2.88k likes | 6.99k Views
Palo Alto Networks Overview. March 2012 Data Connectors Micah Richardson, Account Manager. Agenda. Corporate Overview Why a NGFW? Key Technologies, Architecture Review, Wildfire Web Interface Model Review 2011 Gartner Report Review. About Palo Alto Networks.
E N D
Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager
Agenda • Corporate Overview • Why a NGFW? • Key Technologies, Architecture Review, Wildfire • Web Interface • Model Review • 2011 Gartner Report • Review © 2011 Palo Alto Networks. Proprietary and Confidential.
About Palo Alto Networks • Palo Alto Networks is the Network Security Company • World-class team with strong security and networking experience • Founded in 2005, first customer July 2007, top-tier investors • Builds next-generation firewalls that identify / control ~1450+ applications • Restores the firewall as the core of enterprise network security infrastructure • Innovations: App-ID™, User-ID™, Content-ID™ • Global momentum: 7,500+ customers • August 2011: Annual bookings run rate is over US$200 million*, cash-flow positive last five consecutive quarters A few of the many enterprises that have deployed more than $1M © 2011 Palo Alto Networks. Proprietary and Confidential. (*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable orders received during the fiscal period. Palo Alto Networks’ fiscal year runs from August 1st until July 31st.
Applications Have Changed; Firewalls Have Not The firewall is the right place to enforce policy control • Sees all traffic • Defines trust boundary • Enables access via positive control BUT…applications have changed • Ports ≠ Applications • IP Addresses ≠ Users • Packets ≠ Content Need to restore visibility and control in the firewall © 2011 Palo Alto Networks. Proprietary and Confidential.
Technology Sprawl & Creep Are Not The Answer • “More stuff” doesn’t solve the problem • Firewall “helpers” have limited view of traffic • Complex and costly to buy and maintain Internet • Putting all of this in the same box is just slow © 2011 Palo Alto Networks. Proprietary and Confidential.
The Right Answer: Make the Firewall Do Its Job © 2011 Palo Alto Networks. Proprietary and Confidential.
Firewall Why Visibility & Control Must Be In The Firewall Application Control as an Add-on • Port-based FW + App Ctrl (IPS) = two policies • Applications are threats; only block what you expressly look for Implications • Network access decision is made with no information • Cannot safely enable applications Traffic Port IPS IPS Applications Port PolicyDecision App Ctrl PolicyDecision NGFW Application Control • Application control is in the firewall = single policy • Visibility across all ports, for all traffic, all the time Implications • Network access decision is made based on application identity • Safely enable application usage Traffic Application Firewall Applications App Ctrl PolicyDecision Scan Applicationfor Threats © 2011 Palo Alto Networks. Proprietary and Confidential.
Your Control With Port-based Firewall Add-on © 2011 Palo Alto Networks. Proprietary and Confidential.
Identification Technologies Transform the Firewall • App-ID™ • Identify the application • User-ID™ • Identify the user • Content-ID™ • Scan the content © 2011 Palo Alto Networks. Proprietary and Confidential.
Single-Pass Parallel Processing™ (SP3) Architecture Single Pass • Operations once per packet • Traffic classification (app identification) • User/group mapping • Content scanning – threats, URLs, confidential data • One policy Parallel Processing • Function-specific parallel processing hardware engines • Separate data/control planes Up to 20Gbps, Low Latency © 2011 Palo Alto Networks. Proprietary and Confidential.
INSERT WILDFIRE SLID HERE © 2011 Palo Alto Networks. Proprietary and Confidential.
Filter on Facebook-baseand user cook Remove Facebook to expand view of cook Comprehensive View of Applications, Users & Content • Application Command Center (ACC) • View applications, URLs, threats, data filtering activity • Add/remove filters to achieve desired result © 2010 Palo Alto Networks. Proprietary and Confidential. Filter on Facebook-base
PAN-OS Core Firewall Features Strong networking foundation Dynamic routing (BGP, OSPF, RIPv2) Tap mode – connect to SPAN port Virtual wire (“Layer 1”) for true transparent in-line deployment L2/L3 switching foundation Policy-based forwarding VPN Site-to-site IPSec VPN SSL VPN QoS traffic shaping Max/guaranteed and priority By user, app, interface, zone, & more Real-time bandwidth monitor Zone-based architecture All interfaces assigned to security zones for policy enforcement High Availability Active/active, active/passive Configuration and session synchronization Path, link, and HA monitoring Virtual Systems Establish multiple virtual firewalls in a single device (PA-5000, PA-4000, and PA-2000 Series) Simple, flexible management CLI, Web, Panorama, SNMP, Syslog Visibility and control of applications, users and content complement core firewall features PA-5060 PA-5050 PA-5020 PA-4060 PA-4050 PA-4020 PA-2050 PA-2020 PA-500 © 2011 Palo Alto Networks. Proprietary and Confidential.
2011 Magic Quadrant for Enterprise Network Firewalls “Palo Alto Networks' high-performance NGFW functionality continues to drive competitors to react in the firewall market. It is assessed as a Leader mostly because of its NGFW design, redirection of the market along the NGFW path, consistent displacement of Leaders and Challengers, and market disruption forcing Leaders to react.” Source: Gartner, December 14, 2011 © 2011 Palo Alto Networks. Proprietary and Confidential.
