Upload
carter-wheelhouse
View
220
Download
0
Embed Size (px)
Citation preview
Palo Alto Networks Product Overview
Data Connectors
March 7, 2013
Palo Alto Networks at a Glance
Corporate highlights
Founded in 2005; first customer shipment in 2007
Safely enabling applications
Able to address all network security needs
Exceptional ability to support global customers
Experienced technology and management team
850+ employees globally0
2,000
4,000
6,000
8,000
10,000
12,000
1,800
4,700
10,000
Jul-10 Jul-11
FY09 FY10 FY11 FY12$0
$50
$100
$150
$200
$250
$300
$13
$49
$255
$119
Revenue
Enterprise customers
$MM
FYE July
Nov-12
3 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Applications Have Changed, Firewalls Haven’t
4 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Network security policy is enforced at the firewall• Sees all traffic• Defines boundary• Enables accessTraditional firewalls don’t work any more
Applications: Threat Vector and a Target
5 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Threats target applications• Used as a delivery mechanism • Application specific exploits
Applications: Payload Delivery/Command & Control
Applications provide exfiltration• Confidential data• Threat communication
6 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Encrypted Applications: Unseen by Firewalls
What happens traffic is encrypted?• SSL• Proprietary encryption
7 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Technology Sprawl and Creep Aren’t the Answer
Enterprise Network
• “More stuff” doesn’t solve the problem
• Firewall “helpers” have limited view of traffic
• Complex and costly to buy and maintain
• Doesn’t address applications
8 | ©2012, Palo Alto Networks. Confidential and Proprietary.
IMDLPIPS ProxyURLAV
UTM
Internet
The Answer? Make the Firewall Do Its Job
1. Identify applications regardless of port, protocol, evasive tactic or SSL
2. Identify and control users regardless of IP address, location, or device
3. Protect against known and unknown application-borne threats
4. Fine-grained visibility and policy control over application access / functionality
5. Multi-gigabit, low latency, in-line deployment
9 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Why Visibility & Control Must Be In The Firewall
Port PolicyDecision
App Ctrl PolicyDecision
Application Control as an Add-on• Port-based FW + App Ctrl (IPS) = two policies • Applications are threats; only block what you
expressly look for
Implications • Network access decision is made with no
information• Cannot safely enable applications
IPS
Applications
FirewallPortTraffic
Firewall IPS
App Ctrl PolicyDecision
Scan Applicationfor Threats
Applications
ApplicationTraffic
NGFW Application Control • Application control is in the firewall = single policy• Visibility across all ports, for all traffic, all the time
Implications • Network access decision is made based on
application identity • Safely enable application usage
10 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Making the Firewall a Business Enablement Tool
Applications: Enablement begins with application classification by App-ID.
Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect.
Content: Scanning content and protecting against all threats, both known and unknown, with Content-ID and WildFire.
11 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Architecture
• 10 Gbps Threat Prevention and file scanning
• All traffic, all ports• Web, email, FTP and
SMB
• Running in the cloud lets the malware do things that you wouldn’t allow in your network.
• Updates to sandbox logic without impacting the customer
• Stream-based malware engine to perform true inline enforcement
12 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Single Pass Platform Architecture
13 | ©2012, Palo Alto Networks. Confidential and Proprietary.
PAN-OS Core Firewall Features
Strong networking foundation Dynamic routing (BGP, OSPF, RIPv2) Tap mode – connect to SPAN port Virtual wire (“Layer 1”) for true
transparent in-line deployment L2/L3 switching foundation Policy-based forwarding
VPN Site-to-site IPSec VPN Remote Access (SSL) VPN
QoS traffic shaping Max/guaranteed and priority By user, app, interface, zone, & more Real-time bandwidth monitor
Zone-based architecture All interfaces assigned to security
zones for policy enforcement
High Availability Active/active, active/passive Configuration and session
synchronization Path, link, and HA monitoring
Virtual Systems Establish multiple virtual firewalls in a
single device (PA-5000, PA-4000, PA-3000, and PA-2000 Series)
Simple, flexible management CLI, Web, Panorama, SNMP, Syslog
14 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Visibility and control of applications, users and content complement core firewall features
Next-Generation Firewall Virtualized Platforms
15 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Specifications
Model Sessions Rules Security Zones
Address Objects
IPSec VPN Tunnels
SSL VPN Tunnels
VM-100 50,000 250 10 2,500 25 25
VM-200 100,000 2,000 20 4,000 500 200
VM-300 250,000 5,000 40 10,000 2,000 500
Supported on VMware ESX/ESXi 4.0 or later
Minimum of 2 CPU cores, 4GB RAM, 40GB HD, 2 interfaces
Supports active/passive HA without state synchronization. Does not support 802.3ad, virtual systems, jumbo frames
Performance
Cores Allocated Firewall (App-ID) Threat Prevention VPN Sessions per Second
2 Core 500 Mbps 200 Mbps 100 Mbps 8,000
4 Core 1 Gbps 600 Mbps 250 Mbps 8,000
8 Core 1 Gbps 1 Gbps 400 Mbps 8,000
Enterprise-wide Next-Generation Firewall Security
Per
imeter
•App visibility and control in the firewall•All apps, all ports, all the time
•Prevent threats•Known threats•Unknown/targeted malware
•Simplify security infrastructure
Data Ce
nter
•Network segmentation•Based on application and user, not port/IP
•Simple, flexible network security•Integration into all DC designs•Highly available, high performance
•Prevent threats
Distributed
Enterprise
•Consistent network security everywhere•HQ/branch offices/remote and mobile users
•Logical perimeter•Policy follows applications and users, not physical location
•Centrally managed
16 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Addresses Three Key Business Problems
Safely Enable Applications Identify more than 1,500 applications, regardless of port, protocol, encryption, or
evasive tactic Fine-grained control over applications/application functions (allow, deny, limit, scan,
shape) Addresses the key deficiencies of legacy firewall infrastructure Systematic management of unknown applications
Prevent Threats Stop a variety of known threats – exploits (by vulnerability), viruses, spyware Detect and stop unknown threats with WildFire Stop leaks of confidential data (e.g., credit card #, social security #, file/type) Enforce acceptable use policies on users for general web site browsing
Simplify Security Infrastructure Put the firewall at the center of the network security infrastructure Reduce complexity in architecture and operations
17 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Many Third Parties Reach Same Conclusion
Gartner Enterprise Network Firewall Magic Quadrant Palo Alto Networks leading the market
Forrester IPS Market Overview Strong IPS solution; demonstrates effective
consolidation
NetworkWorld Test Most stringent NGFW test to date; validated sustained
performance
NSS Tests IPS: Palo Alto Networks NGFW tested against
competitors’ standalone IPS devices; NSS Recommended
Firewall: Traditional port-based firewall test; Palo Alto Networks most efficient by a wide margin; NSS Recommended
NGFW: Palo Alto Networks provides the best combination of protection, performance, and value; NSS Recommended (1 of only 3 NGFW recommended)
18 | ©2012, Palo Alto Networks. Confidential and Proprietary.
2013 Gartner Magic Quadrant for Enterprise Network Firewalls
19 | ©2013, Palo Alto Networks. Confidential and Proprietary.
“Palo Alto Networks continues to both drive competitors to react in the firewall market and to move the overall firewall market forward. It is assessed as a Leader, mostly because of its NGFW design, direction of the market along the NGFW path, consistent displacement of competitors, rapidly increasing revenue and market share, and market disruption that forces competitors in all quadrants to react.”
Gartner, February 2013
Thank You
Page 20 | © 2010 Palo Alto Networks. Proprietary and Confidential.