Palo Alto Networks Product Overview Data Connectors March 7, 2013

Palo Alto Networks Product Overview

Data Connectors

March 7, 2013

Palo Alto Networks at a Glance

Corporate highlights

Founded in 2005; first customer shipment in 2007

Safely enabling applications

Able to address all network security needs

Exceptional ability to support global customers

Experienced technology and management team

850+ employees globally0

2,000

4,000

6,000

8,000

10,000

12,000

1,800

4,700

10,000

Jul-10 Jul-11

FY09 FY10 FY11 FY12$0

$50

$100

$150

$200

$250

$300

$13

$49

$255

$119

Revenue

Enterprise customers

$MM

FYE July

Nov-12

3 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Applications Have Changed, Firewalls Haven’t


Network security policy is enforced at the firewall• Sees all traffic• Defines boundary• Enables accessTraditional firewalls don’t work any more

Applications: Threat Vector and a Target


Threats target applications• Used as a delivery mechanism • Application specific exploits

Applications: Payload Delivery/Command & Control

Applications provide exfiltration• Confidential data• Threat communication


Encrypted Applications: Unseen by Firewalls

What happens traffic is encrypted?• SSL• Proprietary encryption


Technology Sprawl and Creep Aren’t the Answer

Enterprise Network

• “More stuff” doesn’t solve the problem

• Firewall “helpers” have limited view of traffic

• Complex and costly to buy and maintain

• Doesn’t address applications


IMDLPIPS ProxyURLAV

UTM

Internet

The Answer? Make the Firewall Do Its Job

1. Identify applications regardless of port, protocol, evasive tactic or SSL

2. Identify and control users regardless of IP address, location, or device

3. Protect against known and unknown application-borne threats

4. Fine-grained visibility and policy control over application access / functionality

5. Multi-gigabit, low latency, in-line deployment


Why Visibility & Control Must Be In The Firewall

Port PolicyDecision

App Ctrl PolicyDecision

Application Control as an Add-on• Port-based FW + App Ctrl (IPS) = two policies • Applications are threats; only block what you

expressly look for

Implications • Network access decision is made with no

information• Cannot safely enable applications

IPS

Applications

FirewallPortTraffic

Firewall IPS

App Ctrl PolicyDecision

Scan Applicationfor Threats

Applications

ApplicationTraffic

NGFW Application Control • Application control is in the firewall = single policy• Visibility across all ports, for all traffic, all the time

Implications • Network access decision is made based on

application identity • Safely enable application usage


Making the Firewall a Business Enablement Tool

Applications: Enablement begins with application classification by App-ID.

Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect.

Content: Scanning content and protecting against all threats, both known and unknown, with Content-ID and WildFire.


WildFire Architecture

• 10 Gbps Threat Prevention and file scanning

• All traffic, all ports• Web, email, FTP and

SMB

• Running in the cloud lets the malware do things that you wouldn’t allow in your network.

• Updates to sandbox logic without impacting the customer

• Stream-based malware engine to perform true inline enforcement


Single Pass Platform Architecture


PAN-OS Core Firewall Features

Strong networking foundation Dynamic routing (BGP, OSPF, RIPv2) Tap mode – connect to SPAN port Virtual wire (“Layer 1”) for true

transparent in-line deployment L2/L3 switching foundation Policy-based forwarding

VPN Site-to-site IPSec VPN Remote Access (SSL) VPN

QoS traffic shaping Max/guaranteed and priority By user, app, interface, zone, & more Real-time bandwidth monitor

Zone-based architecture All interfaces assigned to security

zones for policy enforcement

High Availability Active/active, active/passive Configuration and session

synchronization Path, link, and HA monitoring

Virtual Systems Establish multiple virtual firewalls in a

single device (PA-5000, PA-4000, PA-3000, and PA-2000 Series)

Simple, flexible management CLI, Web, Panorama, SNMP, Syslog


Visibility and control of applications, users and content complement core firewall features

Next-Generation Firewall Virtualized Platforms


Specifications

Model Sessions Rules Security Zones

Address Objects

IPSec VPN Tunnels

SSL VPN Tunnels

VM-100 50,000 250 10 2,500 25 25

VM-200 100,000 2,000 20 4,000 500 200

VM-300 250,000 5,000 40 10,000 2,000 500

Supported on VMware ESX/ESXi 4.0 or later

Minimum of 2 CPU cores, 4GB RAM, 40GB HD, 2 interfaces

Supports active/passive HA without state synchronization. Does not support 802.3ad, virtual systems, jumbo frames

Performance

Cores Allocated Firewall (App-ID) Threat Prevention VPN Sessions per Second

2 Core 500 Mbps 200 Mbps 100 Mbps 8,000

4 Core 1 Gbps 600 Mbps 250 Mbps 8,000

8 Core 1 Gbps 1 Gbps 400 Mbps 8,000

Enterprise-wide Next-Generation Firewall Security

Per

imeter

•App visibility and control in the firewall•All apps, all ports, all the time

•Prevent threats•Known threats•Unknown/targeted malware

•Simplify security infrastructure

Data Ce

nter

•Network segmentation•Based on application and user, not port/IP

•Simple, flexible network security•Integration into all DC designs•Highly available, high performance

•Prevent threats

Distributed

Enterprise

•Consistent network security everywhere•HQ/branch offices/remote and mobile users

•Logical perimeter•Policy follows applications and users, not physical location

•Centrally managed


Addresses Three Key Business Problems

Safely Enable Applications Identify more than 1,500 applications, regardless of port, protocol, encryption, or

evasive tactic Fine-grained control over applications/application functions (allow, deny, limit, scan,

shape) Addresses the key deficiencies of legacy firewall infrastructure Systematic management of unknown applications

Prevent Threats Stop a variety of known threats – exploits (by vulnerability), viruses, spyware Detect and stop unknown threats with WildFire Stop leaks of confidential data (e.g., credit card #, social security #, file/type) Enforce acceptable use policies on users for general web site browsing

Simplify Security Infrastructure Put the firewall at the center of the network security infrastructure Reduce complexity in architecture and operations


Many Third Parties Reach Same Conclusion

Gartner Enterprise Network Firewall Magic Quadrant Palo Alto Networks leading the market

Forrester IPS Market Overview Strong IPS solution; demonstrates effective

consolidation

NetworkWorld Test Most stringent NGFW test to date; validated sustained

performance

NSS Tests IPS: Palo Alto Networks NGFW tested against

competitors’ standalone IPS devices; NSS Recommended

Firewall: Traditional port-based firewall test; Palo Alto Networks most efficient by a wide margin; NSS Recommended

NGFW: Palo Alto Networks provides the best combination of protection, performance, and value; NSS Recommended (1 of only 3 NGFW recommended)


2013 Gartner Magic Quadrant for Enterprise Network Firewalls


“Palo Alto Networks continues to both drive competitors to react in the firewall market and to move the overall firewall market forward. It is assessed as a Leader, mostly because of its NGFW design, direction of the market along the NGFW path, consistent displacement of competitors, rapidly increasing revenue and market share, and market disruption that forces competitors in all quadrants to react.”

Gartner, February 2013

Thank You

Page 20 | © 2010 Palo Alto Networks. Proprietary and Confidential.

Documents

Palo Alto Networks Product Overview Data Connectors March 7, 2013