Critical application visibility and control with Palo Alto Networks Zion Ezra InnoCom LTD Zion Ezra VP Security InnoCom LTD
Select InnoCom Vendors NETWORK SECURITY Next Generation Firewall Next Generation Cyber Attacks Cloud based Web Security HIGH SPEED NETWORKING WAN Optimization Giga Load Balancers 802.11n WLAN EMAIL & MOBILE SECURITY Email Security Smart Phones & Tablet Security
About Palo Alto Networks Palo Alto Networks is the Network Security Company World-class team with strong security and networking experience - Founded in 2005, first customer July 2007, top-tier investors Builds next-generation firewalls that identify / control 1,300+ applications - Restores the firewall as the core of enterprise network security infrastructure - Innovations: App-ID, User-ID, Content-ID Global momentum: 5,300+ customers - August 2011: Annual bookings run rate is over US$200 million*, cash-flow positive last five consecutive quarters A few of the many enterprises that have deployed more than $1M Page 3 2011 Palo Alto Networks. Proprietary and Confidential. (*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable orders received during the fiscal period. Palo Alto Networks fiscal year runs from August 1st until July 31st.
ability to execute 2010 Magic Quadrant for Enterprise Network Firewalls Cisco Juniper Networks McAfee Fortinet Check Point Software Technologies Stonesoft WatchGuard NETASQ 3Com/H3C SonicWALL phion Astaro Palo Alto Networks Source: Gartner niche players visionaries completeness of vision As of March 2010 Page 4 2011 Palo Alto Networks. Proprietary and Confidential.
2011 Magic Quadrant for Enterprise Network Firewalls Source: Gartner Page 5 2011 Palo Alto Networks. Proprietary and Confidential.
Gartner: Palo Alto Networks is a Leader Enterprises need next-generation firewalls - In 2010 and 2011, Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms that provide the capability to detect and block sophisticated attacks, as well as enforce granular security policy at the application (versus port and protocol) level. - As enterprises increase the use of Web-based applications with more complex connections within applications, more complex data centers and more data being presented to customers firewalls have had to keep up with features and performance to meet these changing needs. - Less than 5% of Internet connections today are secured using NGFWs. By year-end 2014, this will rise to 35% of the installed base, with 60% of new purchases being NGFWs. Gartner notes: - Palo Alto Networks' high-performance NGFW functionality continues to drive competitors to react in the firewall market. It is assessed as a Leader mostly because of its NGFW design, redirection of the market along the NGFW path, consistent displacement of Leaders and Challengers, and market disruption forcing Leaders to react. Page 6 2011 Palo Alto Networks. Proprietary and Confidential.
About the Founder 2005-today Founder and CTO at Palo Alto Networks - Next Generation Firewall 2002-2005 CTO at NetScreen/Juniper 2000-2002 Founder and CTO at OneSecure - World s first Network IPS 1994-1999 Principal Engineer at Check Point Software
Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government Media / Entertainment / Retail Service Providers / Services Mfg / High Tech / Energy Education Page 9 2009 Palo Alto Networks. Proprietary and Confidential
InnoCom Customers - Palo Alto Networks Government Hi Tech נתיב משרד ראש הממשלה Health & Finance Media & Communication Industry & Retail Service Providers
11 The Modern Threats & attacks
Known Attacks
The 5 Steps for Smart Attacks bait exploit download back channel steal protection is needed at all stages
Applications Carry Risk Applications can be threats P2P file sharing, tunneling applications, anonymizers, media/video Applications carry threats Qualys Top 20 Vulnerabilities majority result in applicationlevel threats Applications & application-level threats result in major breaches RSA, Comodo, FBI Page 14 2011 Palo Alto Networks. Proprietary and Confidential.
exploits come in thru many applications
Application Control Efforts are Failing Palo Alto Networks Application Usage & Risk Report highlights actual behavior of 900,000 users across more than 60 organizations - Applications are built for accessibility - Tools that enable users to circumvent security are common - File sharing usage P2P and browser-based is rampant - Controls are failing All had Firewalls, many had IPS, proxies, & URL filtering Applications carry risks: business continuity, data loss, compliance, productivity, and operations costs Page 16 2009 Palo Alto Networks. Proprietary and Confidential.
