Top Banner
Zion Ezra InnoCom LTD Critical application visibility and control with Palo Alto Networks Zion Ezra VP Security InnoCom LTD
93

Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Jul 14, 2018

Download

Documents

HoàngTử
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Zion Ezra

InnoCom LTD

Critical application visibility and control

with Palo Alto Networks

Zion Ezra

VP Security

InnoCom LTD

NETWORK SECURITY

Select InnoCom Vendors

bullWAN Optimization

HIGH SPEED NETWORKING

bullGiga Load Balancers bull80211n WLAN

EMAIL amp MOBILE SECURITY

bullNext Generation Firewall bullCloud ndashbased Web Security bullNext Generation Cyber Attacks

bullSmart Phones amp Tablet Security bullEmail Security

About Palo Alto Networks

bull Palo Alto Networks is the Network Security Company

bull World-class team with strong security and networking experience

- Founded in 2005 first customer July 2007 top-tier investors

bull Builds next-generation firewalls that identify control 1300+ applications

- Restores the firewall as the core of enterprise network security infrastructure

- Innovations App-IDtrade User-IDtrade Content-IDtrade

bull Global momentum 5300+ customers

- August 2011 Annual bookings run rate is over US$200 million cash-flow positive last five consecutive quarters

() Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter Bookings are defined as non-cancellable

orders received during the fiscal period Palo Alto Networksrsquo fiscal year runs from August 1st until July 31st

bullA few of the many enterprises that have deployed more than $1M

copy 2011 Palo Alto Networks Proprietary and Confidential Page 3 |

2010 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 4 |

Palo Alto Networks

Check Point Software Technologies

Juniper Networks

Cisco

Fortinet

McAfee

Stonesoft

SonicWALL

WatchGuard

NETASQ Astaro phion

3ComH3C

completeness of vision

visionaries

ab

ilit

y t

o e

xe

cu

te

As of March 2010 niche players

Source Gartner

2011 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 5 |

Source Gartner

Gartner Palo Alto Networks is a Leader

bull Enterprises need next-generation firewalls

- In 2010 and 2011 Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms that provide the capability to detect and block sophisticated attacks as well as enforce granular security policy at the application (versus port and protocol) level

- As enterprises increase the use of Web-based applications mdash with more complex connections within applications more complex data centers and more data being presented to customers mdash firewalls have had to keep up with features and performance to meet these changing needs

- Less than 5 of Internet connections today are secured using NGFWs By year-end 2014 this will rise to 35 of the installed base with 60 of new purchases being NGFWs

bull Gartner notes

- ldquoPalo Alto Networks high-performance NGFW functionality continues to drive competitors to react in the firewall market It is assessed as a Leader mostly because of its NGFW design redirection of the market along the NGFW path consistent displacement of Leaders and Challengers and market disruption forcing Leaders to reactrdquo

copy 2011 Palo Alto Networks Proprietary and Confidential Page 6 |

About the Founder

bull 2005-today Founder and CTO at

Palo Alto Networks

- Next Generation Firewall

bull 2002-2005 CTO at NetScreenJuniper

bull 2000-2002 Founder and CTO at OneSecure

- Worldrsquos first Network IPS

bull 1994-1999 Principal Engineer at Check Point Software

copy 2009 Palo Alto Networks Proprietary and Confidential Page 9 |

Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government

Mfg High Tech Energy Education Service Providers Services

Media Entertainment Retail

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 2: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

NETWORK SECURITY

Select InnoCom Vendors

bullWAN Optimization

HIGH SPEED NETWORKING

bullGiga Load Balancers bull80211n WLAN

EMAIL amp MOBILE SECURITY

bullNext Generation Firewall bullCloud ndashbased Web Security bullNext Generation Cyber Attacks

bullSmart Phones amp Tablet Security bullEmail Security

About Palo Alto Networks

bull Palo Alto Networks is the Network Security Company

bull World-class team with strong security and networking experience

- Founded in 2005 first customer July 2007 top-tier investors

bull Builds next-generation firewalls that identify control 1300+ applications

- Restores the firewall as the core of enterprise network security infrastructure

- Innovations App-IDtrade User-IDtrade Content-IDtrade

bull Global momentum 5300+ customers

- August 2011 Annual bookings run rate is over US$200 million cash-flow positive last five consecutive quarters

() Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter Bookings are defined as non-cancellable

orders received during the fiscal period Palo Alto Networksrsquo fiscal year runs from August 1st until July 31st

bullA few of the many enterprises that have deployed more than $1M

copy 2011 Palo Alto Networks Proprietary and Confidential Page 3 |

2010 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 4 |

Palo Alto Networks

Check Point Software Technologies

Juniper Networks

Cisco

Fortinet

McAfee

Stonesoft

SonicWALL

WatchGuard

NETASQ Astaro phion

3ComH3C

completeness of vision

visionaries

ab

ilit

y t

o e

xe

cu

te

As of March 2010 niche players

Source Gartner

2011 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 5 |

Source Gartner

Gartner Palo Alto Networks is a Leader

bull Enterprises need next-generation firewalls

- In 2010 and 2011 Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms that provide the capability to detect and block sophisticated attacks as well as enforce granular security policy at the application (versus port and protocol) level

- As enterprises increase the use of Web-based applications mdash with more complex connections within applications more complex data centers and more data being presented to customers mdash firewalls have had to keep up with features and performance to meet these changing needs

- Less than 5 of Internet connections today are secured using NGFWs By year-end 2014 this will rise to 35 of the installed base with 60 of new purchases being NGFWs

bull Gartner notes

- ldquoPalo Alto Networks high-performance NGFW functionality continues to drive competitors to react in the firewall market It is assessed as a Leader mostly because of its NGFW design redirection of the market along the NGFW path consistent displacement of Leaders and Challengers and market disruption forcing Leaders to reactrdquo

copy 2011 Palo Alto Networks Proprietary and Confidential Page 6 |

About the Founder

bull 2005-today Founder and CTO at

Palo Alto Networks

- Next Generation Firewall

bull 2002-2005 CTO at NetScreenJuniper

bull 2000-2002 Founder and CTO at OneSecure

- Worldrsquos first Network IPS

bull 1994-1999 Principal Engineer at Check Point Software

copy 2009 Palo Alto Networks Proprietary and Confidential Page 9 |

Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government

Mfg High Tech Energy Education Service Providers Services

Media Entertainment Retail

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 3: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

About Palo Alto Networks

bull Palo Alto Networks is the Network Security Company

bull World-class team with strong security and networking experience

- Founded in 2005 first customer July 2007 top-tier investors

bull Builds next-generation firewalls that identify control 1300+ applications

- Restores the firewall as the core of enterprise network security infrastructure

- Innovations App-IDtrade User-IDtrade Content-IDtrade

bull Global momentum 5300+ customers

- August 2011 Annual bookings run rate is over US$200 million cash-flow positive last five consecutive quarters

() Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter Bookings are defined as non-cancellable

orders received during the fiscal period Palo Alto Networksrsquo fiscal year runs from August 1st until July 31st

bullA few of the many enterprises that have deployed more than $1M

copy 2011 Palo Alto Networks Proprietary and Confidential Page 3 |

2010 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 4 |

Palo Alto Networks

Check Point Software Technologies

Juniper Networks

Cisco

Fortinet

McAfee

Stonesoft

SonicWALL

WatchGuard

NETASQ Astaro phion

3ComH3C

completeness of vision

visionaries

ab

ilit

y t

o e

xe

cu

te

As of March 2010 niche players

Source Gartner

2011 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 5 |

Source Gartner

Gartner Palo Alto Networks is a Leader

bull Enterprises need next-generation firewalls

- In 2010 and 2011 Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms that provide the capability to detect and block sophisticated attacks as well as enforce granular security policy at the application (versus port and protocol) level

- As enterprises increase the use of Web-based applications mdash with more complex connections within applications more complex data centers and more data being presented to customers mdash firewalls have had to keep up with features and performance to meet these changing needs

- Less than 5 of Internet connections today are secured using NGFWs By year-end 2014 this will rise to 35 of the installed base with 60 of new purchases being NGFWs

bull Gartner notes

- ldquoPalo Alto Networks high-performance NGFW functionality continues to drive competitors to react in the firewall market It is assessed as a Leader mostly because of its NGFW design redirection of the market along the NGFW path consistent displacement of Leaders and Challengers and market disruption forcing Leaders to reactrdquo

copy 2011 Palo Alto Networks Proprietary and Confidential Page 6 |

About the Founder

bull 2005-today Founder and CTO at

Palo Alto Networks

- Next Generation Firewall

bull 2002-2005 CTO at NetScreenJuniper

bull 2000-2002 Founder and CTO at OneSecure

- Worldrsquos first Network IPS

bull 1994-1999 Principal Engineer at Check Point Software

copy 2009 Palo Alto Networks Proprietary and Confidential Page 9 |

Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government

Mfg High Tech Energy Education Service Providers Services

Media Entertainment Retail

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 4: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

