Palo Alto Networks - detect-defend.de PDFs/DD 18 Präsentationen... · 1| © 2017Palo Alto Networks, Inc.Confidential and Proprietary. Palo Alto Networks PDF-Edition forvisitorsofDetect&

1 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Palo Alto Networks

PDF-Edition for visitors of Detect & Defend 2018 at Secure Link Germany for internal use only. Improperuse, including placing on Internet or transfer toadditional third parties is not permitted.


Agenda

• Palo Alto Networks

• Migration Scenarios to product portfolio 2018

• Connection to your cloud provider

• VPN: Global Protect cloud service and decentral collection of Logfiles in Logging Services

• Magnifier Behavioural Analytics: Secondary evaluation of Logfiles in Logging Services

• Upcoming Events


Palo Alto Networks

Founded in 2005; first customer shipment in 2007

More than 48,000 customers in 150+ countries

FY17 $1.8B revenue28% YoY growth that significantly outpaced the industry

Over 85 of the Fortune 100 and 63% of the Global 2000 rely on us

Excellent global support, awarded by J.D. Power and TSIA

Experienced team of more than 4,800 employees


Palo Alto Networks (Germany) GmbH

• Country Office in Munich, Germany

• Team: Sales Representatives, System Engineers, Professional Services, Marketing in HomeOffice

• Partner focused, no direct Sales

• Support via Authorized Support Centers (Direct, Distributors or Partners), Backend-Support via Palo Alto Networks Support Center in Amsterdam

• Account Teams: Territory, Named, Major, Global, Public; Channel, Service Providers


Migration scenariosto product portfolio 2018


New hardware portfolio

PA-200

PA-220

PA-800 SERIES

PA-3000 SERIES

PA-5000 SERIES

PA-5200 SERIES

PA-7000 SERIES

PA-500

NEW

NEW

PA-220R NEW

PA-3200 SERIES


Palo Alto Networks: PA-3200 series

Up to 7x decryption performance increase

Up to 20x decryption session capacity increase

Up to 5x performance increase

Front-to-back cooling

Interface speeds up to 40G for flexible connectivity

PA-3200 Series

PA-32506.3 Gbps App-ID3.0 Gbps threat



PA-3250


Palo Alto Networks: PA-3200 series

• Hot swappable fans, power supplies • Single SSD system drive (240GB) field replaceable• Dedicated HA and management interfaces• 2U, 2 and 4 post rackmount• Front to back airflow

PA-3220

• 5 Gbps App-ID• 2.2 Gbps Threat Prevention• 1,000,000 sessions• (4) 1G/10G SFP/SFP+• (4) 1G SFP• (12) 10/100/1000 copper

PA-3250

• 6.3 Gbps App-ID• 3 Gbps Threat Prevention• 2,000,000 sessions• (8) 1G/10G SFP/SFP+• (12) 10/100/1000 copper

PA-3260

• 8.8 Gbps App-ID• 4.7 Gbps Threat Prevention• 3,000,000 sessions• (4) 40G QSFP+• (8) 1G/10G SFP/SFP+• (12) 10/100/1000 copper


Typical customer environment

• Perimeter security and lots of local routing

• Subscription: Threat Prevention and URL Filtering (incl. fishing links in e-mails)

• Subscription: WildFire Sandbox to prevent 0-day attacks typically requested

• SSL Decryption with reasonable throughput needed

• Full High Availability using a second device typically requested (no further lic. costs)

• Second power supply incl.

• Medium size central office incl. HA


Migration scenarios

• Existing customer• PA-500 -> PA-3200 (upsizing)• PA-800 -> PA-3200 (upsizing)• PA-2000 -> PA-3200 (upsizing)• PA-3000 (+3 years) -> PA-3200 (successor product)• PA-5000 -> PA-3200 (downsizing)

• New customer• Comparable products by market companion


Palo Alto Networks: PA-3200 series specifications• App-ID firewall throughput: 5000/6300/8800 Mbps

• Threat prevention throughput: 2200/3000/4700 Mbps

• IPSec VPN throughput: 3000/3000/4700 Mbps

• Connections per second / max. sessions: 57k/1M / 92k/2M / 135k/3M

• IPv4 forwarding table size: 16000 / 44000 / 44000

• ARP/MAC: 16k / 72k / 72k

• Virtual Router / Virtual Systems: 10 / 1(6)

• Security Policies: 2500 / 5000 / 5000

• Zones: 60

• Full HA, Aggregate Interfaces (8)


