palo alto networks overview n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Palo Alto Networks Overview PowerPoint Presentation
Download Presentation
Palo Alto Networks Overview

Loading in 2 Seconds...

play fullscreen
1 / 28

Palo Alto Networks Overview - PowerPoint PPT Presentation


  • 897 Views
  • Uploaded on

Palo Alto Networks Overview. March 2012 Data Connectors Micah Richardson, Account Manager. Agenda. Corporate Overview Why a NGFW? Key Technologies, Architecture Review, Wildfire Web Interface Model Review 2011 Gartner Report Review. About Palo Alto Networks.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Palo Alto Networks Overview' - lycoris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
palo alto networks overview

Palo Alto Networks Overview

March 2012

Data Connectors

Micah Richardson, Account Manager

agenda
Agenda
  • Corporate Overview
  • Why a NGFW?
  • Key Technologies, Architecture Review, Wildfire
  • Web Interface
  • Model Review
  • 2011 Gartner Report
  • Review

© 2011 Palo Alto Networks. Proprietary and Confidential.

about palo alto networks
About Palo Alto Networks
  • Palo Alto Networks is the Network Security Company
  • World-class team with strong security and networking experience
    • Founded in 2005, first customer July 2007, top-tier investors
  • Builds next-generation firewalls that identify / control ~1450+ applications
    • Restores the firewall as the core of enterprise network security infrastructure
    • Innovations: App-ID™, User-ID™, Content-ID™
  • Global momentum: 7,500+ customers
    • August 2011: Annual bookings run rate is over US$200 million*, cash-flow positive last five consecutive quarters

A few of the many enterprises that have deployed more than $1M

© 2011 Palo Alto Networks. Proprietary and Confidential.

(*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable

orders received during the fiscal period. Palo Alto Networks’ fiscal year runs from August 1st until July 31st.

applications have changed firewalls have not
Applications Have Changed; Firewalls Have Not

The firewall is the right place to enforce policy control

  • Sees all traffic
  • Defines trust boundary
  • Enables access via positive control

BUT…applications have changed

  • Ports ≠ Applications
  • IP Addresses ≠ Users
  • Packets ≠ Content

Need to restore visibility and control in the firewall

© 2011 Palo Alto Networks. Proprietary and Confidential.

technology sprawl creep are not the answer
Technology Sprawl & Creep Are Not The Answer
  • “More stuff” doesn’t solve the problem
  • Firewall “helpers” have limited view of traffic
  • Complex and costly to buy and maintain

Internet

  • Putting all of this in the same box is just slow

© 2011 Palo Alto Networks. Proprietary and Confidential.

the right answer make the firewall do its job
The Right Answer: Make the Firewall Do Its Job

© 2011 Palo Alto Networks. Proprietary and Confidential.

why visibility control must be in the firewall

Firewall

Why Visibility & Control Must Be In The Firewall

Application Control as an Add-on

  • Port-based FW + App Ctrl (IPS) = two policies
  • Applications are threats; only block what you expressly look for

Implications

  • Network access decision is made with no information
  • Cannot safely enable applications

Traffic

Port

IPS

IPS

Applications

Port PolicyDecision

App Ctrl PolicyDecision

NGFW Application Control

  • Application control is in the firewall = single policy
  • Visibility across all ports, for all traffic, all the time

Implications

  • Network access decision is made based on application identity
  • Safely enable application usage

Traffic

Application

Firewall

Applications

App Ctrl PolicyDecision

Scan Applicationfor Threats

© 2011 Palo Alto Networks. Proprietary and Confidential.

slide8

Your Control With Port-based Firewall Add-on

© 2011 Palo Alto Networks. Proprietary and Confidential.

identification technologies transform the firewall
Identification Technologies Transform the Firewall
  • App-ID™
  • Identify the application
  • User-ID™
  • Identify the user
  • Content-ID™
  • Scan the content

© 2011 Palo Alto Networks. Proprietary and Confidential.

single pass parallel processing sp3 architecture
Single-Pass Parallel Processing™ (SP3) Architecture

Single Pass

  • Operations once per packet
    • Traffic classification (app identification)
    • User/group mapping
    • Content scanning – threats, URLs, confidential data
  • One policy

