Modernizing Network Security in SCADA and Industrial Control Systems

Similar documents
Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

Next Generation Enterprise Network Security Platform

PALO ALTO SAFE APPLICATION ENABLEMENT

Enterprise Security Platform for Government

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013

Palo Alto Networks. October 6

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Agenda , Palo Alto Networks. Confidential and Proprietary.

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Using Palo Alto Networks to Protect the Datacenter

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

Securing the Virtualized Data Center With Next-Generation Firewalls

IT Security and OT Security. Understanding the Challenges

Innovative Defense Strategies for Securing SCADA & Control Systems

Content-ID. Content-ID URLS THREATS DATA

Firewall Feature Overview

FROM PRODUCT TO PLATFORM

Moving Beyond Proxies

Safe Network Integration

Palo Alto Networks Next-Generation Firewall Overview

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Networking for Caribbean Development

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Unified Threat Management, Managed Security, and the Cloud Services Model

REPORT & ENFORCE POLICY

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Palo Alto Networks Next-generation Firewall Overview

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Secure Access into Industrial Automation and Control Systems Best Practice and Trends

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Advanced Security and Risk Management for Cloud and Premise environments

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Palo Alto Networks Next-Generation Firewall Overview

WildFire. Preparing for Modern Network Attacks

How Palo Alto Networks Can Help With ASD's Top Cyber Intrusion Mitigation Strategies

Verve Security Center

SANS Top 20 Critical Controls for Effective Cyber Defense

Breaking the Cyber Attack Lifecycle

How to Dramatically Reduce the Cost and Complexity of PCI Compliance

Unified Security, ATP and more

OPC & Security Agenda

ISACA rudens konference

Next-Generation Firewall Overview

Next-Generation Firewall Overview

Redefining SIEM to Real Time Security Intelligence

The Hillstone and Trend Micro Joint Solution

Industrial Security for Process Automation

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

SonicWALL Unified Threat Management. Alvin Mann April 2009

Analyzing HTTP/HTTPS Traffic Logs

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

_Firewall. Palo Alto. How Logtrust works with Palo Alto Networks

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

Defending Against Cyber Attacks with SessionLevel Network Security

An Analysis of the Capabilities Of Cybersecurity Defense

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

13 Ways Through A Firewall What you don t know will hurt you

Designing a security policy to protect your automation solution

LOGIIC Remote Access. Final Public Report. June LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

McAfee Network Security Platform

Secure Cloud-Ready Data Centers Juniper Networks

Next-Generation Firewall Overview

Using ISA/IEC Standards to Improve Control System Security

Using Ranch Networks for Internal LAN Security

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Netzwerkvirtualisierung? Aber mit Sicherheit!

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

Ovation Security Center Data Sheet

The Importance of Cybersecurity Monitoring for Utilities

Cyber Security for SCADA/ICS Networks

Carbon Black and Palo Alto Networks

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Cisco Small Business ISA500 Series Integrated Security Appliances

Chapter 9 Firewalls and Intrusion Prevention Systems

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Secure Networks for Process Control

APERTURE. Safely enable your SaaS applications.

Still Using Proxies for URL Filtering? There s a Better Way

Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network

Holistic View of Industrial Control Cyber Security

CASE STUDY. AUSTRIAN AIRLINES Modernizes Network Security for First Class Performance

Applications erode the secure network How can malware be stopped?

Palo Alto Networks In The Data Center: Eliminating Compromise. May 2011

MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH

Transcription:

Modernizing Network Security in SCADA and Industrial Control Systems Geoff Shukin, Solutions Architect Palo Alto Networks 1 2013, Palo Alto Networks..

Agenda Challenges in Securing SCADA/ICS Networks Four Strategies for Modernizing Control Network Cybersecurity Practical Solutions for Implementation 2 2013, Palo Alto Networks..