Connection to your cloud provider



Private Cloud (NSX, OpenStack, ACI)

Pubic Cloud (AWS, Azure, GCP)

Software as a Service (SaaS)

Expanded data and application locations


Public/Private cloud trends

NFV deployments increasing across the industry – from data center to branch office

Significant public cloud adoption for production workload deployments

Continued expansion in private cloud and virtualization initiatives


Our comprehensive approach

Consistent security across the

organization

Diversity of clouds Cloudscalability

Operational/ orchestration

integration


Microsoft Azure

• App Gateway and Load Balancer integration enables managed scale out and cloud-centric resiliency

AWS

• Integration with Auto Scaling and ELB/ALB allows security to scale dynamically, yet independently of workloads

• Native CloudWatch support

Cloud-centric scalability and resiliency

Microsoft Azure

Resource Group

VNET

Availability Set

Azure Load Balancer

AppGW

External ELB

Internal ELB

AZ1 AZ2


Panorama Driven Workflows for NSX

• Security policy, tag configuration and automated workload quarantine streamlines security workflows

Automate Firewall Deployments

• Dynamically provision virtual firewalls at run-time within OpenStack Config-Drive

Automatic workflows

Advanced Security Policies

API Integration Quarantine

Security GroupsCreation

Traffic Redirection

OpenStackConfig-Drive


Google Cloud PlatformHybrid cloud (IPSec VPN) – Extending the enterprise datacenter into GCP via IPSec VPN. This allows utilization of the full NGFW feature set.

IPSec VPN

Cloud-centric scalability and resiliency


VPN: GlobalProtectcloud service


Security for all networks and users

• Appliances at HQ and branch offices

• GlobalProtect gateways on-premises or in the cloud

• Managed centrally by Panorama


• Provides remote network and mobile user security alternative

• Enables deployment of consistent security from corporate to all locations and users

• Reduces the operational burden associated with consistent security for all locations and users

GlobalProtect cloud service


GlobalProtect cloud service for remote networks

• Protect remote networks with consistent, next generation security policies

• Use Panorama to onboard sites, manage policies, query Logging Service

• Includes all subscriptions (TP, URL, WF) with Autofocus and Aperture as optional add-ons

WWW

IPsecAdd/remove locations, manage policy

Headquarters

WWW

GlobalProtectCloudService

LoggingService


GlobalProtect cloud service for mobile users

IPsec/SSL VPNAdd/remove locations, manage policy

• Delivers coverage to protect mobile users and devices regardless of location

• Automatically scales to handle growth for mobile population

• Centralized policy, management and reporting through Panorama

• Includes all subscriptions (TP, URL, WF) with AutoFocus and Aperture as optional add-ons

Headquarters

WWWWWW

GlobalProtectCloudService

LoggingService


Choosing the approach that best fits your needs

Considerations GlobalProtectcloud service

Deploy & manage security yourself

On-premises On AWS or Azure

Speed of global deployment Hours Days/months Days

Automatically scale based on demand Yes No Auto Scale (AWS)Manual Scale (Azure)

Reduced IT footprint at remote networks Yes No Yes

Predictable OPEX security model Yes No No

Require local segmentation, VWire, VLANs No Yes No

Multiple interfaces on premises No Yes No

Scope of control Partial Full Full

Connection type/speed IPsec VPN/<300M, SD-WAN

Any type/any speed

Any type/any speed

GlobalProtect cloud service: Considerations


Decentral collection of Logfiles in LoggingService


Logging Service

• Designed to collect and store large amounts of our high-value log data from all NGFWs and GlobalProtect cloud service

• Leverages powerful, elastic cloud-based computing to provide visibility and insights on large amounts of data

• A centralized access point for the data of innovative apps in the Palo Alto Networks Application Framework


Logging Service: Customer Benefits

• Provides operational simplicity

• Reduces both work and guesswork from log management

• Improves business agility (new firewalls, acquisitions, new offices, etc.)

