What s Next for Network Security - Visibility is king! Gøran Tømte March 2013
Technology Sprawl and Creep Aren t the Answer More stuff doesn t solve the problem Firewall helpers have limited view of traffic Complex and costly to buy and maintain Doesn t address applications UTM Internet IPS DLP IM AV URL Proxy Enterprise Network 2 2012, Palo Alto Networks. Confidential and Proprietary.
Applications Have Changed, Firewalls Haven t Network security policy is enforced at the firewall Sees all traffic Defines boundary Enables access Traditional firewalls don t work any more 4 2012, Palo Alto Networks. Confidential and Proprietary.
Core functions of a next-generation firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify and control users regardless of IP address, location, or device 3. Protect against known and unknown application-borne threats 4. Fine-grained visibility and policy control over application access / functionality 5. Multi-gigabit, low latency, in-line deployment 5 2012, Palo Alto Networks. Confidential and Proprietary.
Making the firewall a business enablement tool Applications: Enablement begins with application classification by App-ID. Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect. Content: Scanning content and protecting against all threats, both known and unknown, with Content-ID and WildFire. 6 2012, Palo Alto Networks. Confidential and Proprietary.
All Apps, All ports, All users, All the time Signature, protocol and evasive tactic based App-ID Skype Bittorrent, p2p SSL Etc 9 2012, Palo Alto Networks. Confidential and Proprietary.
The unknown! Scary hah? Unknown applications Control them Unknown users Control them Unknown threats Control them 10 2012, Palo Alto Networks. Confidential and Proprietary.
Addressing Modern Malware
Malware Sample Count Daily Coverage of Top AV Vendors 100% 90% Daily AV Coverage Rates for Newly Released Malware (50 Samples) 80% 70% 60% 50% 40% 30% 5 vendors 4 vendors 3 vendors 2 vendors 1 vendor 0 vendors 20% 10% 0% Day-0 Day-1 Day-2 Day-3 Day-4 Day-5 Day-6 New Malware Coverage Rate by Top 5 AV Vendors 12 2012, Palo Alto Networks. Confidential and Proprietary.
The lifecycle of network attacks 1 2 3 4 5 Bait the end-user End-user lured to a dangerous application or website containing malicious content Exploit Infected content exploits the end-user, often without their knowledge Download Backdoor Secondary payload is downloaded in the background. Malware installed Establish Back-Channel Malware establishes an outbound connection to the attacker for ongoing control Explore & Steal Remote attacker has control inside the network and escalates the attack 13 2012, Palo Alto Networks. Confidential and Proprietary.
Coordinated Threat Prevention An integrated approach to threat prevention Bait the end-user Exploit Download Backdoor Establish Back-Channel Explore & Steal App-ID Block high-risk apps Block C&C on nonstandard ports URL Block known malware sites Block malware, fastflux domains IPS Spyware AV Block the exploit Block malware Block spyware, C&C traffic Coordinated intelligence to detect and block active attacks based on signatures, sources and behaviors Files Prevent drive-bydownloads WildFire Detect unknown malware Block new C&C traffic 14 2012, Palo Alto Networks. Confidential and Proprietary.
Attempted Malware Infections Real-World Spread of 0-Day Malware 10000 9000 8000 7000 6000 5000 4000 3000 2000 1000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 15 2012, Palo Alto Networks. Confidential and Proprietary. Hours Analysis of 50 0-Day malware samples Captured by WildFire in live customer networks Tracked the spread and number of infections by hour following the initial infection
Attempted Malware Infections Real-World Spread of 0-Day Malware 10000 9000 8000 WildFire Subscription 7000 6000 5000 4000 3000 2000 1000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 16 2012, Palo Alto Networks. Confidential and Proprietary. Hours In the 1 st two days malware is released, 95% of infections occur in the first 24 hours
WildFire Architecture 10 Gbps Threat Prevention and file scanning All traffic, all ports Web, email, FTP and SMB Running in the cloud lets Malware the malware signatures do things that developed you wouldn t and allow tested in your based network. on malware payload. Updates to sandbox logic without impacting the Stream-based customer malware engine to perform true inline enforcement. 17 2012, Palo Alto Networks. Confidential and Proprietary.
Malware Visibility and Logging 18 2012, Palo Alto Networks. Confidential and Proprietary.
1,300+ 417,448 COMPANIES USING WILDFIRE UNIQUE FILES SCANNED IN JAN WILDFIRE 28,612 13,233 (46%) NEW MALWARE FILES FOUND IN JANUARY USING WILDFIRE 2013 Palo Alto Networks. Proprietary and Confidential. MALWARE NOT INITIALLY DETECTED BY TOP HOST AV PRODUCTS
33 2012, Palo Alto Networks. Confidential and Proprietary. Palo Alto Networks in the DataCenter
Enabling Applications, Users and Content Applications: Safe enablement begins with application classification by App-ID. Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect. Content: Scanning content and protecting Page 35 2012 Palo Alto Networks. Proprietary and Confidential.
Data Center Evolution Page 36 2012 Palo Alto Networks. Proprietary and Confidential.
Many Third Parties Reach Same Conclusion Gartner Enterprise Network Firewall Magic Quadrant Palo Alto Networks leading the market Forrester IPS Market Overview Strong IPS solution; demonstrates effective consolidation NetworkWorld Test Most stringent NGFW test to date; validated sustained performance NSS Tests IPS: Palo Alto Networks NGFW tested against competitors standalone IPS devices; NSS Recommended Firewall: Traditional port-based firewall test; Palo Alto Networks most efficient by a wide margin; NSS Recommended NGFW: Palo Alto Networks provides the best combination of protection, performance, and value; NSS Recommended (1 of only 3 NGFW recommended) 44 2012, Palo Alto Networks. Confidential and Proprietary.
Say no more!!! Leaders quadrant in the leaders quadrant A crisp focus on enterprise NGFW features and messaging is viewed positively by firewall operators in enterprises. Most firewall vendor road maps are following the Palo Alto Networks NGFW road map, placing these vendors at a competitive disadvantage. 45 2012, Palo Alto Networks. Confidential and Proprietary.
Next Generation Customer meeting, Ultimate Test Drive Ultimate Test Drive En halv dags «hands-on» En PA-200 trekkes blant deltagerne Audi driving school trekkes en gang hvert kvartal 47 2012, Palo Alto Networks. Confidential and Proprietary.
Thank You Page 48 2010 Palo Alto Networks. Proprietary and Confidential.