@PaloAltoNtwks Palo Alto Networks - Next-Generation Security Platform

1 | © 2015, Palo Alto Networks. Confidential and Proprietary.

PALO ALTO NETWORKS

NEXT-GENERATION

SECURITY PLATFORM

PALO ALTO NETWORKS AT-A-GLANCE


CORPORATE HIGHLIGHTS

• Founded in 2005; first customer

shipment in 2007

• Safely enabling applications and

preventing cyber threats

• Able to address all enterprise

cybersecurity needs

• Exceptional ability to support global

customers

• Experienced team of 3,300+ employees

• Q2 FY16: $334.7M revenue

$MM

REVENUES ENTERPRISE CUSTOMERS

$13 $49

$119

$255

$396

$598

$928

$0

$200

$400

$600

$800

$1.000

FY09 FY10 FY11 FY12 FY13 FY14 FY15

4.700

9.000

13,500

19,000

26.000

0

4.000

8.000

12.000

16.000

20.000

24.000

jul-11 jul-12 jul-13 jul-14 jul-15

3 | ©2014, Palo Alto Networks. Confidential and Proprietary.

2015 MAGIC QUADRANT FOR ENTERPRISE NETWORK FIREWALLS

LA SEGURIDAD TRADICIONAL ES LA RESPUESTA?

Enterprise Network

• “Mas Cosas”, resuelven los problemas?

• Los ayudantes del Firewall limitan la visualización del tráfico

• Dificil de Administrar y con Altos Costos de Mantención

• No abordan de manera inteligente el acceso a las aplicaciones


IM DLP IPS Proxy URL AV

UTM/Blades

Internet

DELIVERING THE NEXT-GENERATION SECURITY PLATFORM


A COMPLETE SECURITY ARCHITECTURE

Enterprise network

Public

cloud

Private

Cloud


REQUIREMENTS FOR THE FUTURE

DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE ORGANIZATION

At the internet

edge

Between employees

and devices within

the LAN

At the data center

edge, and

between VM’s

At the mobile

device

Cloud

Within private,

public and hybrid

clouds


LAS APLICACIONES HAN CAMBIADO PERO LA SEGURIDAD

TRADICIONAL NO


*Based on Palo Alto Networks Application Usage and Risk Report

Facebook allowed…what

about the other 299 apps?

Policy Decision #2

App-Control Add-on

Applications

Allow Facebook

Policy Decision #1

Firewall Allow port 80

Open ports to

allow the application

Key Difference Ramifications

Two separate policies • More Work. Two policies, more admin effort • Possible security holes. No policy reconciliation tools

Two separate policy decisions • Weakens the deny-all-else premise. Applications allowed by FW decision

Two separate log databases • Less visibility with more effort. Informed policy decisions require more effort , slows reaction time

No concept of unknown traffic • Increased risk. Unknown is found on every network = low volume, high risk • More work, less flexible. Significant effort to investigate; limited management

Lacking in shared context • More work, less knowledge, slows reaction time. Finding and correlating app, user, content requires significant effort

9 | ©2013 Palo Alto Networks. Confidential and Proprietary.

tcp service

on port 80

CONSECUENCIAS DEL CONTROL DE

APLICACIONES CONVENCIONAL


BENEFICIOS DEL CONTROL DE APLICACIONES EN EL

FIREWALL

Policy Decision

Firewall App-ID

Allow Facebook X Key Difference Benefit

Single firewall policy • Less work, more secure. Administrative effort is reduced; potential reconciliation holes eliminated.

Positive control model • Allow by policy, all else is denied. It’s a firewall.

Single log database • Less work, more visibility. Policy decisions based on complete information.

Systematically manage unknowns • Less work, more secure. Quickly identify high risk traffic and systematically manage it.

Shared context • Less work, more secure. App, content and user are pervasive - visibility, policy control, logging, reporting.

CUAL ES LA RESPUESTA QUE DEBE DAR UN NGFW?

Identificar las aplicaciones independientemente del puerto, protocolo, táctica evasiva o tráfico SSL

Identificar los usuarios en forma independiente de las direcciones IP

Protección en tiempo real contra las amenazas conocidas y desconocidas.

Granularidad, visibilidad y control de políticas sobre el acceso de la aplicación / funcionalidad

Performance asegurado. No degradacion del rendimiento por nuevos modulos.

CUAL ES NUESTRO VALOR QUE MARCA LA DIFERENCIA?

Application Enablement

Palo Alto Networks permite el uso de

aplicaciones en forma segura, ofreciendo

beneficios para el negocio y minimizando el

riesgo asociado a problemas de seguridad.

Application Prevention

Los metodos de seguridad convencionales

fuerzan a las empresas a bloquear todo o

permitir el uso en forma insegura de las

nuevas y modernas aplicaciones.


TECNOLOGIAS + ARQUITECTURA =

TRANSFORMAMOS EL FIREWALL

•App-ID™

•Identify the application

•User-ID™

•Identify the user

•Content-ID™

•Scan the content

•SP3 Architecture

•Single-Pass Parallel Processing

SINGLE-PASS PARALLEL PROCESSING™ (SP3)

ARCHITECTURE Single Pass Parallel Processing

• Una sola vez por paquete

- Traffic classification (app identification)

- User/group mapping

- Content scanning – threats, URLs, confidential data

• Una sola politica

• Hardware especifico para proceso en paralelo

• Bus de data/control en forma separada

Hasta 200Gbps

PROTECCIÓN DE TRÁFICO VERTICAL Y HORIZONTAL


Seguridad en su Datacenter:

Segmentación de red por aplicación y/o servicios, generando niveles de confianza

Inspecciona todo el tráfico entre segmentos de la red (zonas de seguridad)

Administra su tráfico desconocido

Virtualized servers Physical servers

PA-5000 / 7000

Series VM-Series

UNIQUE PLATFORM OFFERING

Cloud Datacenter Enterprise perimeter Distributed/BYOD Endpoint

Next-Generation

Firewall

Cybersecurity:

IDS / IPS / APT Web gateway VPN Mobile security

Panorama, M-100 & M-500 appliances, GP-100 appliance

PAN-OS™

Consistency

Products

Subscriptions

Use cases

Management system

Physical: PA-200, PA-500, PA-3000 Series, PA-5000 Series, PA-7050, PA-7080

WildFire: WF-500

Virtual: VM-Series for NSX, AWS, and KVM

URL Filtering

GlobalProtect™

WildFire™

Threat Prevention

Operating system

Traps™ Aperture™


WHY PALO ALTO NETWORKS?


Prevention

Ze

ro-D

ay

Reduce Risk Policy

Visibility

Remediation

Detection

Endpoint

Data Center

Mobility

BYOD Management

Vulnerability

Resp

on

siv

e

Exploit

Anti-Malware Forensics

Automation

Private Cloud

Public Cloud

Pe

rform

an

ce

Scalability

Platform

Se

gm

en

tatio

n

Applications

Users

Control

Ag

ile

Perimeter

Inte

gra

ted

Support

Web Security

Com

mand-&

-Contro

l

Virtualization

Ecosystem

Context

Correlation

Services

People

Culture

Safe Enablement

Application

@PaloAltoNtwks Palo Alto Networks - Next-Generation Security Platform

Technology

Transcript of @PaloAltoNtwks Palo Alto Networks - Next-Generation Security Platform