Next Generation Enterprise Network Security Platform November 2014 Lyndon Clough - Territory Sales Manager Derran Guinan Systems Engineer
Agenda The Palo Alto Networks story Today s Threat Landscape The Kill Chain An enterprise security platform Next-generation firewall Next-generation threat cloud Closing
Palo Alto Networks at a glance Corporate highlights Founded in 2005; first customer shipment in 2007 Safely enabling applications and preventing cyber threats $600 $400 $200 $0 REVENUES $598 $MM $396 $255 $119 $13 $49 FY09 FY10 FY11 FY12 FY13 FY14 Able to address all network security and cyber-security needs Exceptional ability to support global customers ENTERPRISE CUSTOMERS 20,000 19,000 Experienced technology and management team 1,800+ employees globally 16,000 12,000 8,000 4,000 0 13,500 9,000 4,700 Jul-11 Jul-12 Jul-13 Jul-14 3 2013, Palo Alto Networks. Confidential and Proprietary.
A clear market leader again - 2014 Palo Alto Networks is assessed as a leader, mostly because of its NGFW focus, because it sets the direction of the market along the Analyst Perspectives NGFW path, and because of its consistent visibility in shortlists, increasing revenue and market share, and its proven ability to disrupt the marker. Gartner, April 2014 Gartner magic quadrant for enterprise network firewalls 4 2013, Palo Alto Networks. Confidential and Proprietary.
Many Third Parties Reach Same Conclusion Gartner Enterprise Network Firewall Magic Quadrant - Palo Alto Networks leading the market Forrester IPS Market Overview - Strong IPS solution; demonstrates effective consolidation NetworkWorld Test - Most stringent NGFW test to date; validated sustained performance and key differences NSS Tests - IPS: Palo Alto Networks NGFW tested against competitors standalone IPS devices; NSS Recommended - Firewall: traditional port-based firewall test; Palo Alto Networks most efficient by a wide margin; NSS Recommended - NGFW: Palo Alto Networks best combination of protection, performance, and value; NSS Recommended (1 of only 3) 5 2012, Palo Alto Networks. Confidential and Proprietary.
Over 17,000 Organizations Trust Palo Alto Networks Health Care Financial Services Government Media / Entertainment / Retail Service Providers / Services Mfg / High Tech / Energy Education Page 6
Western Canada Page 7
Agenda The Palo Alto Networks story Today s Threat Landscape The Kill Chain An enterprise security platform Next-generation firewall Next-generation threat cloud Closing
Today s Threat Landscape Organized Attackers Remediation is broken Must prevent attacks across perimeter, cloud and mobile Increasing Volume Sophisticated Limited correlation across disjointed security technologies. Limited security expertise CSO challenges
Tectonic Shifts Create the Perfect Storm SaaS ENCRYPTION SOCIAL + CONSUMERIZATION MOBILITY + BYOD CLOUD + VIRTUALIZATION Massive opportunity for cyber attackers COMMODIZATION OF THREATS
Current Approaches Are Failing Detection-focused Alert Overload Manual Response Required Enterprise Network UTM/ Blades Anti-APT for port 25 APTs DNS protection for outbound DNS Anti-APT for port 80 APTs DNS protection cloud Internet Anti-APT cloud Endpoint AV Network AV DNS Alert Endpoint Alert Web Alert SMTP Alert SMTP Alert SMTP Alert SMTP Alert Web Alert DNS Alert DNS Alert SMTP Alert APT Web Alert Web Alert AV Alert AV Alert Web Alert DNS Alert SMTP Alert Endpoint Alert Vendor 1 Vendor 2 Internet Connection Vendor 3 Vendor 4 Malware Intelligence
Agenda The Palo Alto Networks story Today s Threat Landscape The Kill Chain An enterprise security platform Next-generation firewall Next-generation threat cloud Closing
Understanding the Attack Kill-chain Attack kill-chain BREACH PERIMETER DELIVER MALWARE ENDPOINT OPERATIONS EXFILTRATE DATA Initial compromise Deliver malware and communicate with attacker Move laterally and infect additional hosts Steal intellectual property Prevent attacks by stopping one step in the kill-chain