• Allows leveraging of the log data to enable innovative security capabilities

• Offers economic model of choice: pay for what you need, when you need it


MagnifierBehavioral Analytics


Successful attacks require multiple steps

Disrupt every step to prevent successful cyberattacks

• Occurs in seconds to minutes• Involves a small number of network actions• Can often be identified by IoCs

• Occurs over days, weeks, or months• Involves a large number of network actions• Can rarely be identified by IoCs

Attack Lifecycle

Data Exfiltration

Lateral Movement

Malware Installation

Vulnerability Exploit

Command and Control


Detection and response must be different

• Attackers must perform thousands of actions to achieve their objective• Each individual action may look innocent

By profiling behavior, organizations can detect the behavioral changes that attackers cannot conceal

Connectivity rate change

Vulnerability Exploit

Malware Installation

Command and Control

Lateral Movement

Data Exfiltration

Repeated access to an unusual site

Unusually large upload


Today’s detection and response doesn’t work

Static RulesManually-defined correlation rules • Hard to develop

and maintain• False positives

Slow InvestigationsRepetitive processes

Manual endpoint forensics

• Days or weeks to block threats

Wrong DataInconsistent logs; mostly violations

Collecting right data requires deploying

sensors and agents

Lack of ScaleNot built for big data Cost-prohibitive to log necessary data

Slow software release cycles


Slow InvestigationsRepetitive processes

Manual endpoint forensics

• Days or weeks to block threats

Static RulesManually-defined correlation rules • Hard to develop

and maintain• False positives

Lack of ScaleNot built for big data Cost-prohibitive to log necessary data

Slow software release cycles

Wrong DataInconsistent logs; mostly violations

Collecting right data requires deploying

sensors and agents

Rich DataComprehensive

network, endpoint and cloud data

collected by existing infrastructure

Cloud Scale& Agility

Cloud elasticity for data storageRapid innovation

Machine Learning

Machine learning to profile behavior and automatically

detect attacks

Rapid ResponseSmall number of actionable alerts

Threat intelligence and endpoint analysisFirewall remediation

What is needed


Magnifier Behavioral Analytics

• Analyze rich network, endpoint and cloud data with machine learning

• Accelerate investigations with endpoint analysis

• Gain scalability, agility and ease of deployment as a cloud-delivered app

CLOUD-DELIVERED SECURITY SERVICES

DATA FROM LOGS & TELEMETRY

NETWORK

MAGNIFIERMACHINE LEARNING

ENDPOINT CLOUD


2 3Investigate attacks fast with

automated endpoint interrogationTake Action by blocking devices

Campus Network Data Center

Endpoint

Cloud Data Center

Pathfinder VM

MAGNIFIER

LOGGING SERVICE

How Magnifier finds and stops attacks

1Detect attacks based on rich

network, endpoint, and cloud data





Endpoint

Cloud Data Center

Pathfinder VM

MAGNIFIER

LOGGING SERVICE








Endpoint

Cloud Data Center

Pathfinder VM

MAGNIFIER

LOGGING SERVICE




Access blocked by firewall


How Magnifier finds internal reconnaissance

• Profiles devices, their types and their availability

• Detects an unusual number of failed connections to nonexistent devices

• Compared to past behavior• Compared to peer behavior

• Shows other alerts for the device, helping conclude it’s a network scanner

By detecting behavioral anomalies rather than simply lots of connections, Magnifier generates fewer false positives


An average of 2420 alerts per day is orders of magnitude more than what security teams can handle

Accurate detection enables an efficient process

Source: Ponemon survey of 700 enterprises with average 14,000 endpoints and 16,937 alerts per week

Industry State

61%of alerts were investigated and not whitelisted

Magnifier’s Technology

A few actionable alerts per day enable the security team to cover the attack surface and effectively respondSource: LightCyber customer telemetry 2016


Palo Alto Networks Platform: open & extensible

PALO ALTO NETWORKS APPS 3RD PARTY PARTNER APPS CUSTOMER APPS

CLOUD-DELIVERED SECURITY SERVICES

APPLICATION FRAMEWORK & LOGGING SERVICE

NETWORK SECURITY ADVANCED ENDPOINT PROTECTION CLOUD SECURITY


Upcoming Events


Upcoming Events

• Palo Alto Networks - Cyber Security Summit Germany: 07. Juni 2018, München, Germany

• Palo Alto Networks - Ignite EMEA 2018: 08.-10. Oct. 2018, Amsterdam, Netherlands

• IT security fair “it-sa 2018”: 09.-11. Oct. 2018, Nürnberg, Germany


Upcoming Events

• https://events.paloaltonetworks.com

• Ultimate Test Drives (remote or onsite with local Partner)

• Germany, Austria, Switzerland:Die Zwei um Zwölf: jeden ersten Freitag im Monat, online Webinar, 60 min.

https://events.paloaltonetworks.com/


Palo Alto Networks - detect-defend.de PDFs/DD 18 Präsentationen... · 1| © 2017Palo Alto Networks, Inc.Confidential and Proprietary. Palo Alto Networks PDF-Edition forvisitorsofDetect&

Documents