Palo Alto Networks. Re-Inventing Network Security. It s Time To Fix The Firewall?! Christian Etzold Senior System Engineer
|
|
- Erik Randall
- 8 years ago
- Views:
Transcription
1 Palo Alto Networks Re-Inventing Network Security It s Time To Fix The Firewall?! Christian Etzold Senior System Engineer
2 Security v1.0 Response: Rip Holes in Firewall Traditional Applications DNS Gopher SMTP HTTP Dynamic Applications FTP RPC Java/RMI Multimedia Background Appeared mid 1980 s Typically embedded in routers Classify individual packets based on port numbers Internet Challenge Could not support dynamic applications Flawed solution was to open large groups of ports Opened the entire network to attack
3 Security v2.0: Stateful Inspection Traditional Applications DNS Gopher SMTP HTTP Internet Dynamic Applications FTP RPC Java/RMI Multimedia Evasive Applications Encrypted Web 2.0 P2P Instant Messenger Skype Music Games Desktop Applications Spyware Crimeware Background Innovation created Check Point in 1994 Used state table to fix packet filter shortcomings Classified traffic based on port numbers but in the context of a flow Challenge Cannot identify Evasive Applications Embedded throughout existing security products
4 Applications Have Changed; Firewalls Have Not The gateway at the trust border is the right place to enforce policy control Sees all traffic Defines trust boundary BUT applications have changed Ports Applications IP Addresses Users Packets Content Need to restore visibility and control in the firewall Page Palo Alto Networks. Proprietary and Confidential.
5 Application Usage and Risk Report 6 th Edition, October 2010
6 Methodology and Demographics Methodology - Analysis is based on live customer traffic not a survey - How are networks being used? - What applications are running on enterprise networks? - What are the risks associated with the existing application mix? Demographics organizations worldwide, up from applications found, up from 741 Participating Organizations petabyes of bandwidth Mar (21) Oct (25) Demographics Mar (60) 113 Oct (214) Mar (347) Oct (723) Americas Asia Pacific, Japan Europe Page Palo Alto Networks. Proprietary and Confidential.
7 Geographically and Historically: Usage is Universal 100% Geographical View: Frequency that Saying, Socializing and Sharing Applications were Detected 90% 80% 70% 60% Worldwide Americas Europe Asia Pacific, Japan Webmail Instant Messaging Social Networking Browser-based Filesharing P2P Filesharing Saying Social Networking Sharing 100% Historical View: Frequency that Saying, Socializing and Sharing Applications were Detected 90% 80% 70% 60% Oct Mar Oct Mar Oct Webmail Instant Messaging Social Networking Browser-based Filesharing P2P Filesharing Saying Social Network ing Sharing Page Palo Alto Networks. Proprietary and Confidential.
8 Saying: Heavily Used, A Common Threat Vector Google Talk Gadget Most Frequently Found Saying (Webmail and IM) Applications Gmail Hotmail Yahoo Mail Facebook Mail SquirrelMail Yahoo IM Facebook Chat MSN Meebo 57% 79% 79% 78% 77% 76% 90% 88% 87% 93% 20% 40% 60% 80% 100% IM: 66 applications: 6 P2P, 27 C/S, 33 browser-based, 0.3% of the bandwidth Webmail: 33 applications, 1% of the bandwidth Business benefits: faster communication, collaboration, productivity Outbound risks: compliance, minor data loss Inbound risks: popular vector for malware, many of these applications have known vulnerabilities Malware Log Instances Per Organization (in 1,000s) Conficker.C.p2p (Worm) GGDoor.22 (Trojan) Mariposa C&C (Bot) Zeus (Bot) Page Palo Alto Networks. Proprietary and Confidential.
9 Socializing: Facebook Dominates Social Networking Application Bandwidth Consumption Facebook 69% All other SN 15% Myspace 1% Stumbleupon 1% LinkedIn 2% Twitter 3% Facebook Posting 1% Facebook Apps 4% Facebook consumes 78% of the total social networking bandwidth Other top SN applications consume 7% 43 remaining social networking applications vie for the remaining table scraps (15%) Facebook Social Plugin 4% Business benefits: faster time to market, rich research, sales, marketing environment Outbound risks: internal and external compliance, branding and image (what should be said), industry (should it be used) Inbound risks: a common vector to deliver malware (Zeus and Conficker), next-gen social engineering Page Palo Alto Networks. Proprietary and Confidential.