2010 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 4 |

Palo Alto Networks

Check Point Software Technologies

Juniper Networks

Cisco

Fortinet

McAfee

Stonesoft

SonicWALL

WatchGuard

NETASQ Astaro phion

3ComH3C

completeness of vision

visionaries

ab

ilit

y t

o e

xe

cu

te

As of March 2010 niche players

Source Gartner

2011 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 5 |

Source Gartner

Gartner Palo Alto Networks is a Leader

bull Enterprises need next-generation firewalls

- In 2010 and 2011 Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms that provide the capability to detect and block sophisticated attacks as well as enforce granular security policy at the application (versus port and protocol) level

- As enterprises increase the use of Web-based applications mdash with more complex connections within applications more complex data centers and more data being presented to customers mdash firewalls have had to keep up with features and performance to meet these changing needs

- Less than 5 of Internet connections today are secured using NGFWs By year-end 2014 this will rise to 35 of the installed base with 60 of new purchases being NGFWs

bull Gartner notes

- ldquoPalo Alto Networks high-performance NGFW functionality continues to drive competitors to react in the firewall market It is assessed as a Leader mostly because of its NGFW design redirection of the market along the NGFW path consistent displacement of Leaders and Challengers and market disruption forcing Leaders to reactrdquo

copy 2011 Palo Alto Networks Proprietary and Confidential Page 6 |

About the Founder

bull 2005-today Founder and CTO at

Palo Alto Networks

- Next Generation Firewall

bull 2002-2005 CTO at NetScreenJuniper

bull 2000-2002 Founder and CTO at OneSecure

- Worldrsquos first Network IPS

bull 1994-1999 Principal Engineer at Check Point Software

copy 2009 Palo Alto Networks Proprietary and Confidential Page 9 |

Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government

Mfg High Tech Energy Education Service Providers Services

Media Entertainment Retail

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 5: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

2011 Magic Quadrant for Enterprise Network Firewalls

copy 2011 Palo Alto Networks Proprietary and Confidential Page 5 |

Source Gartner

Gartner Palo Alto Networks is a Leader

bull Enterprises need next-generation firewalls

- In 2010 and 2011 Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms that provide the capability to detect and block sophisticated attacks as well as enforce granular security policy at the application (versus port and protocol) level

- As enterprises increase the use of Web-based applications mdash with more complex connections within applications more complex data centers and more data being presented to customers mdash firewalls have had to keep up with features and performance to meet these changing needs

- Less than 5 of Internet connections today are secured using NGFWs By year-end 2014 this will rise to 35 of the installed base with 60 of new purchases being NGFWs

bull Gartner notes

- ldquoPalo Alto Networks high-performance NGFW functionality continues to drive competitors to react in the firewall market It is assessed as a Leader mostly because of its NGFW design redirection of the market along the NGFW path consistent displacement of Leaders and Challengers and market disruption forcing Leaders to reactrdquo

copy 2011 Palo Alto Networks Proprietary and Confidential Page 6 |

About the Founder

bull 2005-today Founder and CTO at

Palo Alto Networks

- Next Generation Firewall

bull 2002-2005 CTO at NetScreenJuniper

bull 2000-2002 Founder and CTO at OneSecure

- Worldrsquos first Network IPS

bull 1994-1999 Principal Engineer at Check Point Software

copy 2009 Palo Alto Networks Proprietary and Confidential Page 9 |

Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government

Mfg High Tech Energy Education Service Providers Services

Media Entertainment Retail

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 6: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Gartner Palo Alto Networks is a Leader

bull Enterprises need next-generation firewalls

- In 2010 and 2011 Gartner saw market pressures accelerate the demand and available offerings for next-generation firewall (NGFW) platforms that provide the capability to detect and block sophisticated attacks as well as enforce granular security policy at the application (versus port and protocol) level

- As enterprises increase the use of Web-based applications mdash with more complex connections within applications more complex data centers and more data being presented to customers mdash firewalls have had to keep up with features and performance to meet these changing needs

- Less than 5 of Internet connections today are secured using NGFWs By year-end 2014 this will rise to 35 of the installed base with 60 of new purchases being NGFWs

bull Gartner notes

- ldquoPalo Alto Networks high-performance NGFW functionality continues to drive competitors to react in the firewall market It is assessed as a Leader mostly because of its NGFW design redirection of the market along the NGFW path consistent displacement of Leaders and Challengers and market disruption forcing Leaders to reactrdquo

copy 2011 Palo Alto Networks Proprietary and Confidential Page 6 |

About the Founder

bull 2005-today Founder and CTO at

Palo Alto Networks

- Next Generation Firewall

bull 2002-2005 CTO at NetScreenJuniper

bull 2000-2002 Founder and CTO at OneSecure

- Worldrsquos first Network IPS

bull 1994-1999 Principal Engineer at Check Point Software

copy 2009 Palo Alto Networks Proprietary and Confidential Page 9 |

Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government

Mfg High Tech Energy Education Service Providers Services

Media Entertainment Retail

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 7: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