Agenda The Palo Alto Networks story Today s Threat Landscape The Kill Chain An enterprise security platform Next-generation firewall Next-generation threat cloud Closing
A True Platform Approach Identify, control & decrypt Detect & prevent known & unknown threats Automated closed-loop protections & forensics Network Endpoint Traditional infrastructure Cloud Mobile devices SaaS Public Cloud Private Cloud Threat Cloud
Next-Generation Security Platform Palo Alto Networks Next-Generation Threat Cloud Next-Generation Firewall Inspects all traffic Safely enables applications Sends unknown threats to cloud Blocks network based threats Next-Generation Threat Cloud Gathers potential threats from network and endpoints Analyses and correlates threat intelligence Disseminates threat intelligence to network and endpoints Palo Alto Networks Next-Generation Firewall Next-Generation Endpoint Inspects all processes and files Prevents both known and unknown exploits Protects fixed, virtual, and mobile endpoints Lightweight client and cloud based Palo Alto Networks Next-Generation Endpoint
Palo Alto Networks and the Kill-Chain Attack kill-chain BREACH PERIMETER DELIVER MALWARE ENDPOINT OPERATIONS EXFILTRATE DATA Next-generation Firewall Visibility into all traffic and selectively decrypt SSL Whitelist applications, block high-risk Apps Block commonly exploited file types Segment sensitive resources Threat Prevention (IPS/IDS) WildFire Detect unknown malware Detect unknown exploits Detect unknown commandand-control Threat Prevention (Network anti-malware) Next-generation Endpoint & GlobalProtect Prevent zero-day exploits without prior knowledge Extend policy & protection to all endpoints, including mobile Cover all processes on OSs and third-party software Threat Prevention Block outbound command-and-control communications Block file and data pattern uploads DNS monitoring and sinkholing URL Filtering Block known: Exploits Malware Command-and-control Command-and-Control (URL, DNS, custom) Lateral movement Block outbound communication to known malicious URLs and IP addresses == URL Filtering Block bad URLs, Domains, IPs
Agenda The Palo Alto Networks story Today s Threat Landscape The Kill Chain An enterprise security platform Next-generation firewall Next-generation threat cloud Closing
What do these have in common? 19 2012, Palo Alto Networks. Confidential and Proprietary.
Stateful Inspection: When the world was simple When stateful inspection worked: Applications based on specific port# Predictable application behavior Evasive applications did not exist Zero-day malware did not exist 20 2013, Palo Alto Networks. Confidential and Proprietary.
The stateful inspection firewall is broken Cannot address: Many thousands of applications Changing application behavior Exponential Data Growth Millions of advanced threats 21 2013, Palo Alto Networks. Confidential and Proprietary.
Technology Sprawl and Creep Aren t the Answer More stuff doesn t solve the problem Firewall helpers have limited view of traffic Complex and costly to buy and maintain Doesn t address application control challenges UTM Internet IPS DLP IM AV URL Proxy Enterprise Network 22 2012, Palo Alto Networks. Confidential and Proprietary.
Do you recognize this person? CTO and Founder of Palo Alto Networks 23 2012, Palo Alto Networks. Confidential and Proprietary.
The Answer? Make the Firewall Do Its Job 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify and control users regardless of IP address, location, or device 3. Protect against known and unknown application-borne threats 4. Fine-grained visibility and policy control over application access / functionality 5. Multi-gigabit, low latency, in-line deployment 24 2012, Palo Alto Networks. Confidential and Proprietary.
