PALO ALTO NETWORKS NEXT-GENERATION SECURITY PLATFORM · • Palo Alto Networks is positioned as a Leader in the Gartner Magic Quadrant for enterprise networkfirewalls.* • Palo Alto

PALO ALTO NETWORKSNEXT-GENERATION

SECURITY PLATFORMNovember 2018

Volume of alerts and logs is

overwhelming

Highly manual response lacking

coordination

SECURITY DOESN’T WORK TODAY

Legacy approach to visibility and prevention

2 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.

ANALYTICS

PREVENTING SUCCESSFUL CYBERATTACKS

Visibility

Network Endpoint Cloud



Visibility

Reduce attack surface

AUTOMATION OF ENFORCEMENT

REDUCE MANUAL EFFORT WITH ANALYTICS



Visibility

Prevent known threats






Visibility

Prevent unknown threats

Prevent known threats


NEUTRALIZE UNKNOWN THREATS




REQUIREMENTS FOR THE FUTURE

At the internet edge

Between employees and devices within

the LAN

At the data center edge, and

between VM’s

At the mobile device

Within private, public and

hybrid clouds

DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE ORGANIZATION

Cloud


LEADERSHIP POSITION

• Palo Alto Networks is positioned as a Leader in the Gartner Magic Quadrant for enterprise network firewalls.*

• Palo Alto Networks is highest in execution and a visionary within the Leaders Quadrant.

*Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D’Hoinne, and Rajpreet Kaur, September 2018

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


NEXT-GENERATION FIREWALL


The firewall should regain control of the network

BUT ... applications have changed:• Port≠ Application• IP-adress≠ User• Packages≠ Content

Firewall policies are based on control:• Ports• IP addresses• Protocols


COMPARISON OF APPLICATION DEFINITION FUNCTIONALITY

Palo Alto Networks (App-ID) Traditional approach

Security Policy: Allow DNS Firewall security policy: Allow port 53

DNS DNS

Bittorrent Bittorrent

App BladeFirewall

Application Definition Module Security Policy: Block Bittorrent

CnC≠DNS: CnC over port 53:

Full visibility of traffic on the network, traffic like “unknown” is detected and blocked on the Firewall

AllowCnC = Bittorrent?

O-day CnC O-day CnC

No, allow

The lack of full visibility, the ability to circumvent security policies !!!

Deny


WE CATCH ATTACKS THROUGH SSL


TOP 10 APPLICATIONS DELIVERING UNKNOWN MALWARE (BY THE NUMBER OF SESSIONS)


SINGLE PASS ARCHITECTURE• Separate control plane

and data plane so that management processes do not impact data flow

• Single-pass software uses a stream-based, uniform signature matching engine for content inspection

• No multi-pass scanning

• No use of file proxies


file-sharingURL category

PowerPointfile type

“Confidential and Proprietary”

content

rivanovuser

marketinggroup

canadadestination country

172.16.1.10source IP

64.81.2.23destination IP

TCP/443destination port

SSLprotocol

HTTPprotocol

slideshareapplication

slideshare-uploadingapplication function

DIFFERENCEBETWEEN L4 ANDL7


ADVANCED ENDPOINTPROTECTION


EXPLOITS SUBVERT AUTHORIZED APPLICATIONS

BeginMaliciousActivity

AuthorizedApplication

Heap Spray

ROP

UtilizeOS Functions

Vendor Patches

Download malware Steal critical data Encrypt hard drive Destroy data More…

Bug/Vulnerability

17 | © 2018, Palo Alto Networks. Confidential and Proprietary.

TRAPS BLOCKS EXPLOIT TECHNIQUES

HeapSpray

TrapsEPM

No MaliciousActivity

AuthorizedApplication

18 | © 2018, Palo Alto Networks. Confidential and Proprietary.

CLOUD SECURITY


Private Cloud (NSX, OpenStack)

Public Cloud(AWS, Azure)

Software as a Service(SaaS)

EXPANDED DATA AND APPLICATION LOCATIONS

20 | © 2018 Palo Alto Networks, Inc. Confidential and Proprietary.

OUR PLATFORM APPROACH

REMOTE USERS

SANCTIONED

UNSANCTIONED

TRUSTED USERS

UNTRUSTED USERS

TOLERATED

Monitor and control in-cloud activity with Aperture

Complete visibility and control for on premise activity with PAN-OS Next Generation Firewall

Complete visibility and control for remote users via GlobalProtect

ON-PREM USERS

X


EFFECTIVELY UNDERSTAND SAAS USAGE• ACC improvements

• Easily explore SaaS application activity

• View apps by risk or sanctioned state

• Extensions to existing PAN-OS SaaS reports

• Create targeted reports based on user groups and zones

• Summarize SaaS application usage by group

• Leverage full functionality with Panorama without PAN-OS upgrade


HARDWARE FOR EVOLVING NEEDS


Consistency Cloud Datacenter Enterprise perimeter Distibuted/BYOD Endpoint

Products Aperture™ Traps™

Subscriptions

Threat Prevention

URL Filtering

GlobalProtect™

WildFire™

AutoFocus™

Use cases

Management systems Panorama, M-100 & M-500 appliances, GP-100 appliance

Operating system PAN-OS™

UNIQUE PLATFORM OFFERING

Next-Generation Firewall

Cybersecurity:IDS / IPS / APT Web gateway VPN Mobile security

Physical: PA-200, PA-500, PA-3000 Series, PA-5000 Series, PA-7050, PA-7080

WildFire: WF-500 Virtual: VM-Series for NSX, AWS, and KVM

PA-220PA-800 SeriesPA-5200 Series


PA-7080PA-7080 System PA-7050 System

NGFW Gbps 200 120

NGFW + TP Gbps 100+ 60+

Built-in logging system 2TB RAID1 2TB RAID1

050

100150200250

1 3 5 7 9G

bps

App-IDTP


[email protected]://rts.md

RTSolutions– Palo Alto Networks official partner in Moldova

PALO ALTO NETWORKS NEXT-GENERATION SECURITY PLATFORM · • Palo Alto Networks is positioned as a Leader in the Gartner Magic Quadrant for enterprise networkfirewalls.* • Palo Alto

Documents