About the Founder

bull 2005-today Founder and CTO at

Palo Alto Networks

- Next Generation Firewall

bull 2002-2005 CTO at NetScreenJuniper

bull 2000-2002 Founder and CTO at OneSecure

- Worldrsquos first Network IPS

bull 1994-1999 Principal Engineer at Check Point Software

copy 2009 Palo Alto Networks Proprietary and Confidential Page 9 |

Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government

Mfg High Tech Energy Education Service Providers Services

Media Entertainment Retail

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 8: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 9 |

Leading Organizations Trust Palo Alto Networks Health Care Financial Services Government

Mfg High Tech Energy Education Service Providers Services

Media Entertainment Retail

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 9: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Health amp Finance

Service Providers

Industry amp

Retail Media amp

Communication

Government Hi Tech

InnoCom Customers - Palo Alto Networks

משרד ndashנתיב

ראש הממשלה

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 10: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

The Modern Threats amp attacks

11

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 11: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Known Attacks

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 12: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

bait exploit download back

channel steal

The 5 Steps for Smart Attacks

protection is needed at all stages

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 13: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Applications Carry Risk

copy 2011 Palo Alto Networks Proprietary and Confidential Page 14 |

Applications can be ldquothreatsrdquo

bull P2P file sharing tunneling applications anonymizers

mediavideo

Applications carry threats

bull Qualys Top 20 Vulnerabilities ndash majority result in application-

level threats

Applications amp application-level threats result in major breaches ndash RSA Comodo FBI

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 14: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

exploits come in thru many applications

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 15: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 | copy 2009 Palo Alto Networks Proprietary and Confidential Page 16 |

Application Control Efforts are Failing bull Palo Alto Networksrsquo Application Usage amp Risk Report highlights actual behavior of

900000 users across more than 60 organizations

- Applications are built for accessibility

- Tools that enable users to circumvent security are common

- File sharing usage ndash P2P and browser-based ndash is rampant

- Controls are failing ndash All had Firewalls many had IPS proxies amp URL filtering

Applications carry risks business continuity data loss compliance productivity and operations costs

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 16: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Enterprise 20 Applications and Risks Widespread

copy 2011 Palo Alto Networks Proprietary and Confidential Page 17 |

Palo Alto Networksrsquo latest Application Usage amp Risk Report highlights actual behavior of 1M+ users in 1253 organizations

- More enterprise 20 application use for personal and business reasons

- Tunneling and port hopping are common

- Bottom line all had firewalls most had IPS proxies amp URL filtering ndash but none of these organizations could control what applications ran on their networks

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 17: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

3

3

9

13

15

14

15

27

30

30

42

53

62

76

80

00 20 40 60 80

RDP

SSH

telnet

LogM eIn

Team Viewer

CGIProxy

PHProxy

CoralCDN

FreeGate

Glype Proxy

Tor

Ham achi

UltraSurf

Gbridge

Gpass

bull Remote Access

- 27 variants found 95 of the time

bull External Proxies

- 22 variants found 76 of the time

bull Encrypted Tunnels

- Non-VPN related ndash found 30 of the time

Users Will Find A Wayhellip

Source Palo Alto Networks Application Usage and Risk Report

Spring 2010

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 18: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 20 |

From The news

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 19: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Why Visibility amp Control Must Be In The Firewall

copy 2011 Palo Alto Networks Proprietary and Confidential Page 21 |

bullPort Policy Decision

bullApp Ctrl Policy Decision

Application Control as an Add-on

bull Port-based FW + App Ctrl (IPS) = two policies

bull Applications are threats only block what you expressly look for

Implications

bull Network access decision is made with no information

bull Cannot safely enable applications

IPS

Applications

Firewall

Port Traffic

Firewall IPS

bullApp Ctrl Policy Decision

bullScan Application for Threats

Applications

Application Traffic

NGFW Application Control

bull Application control is in the firewall = single policy

bull Visibility across all ports for all traffic all the time

Implications

bull Network access decision is made based on application identity

bull Safely enable application usage

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 20: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 22 |

HTTP Universal Application Protocol

bull HTTP is 64 of enterprise bandwidth

bull Most HTTP traffic is clientserver (54) ndash proxies cannot deal with it

bull Browser-based applications are 46 - some work with proxies and some donrsquot

bull Web browsing is 23

All HTTP Applications

Web Browsing

Browser-based Applications

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 21: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Application Control vs Blocking

bull Blocking applications even if possible is not the answer

bull Yes there are harmful applications that need to be blocked

bull Many ldquoWeb 20rdquo applications are useful

- Enhancing productivity

- Giving competitive advantage to the business

bull Itrsquos all about visibility and control

- Who is using what

- Control and secure modern applications

- Control features use

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 22: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Palo Alto

