@PaloAltoNtwks Palo Alto Networks - Next-Generation Security Platform
-
Upload
cxo-community -
Category
Technology
-
view
1.216 -
download
0
Transcript of @PaloAltoNtwks Palo Alto Networks - Next-Generation Security Platform
1 | © 2015, Palo Alto Networks. Confidential and Proprietary.
PALO ALTO NETWORKS
NEXT-GENERATION
SECURITY PLATFORM
PALO ALTO NETWORKS AT-A-GLANCE
2 | © 2015, Palo Alto Networks. Confidential and Proprietary.
CORPORATE HIGHLIGHTS
• Founded in 2005; first customer
shipment in 2007
• Safely enabling applications and
preventing cyber threats
• Able to address all enterprise
cybersecurity needs
• Exceptional ability to support global
customers
• Experienced team of 3,300+ employees
• Q2 FY16: $334.7M revenue
$MM
REVENUES ENTERPRISE CUSTOMERS
$13 $49
$119
$255
$396
$598
$928
$0
$200
$400
$600
$800
$1.000
FY09 FY10 FY11 FY12 FY13 FY14 FY15
4.700
9.000
13,500
19,000
26.000
0
4.000
8.000
12.000
16.000
20.000
24.000
jul-11 jul-12 jul-13 jul-14 jul-15
3 | ©2014, Palo Alto Networks. Confidential and Proprietary.
2015 MAGIC QUADRANT FOR ENTERPRISE NETWORK FIREWALLS
LA SEGURIDAD TRADICIONAL ES LA RESPUESTA?
Enterprise Network
• “Mas Cosas”, resuelven los problemas?
• Los ayudantes del Firewall limitan la visualización del tráfico
• Dificil de Administrar y con Altos Costos de Mantención
• No abordan de manera inteligente el acceso a las aplicaciones
4 | ©2012, Palo Alto Networks. Confidential and Proprietary.
IM DLP IPS Proxy URL AV
UTM/Blades
Internet
DELIVERING THE NEXT-GENERATION SECURITY PLATFORM
5 | © 2015, Palo Alto Networks. Confidential and Proprietary.
A COMPLETE SECURITY ARCHITECTURE
Enterprise network
Public
cloud
Private
Cloud
9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
REQUIREMENTS FOR THE FUTURE
DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE ORGANIZATION
At the internet
edge
Between employees
and devices within
the LAN
At the data center
edge, and
between VM’s
At the mobile
device
Cloud
Within private,
public and hybrid
clouds
6 | © 2015, Palo Alto Networks. Confidential and Proprietary.
LAS APLICACIONES HAN CAMBIADO PERO LA SEGURIDAD
TRADICIONAL NO
8 | ©2012, Palo Alto Networks. Confidential and Proprietary.
*Based on Palo Alto Networks Application Usage and Risk Report
Facebook allowed…what
about the other 299 apps?
Policy Decision #2
App-Control Add-on
Applications
Allow Facebook
Policy Decision #1
Firewall Allow port 80
Open ports to
allow the application
Key Difference Ramifications
Two separate policies • More Work. Two policies, more admin effort • Possible security holes. No policy reconciliation tools
Two separate policy decisions • Weakens the deny-all-else premise. Applications allowed by FW decision
Two separate log databases • Less visibility with more effort. Informed policy decisions require more effort , slows reaction time
No concept of unknown traffic • Increased risk. Unknown is found on every network = low volume, high risk • More work, less flexible. Significant effort to investigate; limited management
Lacking in shared context • More work, less knowledge, slows reaction time. Finding and correlating app, user, content requires significant effort
9 | ©2013 Palo Alto Networks. Confidential and Proprietary.
tcp service
on port 80
CONSECUENCIAS DEL CONTROL DE
APLICACIONES CONVENCIONAL
10 | ©2014, Palo Alto Networks. Confidential and Proprietary.
BENEFICIOS DEL CONTROL DE APLICACIONES EN EL
FIREWALL
Policy Decision
Firewall App-ID
Allow Facebook X Key Difference Benefit
Single firewall policy • Less work, more secure. Administrative effort is reduced; potential reconciliation holes eliminated.