Challenges in Securing SCADA/ICS Networks Managing Network Integration Control Network Lack of granular visibility and control over control network usage & traffic Control Network Enterprise Zone 1 Zone 2 Zone Zone 3 Zone 4 Increasing use of web-based Applications / SaaS h"p:// Corporate 3 rd Party Partner Typical challenges faced in SCADA/ ICS Network Security CIP Standards CFATS Protecting Legacy Systems Malware & APTs Exploits Reporting for Regulatory/ Customer Audits & Forensics Escalated Threat Landscape Addressing the above while ensuring high availability and performance 3 2013, Palo Alto Networks. Confidential and Proprietary.

What Keeps SCADA Security Supervisors Up at Night? SANS 2014 Survey on Industrial Control Systems What are the top three threat vectors you are most concerned with? External threats (hacktivism, nation states) Malware Insider exploits Email phishing attacks Attacks coming from within the internal network Cybersecurity policy violations Industrial espionage Other Extortion or other financially motivated crimes 0% 5% 10% 15% 20% 25% 30% First Second Third Percent Respondents 4 2014, Palo Alto Networks

Advanced Targeted Attacks Norway Oil & Gas Attacks Social Engineering: Spearphishing, Watering hole Goal: IP Theft and??? Social Engineering: Removable media Exploits zero-day vulnerabilities (Windows, Siemens) Propagation/Recon via general IT apps and file-types Goal: Disrupt uranium enrichment program Energetic Bear Social Engineering: Spearphishing, Watering hole, Trojan in ICS Software Enumerates OPC assets (ICS-protocol!) Goal: IP theft and ICS Attack PoC? 5 2014, Palo Alto Networks

Malicious Insider Attack Sewage treatment facility in Maroochy Shire, Queensland, Australia Disgruntled employee of ICS vendor sought revenge on customer (shire council) and employer Used intimate knowledge of asset owner s ICS to gain access and wreak havoc Impact Spillage of 800,000 liters of raw sewage into local parks, rivers and hotel grounds Loss of marine life, damage to environment, health hazard Source: Applied Control Solutions 6 2014, Palo Alto Networks

Unintentional Cyber Incidents SQL Slammer Platform shared by operator and royalty partner Slammer infection on rig via partner network Workstations and SCADA servers crashed Systems would not restart after reboot 8 hours to restore the SCADA and restart production Application Visibility and Risk Report conducted at energy company in E. Europe Plant manager insisted not internet-facing Rogue broadband link and risky web applications found on SCADA system Consequences Wuala (storage), emule (P2P), DAV (Collaboration) Immediate loss of monitoring down-hole wells Loss of production for all 4 major wells Total losses > $1.2M before production finally restored Concerns over loss of IP, network availability, malware introduction Source: Red Tiger Security Source: Palo Alto Networks 7 2014, Palo Alto Networks

Requirements for Next-generation Control Network Security Situational Awareness Least Privilege Control Threat Prevention Applications (IT, SCADA, ICS) Users Groups Assets Content URLs Domain Countries Fine-grained control. Not just On or Off Not based on port, protocol, IP address Known and unknown threats Malware and Control System Vulnerabilities Natively supported Forensics & Incident Response Consolidated visibility and faster time to remediation 8 2013, Palo Alto Networks..

4 Strategies for Modernizing Control Network Cybersecurity 1 Apply segmenta1on and advanced traffic classifica1on (L7) to improve situa1onal awareness 2 Enforce a least privilege network access model based on users, applica1ons, assets, URLs 3 Apply a life- cycle approach to threat preven1on that controls a"ack vectors before having to block known and unknown threats 4 Deploy centralized management and log collec1on to accelerate forensics, incident response and repor1ng 9 2013, Palo Alto Networks..