Palo Alto ndash Next Generation FW

copy 2008 Palo Alto Networks Proprietary and Confidential Page 24 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 23: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 25 |

New Requirements for Security Device

1 Identify applications regardless of port protocol evasive tactic or SSL

2 Identify users regardless of IP address

3 Granular visibility and policy control over application access functionality

4 Protect in real-time against threats embedded across applications

5 Multi-gigabit in-line deployment with no performance degradation

Palo Alto Networks Next-Generation Security Device

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 24: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 26 |

Palo Alto Networks Exceeds NGFW Requirements

Application Awareness and Full Stack Visibility

App-ID Identifies and controls 1300+ applications

Integrated Rather Than Co-Located IPS

Content-ID includes full IPS without compromising performance

Extra-Firewall Intelligence to Identify Users

User-ID brings AD users and groups into firewall policy

Standard First-Generation Firewall Capabilities

Packet filtering state flexible NAT IPSec SSL VPNs etc

Support ldquobump in the wirerdquo Deployments

In ldquoDefining the Next-Generation Firewallrdquo

Gartner describes what Palo Alto Networks already delivers

Gartnerrsquos Recommendations

Move to next-generation firewalls at the next refresh

opportunity ndash whether for firewall IPS or the

combination of the two

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 25: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 28 |

Unique Technologies Transform the Firewall

App-ID

Identify the application

User-ID

Identify the user

Content-ID

Scan the content

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 26: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 29 |

App-ID Comprehensive Application Visibility

bull Policy-based control more than 1200+ applications distributed across five categories and 25 sub-categories

bull Balanced mix of business internet and networking applications and networking protocols

bull ~ 5 - 10 new applications added weekly

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 27: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 30 |

User-ID Enterprise Directory Integration

bull Users no longer defined solely by IP address

- Leverage existing Active Directory infrastructure without complex agent rollout

- Identify Citrix users and tie policies to user and group not just the IP address

bull Understand user application and threat behavior based on actual AD username not just IP

bull Manage and enforce policy based on user andor AD group

bull Investigate security incidents generate custom reports

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 28: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 31 |

Content-ID Real-Time Content Scanning

bull Stream-based not file-based for real-time performance

- Uniform signature engine scans for broad range of threats in single pass

- Vulnerability exploits (IPS) viruses and spyware (both downloads and phone-home)

bull Block transfer of sensitive data and file transfers by type

- Looks for CC and SSN patterns

- Looks into file to determine type ndash not extension based

bull Web filtering enabled via fully integrated URL database

- Local 20M URL database (76 categories) maximizes performance (1000rsquos URLssec)

- Dynamic DB adapts to local regional or industry focused surfing patterns

Detect and block a wide range of threats limit unauthorized data transfer and control non-work related web surfing

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 29: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 32 |

bullNSS Labs the worldrsquos largest security and performance testing lab have recently

completed in-depth IPS testing of the Palo Alto Networksrsquo next-gen firewall Our solution

was tested against 1179 live exploits in what was the industrys most comprehensive IPS

test to date The results were crystal clear and provided the hard proof of what our next-

generation firewalls can really do Key results include

bullbull The highest IPS block rate in recent history (934)

bull 100 resistance to IPS evasion techniques

bull Simple IPS configuration and tuning

bull Provided all the above while exceeding the datasheet performance metrics by 115

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 30: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 33 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 31: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 34 |

Single-Pass Parallel Processing (SP3) Architecture

Single Pass

bull Operations once per packet

- Traffic classification (app identification)

- Usergroup mapping

- Content scanning ndash threats URLs confidential data

bull One policy

Parallel Processing

bull Function-specific hardware engines

bull Separate datacontrol planes

Up to 10Gbps Low Latency

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 32: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2011 Palo Alto Networks Proprietary and Confidential

PA-5000 Series Architecture

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual solid-state drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow

control

Route ARP MAC

lookup

NAT Switch

Fabric

Signature Match

Signature Match

SSL IPSec De-

Compress SSL IPSec

De-Compress

SSL IPSec De-

Compress

Quad-core

CPU CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

CPU

12

CPU

1

CPU

2

RAM

RAM

SSD

SSD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

bull 40+ processors

bull 30+ GB of RAM

bull Separate high speed data and control planes

bull 20 Gbps firewall throughput

bull 10 Gbps threat prevention throughput

bull 4 Million concurrent sessions

Page 35 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 33: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 36 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 34: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 37 |