Positive control model • Allow by policy, all else is denied. It’s a firewall.
Single log database • Less work, more visibility. Policy decisions based on complete information.
Systematically manage unknowns • Less work, more secure. Quickly identify high risk traffic and systematically manage it.
Shared context • Less work, more secure. App, content and user are pervasive - visibility, policy control, logging, reporting.
CUAL ES LA RESPUESTA QUE DEBE DAR UN NGFW?
Identificar las aplicaciones independientemente del puerto, protocolo, táctica evasiva o tráfico SSL
Identificar los usuarios en forma independiente de las direcciones IP
Protección en tiempo real contra las amenazas conocidas y desconocidas.
Granularidad, visibilidad y control de políticas sobre el acceso de la aplicación / funcionalidad
Performance asegurado. No degradacion del rendimiento por nuevos modulos.
CUAL ES NUESTRO VALOR QUE MARCA LA DIFERENCIA?
Application Enablement
Palo Alto Networks permite el uso de
aplicaciones en forma segura, ofreciendo
beneficios para el negocio y minimizando el
riesgo asociado a problemas de seguridad.
Application Prevention
Los metodos de seguridad convencionales
fuerzan a las empresas a bloquear todo o
permitir el uso en forma insegura de las
nuevas y modernas aplicaciones.
12 | ©2014, Palo Alto Networks. Confidential and Proprietary.
TECNOLOGIAS + ARQUITECTURA =
TRANSFORMAMOS EL FIREWALL
•App-ID™
•Identify the application
•User-ID™
•Identify the user
•Content-ID™
•Scan the content
•SP3 Architecture
•Single-Pass Parallel Processing
SINGLE-PASS PARALLEL PROCESSING™ (SP3)
ARCHITECTURE Single Pass Parallel Processing
• Una sola vez por paquete
- Traffic classification (app identification)
- User/group mapping
- Content scanning – threats, URLs, confidential data
• Una sola politica
• Hardware especifico para proceso en paralelo
• Bus de data/control en forma separada
Hasta 200Gbps
PROTECCIÓN DE TRÁFICO VERTICAL Y HORIZONTAL
15 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Seguridad en su Datacenter:
Segmentación de red por aplicación y/o servicios, generando niveles de confianza
Inspecciona todo el tráfico entre segmentos de la red (zonas de seguridad)
Administra su tráfico desconocido
Virtualized servers Physical servers
PA-5000 / 7000
Series VM-Series
UNIQUE PLATFORM OFFERING
Cloud Datacenter Enterprise perimeter Distributed/BYOD Endpoint
Next-Generation
Firewall
Cybersecurity:
IDS / IPS / APT Web gateway VPN Mobile security
Panorama, M-100 & M-500 appliances, GP-100 appliance
PAN-OS™
Consistency
Products
Subscriptions
Use cases
Management system
Physical: PA-200, PA-500, PA-3000 Series, PA-5000 Series, PA-7050, PA-7080
WildFire: WF-500
Virtual: VM-Series for NSX, AWS, and KVM
URL Filtering
GlobalProtect™
WildFire™
Threat Prevention
Operating system
Traps™ Aperture™
16 | © 2015, Palo Alto Networks. Confidential and Proprietary.
WHY PALO ALTO NETWORKS?
17 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Prevention
Ze
ro-D
ay
Reduce Risk Policy
Visibility
Remediation
Detection
Endpoint
Data Center
Mobility
BYOD Management
Vulnerability
Resp
on
siv
e
Exploit
Anti-Malware Forensics
Automation
Private Cloud
Public Cloud
Pe
rform
an
ce
Scalability
Platform
Se
gm
en
tatio
n
Applications
Users
Control
Ag
ile
Perimeter
Inte
gra
ted
Support
Web Security
Com
mand-&
-Contro
l
Virtualization
Ecosystem
Context
Correlation
Services
People
Culture
Safe Enablement
Application