Revisiting the Trust Model in ICS Vendor/Partner Remote Sta,on / Plant Floor PLCs / RTUs Enterprise Network Local HMI PLCs / RTUs PCN Internet PCN Servers WAN Local HMI Mobility HMI DEV PLCs / RTUs Internal Actors Local HMI 10 2014, Palo Alto Networks

Observations Broken Trust Model Micro-segmentation is critical Granular visibility of traffic is an essential capability Applications, users, content Shared context End-to-end security is required Threats originate at endpoints and via networks Real and potentially high risks with ICS cyber incidents Must focus on prevention vs. just detection Advanced attacks will be zero-day The capability to detect and stop unknown threats quickly is needed Automated threat analysis and information sharing would be helpful 11 2014, Palo Alto Networks

The Challenges with Legacy Solutions Splintered security - legacy stateful-inspection firewalls + firewall helpers Founded on port based policy in the legacy firewall, not application-based Multiple, non-shared contexts - difficult to really understand what is happening Difficult or impossible to implement desired control Higher chance of misconfiguration and leaving security holes Tedious and slow forensics and remediation Performance drops off dramatically with each stage Complex and costly to implement and maintain UTM Internet IPS DLP IM AV URL Proxy 12 2013, Palo Alto Networks

Implement the Strategies with Palo Alto Networks Next-generation Security Platform Natively supported services Application Visibility and Control Threat Prevention AV, AS, Exploits URL Filtering Unknown Threat Prevention Mobile Security App-ID User-ID Content-ID Classification Engine (L7) Application signatures User/User-group mapping Threat / Vulnerability signatures URL database Additional Intelligence Next-generation security Legacy Firewall + IPS + URL + Next-generation security Unified Threat Management (UTM) 13 2013, Palo Alto Networks

Palo Alto Networks SP3 Architecture Single-pass, Parallel Processing Redesigned from the ground up with next-generation security requirements in mind Single-pass processing Performs app, user, content scanning once per packet One policy that integrates apps, user and content Parallel processing hardware Function-specific parallel processing HW engines Separate data plane and control plane Our firewalls are powered by our single-pass, parallel processing architecture which delivers high performance and promotes high availability 14 2013, Palo Alto Networks

User-ID: Many Ways to Identify User / User-group Policy enforcement based on users and groups 1 5

Traffic Shaping for Critical and Real-time Traffic In addition to being able to create policies based on apps, users & content You can also apply QoS profiles to specific apps, users, interfaces and more Possible use cases Ensure all PLC / IED / RTU traffic and alarms get highest priority Allocate just the right amount of bandwidth for video used for surveillance at PCN Prioritize Fault Location, Isolation, Restoration (FLISR) data in Smart Grid Traffic shaping overview Guaranteed, maximum and priority bandwidth can be applied across eight traffic queues Your policies can be applied to physical interface, IPSec VPN tunnels, applications, users, source, destination and more Diffserv marking is supported, enabling application traffic to be controlled by a downstream or upstream networking device 16 2013, Palo Alto Networks. Confidential and Proprietary.

4 Strategies for Modernizing Control Network Cybersecurity 1 Apply segmenta1on and advanced traffic classifica1on (L7) to improve situa1onal awareness 2 Enforce a least privilege network access model based on users, applica1ons, assets, URLs 3 Apply a life- cycle approach to threat preven1on that controls a"ack vectors before actually blocking known and unknown threats 4 Deploy central management and repor1ng to accelerate forensics, incident response and repor1ng 17 2013, Palo Alto Networks..

Proper segmentation is key Security Zone #1 Conduit Security Zone #2 Create zones for external access into the OT infrastructure as well as for sub-zones in the OT Enterprise / Remote Zone Corporate / Remote Access Network SCADA / HMI Zone Server Zone Work- sta1on Zone Control Center Field Device Zone 1 HMI Zone SIS Zone Field Device Zone 2 Remote Sta1on/Plant Floor 18 2013, Palo Alto Networks

The Need for Better Segmentation in SCADA / ICS OPC SCADA Historian 3 rd Party Support / Service Provider Enterprise Network HMI / SCADA Client Workstation PLC / RTU / IED SIS Control Center Substation / Remote Station Perimeter Exposure to enterprise (IT-OT Integration) and 3rd-party / service provider networks Intra-OT Risk levels and security requirements vary among assets & tend to increase as you go deeper in the SCADA Intra-OT traffic visibility The internet is not the only source of malware (Removable media, mobile computing) Must create security zones with conduits that monitor/control inter-zone traffic 19 2013, Palo Alto Networks. Confidential and Proprietary.