Powerful Policy-Based Control

bull Browse more than 1300 applications based on name category technology or characteristic

bull Immediately translate results into positive enforcement model firewall rules

bull Policy enforcement by end-user group identities from Active Directory or IP address

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 35: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Palo Alto

Palo Alto ndash Network Sniffer

copy 2008 Palo Alto Networks Proprietary and Confidential Page 38 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 36: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 39 |

Visibility into Applications Users amp Content

User hzielinski Filter on Skype

Remove Skype to expand view of hzielinski

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 37: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Palo Alto

Palo Alto ndash Rich reports

copy 2008 Palo Alto Networks Proprietary and Confidential Page 40 |

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 38: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 41 |

Demo (offline) ndash Traffic Log

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 39: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 42 |

Enables Executive Visibility

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 40: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 43 |

PAN-OS Features

bull Strong networking foundation

- Dynamic routing (OSPF RIPv2)

- Site-to-site IPSec VPN

- SSL VPN for remote access

- Tap mode ndash connect to SPAN port

- Virtual wire (ldquoLayer 1rdquo) for true transparent in-line deployment

- L2L3 switching foundation

bull QoS traffic shaping - Maxguaranteed and priority

- By user app interface zone and more

bull Zone-based architecture

- All interfaces assigned to security zones for policy enforcement

bull High Availability

- Active Active

- Configuration and session synchronization

- Path link and HA monitoring

bull Virtual Systems

- Establish multiple virtual firewalls in a single device (PA-4000 Series only)

bull Simple flexible management

- CLI Web Panorama SNMP Syslog

Visibility and control of applications users and content are complemented by core firewall features

PA-500

PA-2020

PA-2050

PA-4020

PA-4050

PA-4060

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 41: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 44 |

Enterprise Device and Policy Management

bull Intuitive and flexible management

- CLI Web Panorama SNMP Syslog

- Role-based administration enables delegation of tasks to appropriate person

bull Panorama central management application

- Shared policies enable consistent application control policies

- Consolidated management logging and monitoring of Palo Alto Networks devices

- Consistent web interface between Panorama and device UI

- Network-wide ACCmonitoring views log collection and reporting

bull All interfaces work on current configuration avoiding sync issues

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 42: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

NGFW for mobile devices

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 43: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 46 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 44: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 48 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 45: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Zero Day Attacks Protection

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 46: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

a sandbox at the core

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 47: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Flexible Deployment Options

Transparent In-Line Firewall Replacement

bull IPS with app visibility amp control

bull Consolidation of IPS amp URL filtering

bull Firewall replacement with app visibility amp control

bull Firewall + IPS

bull Firewall + IPS + URL filtering

Ultimate segmentation

Datacenter 1 Datacenter 2

bull Controls applications amp users for datacenter resource access

bull IPS with app visibility amp content control

Segment A Segment B

Segment C

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 48: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Palo Alto Networks IPS Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 53 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 49: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2011 Palo Alto Networks Proprietary and Confidential Page 54 |

Palo Alto Networks Next-Gen Firewalls

PA-4050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 8 SFP 16 copper gigabit

PA-4020 bull 2 Gbps FW2 Gbps threat

prevention500000 sessions

bull 8 SFP 16 copper gigabit

PA-4060 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 XFP (10 Gig) 4 SFP (1 Gig)

PA-2050 bull 1 Gbps FW500 Mbps threat

prevention250000 sessions

bull 4 SFP 16 copper gigabit

PA-2020 bull 500 Mbps FW200 Mbps threat

prevention125000 sessions

bull 2 SFP 12 copper gigabit

PA-500 bull 250 Mbps FW100 Mbps threat

prevention50000 sessions

bull 8 copper gigabit

PA-5050 bull 10 Gbps FW5 Gbps threat

prevention2000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

PA-5020 bull 5 Gbps FW2 Gbps threat

prevention1000000 sessions

bull 8 SFP 12 copper gigabit

PA-5060 bull 20 Gbps FW10 Gbps threat

prevention4000000 sessions

bull 4 SFP+ (10 Gig) 8 SFP (1 Gig) 12 copper gigabit

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 50: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

the innovative approach

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 51: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

extend security to all network traffic extend security to all network traffic

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 52: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Thank You Zion Ezra

VP Sales

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 53: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 60 |

POC and AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 54: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 61 |

AVR Report

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 55: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 62 |

AVR Report

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 56: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Internet