Addresses Three Key Business Problems • Identify and Control Applications • Visibility of ~1450+ applications, regardless of port, protocol, encryption, or evasive tactic • Fine-grained control over applications (allow, deny, limit, scan, shape) • Addresses the key deficiencies of legacy firewall infrastructure • Prevent Threats • Stop a variety of threats – exploits (by vulnerability), viruses, spyware • Stop leaks of confidential data (e.g., credit card #, social security #, file/type) • Stream-based engine ensures high performance • Enforce acceptable use policies on users for general web site browsing • Simplify Security Infrastructure • Put the firewall at the center of the network security infrastructure • Reduce complexity in architecture and operations © 2011 Palo Alto Networks. Proprietary and Confidential.
Thank You © 2010 Palo Alto Networks. Proprietary and Confidential.
Additional Information Speeds and Feeds, Deployment, Customers, TCO, Support, and Management
Global Support. Local Availability. Enterprise Class. • Global support infrastructure • Global TACs (Santa Clara HQ, Dallas, Antwerp, Singapore, Tokyo) • Global Hardware Depots (Santa Clara, Amsterdam, Singapore) • Programs and features to address global support demands • On-line Support Knowledge Portal • Premium Support (24 x 7) • Standard Support (8 x 5) • Technical Account Managers • Hardware support/replacement options (standard, premium, 4-hour, on-site spares, and system HA) • Integrated approach to services, training, and support © 2011 Palo Alto Networks. Proprietary and Confidential.
Next-Generation Firewalls Are Network Security © 2011 Palo Alto Networks. Proprietary and Confidential.
August 2011: Extraordinary Business Results (*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable orders received during the fiscal period. Palo Alto Networks’ fiscal year runs from August 1st until July 31st. © 2011 Palo Alto Networks. Proprietary and Confidential.
Palo Alto Networks Next-Gen Firewalls PA-5060 20 GbpsFW/10 Gbps threat prevention/4,000,000 sessions 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit PA-5050 10 GbpsFW/5 Gbps threat prevention/2,000,000 sessions 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit PA-5020 5 GbpsFW/2 Gbps threat prevention/1,000,000 sessions 8 SFP, 12 copper gigabit PA-4060 10 GbpsFW/5 Gbps threat prevention/2,000,000 sessions 4 XFP (10 Gig), 4 SFP (1 Gig) PA-4050 10 GbpsFW/5 Gbps threat prevention/2,000,000 sessions 8 SFP, 16 copper gigabit PA-4020 2 GbpsFW/2 Gbps threat prevention/500,000 sessions 8 SFP, 16 copper gigabit PA-500 250 Mbps FW/100 Mbps threat prevention/50,000 sessions 8 copper gigabit PA-2050 1 GbpsFW/500 Mbps threat prevention/250,000 sessions 4 SFP, 16 copper gigabit PA-2020 500 Mbps FW/200 Mbps threat prevention/125,000 sessions 2 SFP, 12 copper gigabit © 2011 Palo Alto Networks. Proprietary and Confidential
Introducing GlobalProtect • Users never go “off-network” regardless of location • All firewalls work together to provide “cloud” of network security • How it works: • Small agent determines network location (on or off the enterprise network) • If off-network, the agent automatically connects the laptop to the nearest firewall via SSL VPN • Agent submits host information profile (patch level, asset type, disk encryption, and more) to the gateway • Gateway enforces security policy using App-ID, User-ID, Content-ID AND host information profile © 2011 Palo Alto Networks. Proprietary and Confidential.
A Modern Architecture for Enterprise Network Security • Establishes a logical perimeter that is not bound to physical limitations • Users receive the same depth and quality of protection both inside and out • Security work performed by purpose-built firewalls, not end-user laptops • Unified visibility, compliance and reporting exploits malware botnets © 2011 Palo Alto Networks. Proprietary and Confidential.
Redefine Network Security – and Save Money! • Capital cost – replace multiple devices • Legacy firewall, IPS, URL filtering device (e.g. proxy, secure web gateway…) Cut by as much as 80% • “Hard” operational expenses • Support contracts • Subscriptions • Power and HVAC • Save on “soft” costs too • Rack space, deployment/integration, headcount, training, help desk calls Cut by as much as 65% © 2011 Palo Alto Networks. Proprietary and Confidential.
Flexible Deployment Options Firewall Replacement Transparent In-Line Visibility • Application, user and content visibility without inline deployment • IPS with app visibility & control • Consolidation of IPS & URL filtering • Firewall replacement with app visibility & control • Firewall + IPS • Firewall + IPS + URL filtering © 2011 Palo Alto Networks. Proprietary and Confidential.
A few simple guidelines… • Never use ‘PAN’ in slides, always use Palo Alto Networks. • The easiest way to avoid typing that all the time is by using an automatic text expansion tool, such as: • Typinator for Mac OS (€19.99) • http://www.ergonis.com/products/typinator/ • Texterfor Windows (free) • http://lifehacker.com/software/texter/lifehacker-code-texter-windows-238306.php • Our corporate colors in PowerPoint are: Green Blue © 2011 Palo Alto Networks. Proprietary and Confidential.