10 Sharing: Browser-based Sharing Grows File Sharing Trends Over Time Fileshareing Trend: Frequency of use and number of applications shifts towards browser-based Use of other filesharing applications (like FTP) remains steady 100% 75% 50% 25% Mar Oct Mar Oct Mar Oct Browser-Based File Sharing Peer-to-peer File Sharing FTP All Other Applications 998 TB Bandwidth Consumption Comparison Other Filesharing 49 TB Browser-based Filesharing 22 TB Other P2P Filesharing 48 TB Xunlei (P2P) 203 TB 80 filesharing applications (23 P2P, 49 BB, 9 other) consuming 323 TB (24%) Xunlei, 5 th most popular P2P consumed 203 TB 15% of overall BW Business benefits: easier to move large files, central source of Linux binaries Outbound risks: Data loss is the primary business risk Inbound risks: Mariposa is propagated across P2P (and MSN) Page Palo Alto Networks. Proprietary and Confidential.
11 Summary Application usage has become homogenous - Minor country by country variances exist - Larger players extend their dominance Saying, socializing and sharing: streamlining business, increasing business and security risks - IT continues to struggle with block/allow balance Cloud based applications in use now, driven by users and by IT - 10% of the applications are enterprise cloud - Microsoft and Google have a significant presence Page Palo Alto Networks. Proprietary and Confidential.
12 Summary Application usage has become homogenous - Little geographic or industry variance - Risks across industries are heterogeneous Enterprise 2.0 application usage intensity increases - Frequency remain high, resource consumption up indicating greater intensity These are not your father s applications - 2/3 of the have accessibility features many hop ports - SSL, SSH and VPN are not the only applications that tunnel Page Palo Alto Networks. Proprietary and Confidential.
13 Firewalls
14 Application Based Firewall stateful inspection legacy firewalls tcp/443 tcp/443 What s really going on Page Palo Alto Networks. Proprietary and Confidential 2.1-b
15 Applications Carry Risk Applications can be threats P2P file sharing, tunneling applications, anonymizers, media/video Applications carry threats SANS Top 20 Threats majority are application-level threats Applications & application-level threats result in major breaches Pfizer, VA, US Army Page Palo Alto Networks. Proprietary and Confidential.
16 The Traditional Approach to Network Security Corporate Assets Web App Attacks (2002) Security Perimeter Worms (2005) WAN XML/W.S. Attacks (2004) Info Leakage (2005) Eavesdropping (1994) IM Attacks (2002) Content Access (1998) Resource Access (1992) Viruses (1997) Denial of Service (2000) XML Security Spyware (2006) Exploits (1996) IM Security Anti-Virus DLP/ILP Anti-Spyware Content Filtering IPS IDS IPSEC VPN DoS Protection Internet Worm Mitigation WebApp Security
17 About Palo Alto Networks Palo Alto Networks is the Network Security Company World-class team with strong security and networking experience - Founded in 2005 by security visionary Nir Zuk - Top-tier investors Builds next-generation firewalls that identify / control applications - Restores the firewall as the core of the enterprise network security infrastructure - Innovations: App-ID, User-ID, Content-ID Global footprint: 2,000+ customers in 50+ countries, 24/7 support
18 The Right Answer: Make the Firewall Do Its Job New Requirements for the Firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Protect in real-time against threats embedded across applications 4. Fine-grained visibility and policy control over application access / functionality 5. Multi-gigabit, in-line deployment with no performance degradation Page Palo Alto Networks. Proprietary and Confidential.
19 Identification Technologies Transform the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content Page Palo Alto Networks. Proprietary and Confidential.
20 App-ID: Comprehensive Application Visibility Policy-based control more than 1000 applications distributed across five categories and 25 sub-categories Balanced mix of business, internet and networking applications and networking protocols 3-5 new applications added weekly App override and custom HTTP/SSL applications address internal applications
21 Application Based Firewall stateful inspection tcp/443 tcp/443 Page Palo Alto Networks. Proprietary and Confidential 2.1-b
22 Application Identification - Signatures SSL Forward proxy HTTP webex Protocol Decoders Decryption Application Signatures Mode shift Webex desktop sharing Page Palo Alto Networks. Proprietary and Confidential 2.1-b
23 User-ID: Enterprise Directory Integration Users no longer defined solely by IP address - Leverage existing enterprise directory services (Active Directory, LDAP, edirectory) without desktop agent rollout - Identify Citrix users and tie policies to user and group, not just the IP address Manage and enforce policy based on user and/or group Understand user application and threat behavior based on username, not just IP Investigate security incidents, generate custom reports
24 Content-ID: Real-Time Content Scanning Detect and block a wide range of threats, limit unauthorized data transfer and control non-work related web surfing Stream-based, not file-based, for real-time performance - Uniform signature engine scans for broad range of threats in single pass - Vulnerability exploits (IPS), viruses, and spyware (both downloads and phone-home) Block transfer of sensitive data and file transfers by type - Looks for CC # and SSN patterns - Looks into file to determine type not extension based Web filtering enabled via fully integrated URL database - Local 20M URL database (78 categories) maximizes performance (1,000 s URLs/sec) - Dynamic DB and customizable categories adapts to local, regional, or industry
25 Comprehensive View of Applications, Users & Content Application Command Center (ACC) - View applications, URLs, threats, data filtering activity Add/remove filters to achieve desired result Page 28 Filter on Facebook-base 2010 Palo Alto Networks. Proprietary and Confidential. Filter on Facebook-base and user cook Remove Facebook to expand view of cook
26 Gartner: Palo Alto Networks is a Visionary Enterprises need next-generation firewalls - In 2009, Gartner saw market pressures accelerate the demand for nextgeneration firewall platforms that provide the capability to detect and block sophisticated attacks, as well as enforce granular security policy at the application (versus port and protocol) level. Palo Alto Networks next generation firewalls are leading the market - Gartner notes: Palo Alto Networks is highly disruptive within the firewall market because the product has been designed as a next-generation firewall and has competitors being forced to change road maps and sell defensively. Palo Alto Networks generated the most firewall inquiries among Gartner customers in Page Palo Alto Networks. Proprietary and Confidential.