UTM Is Still SprawlhellipJust Slower

bull Doesnrsquot solve the problem

bull Firewall ldquohelperrdquo functions have limited view of traffic

bull Turning on functions kills performance

copy 2009 Palo Alto Networks Proprietary and Confidential Page 63 |

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 57: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2009 Palo Alto Networks Proprietary and Confidential Page 64 |

Traditional Multi-Pass Architectures are Slow

PortProtocol-based ID

L2L3 Networking HA Config Management

Reporting

PortProtocol-based ID

HTTP Decoder

L2L3 Networking HA Config Management

Reporting

URL Filtering Policy

PortProtocol-based ID

IPS Signatures

L2L3 Networking HA Config Management

Reporting

IPS Policy

PortProtocol-based ID

AV Signatures

L2L3 Networking HA Config Management

Reporting

AV Policy

Firewall Policy IPS Decoder AV Decoder amp Proxy

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 58: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2008 Palo Alto Networks Proprietary and Confidential Page 65 |

Applications Have Changed ndash Firewalls Have Not

bull The gateway at the trust border is the right place to enforce policy control

- Sees all traffic

- Defines trust boundary

bull Need to Restore Visibility and Control in the Firewall

Collaboration Media SaaS Personal

bull BUThellipApplications Have Changed

- Ports neApplications

- IP AddressesneUsers

- PacketsneContent

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 59: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

exploit protection

many months pass between black-hat discovery white hat discovery and protection being available

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 60: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

need to protect all applications

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 61: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

a sandbox at the core

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 62: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

needs user-based access control

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 63: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

needs high-speed IPS and AV

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 64: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

need to perform across all applications

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 65: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

need to block the unknown

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 66: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

conclusion advanced-malware protection belongs in a next generation firewall

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 67: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

DEMO httpsca2demopaloaltonetworkscomesploginesp

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 68: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

INSANITY doing the same thing over and

over again and expecting different results

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 69: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

block applications and users

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 70: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

the innovative approach

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 71: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

extend security to all network traffic extend security to all network traffic

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 72: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

20 Gpbs Firewall 10 Gbps Threat Prevention

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 73: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

bull 80 Gbps switch fabric interconnect

bull 20 Gbps QoS engine

Signature Match HW Engine

bull Stream-based uniform sig match

bull Vulnerability exploits (IPS) virus spyware CC SSN and more

Security Processors

bull High density parallel processing for flexible security functionality

bull Hardware-acceleration for standardized complex functions (SSL IPSec decompression)

bull Highly available mgmt

bull High speed logging and route update

bull Dual hard drives

20Gbps

Network Processor

bull 20 Gbps front-end network processing

bull Hardware accelerated per-packet route lookup MAC lookup and NAT

10Gbps

Control Plane

Data Plane Switch Fabric

10Gbps

QoS

Flow control

Route ARP MAC lookup

NAT

Switch Fabric

Signature Match

Signature Match

SSL IPSec De-Compress

SSL IPSec De-Compress

SSL IPSec De-Compress

Quad-core CPU

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

CPU 12

CPU 1

CPU 2

RAM

RAM

HDD

HDD

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

RAM

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 74: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

NGFW for mobile devices

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 75: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Source Gartner (March 2010) As of March 2010

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 76: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2011 Palo Alto Networks Proprietary and Confidential Page 87 |

Data Center Network Security in Transition

bull Ports ne Applications

bull IP addresses ne Users

bull Threats gt Exploits

Need to Restore Application Visibility amp Control in the Firewall

Todayrsquos network security is based on outdated

assumptionshellip Port 135

Port 137

RP

C

SM

S

SQ

L

Sh

are

Po

int

SM

B

Port 80

Port 139

Applications employ dynamic random and heavily-used ports - fundamentally breaking port-based network security

Port 443

Ne

tBIO

S

Plus random high ports

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 77: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Palo Alto Networks Protection + Performance

copy 2011 Palo Alto Networks Proprietary and Confidential Page 88 |

bull Strong threat prevention

- NSS 934 block rate 100 resistance to evasion 115 of rated performance

- The only IPS that catches threats on non-standard ports

- Scan inbound and outbound SSL (decrypt) and compressed traffic

- Assure only authorized applications are using network resources

- Allow SSHRDP but only for authorized staff

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 78: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2011 Palo Alto Networks Proprietary and Confidential Page 89 |

NGFW Networking Power and Flexibility

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 79: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

