Palo Alto Networks Soc Ent Okt2009
Upcoming SlideShare
Loading in...5
×
 

Palo Alto Networks Soc Ent Okt2009

on

  • 1,034 views

presentatie ICT-noord 29 oktober 2009

presentatie ICT-noord 29 oktober 2009

Statistics

Views

Total Views
1,034
Views on SlideShare
1,034
Embed Views
0

Actions

Likes
0
Downloads
31
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Inernet coming in; enterprise apps moving out. Users right in the middle. Hard to define/manage a hard boundary users also in the middle of personal/professional life – internet is part of both How do you control boundary there? Your challenge – minimize risks/max rewards
  • 494 unique apps * 30 business apps * 44 file sharing apps (all types) * 43 photo/video apps * 17 social networking * 45 IM
  • Now lets change gears and think positive… What the firewall really did provide innovation? What would it look like? Based on whats really happening, here are 5 critical requirements. Networks exist to support apps – you need to see them Ip addresses are annoying – you need to know the user by name Forget adding other threat prevention stuff – make the FW stop the damn threats! If you have this level of visibility, the policies you create will be effective and enforceable at the end of the day, it must keep pace with your business – security stuff should not slow you down.
  • Now lets change gears and think positive… What the firewall really did provide innovation? What would it look like? Based on whats really happening, here are 5 critical requirements. Networks exist to support apps – you need to see them Ip addresses are annoying – you need to know the user by name Forget adding other threat prevention stuff – make the FW stop the damn threats! If you have this level of visibility, the policies you create will be effective and enforceable at the end of the day, it must keep pace with your business – security stuff should not slow you down.
  • 03/05/07

Palo Alto Networks Soc Ent Okt2009 Palo Alto Networks Soc Ent Okt2009 Presentation Transcript