27 2010 Magic Quadrant for Enterprise Network Firewalls Cisco Juniper Networks ability to execute McAfee Stonesoft WatchGuard Fortinet Check Point Software Technologies Palo Alto Networks SonicWALL NETASQ 3Com/H3C phion Astaro Source: Gartner niche players visionaries completeness of vision As of March 2010 Page Palo Alto Networks. Proprietary and Confidential.
28 F1000 Organizations Trust Palo Alto Networks Page Palo Alto Networks. Proprietary and Confidential.
29 Addresses Three Key Business Problems Identify and Control Applications - Visibility of applications, regardless of port, protocol, encryption, or evasive tactic - Fine-grained control over applications (allow, deny, limit, scan, shape) - Addresses the key deficiencies of legacy firewall infrastructure Prevent Threats - Stop a variety of threats exploits (by vulnerability), viruses, spyware - Stop leaks of confidential data (e.g., credit card #, social security #) - Stream-based engine ensures high performance - Enforce acceptable use policies on users for general web site browsing Simplify Security Infrastructure - Put the firewall at the center of the network security infrastructure - Reduce complexity in architecture and operations Page Palo Alto Networks. Proprietary and Confidential.
30 Design and Implementation of the Palo Alto Networks Firewall Version 4.0
31 PAN-OS Core Firewall Features Visibility and control of applications, users and content complement core firewall features Strong networking foundation - Dynamic routing (BGP, OSPF, RIPv2) - Tap mode connect to SPAN port - Virtual wire ( Layer 1 ) for true transparent in-line deployment - L2/L3 switching foundation - Policy-based forwarding VPN - Site-to-site IPSec VPN - SSL VPN / GlobalProtect QoS traffic shaping - Max/guaranteed and priority - By user, app, interface, zone, & more - Real-time bandwidth monitor Zone-based architecture - All interfaces assigned to security zones for policy enforcement High Availability - Active / active - Configuration and session synchronization - Path, link, and HA monitoring Virtual Systems - Establish multiple virtual firewalls in a single device (PA-4000 and PA-2000 Series only) Simple, flexible management - CLI, Web, Panorama, SNMP, Syslog PA-4060 PA-4050 PA-4020 PA-2050 PA-2020 PA-500 Page Palo Alto Networks. Proprietary and Confidential.
32 Flexible Deployment Options Visibility Transparent In-Line Firewall Replacement Application, user and content visibility without inline deployment IPS with app visibility & control Consolidation of IPS & URL filtering Firewall replacement with app visibility & control Firewall + IPS Firewall + IPS + URL filtering Page Palo Alto Networks. Proprietary and Confidential.