Enterprise 2.0 Applications and Risks Widespread Palo Alto Networks latest Application Usage & Risk Report highlights actual behavior of 1M+ users in 1253 organizations - More enterprise 2.0 application use for personal and business reasons. - Tunneling and port hopping are common - Bottom line: all had firewalls, most had IPS, proxies, & URL filtering but none of these organizations could control what applications ran on their networks Page 17 2011 Palo Alto Networks. Proprietary and Confidential.
Users Will Find A Way Remote Access RDP 80% - 27 variants found 95% of the time SSH telnet LogM ein 53% 62% 76% Team View er 42% External Proxies - 22 variants found 76% of the time CGIProxy PHProxy CoralCDN FreeGate 15% 30% 30% 27% Glype Proxy 14% Encrypted Tunnels - Non-VPN related found 30% of the time Source: Palo Alto Networks Application Usage and Risk Report, Spring 2010 Tor 15% Ham achi 13% UltraSurf 9% Gbridge 3% Gpass 3% 00% 20% 40% 60% 80%
From The news Page 20 2008 Palo Alto Networks. Proprietary and Confidential.
Why Visibility & Control Must Be In The Firewall Application Control as an Add-on Traffic Firewall Port IPS Port-based FW + App Ctrl (IPS) = two policies Applications are threats; only block what you expressly look for Port Policy Decision Applications App Ctrl Policy Decision Implications Network access decision is made with no information Cannot safely enable applications NGFW Application Control Application control is in the firewall = single policy Visibility across all ports, for all traffic, all the time Implications Network access decision is made based on application identity Safely enable application usage Traffic Firewall Applications App Ctrl Policy Decision Application IPS Scan Application for Threats Page 21 2011 Palo Alto Networks. Proprietary and Confidential.
HTTP: Universal Application Protocol HTTP is 64% of enterprise bandwidth Most HTTP traffic is client/server (54%) proxies cannot deal with it Browser-based applications are 46% - some work with proxies and some don t Web browsing is 23% All HTTP Applications Browser-based Applications Web Browsing Page 22 2008 Palo Alto Networks. Proprietary and Confidential.
Application Control vs. Blocking Blocking applications, even if possible, is not the answer Yes, there are harmful applications that need to be blocked Many Web 2.0 applications are useful - Enhancing productivity - Giving competitive advantage to the business It s all about visibility and control - Who is using what? - Control and secure modern applications - Control features use
Palo Alto Palo Alto Next Generation FW Page 24 2008 Palo Alto Networks. Proprietary and Confidential.
Palo Alto Networks Next-Generation Security Device New Requirements for Security Device 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Granular visibility and policy control over application access / functionality 4. Protect in real-time against threats embedded across applications 5. Multi-gigabit, in-line deployment with no performance degradation Page 25 2008 Palo Alto Networks. Proprietary and Confidential.
Palo Alto Networks Exceeds NGFW Requirements In Defining the Next-Generation Firewall, Gartner describes what Palo Alto Networks already delivers Application Awareness and Full Stack Visibility App-ID Identifies and controls 1300+ applications Integrated Rather Than Co-Located IPS Content-ID includes full IPS, without compromising performance Extra-Firewall Intelligence to Identify Users User-ID brings AD users and groups into firewall policy Standard First-Generation Firewall Capabilities Packet filtering, state, flexible NAT, IPSec, SSL VPNs, etc. Support bump in the wire Deployments Gartner s Recommendations Move to next-generation firewalls at the next refresh opportunity whether for firewall, IPS, or the combination of the two. Page 26 2009 Palo Alto Networks. Proprietary and Confidential.
Unique Technologies Transform the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content Page 28 2008 Palo Alto Networks. Proprietary and Confidential.
App-ID: Comprehensive Application Visibility Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories Balanced mix of business, internet and networking applications and networking protocols ~ 5-10 new applications added weekly Page 29 2008 Palo Alto Networks. Proprietary and Confidential.
User-ID: Enterprise Directory Integration Users no longer defined solely by IP address - Leverage existing Active Directory infrastructure without complex agent rollout - Identify Citrix users and tie policies to user and group, not just the IP address Understand user application and threat behavior based on actual AD username, not just IP Manage and enforce policy based on user and/or AD group Investigate security incidents, generate custom reports Page 30 2009 Palo Alto Networks. Proprietary and Confidential.