PA-5000 Series Models and Specifications

copy 2011 Palo Alto Networks Proprietary and Confidential Page 90 |

PA-5050 bull 10 Gbps FW

bull 5 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 10000 SSL VPN Users

bull 2000000 sessions

bull Up to 125 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5020 bull 5 Gbps FW

bull 2 Gbps threat prevention

bull 2 Gbps IPSec VPN

bull 5000 SSL VPN Users

bull 1000000 sessions

bull Up to 20 VSYS

bull (8) SFP (1 Gig) IO

bull (12) 101001000

PA-5060 bull 20 Gbps FW

bull 10 Gbps threat prevention

bull 4 Gbps IPSec VPN

bull 20000 SSL VPN Users

bull 4000000 sessions

bull Up to 225 VSYS

bull (4) SFP+ (10 Gig) IO

bull (8) SFP (1 Gig) IO

bull (12) 101001000

bull Hot swappable fans power supplies

bull Dual solid state hard drives

bull Dedicated HA and management interfaces

bull 2U standard rack mount form factor

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 80: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

NGFWs Eliminate Data Center Compromise

bull Prevent Threats

- Stop a wide range of threats on all allowed traffic

- Proven quality (NSS tested and ldquoRecommendedrdquo)

- Security by policy not hardwired into deployment

bull Comply and Compartmentalize

- Save time and cost to compliance with network segmentation

- Segment by user group and application

bull Simplify with Flexible Network Security Infrastructure

- With up to 20Gbps of firewall throughput and integrated high-performance threat prevention

- With simpler easier deployments

- With reduced network security rack space requirements lower TCO (power HVAC subscriptions maintenance)

copy 2011 Palo Alto Networks Proprietary and Confidential Page 91 |

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 81: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2011 Palo Alto Networks Proprietary and Confidential Page 92 | copy 2007 Palo Alto Networks Proprietary and Confidential Page 92 |

GlobalProtect

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 82: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Today Quality of Security Tied to Location

copy 2011 Palo Alto Networks Proprietary and Confidential Page 93 |

botnets

Enterprise Network Security bull Security Based on Best-Practices

bull Full-Featured NGFW and Threat Prevention

No Network Security bull Security Based on Best-Effort

bull Exposed to threats risky app usage and more

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 83: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Existing Solutions Fall Short

Software on the PC

bull Each security app perform a specific function

bull Limited focus and functionality heavy performance load on PC

bull Examples antivirus host firewall USB port control DLP etc

copy 2011 Palo Alto Networks Proprietary and Confidential Page 94 |

Cloud-Based Services

bull Client forces web traffic to cloud-based proxy for scanning and policy enforcement

bull Supports limited number of apps and protocols weak threat prevention

bull Examples ScanSafe Purewire etc

Traditional VPN

bull Agent tunnels traffic back to corporate gateway

bull Same poor security only slower

bull Examples AnyConnect Juniper Pulse

Higher Costs More Work for Lower Security

bull Inconsistent policy and protections when outside vs inside the network

bull Lack of visibility into applications users and content fails to control modern apps and threats

bull Expensive to purchase duplicates operational and management overhead

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 84: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

Introducing GlobalProtect

bull Users never go ldquooff-networkrdquo regardless of location

bull All firewalls work together to provide ldquocloudrdquo of network security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 95 |

bull How it works

- Small agent determines network location (on or off the enterprise network)

- If off-network the agent automatically connects the laptop to the nearest firewall via SSL VPN

- Agent submits host information profile (patch level asset type disk encryption and more) to the gateway

- Gateway enforces security policy using App-ID User-ID Content-ID AND host information profile

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 85: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

A Modern Architecture for Enterprise Security

copy 2011 Palo Alto Networks Proprietary and Confidential Page 96 |

bull Establishes a logical perimeter that is not bound to physical limitations

bull Users receive the same depth and quality of protection both inside and out

bull Security work performed by purpose-built firewalls not end-user laptops

bull Unified visibility compliance and reporting

malware

botnets

exploits

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money

Page 86: Palo Alto Networks - מדיאטק הייטק · Palo Alto Networks’ latest Application Usage & Risk ... •NSS Labs, the world’s ... The results were crystal clear and provided

copy 2007 Palo Alto Networks Proprietary and Confidential Page 112 | copy 2008 Palo Alto Networks Proprietary and Confidential Page 112 |

Regain Visibility and Control Save Money

bull IT canrsquot manage risk with traditional security infrastructure

- Users do what they want

- Port hopping tunneling and encryption of applications get around port-based classification of statefull inspection based firewalls

- Leads to increased risks for the business

bull Palo Alto Networks defines next-generation firewall with unique identification technologies

- App-ID identify applications regardless of port protocol or SSL encryption

- User-ID integrated with enterprise directory

- Content-ID threats URLs data

- High performance architecture high throughput low latency

bull Easy enterprise integration and consolidation saves money

- Flexible deployment options for seamless integration

- Consolidation of functionality into firewall simplifies and saves money