10,000 SSL VPN Users 2,000,000 sessions Up to 125 VSYS (4) SFP+ (10 Gig) I/O (8) SFP (1 Gig) I/O (12) 10/100/1000 PA Gbps FW 2 Gbps threat prevention 2 Gbps IPSec VPN 5,000 SSL VPN Users 1,000,000 sessions Up to 20 VSYS (8) SFP (1 Gig) I/O (12) 10/100/1000 Hot swappable fans, power supplies Dual, solid state hard drives Dedicated HA and management interfaces 2U standard rack mount form factor Page Palo Alto Networks. Proprietary and Confidential.

86 NGFWs Eliminate Data Center Compromise Prevent Threats - Stop a wide range of threats, on all allowed traffic - Proven quality (NSS tested and Recommended ) - Security by policy, not hardwired into deployment Comply and Compartmentalize - Save time and cost to compliance with network segmentation - Segment by user, group, and application Simplify with Flexible Network Security Infrastructure - With up to 20Gbps of firewall throughput, and integrated high-performance threat prevention - With simpler, easier deployments - With reduced network security rack space requirements, lower TCO (power, HVAC, subscriptions, maintenance) Page Palo Alto Networks. Proprietary and Confidential.

87 GlobalProtect Page Palo Alto Networks. Proprietary and Confidential.

88 Today: Quality of Security Tied to Location botnets Enterprise Network Security Security Based on Best-Practices Full-Featured NGFW and Threat Prevention No Network Security Security Based on Best-Effort Exposed to threats, risky app usage and more Page Palo Alto Networks. Proprietary and Confidential.

89 Existing Solutions Fall Short Higher Costs, More Work for Lower Security Inconsistent policy and protections when outside vs. inside the network Lack of visibility into applications, users and content fails to control modern apps and threats Expensive to purchase, duplicates operational and management overhead Software on the PC Each security app perform a specific function Limited focus and functionality, heavy performance load on PC Examples: antivirus, host firewall, USB port control, DLP, etc. Cloud-Based Services Client forces web traffic to cloud-based proxy for scanning and policy enforcement Supports limited number of apps and protocols, weak threat prevention Examples: ScanSafe, Purewire, etc Traditional VPN Agent tunnels traffic back to corporate gateway Same poor security, only slower Examples: AnyConnect, Juniper Pulse Page Palo Alto Networks. Proprietary and Confidential.

90 Introducing GlobalProtect Users never go off-network regardless of location All firewalls work together to provide cloud of network security How it works: - Small agent determines network location (on or off the enterprise network) - If off-network, the agent automatically connects the laptop to the nearest firewall via SSL VPN - Agent submits host information profile (patch level, asset type, disk encryption, and more) to the gateway - Gateway enforces security policy using App-ID, User-ID, Content-ID AND host information profile Page Palo Alto Networks. Proprietary and Confidential.

91 A Modern Architecture for Enterprise Security malware botnets exploits Establishes a logical perimeter that is not bound to physical limitations Users receive the same depth and quality of protection both inside and out Security work performed by purpose-built firewalls, not end-user laptops Unified visibility, compliance and reporting Page Palo Alto Networks. Proprietary and Confidential.

92

93 Regain Visibility and Control / Save Money IT can t manage risk with traditional security infrastructure - Users do what they want - Port hopping, tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls - Leads to increased risks for the business Palo Alto Networks defines next-generation firewall with unique identification technologies - App-ID: identify applications regardless of port, protocol, or SSL encryption - User-ID: integrated with enterprise directory - Content-ID: threats, URLs, data - High performance architecture: high throughput, low latency Easy enterprise integration and consolidation saves money - Flexible deployment options for seamless integration - Consolidation of functionality into firewall simplifies and saves money Page Palo Alto Networks. Proprietary and Confidential