Content-ID: Real-Time Content Scanning Detect and block a wide range of threats, limit unauthorized data transfer and control non-work related web surfing Stream-based, not file-based, for real-time performance - Uniform signature engine scans for broad range of threats in single pass - Vulnerability exploits (IPS), viruses, and spyware (both downloads and phone-home) Block transfer of sensitive data and file transfers by type - Looks for CC # and SSN patterns - Looks into file to determine type not extension based Web filtering enabled via fully integrated URL database - Local 20M URL database (76 categories) maximizes performance (1,000 s URLs/sec) - Dynamic DB adapts to local, regional, or industry focused surfing patterns Page 31 2009 Palo Alto Networks. Proprietary and Confidential.
NSS Labs, the world s largest security and performance testing lab, have recently completed in-depth IPS testing of the Palo Alto Networks next-gen firewall. Our solution was tested against 1,179 live exploits in what was the industry's most comprehensive IPS test to date. The results were crystal clear and provided the hard proof of what our nextgeneration firewalls can really do. Key results include: The highest IPS block rate in recent history (93.4%) 100% resistance to IPS evasion techniques Simple IPS configuration and tuning Provided all the above while exceeding the datasheet performance metrics by 115% Page 32 2008 Palo Alto Networks. Proprietary and Confidential.
Palo Alto Networks: IPS, Protection + Performance Strong threat prevention - NSS: 93.4% block rate, 100% resistance to evasion, 115% of rated performance - The only IPS that catches threats on non-standard ports - Scan inbound and outbound SSL (decrypt) and compressed traffic - Assure only authorized applications are using network resources - Allow SSH,RDP but only for authorized staff Page 33 2011 Palo Alto Networks. Proprietary and Confidential.
Single-Pass Parallel Processing (SP3) Architecture Single Pass Operations once per packet - Traffic classification (app identification) - User/group mapping - Content scanning threats, URLs, confidential data One policy Parallel Processing Function-specific hardware engines Separate data/control planes Up to 10Gbps, Low Latency Page 34 2009 Palo Alto Networks. Proprietary and Confidential.
PA-5000 Series Architecture Highly available mgmt High speed logging and route update Dual solid-state drives Quad-core CPU Control Plane 80 Gbps switch fabric interconnect 20 Gbps QoS engine QoS RAM RAM SSD SSD Switch Fabric Switch Fabric Signature Match HW Engine Stream-based uniform sig. match Vulnerability exploits (IPS), virus, spyware, CC#, SSN, and more 40+ processors 30+ GB of RAM 10Gbps Separate high speed data and CPU 1 control planes CPU 2 Security Processors High density parallel processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) 20Gbps Data Plane 10Gbps... CPU RAM CPU CPU... CPU RAM CPU CPU... 12 RAM 1 2 12 RAM 1 2 Flow control Signature Match De- De- SSL 20 IPSec Gbps SSL IPSec Compress. firewall throughput Compress. Route, ARP, MAC lookup RAM RAM RAM RAM 10 Gbps threat prevention throughput 4 Million concurrent sessions NAT SSL Signature Match IPSec CPU 12 RAM RAM RAM RAM RAM RAM De- Compress. Network Processor 20 Gbps front-end network processing Hardware accelerated per-packet route lookup, MAC lookup and NAT Page 35 2011 Palo Alto Networks. Proprietary and Confidential.
Traditional Multi-Pass Architectures are Slow IPS Policy AV Policy URL Filtering Policy IPS Signatures AV Signatures Firewall Policy HTTP Decoder IPS Decoder AV Decoder & Proxy Port/Protocol-based ID Port/Protocol-based ID Port/Protocol-based ID Port/Protocol-based ID L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting Page 36 2009 Palo Alto Networks. Proprietary and Confidential.
Powerful Policy-Based Control Browse more than 1300 applications based on name, category, technology or characteristic Immediately translate results into positive enforcement model firewall rules Policy enforcement by end-user / group identities from Active Directory or IP address Page 37 2008 Palo Alto Networks. Proprietary and Confidential.
Palo Alto Palo Alto Network Sniffer Page 38 2008 Palo Alto Networks. Proprietary and Confidential.
Visibility into Applications, Users & Content Filter on Skype User hzielinski Remove Skype to expand view of hzielinski Page 39 2008 Palo Alto Networks. Proprietary and Confidential.