Network Segmentation with Palo Alto Networks Server Zone Remote / Support Zone OPC SCADA Historian Enterprise Zone 3 rd Party Support / Service Provider User Zone Process Zone Enterprise Network HMI / SCADA Client Workstation PLC / RTU / IED SIS Control Center Substation / Remote Station Define security zones and security policies that match the unique zone-to-zone security requirements Support for different types of segmentation schemes Layer 3, Layer 2, Layer 1, VLAN, VPN 20 2013, Palo Alto Networks. Confidential and Proprietary.

Available Application Signatures for SCADA/ICS Protocol / Applica,on Protocol / Applica,on Protocol / Applica,on n Modbus base n ICCP (IEC 60870-6 / TASE.2) n CIP Ethernet/IP n Modbus func1on control n Cygnet n Synchrophasor (IEEE C.37.118) n DNP3 n Elcom 90 n Founda1on Fieldbus n IEC 60870-5- 104 base n FactoryLink n Profinet IO n IEC 60870-5- 104 func1on control n MQTT n OPC n OSIsoa PI Systems Over 1950 application signatures including a growing list of SCADA/ICS-specific signatures 21 2013, Palo Alto Networks. Confidential and Proprietary.

App-ID Function Control Example: Func,on Control Variants (15 total) Modbus- base Applipedia entry for Modbus-base App-ID Modbus- write- mul1ple- coils Modbus- write- file- record Modbus- read- write- register Modbus- write- single- coil Modbus- write- single- register Modbus- write- mul1ple- registers Modbus- read- input- registers Modbus- encapsulated- transport Modbus- read- coils Modbus- read- discrete- inputs Modbus- mask- write- registers Modbus- read- fifo- queue Modbus- read- file- record Modbus- read- holding- registers 22 2013, Palo Alto Networks. Confidential and Proprietary.

App-ID Function Control Example: IEC 60870-5-104 Applipedia entry for IEC 60870-5-104 Base App-ID Available Variants for IEC 60870-5- 104 App- ID 23 2013, Palo Alto Networks. Confidential and Proprietary.

4 Strategies for Modernizing Control Network Cybersecurity 1 Apply segmenta1on and advanced traffic classifica1on (L7) to improve situa1onal awareness 2 Enforce a least privilege network access model based on users, applica1ons, assets, URLs 3 Apply a life- cycle approach to threat preven1on that controls a"ack vectors before actually blocking known and unknown threats 4 Deploy central management and repor1ng to accelerate forensics, incident response and repor1ng 24 2013, Palo Alto Networks..

Data Center Security Control application/web usage Approved apps, users, content only OPC PI Data Center SCADA / ICS / DCS / EMS IT APPS HTTP SCADA/ICS: OPC, PI, Cygnet, etc General IT Apps Apply QoS for specific applications URL filtering for HTTP service Control administration To approved administrators User Admin SSH, Telnet, SNMP, FTP, etc Block malware & exploits known & unknown Monitor for botnets / C&C 25 2013, Palo Alto Networks.

Remote Station / Plant Floor Security Limit traffic to control network protocols Substation 3 rd -Party Ruggedized Server with VM-Series Plant Floor Standard Appliance Modbus, DNP3, Ethernet IP, FactoryLink, etc Limit access to write commands to control devices (PLCs, IEDs, RTUs) OR Safely enable IT apps and web access SSH, FTP, Telnet, SMTP, SNMP, etc. Control with User-ID and URL filtering PLC / RTU HMI PLC / RTU HMI Block malware & exploits Malware: Antivirus, Antispyware Exploits: Vendor and protocol Known & unknown threats Monitor for botnets / C&C 26 2013, Palo Alto Networks.

