1 / 19

Palo Alto Networks

Palo Alto Networks. SLO WUG NG 15.2.2012 Silvester Drobnič, CHS d.o.o. s ilvester.drobnic@chs.si. About Palo Alto Networks. Palo Alto Networks is the Network Security Company World-class team with strong security and networking experience

elia
Download Presentation

Palo Alto Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Palo Alto Networks SLO WUG NG 15.2.2012 Silvester Drobnič, CHS d.o.o. silvester.drobnic@chs.si

  2. About Palo Alto Networks • Palo Alto Networks is the Network Security Company • World-class team with strong security and networking experience • Founded in 2005, first customer July 2007, top-tier investors • Builds next-generation firewalls that identify / control 1,300+ applications • Restores the firewall as the core of enterprise network security infrastructure • Innovations: App-ID™, User-ID™, Content-ID™ • Global momentum: 5,300+ customers • August 2011: Annual bookings run rate is over US$200 million*, cash-flow positive last five consecutive quarters silvester.drobnic@chs.si

  3. 2011Magic Quadrant for Enterprise Network Firewalls Source: Gartner silvester.drobnic@chs.si

  4. Gartner: Firewalls Are Not Commoditized Next-generation firewalls are evolving the enterprise network firewall market Running on general purpose server hardware won’t perform next-generation firewall features well for the enterprise Established vendors are milking their installed base – raising prices without delivering new features UTM is for SMB. SMB ≠ enterprise branch office. silvester.drobnic@chs.si

  5. Applications Have Changed – Firewalls Have Not Collaboration / Media Personal SaaS • The gateway at the trust border is the right place to enforce policy control • Sees all traffic • Defines trust boundary • BUT…Applications Have Changed • Ports ≠ Applications • IP Addresses≠Users • Packets ≠ Content • Leaving IT blind to apps, users & content Problem: IT Can’t Safely Enable Internet Applications silvester.drobnic@chs.si

  6. New generation of addicted Internet users – smarter than you? silvester.drobnic@chs.si

  7. the attacker is not a bored geek

  8. nation states and organized crime

  9. Requirements – The Next Generation Firewall silvester.drobnic@chs.si

  10. Unique ID Technologies Transform the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content silvester.drobnic@chs.si

  11. Single-Pass Parallel Processing (SP3) Architecture Single Pass • Single processes for: • Traffic classification (app identification) • User/group mapping • Content scanning – threats, URLs, confidential data • One policy Parallel Processing • Function-specific hardware engines • Multi-core security processing • Separate data/control planes Up to 20Gbps, Low Latency silvester.drobnic@chs.si

  12. NSS Labs test – PAN as IPS The highest IPS block rate in recent history (93.4%) 100% resistance to IPS evasion techniques Simple IPS configuration and tuning. Provided all the above while exceeding the datasheet performance metrics silvester.drobnic@chs.si

  13. PAN Hardware & Licenses Hardware Enota se izbira glede na zahtevano propustnost Možna je HA postavitev enot v A-P in A-A načinu Licence Support licenca je obvezna Opcijski licenci: Thread licenca (IPS, AV, AS) URL filtering Ostale licence: Virtual Firewall Global Protect POMEMBNO Ni omejitve na uporabnike Ni dodatnih licenc za VPN PA-5060 PA-4060 PA-5050 PA-4050 PA-5020 PA-4020 PA-2050 PA-2020 PA-500 silvester.drobnic@chs.si

  14. Kako naprej • Zahtevajte test PANa • Po testu zahtevajte AVR poročilo • V vmesnem času: • PAN AUR poročilo • Gartnerjeva NGF definicija • Gartnerjevo zadnje poročilo o požarnih pregradah • NSS Labs poročilo o PAN IPS zmogljivosti • PAN Research center na WEBu: http://www.paloaltonetworks.com/researchcenter/ silvester.drobnic@chs.si

  15. DEMO - Flexible Deployment Options Firewall Replacement Transparent In-Line Visibility • Application, user and content visibility without inline deployment • IPS with app visibility & control • Consolidation of IPS & URL filtering • Firewall replacement with app visibility & control • Firewall + IPS • Firewall + IPS + URL filtering silvester.drobnic@chs.si

  16. Research Center silvester.drobnic@chs.si

  17. Application Visibilityand Risk Report Tells the budget holder what we are going to review Presents findings in clear, business oriented manner Introduces business risks associated with the application traffic silvester.drobnic@chs.si

  18. Kako naprej • Distributer: CHS d.o.o. • Kontaktna oseba: Silvester Drobnič • silvester.drobnic@chs.si • gsm: 041 757 107 • Dokumenti na ftp://ftp2.chs.si/PAN/NG/ • V vmesnem času: • PAN AUR poročilo • Gartnerjeva NGF definicija • Gartnerjevo zadnje poročilo o požarnih pregradah • NSS Labs poročilo o PAN IPS zmogljivosti • PAN Research center na WEBu • Ocenite CAPEX in OPEX vaše trenutne opreme • Ali veste kaj spušča vaš obstoječi FW v omrežje silvester.drobnic@chs.si

More Related