Palo Alto Palo Alto Rich reports Page 40 2008 Palo Alto Networks. Proprietary and Confidential.
Demo (offline) Traffic Log Page 41 2008 Palo Alto Networks. Proprietary and Confidential.
Enables Executive Visibility Page 42 2008 Palo Alto Networks. Proprietary and Confidential.
PAN-OS Features Visibility and control of applications, users and content are complemented by core firewall features Strong networking foundation - Dynamic routing (OSPF, RIPv2) - Site-to-site IPSec VPN - SSL VPN for remote access - Tap mode connect to SPAN port - Virtual wire ( Layer 1 ) for true transparent in-line deployment - L2/L3 switching foundation QoS traffic shaping - Max/guaranteed and priority - By user, app, interface, zone, and more Zone-based architecture - All interfaces assigned to security zones for policy enforcement High Availability - Active / Active - Configuration and session synchronization - Path, link, and HA monitoring Virtual Systems - Establish multiple virtual firewalls in a single device (PA-4000 Series only) Simple, flexible management - CLI, Web, Panorama, SNMP, Syslog PA-4060 PA-4050 PA-4020 PA-2050 PA-2020 PA-500 Page 43 2009 Palo Alto Networks. Proprietary and Confidential.
Enterprise Device and Policy Management Intuitive and flexible management - CLI, Web, Panorama, SNMP, Syslog - Role-based administration enables delegation of tasks to appropriate person Panorama central management application - Shared policies enable consistent application control policies - Consolidated management, logging, and monitoring of Palo Alto Networks devices - Consistent web interface between Panorama and device UI - Network-wide ACC/monitoring views, log collection, and reporting All interfaces work on current configuration, avoiding sync issues Page 44 2009 Palo Alto Networks. Proprietary and Confidential.
NGFW for mobile devices
Today: Quality of Security Tied to Location botnets Enterprise Network Security Security Based on Best-Practices Full-Featured NGFW and Threat Prevention No Network Security Security Based on Best-Effort Exposed to threats, risky app usage and more Page 46 2011 Palo Alto Networks. Proprietary and Confidential.
Introducing GlobalProtect Users never go off-network regardless of location All firewalls work together to provide cloud of network security How it works: - Small agent determines network location (on or off the enterprise network) - If off-network, the agent automatically connects the laptop to the nearest firewall via SSL VPN - Agent submits host information profile (patch level, asset type, disk encryption, and more) to the gateway - Gateway enforces security policy using App-ID, User-ID, Content-ID AND host information profile Page 48 2011 Palo Alto Networks. Proprietary and Confidential.
Zero Day Attacks Protection
a sandbox at the core
Flexible Deployment Options Transparent In-Line Firewall Replacement Ultimate segmentation Datacenter 1 Datacenter 2 Segment C Segment A Segment B IPS with app visibility & control Consolidation of IPS & URL filtering Firewall replacement with app visibility & control Firewall + IPS Firewall + IPS + URL filtering Controls applications & users for datacenter resource access IPS with app visibility & content control
Palo Alto Networks: IPS Protection + Performance Strong threat prevention - NSS: 93.4% block rate, 100% resistance to evasion, 115% of rated performance - The only IPS that catches threats on non-standard ports - Scan inbound and outbound SSL (decrypt) and compressed traffic - Assure only authorized applications are using network resources - Allow SSH,RDP but only for authorized staff Page 53 2011 Palo Alto Networks. Proprietary and Confidential.
Palo Alto Networks Next-Gen Firewalls PA-5060 20 Gbps FW/10 Gbps threat prevention/4,000,000 sessions 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit PA-5050 10 Gbps FW/5 Gbps threat prevention/2,000,000 sessions 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit PA-5020 5 Gbps FW/2 Gbps threat prevention/1,000,000 sessions 8 SFP, 12 copper gigabit PA-4060 10 Gbps FW/5 Gbps threat prevention/2,000,000 sessions 4 XFP (10 Gig), 4 SFP (1 Gig) PA-4050 10 Gbps FW/5 Gbps threat prevention/2,000,000 sessions 8 SFP, 16 copper gigabit PA-4020 2 Gbps FW/2 Gbps threat prevention/500,000 sessions 8 SFP, 16 copper gigabit PA-2050 1 Gbps FW/500 Mbps threat prevention/250,000 sessions 4 SFP, 16 copper gigabit PA-2020 500 Mbps FW/200 Mbps threat prevention/125,000 sessions 2 SFP, 12 copper gigabit PA-500 250 Mbps FW/100 Mbps threat prevention/50,000 sessions 8 copper gigabit Page 54 2011 Palo Alto Networks. Proprietary and Confidential
the innovative approach
extend security to all network traffic
Thank You Zion Ezra VP Sales
POC and AVR Report Page 60 2008 Palo Alto Networks. Proprietary and Confidential.