Application and Users in SCADA/ICS Networks Limited/specialized set of applications, meant to be used by a limited/ specialized set of users in the OT An even smaller set of people should have access from outside of the OT Protocol/Applica,on Category PLC / IED / RTU protocols Client/server soaware Industry- specific applica1ons General purpose networking Examples Modbus, DNP3, IEC 60870-5- 104, OPC, Historian, SCADA/HMI, Oil & Gas, Power EMS, SNMP, FTP, Telnet, SSH, RDP, SMTP, Similarly, access to external networks from the OT should be strictly controlled Enabling applications should not open unnecessary security risks, for example web based apps and other apps that open up a lot of ports Least privilege model based on applications and users simultaneously manages risk and enables the business 27 2013, Palo Alto Networks. Confidential and Proprietary.

Securing VPN/Remote Access IT / 3 rd Party Access Control Network LAN VPN Terminal Server Monitor and Control VPN access by user and application Enterprise Vendor support Business Partner Gain user level visibility to terminal server users Enforce time of day policies for 3 rd party support users 28 2013, Palo Alto Networks.

User-ID Example: RDP into Terminal Server Terminal Server (Single IP Address) Taylor, Richard (Internal employee) SSL RDP Application: Sharepoint User: Unknown VPN Router/FW To SCADA / Control Network SSL RDP Application: OSIsoft PI User: Unknown Smith, John (3 rd Party) Motivation: SCADA/ICS systems sometimes require support for 3 rd party access with RDP as the mechanism for remote access Challenge: Devices downstream of WTS server do not have visibility into which user initiated which application (all from the same IP address) Makes it difficult to monitor & control application usage by users accessing network 29 2013, Palo Alto Networks. Confidential and Proprietary.

User-ID Example: RDP into Terminal Server Taylor, Richard (Internal employee) SSL SSL VPN Router/FW RDP RDP Terminal Server (Single IP Address) Terminal Services Agent Application: Sharepoint User: Taylor, Richard Port range: 1025-2048 Palo Alto Networks Appliance To SCADA / Control Network Application: OSISoft PI User: Smith, John Port range: 2049-3073 Smith, John (3 rd Party) Terminal Services Agent Allocates a port range to specific users and reports those allocations to our appliance Users sharing IP address on Terminal Server can now be identified Benefits Allows visibility to user and group visibility to each RDP session Enables administrator to implement application-user & application-group policies 30 2013, Palo Alto Networks. Confidential and Proprietary.

Web Based Applications / SaaS Actual applications found running on servers and a PLC in the PCN of a energy company during a proof of concept (PoC) evaluation Cloud storage Peer-to-peer file sharing (Known vulnerabilities) Web-based distributed authoring & versioning (May carry DLLs that could be use for exploits) Are there valid business uses for these apps in a PCN? What if you could safely enable these applications? 31 2013, Palo Alto Networks

4 Strategies for Modernizing Control Network Cybersecurity 1 Apply segmenta1on and advanced traffic classifica1on (L7) to improve situa1onal awareness 2 Enforce a least privilege network access model based on users, applica1ons, assets, URLs 3 Apply a life- cycle approach to threat preven1on that controls a"ack vectors before actually blocking known and unknown threats 4 Deploy central management and repor1ng to accelerate forensics, incident response and repor1ng 32 2013, Palo Alto Networks..

- Vulnerabilities, Spyware, Viruses Database of the vulnerabilities/exploits, viruses, spyware that we can detect & prevent Every entry contains a description, severity ranking, links to more info Backed by the world class Palo Alto Networks threat research team Includes signatures for Digital Bond QuickDraw ICS vulnerabilities Any currently uncovered vulnerabilities from Digital Bond or other source (customer, SW/HW vendor) can be researched by the threat research team 33 2013, Palo Alto Networks. Confidential and Proprietary.