33 PA-4000 Series Specifications PA Gbps FW 5 Gbps threat prevention 2,000,000 sessions 4 XFP (10 Gig) I/O 4 SFP (1 Gig) I/O PA Gbps FW 5 Gbps threat prevention 2,000,000 sessions 16 copper gigabit 8 SFP interfaces PA Gbps FW 2 Gbps threat prevention 500,000 sessions 16 copper gigabit 8 SFP interfaces - 2U, 19 rack-mountable chassis - Dual hot swappable AC power supplies - Dedicated out-of-band management port - 2 dedicated HA ports - DB9 console port Page Palo Alto Networks. Proprietary and Confidential 2.1-b
34 4000 Series Architecture RAM Dedicated Control Plane Highly available mgmt High speed logging and route updates Flash Matching Engine RAM RAM RAM Flash Matching HW Engine Palo Alto Networks uniform signatures Multiple memory banks memory bandwidth scales performance Dual-core CPU RAM RAM HDD CPU 1 SSL CPU 2 CPU 3 IPSec.. CPU 16 RAM RAM De- Compression Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) QoS Route, ARP, MAC lookup NAT 10 Gig Network Processor Front-end network processing offloads security processors Hardware accelerated QoS, route lookup, MAC lookup and NAT Control Plane Data Plane Page Palo Alto Networks. Proprietary and Confidential 2.1-b
35 PA-2000 Series Specifications PA Gbps FW 500 Mbps threat prevention 250,000 sessions 16 copper gigabit 4 SFP interfaces PA Mbps FW 200 Mbps threat prevention 125,000 sessions 12 copper gigabit 2 SFP interfaces - 1U rack-mountable chassis - Single non-modular power supply - 80GB hard drive (cold swappable) - Dedicated out-of-band management port - RJ-45 console port, user definable HA port Page Palo Alto Networks. Proprietary and Confidential 2.1-b
36 2000 Series Architecture RAM Dedicated Control Plane Highly available mgmt High speed logging and route updates Flash Matching Engine RAM RAM RAM Flash Matching HW Engine Palo Alto Networks uniform signatures Multiple memory banks memory bandwidth scales performance 1Gbps Dual-core CPU RAM RAM HDD CPU 1 SSL CPU 2 CPU 3 CPU 4 IPSec RAM RAM Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec) 1Gbps Route, ARP, MAC lookup NAT Network Processor Front-end network processing offloads security processors Hardware accelerated route lookup, MAC lookup and NAT Control Plane Data Plane Page Palo Alto Networks. Proprietary and Confidential 2.1-b
37 Purpose-Built Architecture: PA-4000 Series RAM Dedicated Control Plane Highly available mgmt High speed logging and route updates Signature Match RAM RAM RAM 10Gbps Signature Match HW Engine Palo Alto Networks uniform signatures Vulnerability exploits (IPS), virus, spyware, CC#, SSN, and other signatures Dual-core CPU RAM RAM HDD CPU 1 SSL CPU 2 CPU 3 IPSec.. CPU 16 De- Compression 10Gbps RAM RAM Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Control Plane QoS Route, ARP, MAC lookup NAT 10 Gig Network Processor Front-end network processing offloads security processors Hardware accelerated QoS, route lookup, MAC lookup and NAT Data Plane
38 Site-to-Site and Remote Access VPN Site-to-site VPN connectivity Remote user connectivity Secure connectivity - Standards-based site-to-site IPSec VPN - SSL VPN for remote access Policy-based visibility and control over applications, users and content for all VPN traffic Included as features in PAN-OS at no extra charge
39 GlobalProtect Securing Users and Data in an Always Connected World
40 The Need to Secure Remote Users How do you secure your applications and your users when they are both moving off the controlled network? Apps DATA Users Headquarters Branch Office Hotel Home Enterprise Secured Open to threats, app usage, & more
41 Two Existing Approaches Fall Well Short Software on the PC Install point security products on the PC Security apps run on the PC and perform specific function Examples include antivirus, antispyware, host IPS, software control, USB port control, DLP, etc. Cloud-based Services Install an agent on the PC Agent forces web traffic to cloudbased proxy for scanning and policy enforcement Examples include ScanSafe, Purewire, etc. Expensive to purchase, deploy, and manage Limited coverage and awareness of different applications and threats (very silo oriented) Policies are inconsistent with network security policies Limited (if any) coordination between user, application, and content Page Palo Alto Networks. Proprietary and Confidential.
42 Overview of Off-Network Security OFF the Enterprise network: Small agent on PC detects off-network - Finds closest gateway and forces traffic through gateway connection Performs host profile check - Is software updated? - Is host running req. software? Enforces enterprise policy Headquarters Branch Office - Application, user, and content-based policies enforced Enterprise for Secured roaming users Hotel Home Off Network Secured Page Palo Alto Networks. Proprietary and Confidential.
43 Overview of On-Network Security Headquarters Branch Office On Network Secured ON the Enterprise network: Small agent on PC detects on-network Agent performs host profile check - Is software updated? - Is host running req. software? Palo Alto Networks firewalls enforce policy augmented by host profile - Unpatched systems, unknown users, noncompliant software config receive limited network access Hotel Home Cloud Service Secured Page Palo Alto Networks. Proprietary and Confidential.
