360 likes | 1.02k Views
Palo Alto Networks. OMREŽNA VARNOST Lancom 21.4.2011 Silvester Drobnič, CHS d.o.o. s ilvester.drobnic@chs.si. N ew generation of addicted Internet users – smarter than you ?. About Palo Alto Networks. Palo Alto Networks is the Network Security Company
E N D
Palo Alto Networks OMREŽNA VARNOST Lancom 21.4.2011 Silvester Drobnič, CHS d.o.o. silvester.drobnic@chs.si
New generation of addicted Internet users – smarter than you?
About Palo Alto Networks • Palo Alto Networks is the Network Security Company • World-class team with strong security and networking experience • Founded in 2005 by security visionary NirZuk • Top-tier investors • Builds next-generation firewalls that identify / control 1100+ applications • Restores the firewall as the core of the enterprise network security infrastructure • Innovations: App-ID™, User-ID™, Content-ID™ • Global footprint: 2,200+ customers in 50+ countries, 24/7 support
Legendary Customer Support Experience Customer support has always been amazing. Whenever I call, I always get someone knowledgeable right away, and never have to wait. They give me the answer I need quickly and completely. Every support rep I have spoken with knows his stuff. -Mark Kimball, Hewlett-Packard Customer support has been extraordinarily helpful – which is not the norm when dealing with technology companies. Their level of knowledge, their willingness to participate – it’s night and day compared to other companies. It’s an incredible strength of Palo Alto Networks. -James Jones, UPMC Strong TSE team with deep network security and infrastructure knowledge • Experience with every major firewall • TSEs average over 15 years of experience TSEs co-located with engineering – in Sunnyvale, CA Premium and Standard offerings Rave reviews from customers
2010 Magic Quadrant for Enterprise Network Firewalls Cisco Juniper Networks Fortinet Check Point Software Technologies McAfee ability to execute Stonesoft Palo Alto Networks SonicWALL WatchGuard NETASQ Astaro phion 3Com/H3C niche players visionaries As of March 2010 completeness of vision Source: Gartner
Gartner: Palo Alto Networks is a Visionary Enterprises need next-generation firewalls • “In 2009, Gartner saw market pressures accelerate the demand for next-generation firewall platforms that provide the capability to detect and block sophisticated attacks, as well as enforce granular security policy at the application (versus port and protocol) level. ” Palo Alto Networks’ next generation firewalls are leading the market • Gartner notes: “Palo Alto Networks is highly disruptive within the firewall market because the product has been designed as a next-generation firewall and has competitors being forced to change road maps and sell defensively.” Palo Alto Networks generated the most firewall inquiries among Gartner customers in 2009.
Gartner: Firewalls Are Not Commoditized Next-generation firewalls are evolving the enterprise network firewall market Running on general purpose server hardware won’t perform next-generation firewall features well for the enterprise Established vendors are milking their installed base – raising prices without delivering new features UTM is for SMB. SMB ≠ enterprise branch office.
NSS Labs test – PAN as IPS The highest IPS block rate in recent history (93.4%) 100% resistance to IPS evasion techniques Simple IPS configuration and tuning. Provided all the above while exceeding the datasheet performance metrics
PAN Hardware & Licenses Hardware Enota se izbira glede na zahtevano propustnost Možna je HA postavitev enot v A-P in A-A načinu Licence Support licenca je obvezna Opcijski licenci: Thread licenca (IPS, AV, AS) URL filtering Ostale licence: Virtual Firewall Global Protect POMEMBNO Ni omejitve na uporabnike Ni dodatnih licenc za VPN PA-5060 PA-4060 PA-5050 PA-4050 PA-5020 PA-4020 PA-2050 PA-2020 PA-500
Redefine Network Security – and Save Money! • Capital cost – replace multiple devices • Legacy firewall, IPS, URL filtering device (e.g. proxy, secure web gateway…) Cut by as much as 80% • “Hard” operational expenses • Support contracts • Subscriptions • Power and HVAC • Save on “soft” costs too • Rack space, deployment/integration, headcount, training, help desk calls Cut by as much as 65%
Start by understanding what’s really happening Application Usage and Risk Report • Findings • 347 large enterprises worldwide • 750+ different Internet applications • Employees have created Enterprise 2.0 • Rewards • Enterprises are embracing social networking apps • Proven to deliver measurable value to business • Risks • Incoming threats are increasing • Potential for data leakage is increasing • Existing security infrastructure ineffective
DEMO - Flexible Deployment Options Firewall Replacement Transparent In-Line Visibility • Application, user and content visibility without inline deployment • IPS with app visibility & control • Consolidation of IPS & URL filtering • Firewall replacement with app visibility & control • Firewall + IPS • Firewall + IPS + URL filtering
Application Visibilityand Risk Report Tells the budget holder what we are going to review Presents findings in clear, business oriented manner Introduces business risks associated with the application traffic
Zaključek Kako naprej: • Vprašajte pri Lancomu za test PANa • Po testu zahtevajte AVR poročilo • V vmesnem času: • PAN AUR poročilo • Gartnerjeva NGF definicija • Gartnerjevo zadnje poročilo o požarnih pregradah • NSS Labs poročilo o PAN IPS zmogljivosti • PAN Research center na WEBu • Ocenite CAPEX in OPEX vaše trenutne opreme • Vprašajte se ali veste kaj spušča vaš obstoječi FW v omrežje