Parallel Processing

  • Function-specific parallel processing hardware engines
  • Separate data/control planes

Up to 20Gbps, Low Latency

© 2011 Palo Alto Networks. Proprietary and Confidential.

insert wildfire slid here
INSERT WILDFIRE SLID HERE

© 2011 Palo Alto Networks. Proprietary and Confidential.

comprehensive view of applications users content

Filter on Facebook-baseand user cook

Remove Facebook to expand view of cook

Comprehensive View of Applications, Users & Content
  • Application Command Center (ACC)
    • View applications, URLs, threats, data filtering activity
  • Add/remove filters to achieve desired result

© 2010 Palo Alto Networks. Proprietary and Confidential.

Filter on Facebook-base

pan os core firewall features
PAN-OS Core Firewall Features

Strong networking foundation

Dynamic routing (BGP, OSPF, RIPv2)

Tap mode – connect to SPAN port

Virtual wire (“Layer 1”) for true transparent in-line deployment

L2/L3 switching foundation

Policy-based forwarding

VPN

Site-to-site IPSec VPN

SSL VPN

QoS traffic shaping

Max/guaranteed and priority

By user, app, interface, zone, & more

Real-time bandwidth monitor

Zone-based architecture

All interfaces assigned to security zones for policy enforcement

High Availability

Active/active, active/passive

Configuration and session synchronization

Path, link, and HA monitoring

Virtual Systems

Establish multiple virtual firewalls in a single device (PA-5000, PA-4000, and PA-2000 Series)

Simple, flexible management

CLI, Web, Panorama, SNMP, Syslog

Visibility and control of applications, users and content complement core firewall features

PA-5060

PA-5050

PA-5020

PA-4060

PA-4050

PA-4020

PA-2050

PA-2020

PA-500

© 2011 Palo Alto Networks. Proprietary and Confidential.

2011 magic quadrant for enterprise network firewalls
2011 Magic Quadrant for Enterprise Network Firewalls

“Palo Alto Networks' high-performance NGFW functionality continues to drive competitors to react in the firewall market. It is assessed as a Leader mostly because of its NGFW design, redirection of the market along the NGFW path, consistent displacement of Leaders and Challengers, and market disruption forcing Leaders to react.”

Source: Gartner, December 14, 2011

© 2011 Palo Alto Networks. Proprietary and Confidential.

addresses three key business problems
Addresses Three Key Business Problems
  • Identify and Control Applications
    • Visibility of ~1450+ applications, regardless of port, protocol, encryption, or evasive tactic
    • Fine-grained control over applications (allow, deny, limit, scan, shape)
    • Addresses the key deficiencies of legacy firewall infrastructure
  • Prevent Threats
    • Stop a variety of threats – exploits (by vulnerability), viruses, spyware
    • Stop leaks of confidential data (e.g., credit card #, social security #, file/type)
    • Stream-based engine ensures high performance
    • Enforce acceptable use policies on users for general web site browsing
  • Simplify Security Infrastructure
    • Put the firewall at the center of the network security infrastructure
    • Reduce complexity in architecture and operations

© 2011 Palo Alto Networks. Proprietary and Confidential.

thank you
Thank You

© 2010 Palo Alto Networks. Proprietary and Confidential.

additional information

Additional Information

Speeds and Feeds, Deployment, Customers, TCO, Support, and Management

global support local availability enterprise class
Global Support. Local Availability. Enterprise Class.
  • Global support infrastructure
    • Global TACs (Santa Clara HQ, Dallas, Antwerp, Singapore, Tokyo)
    • Global Hardware Depots (Santa Clara, Amsterdam, Singapore)
  • Programs and features to address global support demands
    • On-line Support Knowledge Portal
    • Premium Support (24 x 7)
    • Standard Support (8 x 5)
    • Technical Account Managers
    • Hardware support/replacement options (standard, premium, 4-hour, on-site spares, and system HA)
  • Integrated approach to services, training, and support

© 2011 Palo Alto Networks. Proprietary and Confidential.

next generation firewalls are network security
Next-Generation Firewalls Are Network Security

© 2011 Palo Alto Networks. Proprietary and Confidential.

august 2011 extraordinary business results
August 2011: Extraordinary Business Results

(*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable orders received during the fiscal period. Palo Alto Networks’ fiscal year runs from August 1st until July 31st.