44 GlobalProtect Topology Portal Gateway 1 Gateway Client 4 23 Gateway 1. Client attempts SSL connection to Portal to retrieve latest configuration 2. Client does reverse DNS lookup per configuration to determine whether on or off network (e.g. lookup and see if it resolves to internal.paloalto.local) 3. If external, client attempts to connect to all external gateways via SSL and then uses one with quickest response 4. SSL or IPSec tunnel is established and default routes inserted to direct all traffic through the tunnel for policy control and threat scanning Gateway Palo Alto Networks. Proprietary and Confidential. 48
45 Complete Security Coverage Solution Consistent policy applied to all enterprise traffic: Users protected from threats off-network, plus application and content usage controlled to prevent data leakage User profile incorporated into consistent enterprise security enforcement Enterprises gain same level of control of SaaS applications as when previously hosted internally Apps Headquarters Branch Office Hotel Home Consistent Security Users
46 Traffic Shaping / QoS Application Based!
47 Traffic Shaping Extends Policy Control Options Traffic shaping policies ensure business applications are not bandwidth starved - Guaranteed, prioritized and maximum bandwidth settings - Apply traffic shaping policies by application, user, source, destination, interface, IPSec VPN tunnel and more Enables more effective deployment of appropriate application usage policies Included as a feature in PAN-OS at no extra charge
48 Real-time Bandwidth Monitor Real-time view of bandwidth and session consumption for applications, users, and rules
What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe
What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview October 2010 Matias Cuba - Regional Sales Manager Northern Europe About Palo Alto Networks Palo Alto Networks is the Network
More informationPalo Alto Networks Overview
Palo Alto Networks Overview campu[s]³ Christian Etzold Sr. System Engineer About Palo Alto Networks Palo Alto Networks is the Network Security Company World-class team with strong security and networking
More informationFirewall Feature Overview
Networking P A L O A LT O N E T W O R K S : F i r e w a l l F e a t u r e O v e r v i e w Firewall Feature Overview A next-generation firewall restores application visibility and control for today s enterprises
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationPALO ALTO SAFE APPLICATION ENABLEMENT
PALO ALTO SAFE APPLICATION ENABLEMENT 1 Palo Alto Networks Product Overview James Sherlow SE Manager WEUR & Africa jsherlow@paloaltonetworks.com @jsherlow Palo Alto Networks at a Glance Corporate Highlights
More informationPalo Alto Networks Next-Generation Firewall Overview
Palo Alto Networks Next-Generation Firewall Overview The firewall is the most strategic network security infrastructure component, it sees all traffic, and as such, is in the most effective location to
More informationCritical application visibility and control with Palo Alto Networks
Critical application visibility and control with Palo Alto Networks Zion Ezra InnoCom LTD Zion Ezra VP Security InnoCom LTD Select InnoCom Vendors NETWORK SECURITY Next Generation Firewall Next Generation
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationContent-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.
Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration
More informationReinventing Network Security, One Firewall at a Time. Chris King Director, Product Marketing www.paloaltonetworks.com
Reinventing Network Security, One Firewall at a Time Chris King Director, Product Marketing www.paloaltonetworks.com Agenda About Palo Alto Networks The Evolving Nature of Applications Why Traditional
More informationApp-ID. PALO ALTO NETWORKS: App-ID Technology Brief
App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID uses as many as four identification techniques to determine the exact identity of
More informationNext Generation Enterprise Network Security Platform
Next Generation Enterprise Network Security Platform November 2014 Lyndon Clough - Territory Sales Manager Derran Guinan Systems Engineer Agenda The Palo Alto Networks story Today s Threat Landscape The
More informationUsing Palo Alto Networks to Protect the Datacenter
Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular
More informationREPORT & ENFORCE POLICY
App-ID KNOWN PROTOCOL DECODER Start Decryption (SSL or SSH) Decode Signatures Policy IP/Port Policy Application Signatures Policy IDENTIFIED TRAFFIC (NO DECODING) UNKNOWN PROTOCOL DECODER Apply Heuristics
More informationNext-Generation Firewall Overview
Next-Generation Firewall Overview Business and technology advancements have steadily eroded the protection that the traditional firewall provided. Users have come to expect to be able to work from any
More informationNext-Generation Firewall Overview
Next-Generation Firewall Overview Recent changes in application behavior and usage patterns have steadily eroded the protection that the traditional firewall once provided. Users are accessing any application,
More informationJune 2012. Palo Alto Networks 3300 Olcott Street Santa Clara, CA 94089 www.paloaltonetworks.com
The Application Usage and Risk Report An Analysis of End User Application Trends in the Enterprise Regional Findings Americas (Latin and South America, Canada, U.S.A.) Europe, Africa, Middle East Asia
More informationCybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com
Cybercrime: evoluzione del malware e degli attacchi Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com About Palo Alto Networks We are the network security company World-class
More informationWhat s Next for Network Security - Visibility is king! Gøran Tømte March 2013
What s Next for Network Security - Visibility is king! Gøran Tømte March 2013 Technology Sprawl and Creep Aren t the Answer More stuff doesn t solve the problem Firewall helpers have limited view of traffic
More informationNext-Generation Firewall Overview
Next-Generation Firewall Overview Fundamental shifts in the application and threat landscape, user behavior, and network infrastructure have steadily eroded the security that traditional port-based firewalls
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationHow to Dramatically Reduce the Cost and Complexity of PCI Compliance
How to Dramatically Reduce the Cost and Complexity of PCI Compliance Using Network Segmentation and Policy-Based Control Over Applications, Users And Content to Protect Cardholder Data December 2008 Palo
More informationVM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware
VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationPalo Alto Networks Certified Network Security Engineer (PCNSE6) Study Guide
Palo Alto Networks Certified Network Security Engineer (PCNSE6) Study Guide Welcome to the wonderful world of Palo Alto Networks Certification! We are very excited you have decided to embark upon such
More informationPalo Alto Networks - Next Generation Firewall. Contents
Palo Alto Networks - Next Generation Firewall Contents Palo Alto Networks - Next Generation Firewall... 1 Enterprises Need Application Visibility and Control... 2 Key Next- Generation Firewall Requirements:...
More informationPreventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network
Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network December 2008 Palo Alto Networks 232 E. Java Dr. Sunnyvale,
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationSecuring the Virtualized Data Center With Next-Generation Firewalls
Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks
More informationThe Application Usage and Threat Report
The Application Usage and Threat Report An Analysis of Application Usage and Related Threats within the Enterprise 10th Edition February 2013 PAGE 1 Executive Summary Global Findings Since 2008, Palo Alto
More informationCisco IOS Advanced Firewall
Cisco IOS Advanced Firewall Integrated Threat Control for Router Security Solutions http://www.cisco.com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1 All-in-One Security
More informationPassGuide.PCNSE6 (48Q)
PassGuide.PCNSE6 (48Q) Number: PCNSE6 Passing Score: 800 Time Limit: 120 min File Version: 4.9 http://www.gratisexam.com/ PCNSE6 Palo Alto Networks Certified Network Security Engineer 6.0 1. I was so happy
More informationNetwork Security for Mobile Users
Network Security for Mobile Users Establishing a Logical Perimeter October 2014 Table of Contents Executive Summary 3 The Enterprise Standard of Security 4 Many Ways to Leave the Network 4 A Requiem for
More informationControlling SSL Decryption. Overview. SSL Variability. Tech Note
Controlling Decryption Tech Note Overview Decryption is a key feature of the PA-4000 Series firewall. With it, -encrypted traffic is decrypted for visibility, control, and granular security. App-ID and
More informationDeployment Guide for Microsoft Lync 2010
Deployment Guide for Microsoft Lync 2010 Securing and Accelerating Microsoft Lync with Palo Alto Networks Next-Generation Firewall and Citrix NetScaler Joint Solution Table of Contents 1. Overview...3
More informationIREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business
IREBOX X IREBOX X Firebox X Family of Security Products Comprehensive Unified Threat Management Solutions That Scale With Your Business Family of Security Products Comprehensive unified threat management
More informationMay 2010. Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com
Application Visibility and Control: In the Firewall vs. Next to the Firewall How Next-Generation Firewalls are Different From UTM and IPS-based Products May 2010 Palo Alto Networks 232 E. Java Drive Sunnyvale,
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationProtect your internal users on the Internet with Secure Web Gateway. Richard Bible EMEA Security Solution Architect
Protect your internal users on the Internet with Secure Web Gateway Richard Bible EMEA Security Solution Architect Identity and Access Management (IAM) Solution Authentication, Authorization, and SSO to
More informationAstaro Gateway Software Applications
Astaro Overview Astaro Products - Astaro Security Gateway - Astaro Web Gateway - Astaro Mail Gateway - Astaro Command Center - Astaro Report Manager Astaro Gateway Software Applications - Network Security
More informationMoving Beyond Proxies
Moving Beyond Proxies A Better Approach to Web Security January 2015 Executive Summary Proxy deployments today have outlived their usefulness and practicality. They have joined a long list of legacy security
More informationSonicWALL Unified Threat Management. Alvin Mann April 2009
SonicWALL Unified Threat Management Alvin Mann April 2009 Agenda Who is SonicWALL? Networking Drivers & Trends SonicWALL Unified Threat Management (UTM) Next Generation Protection SonicWALL CONFIDENTIAL
More informationPalo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks
Palo Alto Networks Cyber Security Platform for the Software Defined Data center Zekeriya Eskiocak Security Consultant Palo Alto Networks Evolution towards a software defined data center Server Virtualiza-on
More informationCyberoam Next-Generation Security. 11 de Setembro de 2015
Cyberoam Next-Generation Security 11 de Setembro de 2015 Network Security Appliances UTM, NGFW (Hardware & Virtual) 2 Who is Cyberoam? Leading UTM company, headquartered in Ahmedabad, India founded in
More informationSVN5800 Secure Access Gateway
The development of networks allows enterprises to provide remote access to branch offices, partners, customers, mobile employees, and home offices so that they can access application and data resources,
More informationSimple security is better security Or: How complexity became the biggest security threat
Simple security is better security Or: How complexity became the biggest security threat Christoph Litzbach, Pre-Sales Engineer NSG 1 What do they have in common? DATA BREACH 2 Security is HARD! Components
More informationPalo Alto Networks Next-generation Firewall Overview