AVR Report Page 61 2008 Palo Alto Networks. Proprietary and Confidential.
AVR Report Page 62 2008 Palo Alto Networks. Proprietary and Confidential.
UTM Is Still Sprawl Just Slower Internet Doesn t solve the problem Firewall helper functions have limited view of traffic Turning on functions kills performance Page 63 2009 Palo Alto Networks. Proprietary and Confidential.
Traditional Multi-Pass Architectures are Slow IPS Policy AV Policy URL Filtering Policy IPS Signatures AV Signatures Firewall Policy HTTP Decoder IPS Decoder AV Decoder & Proxy Port/Protocol-based ID Port/Protocol-based ID Port/Protocol-based ID Port/Protocol-based ID L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting L2/L3 Networking, HA, Config Management, Reporting Page 64 2009 Palo Alto Networks. Proprietary and Confidential.
Applications Have Changed Firewalls Have Not The gateway at the trust border is the right place to enforce policy control SaaS Collaboration / Media Personal - Sees all traffic - Defines trust boundary BUT Applications Have Changed - Ports Applications - IP Addresses Users - Packets Content Need to Restore Visibility and Control in the Firewall Page 65 2008 Palo Alto Networks. Proprietary and Confidential.
exploit protection many months pass between black-hat discovery, white hat discovery, and protection being available
need to protect all applications
a sandbox at the core
needs user-based access control
needs high-speed IPS and AV
need to perform across all applications
need to block the unknown
conclusion: advanced-malware protection belongs in a next generation firewall
DEMO https://ca2demo.paloaltonetworks.com/esp/login.esp
INSANITY doing the same thing over and over again and expecting different results
block applications and users
the innovative approach
extend security to all network traffic
20 Gpbs Firewall, 10 Gbps Threat Prevention
Highly available mgmt High speed logging and route update Dual hard drives Signature Match HW Engine Stream-based uniform sig. match Vulnerability exploits (IPS), virus, spyware, CC#, SSN, and more Signature Match RAM RAM RAM Signature Match RAM RAM RAM RAM 10Gbps RAM 10Gbps RAM Quad-core CPU RAM HDD HDD CPU 1 CPU 2... CPU RAM CPU CPU... CPU RAM CPU CPU... 12 RAM 1 2 12 RAM 1 2 CPU 12 RAM RAM Control Plane SSL IPSec De- Compress. SSL IPSec De- Compress. SSL IPSec De- Compress. 20Gbps 80 Gbps switch fabric interconnect 20 Gbps QoS engine QoS Switch Fabric Switch Fabric Security Processors High density parallel processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Flow control Route, ARP, MAC lookup Data Plane NAT Network Processor 20 Gbps front-end network processing Hardware accelerated per-packet route lookup, MAC lookup and NAT
NGFW for mobile devices
Source: Gartner (March 2010) As of March 2010
RPC SMS SQL SharePoint NetBIOS SMB Data Center Network Security in Transition Port 80 Port 139 Port 135 Port 137 Port 443 Today s network security is based on outdated assumptions Ports Applications IP addresses Users *Plus random high ports Threats > Exploits Applications employ dynamic, random, and heavily-used ports - fundamentally breaking port-based network security Need to Restore Application Visibility & Control in the Firewall Page 87 2011 Palo Alto Networks. Proprietary and Confidential
Palo Alto Networks: Protection + Performance Strong threat prevention - NSS: 93.4% block rate, 100% resistance to evasion, 115% of rated performance - The only IPS that catches threats on non-standard ports - Scan inbound and outbound SSL (decrypt) and compressed traffic - Assure only authorized applications are using network resources - Allow SSH,RDP but only for authorized staff Page 88 2011 Palo Alto Networks. Proprietary and Confidential.
NGFW: Networking Power and Flexibility Page 89 2011 Palo Alto Networks. Proprietary and Confidential.