© 2011 Palo Alto Networks. Proprietary and Confidential.

palo alto networks next gen firewalls
Palo Alto Networks Next-Gen Firewalls

PA-5060

20 GbpsFW/10 Gbps threat prevention/4,000,000 sessions

4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit

PA-5050

10 GbpsFW/5 Gbps threat prevention/2,000,000 sessions

4 SFP+ (10 Gig), 8 SFP (1 Gig), 12 copper gigabit

PA-5020

5 GbpsFW/2 Gbps threat prevention/1,000,000 sessions

8 SFP, 12 copper gigabit

PA-4060

10 GbpsFW/5 Gbps threat prevention/2,000,000 sessions

4 XFP (10 Gig), 4 SFP (1 Gig)

PA-4050

10 GbpsFW/5 Gbps threat prevention/2,000,000 sessions

8 SFP, 16 copper gigabit

PA-4020

2 GbpsFW/2 Gbps threat prevention/500,000 sessions

8 SFP, 16 copper gigabit

PA-500

250 Mbps FW/100 Mbps threat prevention/50,000 sessions

8 copper gigabit

PA-2050

1 GbpsFW/500 Mbps threat prevention/250,000 sessions

4 SFP, 16 copper gigabit

PA-2020

500 Mbps FW/200 Mbps threat prevention/125,000 sessions

2 SFP, 12 copper gigabit

© 2011 Palo Alto Networks. Proprietary and Confidential

introducing globalprotect
Introducing GlobalProtect
  • Users never go “off-network” regardless of location
  • All firewalls work together to provide “cloud” of network security
  • How it works:
    • Small agent determines network location (on or off the enterprise network)
    • If off-network, the agent automatically connects the laptop to the nearest firewall via SSL VPN
    • Agent submits host information profile (patch level, asset type, disk encryption, and more) to the gateway
    • Gateway enforces security policy using App-ID, User-ID, Content-ID AND host information profile

© 2011 Palo Alto Networks. Proprietary and Confidential.

a modern architecture for enterprise network security
A Modern Architecture for Enterprise Network Security
  • Establishes a logical perimeter that is not bound to physical limitations
  • Users receive the same depth and quality of protection both inside and out
  • Security work performed by purpose-built firewalls, not end-user laptops
  • Unified visibility, compliance and reporting

exploits

malware

botnets

© 2011 Palo Alto Networks. Proprietary and Confidential.

redefine network security and save money
Redefine Network Security – and Save Money!
  • Capital cost – replace multiple devices
    • Legacy firewall, IPS, URL filtering device (e.g. proxy, secure web gateway…)

Cut by as much as 80%

  • “Hard” operational expenses
    • Support contracts
    • Subscriptions
    • Power and HVAC
  • Save on “soft” costs too
    • Rack space, deployment/integration, headcount, training, help desk calls

Cut by as much as 65%

© 2011 Palo Alto Networks. Proprietary and Confidential.

flexible deployment options
Flexible Deployment Options

Firewall Replacement

Transparent In-Line

Visibility

  • Application, user and content visibility without inline deployment
  • IPS with app visibility & control
  • Consolidation of IPS & URL filtering
  • Firewall replacement with app visibility & control
  • Firewall + IPS
  • Firewall + IPS + URL filtering

© 2011 Palo Alto Networks. Proprietary and Confidential.

a few simple guidelines
A few simple guidelines…
  • Never use ‘PAN’ in slides, always use Palo Alto Networks.
  • The easiest way to avoid typing that all the time is by using an automatic text expansion tool, such as:
    • Typinator for Mac OS (€19.99)
      • http://www.ergonis.com/products/typinator/
    • Texterfor Windows (free)
      • http://lifehacker.com/software/texter/lifehacker-code-texter-windows-238306.php
  • Our corporate colors in PowerPoint are:

Green

Blue

© 2011 Palo Alto Networks. Proprietary and Confidential.