PALO PALO ALTO ALTO NETWORKS: NETWORKS: Next-Generation Firewall Firewall Feature Feature Overview Overview Palo Alto Networks Next-generation Firewall Overview Fundamental shifts in application usage,
More informationEnabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media
Enabling Business Beyond the Corporate Network Secure solutions for mobility, cloud and social media 3 Trends Transforming Networks and Security Are you dealing with these challenges? Enterprise networks
More informationCisco Small Business ISA500 Series Integrated Security Appliances
Q & A Cisco Small Business ISA500 Series Integrated Security Appliances Q. What is the Cisco Small Business ISA500 Series Integrated Security Appliance? A. The Cisco Small Business ISA500 Series Integrated
More informationHow Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail
How Fail Today s Networks And Why Will Prevail Why your current firewall may be jeopardizing your security, and how you can counter today s threats, manage web 2.0 apps and enforce acceptable-use policies.
More informationTotal Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security
Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security White Paper September 2003 Abstract The network security landscape has changed dramatically over the past several years. Until
More informationUSG6600 Next-Generation Firewall
USG6600 Next-Generation Firewall With the proliferation of smart devices, such as smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of enterprise operation. The
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationLoad Balance Router R258V
Load Balance Router R258V Specification Hardware Interface WAN - 5 * 10/100M bps Ethernet LAN - 8 * 10/100M bps Switch Reset Switch LED Indicator Power - Push to load factory default value or back to latest
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationMoving Network Security from Black and White to Color Refocusing on Safely Enabling Applications
Moving Network Security from Black and White to Color Refocusing on Safely Enabling Applications July 2009 Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationMove over, TMG! Replacing TMG with Sophos UTM
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
More informationOutline (Network Security Challenge)
Outline (Network Security Challenge) Security Device Selection Internet Sharing Solution Service Publishing 2 Security Device Selection Firewall Firewall firewall: An introduction to firewalls A firewall
More informationHow To Control Your Network With A Firewall On A Network With An Internet Security Policy On A Pc Or Ipad (For A Web Browser)
1110 Cool Things Your Firewall Should Do Extend beyond blocking network threats to protect, manage and control application traffic Table of Contents The Firewall Grows Up 1 What does SonicWALL Application
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationRequest for Quotation For the Supply, Installation, and Configuration of Firewall Upgrade Project
Request for Quotation For the Supply, Installation, and Configuration of Firewall Upgrade Project PASEGURUHAN NG MGA NAGLILINGKOD SA PAMAHALAAN (GOVERNMENT SERVICE INSURANCE SYSTEM) Financial Center, Pasay
More informationConfiguring PA Firewalls for a Layer 3 Deployment
Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step
More informationWeb Interface Reference Guide Version 6.1
Web Interface Reference Guide Version 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationWhite Paper. ZyWALL USG Trade-In Program
White Paper ZyWALL USG Trade-In Program Table of Contents Introduction... 1 The importance of comprehensive security appliances in today s world... 1 The advantages of the new generation of zyxel usg...
More informationAssuring Your Business Continuity
Assuring Your Business Continuity Q-Balancer Range Offering Business Continuity, Productivity, and Security Q-Balancer is designed to offer assured network connectivity to small and medium business (SME)
More informationNetwork Security Solution. Arktos Lam
Network Security Solution Arktos Lam Dell Software Group(DSG) 2 Confidential Trend Dell Software addresses key trends Cloud Big data Mobility Security Management Security 3 Software We deliver security
More informationHow To Secure Your Employees Online With Zscaler.Com And Your Website From Being Infected With Spyware Or Malware
DATA SHEET ZSCALER WEB SECURITY CLOUD FOR SMALL BUSINESS OVERVIEW In today s competitive world, Small and Medium Businesses (SMB) are focusing their discretionary resources on growing revenue and increasing
More informationControlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE
Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE FORTINET Controlling Web 2.0 Applications in the Enterprise PAGE 2 Summary New technologies used in Web 2.0 applications have increased
More informationThe PA-4000 Series can add visibility and control into your network for webmail applications to stop incoming threats and limit uploaded data.