SCADA/ICS Vulnerabilities & Exploits OPC Server (CVE-2011-1914) Historian Server (CVE-2012-2516) SCADA Master / HMI (CVE-2012-0233) Multiple Vectors for Exploitation Internet / Support Network Removable Media Example CVE numbers for different types of SCADA/ICS system components Portable Computing PLC / RTU / IED (CVE-2010-2772) Many systems with known vulnerabilities are left unpatched for a variety of reasons Don t fix it if it ain t broken, Patch only for most recent OS version, Don t know/care Multiple exploitation vectors exist & they include more than just the internet Yet to be discovered Zero-day Malware are of highest concern 34 2013, Palo Alto Networks. Confidential and Proprietary.

Protocol-specific Exploits DNP3 ICCP Modbus 35 2013, Palo Alto Networks..

Protecting Unpatched/Unpatchable Systems Protecting Unpatched Systems CVE Native threat prevention protects critical assets from viruses and spyware Apply exploit signatures to virtually patch SCADA/ICS and general IT exploits Protocol-specific exploits HMI / Workstation PLC / RTU / IED Server / Database 36 2013, Palo Alto Networks.

What is Required? Platform Approach Focused on Prevention Threat Intelligence Cloud Gathers potential threats from network and endpoints Analyzes and correlates threat intelligence Disseminates threat intelligence to network and endpoints Next-Generation Network Security Inspects all traffic Blocks known threats Sends unknown to cloud Extensible to mobile & virtual networks Advanced Endpoint Protection Inspects all processes and files Prevents both known & unknown exploits Integrates with cloud to prevent known & unknown malware 37 2014, Palo Alto Networks

Endpoint Security: The failures of traditional approaches Targeted Evasive Advanced EXE PDF Known signature? NO Known strings? NO Previously seen behavior? NO Malware direct execution Exploit vulnerability to run any code Legacy Endpoint Protection 38 2014, Palo Alto Networks

Unknown Threat Prevention with WildFire 10 Gbps Threat Prevention and file scanning All traffic, all ports Web, email, FTP and SMB Running in the cloud lets the malware do things that you wouldn t allow in your network. Updates to sandbox logic Stream-based without impacting malware the engine customer perform true inline enforcement 39 2013, Palo Alto Networks. Confidential and Proprietary.

4 Strategies for Modernizing Control Network Cybersecurity 1 Apply segmenta1on and advanced traffic classifica1on (L7) to improve situa1onal awareness 2 Enforce a least privilege network access model based on users, applica1ons, assets, URLs 3 Apply a life- cycle approach to threat preven1on that controls a"ack vectors before actually blocking known and unknown threats 4 Deploy central management and repor1ng to accelerate forensics, incident response and repor1ng 40 2013, Palo Alto Networks..

Centralized Network Administration Panorama Central Management Platform Central Administrators Local admin access Central admin access IT Admin Enterprise OT Admin Control Center Panorama central management platform Enables you to centrally manage the process of configuring devices and deploying security policies Allows role based management Enable different members of your team, both local and remote, to only have access to the features and functions that their job requires By implementing role-based administration you establish the appropriate levels of rights and access to the responsibilities of a given administrator 41 2013, Palo Alto Networks. Confidential and Proprietary.

Centralized Logging and Reporting Panorama Central Management Platform Aggregate reports Central Administrators Local Device Logs/Reports IT Admin Enterprise OT Admin Control Center Aggregate local firewall logs and reports into Panorama and generate powerful, centralized reports Holistic view of network application usage and threats facilitates forensics and helps you make more informed decisions Simplify the process and save time when generating reports for regulatory/ customer audit process 42 2013, Palo Alto Networks. Confidential and Proprietary. CIP Standards CFATS

Security Information & Event Management (SIEM) Technology partnerships with leading suppliers of SIEM solutions 43 2013, Palo Alto Networks. Confidential and Proprietary.

Flexible Deployment Options Visibility Transparent In- Line Firewall Replacement Application, user and content visibility without inline deployment IPS with app visibility & control Consolidation of IPS & URL filtering Firewall replacement with app visibility & control Firewall + IPS Firewall + IPS + URL filtering 44 2012, Palo Alto Networks. Confidential and Proprietary.

45 2012, Palo Alto Networks. Confidential and Proprietary.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information