© 2014 VMware Inc. All rights reserved.

Palo Alto Networks VM-Series for VMware vCloud® AirTM

Next-Generation Security for Hybrid Clouds

Palo Alto Networks

24-Aug-2015

CONFIDENTIAL 2

vCloud Air Security Requirements

• Cloud environments provide basic security– Security is a shared responsibility between cloud provider and customer

– Port and protocol security is not sufficient

• Cloud environments lack– visibility and control of applications and traffic sources

– protection against known and unknown threats (APTs)

The VM-Series can be deployed to protect the green highlighted use cases

CONFIDENTIAL 3

Securing Applications and Data in vCloud Air• Step 1: Import VM-Series OVF using vCloud Director or OVF Tool

– Deploy the VM-Series behind the Edge Gateway with destination NAT and static routes

• Step 2: VM-Series as the gateway/perimeter firewall

– Protect your public facing deployments in vCloud Air with a next generation firewall

• Step 3: Securely extend the data center into the cloud

– Use the VM-Series to control applications and users accessing the cloud over IPSec

• Step 4: Protect against lateral threats between subnets and app-tiers

– Use the VM-Series to control traffic between vApp subnets in the vDC

CONFIDENTIAL 4

Improving Security in vCloud Air Deployments• Identify and control applications

– Control applications based on their behavior and identity - not the port they use

– Restrict application usage based on user identity - not just IP address

• Prevent known and unknown threats

– Block known exploits, malware and inbound command-and-control communications

– Block known malicious URLs and IP addresses

– Analyze files and email links to detect previously unknown threats; automatically deliver protections globally

• Streamline management and policy updates

– Single management interface can manage both physical and virtual firewalls

• Flexible integration options

– REST-based API enables integration with 3rd party ecosystem of partner solutions

Licensing and Deployment Options

• VM-Series Next-Generation firewall – Same security features as the physical firewalls

– Consistent management interfaces: web UI, CLI, REST API

– Manage both physical and virtual versions centrally with Panorama

• Available through a bring your own license (BYOL) model– VM-Series for ESXi

– All SKU’s: VM-100, -200, -300, -1000-HV

– Subscriptions: Threat Prevention, WildFire, URL Filtering, GlobalProtect

• How to deploy– Import VM-Series into vCloud Air just like any other VM

– Deploy in L3 mode and add license authcode

For Partners: Expand Business Opportunities• Leverage a partnership that is multi-level and now 2 years+ old

– Executive, product management, field sales and marketing

– Proven in the market and in customer deployments

• Improve customer data center security posture

– Visibility and control over applications, not ports

– Micro-segmentation using zero-trust principles

– Prevent known and unknown threats both North-South and East-West

• Engage in long term, business critical projects that bring:

– Significant architecture and design opportunities

– Trusted advisor status and ongoing revenue streams

• Expand your business partnerships and competencies

– Security market is roughly $16B

– The 5 year life time value of our customer base is 10X the initial purchase

Thank You