Controlling Webmail Tech Note Overview Webmail interfaces are widespread and available from search providers (Yahoo, Google), software vendors (Microsoft s Hotmail), social networking sites (Myspace, Facebook),
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationBoston Area Windows Server User Group April 2010
Boston Area Windows Server User Group April 2010 Hey Jack, don t you have a new job? Yes, unbelievably, my job is better than ever. After working in our outstanding Support Engineering team for the past
More informationUSG6300 Next-Generation Firewall
USG6300 Next-Generation Firewall With the proliferation of smart devices, such as smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of enterprise operation. The
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationCisco ASA 5500 Series Business Edition
Cisco ASA 5500 Series Business Edition Cisco ASA 5500 Series Business Edition Provides an All-in-One Security Solution The Cisco ASA 5500 Series Business Edition is an enterprise-strength comprehensive
More informationWhy it's time to upgrade to a Next Generation Firewall. Dickens Lee Technical Manager
Why it's time to upgrade to a Next Generation Firewall Dickens Lee Technical Manager Dell History 2 Confidential Dell s legacy Became leading provider of subscription services on optimized appliances Shipped
More informationFortigate Features & Demo
& Demo Prepared and Presented by: Georges Nassif Technical Manager Triple C Firewall Antivirus IPS Web Filtering AntiSpam Application Control DLP Client Reputation (cont d) Traffic Shaping IPSEC VPN SSL
More information1110 Cool Things Your Firewall Should Do. Extending beyond blocking network threats to protect, manage and control application traffic
1110 Cool Things Your Firewall Should Do Extending beyond blocking network threats to protect, manage and control application traffic Table of Contents The Firewall Grows Up 1 What does SonicWALL Application
More informationPhish Blocker: Spyware Blocker:
The following are included with base package of protection: Web Filter: Computer Team s Untangle Network Defender web filter (internet filter) enables administrators to enforce network usage policies and
More informationSuperior protection from Internet threats and control over unsafe web usage
datasheet Trend Micro interscan web security Superior protection from Internet threats and control over unsafe web usage Traditional secure web gateway solutions that rely on periodic updates to cyber
More informationCisco SR 520-T1 Secure Router
Secure, High-Bandwidth Connectivity for Your Small Business Part of the Cisco Small Business Pro Series Connections -- between employees, customers, partners, and suppliers -- are essential to the success
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationHow To Choose A Network Firewall
Critical Considerations in Choosing a Network Firewall Version 5.4.3 July 2014 Why today s Firewalls are broken Visibility No visibility into user behavior No control over applications Manageability No
More informationPalo Alto Networks Next-Generation Firewall Overview
PALO PALO ALTO ALTO NETWORKS: NETWORKS: Next-Generation Firewall Firewall Feature Feature Overview Overview Palo Alto Networks Next-Generation Firewall Overview Fundamental shifts in application usage,
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationThe Cisco ASA 5500 as a Superior Firewall Solution
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls
More informationFROM PRODUCT TO PLATFORM
FROM PRODUCT TO PLATFORM DATA EQUIPMENT 2016 Mikkel Bossen Agenda Today s Challenges Data Growth, SSL encryption, Application Growth & SaaS What s hiding in under the surface? Legacy Security is that really
More informationSet Up a VM-Series Firewall on the Citrix SDX Server
Set Up a VM-Series Firewall on the Citrix SDX Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa
More informationPalo Alto Networks. October 6
Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%
More informationApplications erode the secure network How can malware be stopped?
Vulnerabilities will continue to persist Vulnerabilities in the software everyone uses everyday Private Cloud Security It s Human Nature Programmers make mistakes Malware exploits mistakes Joe Gast Recent
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationDeployment Guide for Citrix XenDesktop
Deployment Guide for Citrix XenDesktop Securing and Accelerating Citrix XenDesktop with Palo Alto Networks Next-Generation Firewall and Citrix NetScaler Joint Solution Table of Contents 1. Overview...
More informationComprehensive security solution provides reliable connectivity and faster VPN throughput with unprecedented visibility from WatchGuard Dimension
Comprehensive security solution provides reliable connectivity and faster VPN throughput with unprecedented visibility from WatchGuard Dimension First established in 1949 out of a small metal building
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More information