Powered by our Single-Pass, Parallel Processing (SP3) Architecture Single-pass SW Performs operations once per packet Application identification User/group mapping Content scanning One policy that integrates apps, user and content Support for HA/Redundancy QoS feature to shape traffic based on application Parallel processing hardware Function-specific parallel processing HW engines Separate data plane and control plane Our firewalls are powered by our single-pass, parallel processing architecture which delivers high performance and promotes high availability
PAN-OS Core Firewall Features Visibility and control of applications, users and content complement core firewall features Strong networking foundation VPN Dynamic routing (BGP, OSPF, RIPv2) Tap mode connect to SPAN port Virtual wire ( Layer 1 ) for true transparent in-line deployment L2/L3 switching foundation Policy-based forwarding Site-to-site IPSec VPN SSL VPN QoS traffic shaping Max/guaranteed and priority By user, app, interface, zone, & more Real-time bandwidth monitor 28 2012, Palo Alto Networks. Confidential and Proprietary. Zone-based architecture All interfaces assigned to security zones for policy enforcement High Availability Active/active, active/passive Configuration and session synchronization Path, link, and HA monitoring Virtual Systems Establish multiple virtual firewalls in a single device (PA-5000 and PA-3000 Series) Simple, flexible management CLI, Web, Panorama, SNMP, Syslog VM 100 VM 200 VM 300
Palo Alto Networks NGFW Hardware Platforms Firewall Firewall Throughput PA-7050 120 Gbps 60 Gbps Full Threat Prevention Throughput Ports 6 NPC s - 4 SFP+ (10 Gig) - 8 SFP (1 Gig) - 12 copper gigabit Session Capacity 24,000,000 PA-5060 20 Gbps 10 Gbps PA-5050 10 Gbps 5 Gbps PA-5020 5 Gbps 2 Gbps PA-3050 4 Gbps 2 Gbps PA-3020 2 Gbps 1 Gbps 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit 8 SFP 12 copper gigabit 8 SFP 12 copper gigabit 8 SFP 12 copper gigabit 4,000,000 2,000,000 1,000,000 500,000 250,000 PA-500 250 Mbps 100 Mbps 8 copper gigabit 64,000 PA-200 100 Mbps 50 Mbps 4 copper gigabit 64,000 29 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda The Palo Alto Networks story Today s Threat Landscape The Kill Chain An enterprise security platform Next-generation firewall Next-generation threat cloud Closing
Next Generation Threat Cloud Email SSL encryption Endpoint SMB SMTP 7,000+ All ports FTP Data center All commonly exploited file types users All traffic Web Perimeter WildFire Protections developed with in-line enforcement across the kill-chain Intelligence correlated across: WildFire 17,500 Customers protected Threat Prevention URL Filtering 3 rd party data Malware Exploits Malicious URLs DNS queries Commandand-control Intelligence
WildFire Cloud-based Architecture Scales WildFire Approach WildFire TM WildFire cloud or appliance Easy to manage and operationalize Scalable Cost effective APT Add-on Approach Web Sandbox Hard to manage Doesn t scale Expensive Manual analysis Central manager Email Sandbox File share Sandbox Requires multiple devices at each ingress, egress, and point of segmentation
Page 33 2012 Palo Alto Networks. Proprietary and Confidential.
Introducing Traps The right way to deal with advanced cyber threats Prevent Exploits Including zero-day exploits Prevent Malware Including advanced & unknown malware Collect Attempted-Attack Forensics For further analysis Scalable & Lightweight Must be user-friendly and cover complete enterprise Integrate with Network and Cloud Security For data exchange and crossed-organization protection
Exploit prevention how it works Reported to ESM CPU <0.1% Forensic data is collected Process is terminated Safe! User\admin is notified Document is opened by user Traps seamlessly injected into processes Process is protected as exploit attempt is trapped Traps triggers immediate actions Attack is blocked before any successful malicious activity When an exploitation attempt is made, the exploit hits a trap and fails before any malicious activity is initiated.
Malware prevention how it works File is allowed to execute User tries to open executable file Policy-based Restrictions Applied HASH checked against WildFire Malware technique prevention employed Safe! Reported to ESM
37 2012, Palo Alto Networks. Confidential and Proprietary.