PA-5000 Series Models and Specifications PA-5060 20 Gbps FW 10 Gbps threat prevention 4 Gbps IPSec VPN 20,000 SSL VPN Users 4,000,000 sessions Up to 225 VSYS (4) SFP+ (10 Gig) I/O (8) SFP (1 Gig) I/O (12) 10/100/1000 PA-5050 10 Gbps FW 5 Gbps threat prevention 4 Gbps IPSec VPN 10,000 SSL VPN Users 2,000,000 sessions Up to 125 VSYS (4) SFP+ (10 Gig) I/O (8) SFP (1 Gig) I/O (12) 10/100/1000 PA-5020 5 Gbps FW 2 Gbps threat prevention 2 Gbps IPSec VPN 5,000 SSL VPN Users 1,000,000 sessions Up to 20 VSYS (8) SFP (1 Gig) I/O (12) 10/100/1000 Hot swappable fans, power supplies Dual, solid state hard drives Dedicated HA and management interfaces 2U standard rack mount form factor Page 90 2011 Palo Alto Networks. Proprietary and Confidential.
NGFWs Eliminate Data Center Compromise Prevent Threats - Stop a wide range of threats, on all allowed traffic - Proven quality (NSS tested and Recommended ) - Security by policy, not hardwired into deployment Comply and Compartmentalize - Save time and cost to compliance with network segmentation - Segment by user, group, and application Simplify with Flexible Network Security Infrastructure - With up to 20Gbps of firewall throughput, and integrated high-performance threat prevention - With simpler, easier deployments - With reduced network security rack space requirements, lower TCO (power, HVAC, subscriptions, maintenance) Page 91 2011 Palo Alto Networks. Proprietary and Confidential.
GlobalProtect Page 92 2011 2007 Palo Alto Networks. Proprietary and Confidential.
Today: Quality of Security Tied to Location botnets Enterprise Network Security Security Based on Best-Practices Full-Featured NGFW and Threat Prevention No Network Security Security Based on Best-Effort Exposed to threats, risky app usage and more Page 93 2011 Palo Alto Networks. Proprietary and Confidential.
Existing Solutions Fall Short Higher Costs, More Work for Lower Security Inconsistent policy and protections when outside vs. inside the network Lack of visibility into applications, users and content fails to control modern apps and threats Expensive to purchase, duplicates operational and management overhead Software on the PC Each security app perform a specific function Limited focus and functionality, heavy performance load on PC Examples: antivirus, host firewall, USB port control, DLP, etc. Cloud-Based Services Client forces web traffic to cloud-based proxy for scanning and policy enforcement Supports limited number of apps and protocols, weak threat prevention Examples: ScanSafe, Purewire, etc Traditional VPN Agent tunnels traffic back to corporate gateway Same poor security, only slower Examples: AnyConnect, Juniper Pulse Page 94 2011 Palo Alto Networks. Proprietary and Confidential.
Introducing GlobalProtect Users never go off-network regardless of location All firewalls work together to provide cloud of network security How it works: - Small agent determines network location (on or off the enterprise network) - If off-network, the agent automatically connects the laptop to the nearest firewall via SSL VPN - Agent submits host information profile (patch level, asset type, disk encryption, and more) to the gateway - Gateway enforces security policy using App-ID, User-ID, Content-ID AND host information profile Page 95 2011 Palo Alto Networks. Proprietary and Confidential.
A Modern Architecture for Enterprise Security malware botnets exploits Establishes a logical perimeter that is not bound to physical limitations Users receive the same depth and quality of protection both inside and out Security work performed by purpose-built firewalls, not end-user laptops Unified visibility, compliance and reporting Page 96 2011 Palo Alto Networks. Proprietary and Confidential.
Regain Visibility and Control / Save Money IT can t manage risk with traditional security infrastructure - Users do what they want - Port hopping, tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls - Leads to increased risks for the business Palo Alto Networks defines next-generation firewall with unique identification technologies - App-ID: identify applications regardless of port, protocol, or SSL encryption - User-ID: integrated with enterprise directory - Content-ID: threats, URLs, data - High performance architecture: high throughput, low latency Easy enterprise integration and consolidation saves money - Flexible deployment options for seamless integration - Consolidation of functionality into firewall simplifies and saves money Page 112 2007 2008 Palo Alto Networks. Proprietary and Confidential