  • the changed enterprise has arrived . . . . . . and you need to get control of it! Wat is er aan de hand op het gebied van security en firewalls? Marcel Derksen System Engineer, Noord Europa
  • Our enterprise is changing
    • Driven by new generation of Internet-centric users
    • Giant social system - traditional boundaries have been eliminated
    • Built around communication, sharing, collaboration, group knowledge
    • Full, unrestricted access to everything on the Internet is a right
    • IT and business need to determine risk tolerance of Social Enterprise
    Internet Enterprise Work Life Home Life Rewards Risks
  • Enterprise applications take many forms What’s running on YOUR network? View slide
  • what we recently found on enterprise networks
    • 484 total unique applications running on 60 large enterprises
    • Application usage and Risk Report
    View slide
  • employees use them, but management is struggling
    • 73% - like to read and write blogs for business
    • 59% - use Instant Messaging at work
    • 53% - like Twitter for business and personal use
    • 52% - participate in online discussion forums at work
    • 52% - execs admit they’re important to business goals, success
    • 6% - but very few businesses deploy them widely today
  • business benefits of enterprise applications
      • Twitter – instant alerts on corporate news or information
      • Blogs – instant perspective and analysis on relevant issues
      • IM – instant communication with remote employees
      • Webex – instant meetings with customers in another city
      • Salesforce – instant update to sales data from any location
      • YouTube – instant distribution of product training videos
      • SharePoint – instant collaboration on complex projects
    • Better communication, collaboration, information exchange
    • Increased efficiency, lower cost, higher productivity for all
    • Data loss
      • Unauthorized employee file transfer, data sharing
    • Non-compliance
      • Using unapproved applications – IM, web mail in financial services
    • Operational cost overruns
      • Excessive bandwidth consumption, desktop cleanup
    • Employee productivity loss
      • Uncontrolled, excessive use of personal applications
    • Business continuity
      • Malware or application vulnerability induced downtime
    internal risks of enterprise applications
  • but employees are unconcerned about risks
    • 64% - understand some apps can result in data leakage
    • 33% - experienced security issues when using an app
    • 45% - did nothing when confronted with a security breach
    • 61% - feel more productive using internet apps
    • The inmates are running the asylum
      • 59% - admit these apps are completely uncontrolled
    • IT is losing control of applications, users, content
      • 48% - don’t know what apps are used by employees
  • summary of the social enterprise challenge for IT
    • Employees
      • Driving exploding use of collaborative Internet applications
      • Using an average of 6 different business and personal applications
      • Ignoring policies and circumventing security controls to get them
      • Unaware and unconcerned about data theft and potential threats
      • In control of the network – more users, more apps coming
    • IT
      • Cannot see applications
      • Cannot control applications
      • Cannot identify specific users
      • Cannot enforce effective policies
      • Cannot manage the risk or rewards of these apps for the business
  • the underlying cause of the security problem
    • Firewalls should see and control applications, users, and threats . . .
    • . . . but they only show you ports, protocols, and IP addresses –all meaningless!
  • The current solving Internet
    • Doesn’t solve the problem
    • Firewall “helpers” have limited view of traffic
    • Complex and costly to buy and maintain
    © 2009 Palo Alto Networks. Proprietary and Confidential. Page |
  • enough! it’s time to fix the firewall! How to Make the Firewall Useful Again 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Identify and prevent potential threats associated with all high risk applications 4. Granular policy-based control over applications, users, functionality 5. Multi-gigabit, in-line deployment with no performance degradation
  • Einde deel 1 Marcel Derksen System Engineer, Noord Europa
  • Palo Alto Next Generation Firewalls Marcel Derksen System Engineer, Noord Europa
  • enough! it’s time to fix the firewall! How to Make the Firewall Useful Again 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Identify and prevent potential threats associated with all high risk applications 4. Granular policy-based control over applications, users, functionality 5. Multi-gigabit, in-line deployment with no performance degradation
  • About Palo Alto Networks
    • Founded in 2005 by security visionary Nir Zuk
    • World class team with strong security and networking experience
    • Innovations: App-ID, User-ID, Content-ID
    • Builds next-generation firewalls that identify and control more than 900 applications; makes firewall strategic again
    • Global footprint: presence in 50+ countries, 24/7 support
    © 2009 Palo Alto Networks. Proprietary and Confidential. Page |
  • Unique Technologies Transform the Firewall
    • App-ID
    • Identify the application
    • User-ID
    • Identify the user
    • Content-ID
    • Scan the content
    © 2009 Palo Alto Networks. Proprietary and Confidential. Page |
  • Purpose-Built Architecture: PA-4000 Series © 2009 Palo Alto Networks. Proprietary and Confidential. Page |
    • Content Scanning HW Engine
    • Palo Alto Networks’ uniform signatures
    • Multiple memory banks – memory bandwidth scales performance
    • Multi-Core Security Processor
    • High density processing for flexible security functionality
    • Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression)
    • Dedicated Control Plane
    • Highly available mgmt
    • High speed logging and route updates
    10Gbps Dual-core CPU RAM RAM HDD
    • 10 Gig Network Processor
    • Front-end network processing offloads security processors
    • Hardware accelerated QoS, route lookup, MAC lookup and NAT
    CPU 16 . . SSL IPSec De-Compression CPU 1 CPU 2 10Gbps Control Plane Data Plane RAM RAM CPU 3 QoS Route, ARP, MAC lookup NAT Content Scanning Engine RAM RAM RAM RAM
  • Enables Executive Visibility © 2009 Palo Alto Networks. Proprietary and Confidential. Page | © 2008 Palo Alto Networks. Proprietary and Confidential. Page | © 2008 Palo Alto Networks. Proprietary and Confidential. Page |
  • Palo Alto Networks-OS Features
    • Strong networking foundation
      • Dynamic routing (OSPF, RIPv2)
      • Site-to-site IPSec VPN
      • SSL VPN for remote access
      • Tap mode – connect to SPAN port
      • Virtual wire (“Layer 1”) for true transparent in-line deployment
      • L2/L3 switching foundation
    • QoS traffic shaping
      • Max/guaranteed and priority
      • By user, app, interface, zone, and more
    • Zone-based architecture
      • All interfaces assigned to security zones for policy enforcement
    • High Availability
      • Active / passive
      • Configuration and session synchronization
      • Path, link, and HA monitoring
    • Virtual Systems
      • Establish multiple virtual firewalls in a single device (PA-4000 Series only)
    • Simple, flexible management
      • CLI, Web, Panorama, SNMP, Syslog
    © 2009 Palo Alto Networks. Proprietary and Confidential. Page | Visibility and control of applications, users and content are complemented by core firewall features PA-500 PA-2020 PA-2050 PA-4020 PA-4050 PA-4060
  • Flexible Deployment Options © 2009 Palo Alto Networks. Proprietary and Confidential. Page | Visibility Transparent In-Line Firewall Replacement
    • Application, user and content visibility without inline deployment
    • IPS with app visibility & control
    • Consolidation of IPS & URL filtering
    • Firewall replacement with app visibility & control
    • Firewall + IPS
    • Firewall + IPS + URL filtering
  • you decide how much control is needed
    • Unprecedented level of application control
      • Decrypt where appropriate
      • Deny – even unknown applications
      • Allow
      • Allow but scan
      • Allow certain users
      • Allow certain functions
      • Shape (QoS)
      • … and various combinations of the above
  • next generation firewalls for everyone
    • Performance
    • Remote Office/ Medium Enterprise
    • Large Enterprise
    PA-2000 Series PA-4000 Series PA-500
  • Leading Organizations Trust Palo Alto Networks © 2009 Palo Alto Networks. Proprietary and Confidential Page | Financial Services Government Media / Entertainment / Retail Service Providers / Services
  • Leading Organizations Trust Palo Alto Networks © 2009 Palo Alto Networks. Proprietary and Confidential Page | Education Mfg / High Tech / Energy Healthcare Industry
  • thank you! enough talking, show us 