Palo alto networks next generation firewalls


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • 494 unique apps * 30 business apps * 44 file sharing apps (all types) * 43 photo/video apps * 17 social networking * 45 IM
  • Now lets change gears and think positive… What the firewall really did provide innovation? What would it look like? Based on whats really happening, here are 5 critical requirements. Networks exist to support apps – you need to see them Ip addresses are annoying – you need to know the user by name Forget adding other threat prevention stuff – make the FW stop the damn threats! If you have this level of visibility, the policies you create will be effective and enforceable at the end of the day, it must keep pace with your business – security stuff should not slow you down.
  • 03/05/07
  • Palo alto networks next generation firewalls

    1. 1. Palo Alto Next-generation Firewalls Castle Force is an authorised partner of Palo Alto Networks in the UK
    2. 2. Our enterprise is changing <ul><li>Driven by new generation of Internet-centric users </li></ul><ul><li>Giant social system - traditional boundaries have been eliminated </li></ul><ul><li>Built around communication, sharing, collaboration, group knowledge </li></ul><ul><li>Full, unrestricted access to everything on the Internet is a right </li></ul><ul><li>IT and business need to determine risk tolerance of Social Enterprise </li></ul>Internet Enterprise Work Life Home Life Page | Rewards Risks
    3. 3. Enterprise applications take many forms What’s running on YOUR network? Page |
    4. 4. What we recently found on enterprise networks <ul><li>484 total unique applications running on 60 large enterprises </li></ul><ul><li>Application usage and Risk Report </li></ul>Page |
    5. 5. Employees use them, but management is struggling <ul><li>73% - like to read and write blogs for business </li></ul><ul><li>59% - use Instant Messaging at work </li></ul><ul><li>53% - like Twitter for business and personal use </li></ul><ul><li>52% - participate in online discussion forums at work </li></ul><ul><li>52% - execs admit they’re important to business goals, success </li></ul><ul><li>6% - but very few businesses deploy them widely today </li></ul>Page |
    6. 6. Business benefits of enterprise applications <ul><ul><li>Twitter – instant alerts on corporate news or information </li></ul></ul><ul><ul><li>Blogs – instant perspective and analysis on relevant issues </li></ul></ul><ul><ul><li>IM – instant communication with remote employees </li></ul></ul><ul><ul><li>Webex – instant meetings with customers in another city </li></ul></ul><ul><ul><li>Salesforce – instant update to sales data from any location </li></ul></ul><ul><ul><li>YouTube – instant distribution of product training videos </li></ul></ul><ul><ul><li>SharePoint – instant collaboration on complex projects </li></ul></ul><ul><li>Better communication, collaboration, information exchange </li></ul><ul><li>Increased efficiency, lower cost, higher productivity for all </li></ul>Page |
    7. 7. <ul><li>Data loss </li></ul><ul><ul><li>Unauthorized employee file transfer, data sharing </li></ul></ul><ul><li>Non-compliance </li></ul><ul><ul><li>Using unapproved applications – IM, web mail in financial services </li></ul></ul><ul><li>Operational cost overruns </li></ul><ul><ul><li>Excessive bandwidth consumption, desktop cleanup </li></ul></ul><ul><li>Employee productivity loss </li></ul><ul><ul><li>Uncontrolled, excessive use of personal applications </li></ul></ul><ul><li>Business continuity </li></ul><ul><ul><li>Malware or application vulnerability induced downtime </li></ul></ul>Internal risks of enterprise applications Page |
    8. 8. But employees are unconcerned about risks <ul><li>64% - understand some apps can result in data leakage </li></ul><ul><li>33% - experienced security issues when using an app </li></ul><ul><li>45% - did nothing when confronted with a security breach </li></ul><ul><li>61% - feel more productive using internet apps </li></ul><ul><li>The inmates are running the asylum </li></ul><ul><ul><li>59% - admit these apps are completely uncontrolled </li></ul></ul><ul><li>IT is losing control of applications, users, content </li></ul><ul><ul><li>48% - don’t know what apps are used by employees </li></ul></ul>Page |
    9. 9. Summary of the social enterprise challenge for IT <ul><li>Employees </li></ul><ul><ul><li>Driving exploding use of collaborative Internet applications </li></ul></ul><ul><ul><li>Using an average of 6 different business and personal applications </li></ul></ul><ul><ul><li>Ignoring policies and circumventing security controls to get them </li></ul></ul><ul><ul><li>Unaware and unconcerned about data theft and potential threats </li></ul></ul><ul><ul><li>In control of the network – more users, more apps coming </li></ul></ul><ul><li>IT </li></ul><ul><ul><li>Cannot see applications </li></ul></ul><ul><ul><li>Cannot control applications </li></ul></ul><ul><ul><li>Cannot identify specific users </li></ul></ul><ul><ul><li>Cannot enforce effective policies </li></ul></ul><ul><ul><li>Cannot manage the risk or rewards of these apps for the business </li></ul></ul>Page |
    10. 10. The underlying cause of the security problem <ul><li>Firewalls should see and control applications, users, and threats . . . </li></ul><ul><li>. . . but they only show you ports, protocols, and IP addresses –all meaningless! </li></ul>Page |
    11. 11. The current solving Internet <ul><li>Doesn’t solve the problem </li></ul><ul><li>Firewall “helpers” have limited view of traffic </li></ul><ul><li>Complex and costly to buy and maintain </li></ul>© 2009 Palo Alto Networks. Proprietary and Confidential. Page |
    12. 12. Enough! it’s time to fix the firewall! Page | How to Make the Firewall Useful Again 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Identify and prevent potential threats associated with all high risk applications 4. Granular policy-based control over applications, users, functionality 5. Multi-gigabit, in-line deployment with no performance degradation
    13. 13. About Palo Alto Networks <ul><li>Founded in 2005 by security visionary Nir Zuk </li></ul><ul><li>World class team with strong security and networking experience </li></ul><ul><li>Innovations: App-ID, User-ID, Content-ID </li></ul><ul><li>Builds next-generation firewalls that identify and control more than 900 applications; makes firewall strategic again </li></ul><ul><li>Global footprint: presence in 50+ countries, 24/7 support </li></ul>© 2009 Palo Alto Networks. Proprietary and Confidential. Page |
    14. 14. Unique Technologies Transform the Firewall <ul><li>App-ID </li></ul><ul><li>Identify the application </li></ul><ul><li>User-ID </li></ul><ul><li>Identify the user </li></ul><ul><li>Content-ID </li></ul><ul><li>Scan the content </li></ul>© 2009 Palo Alto Networks. Proprietary and Confidential. Page |
    15. 15. Purpose-Built Architecture: PA-4000 Series © 2009 Palo Alto Networks. Proprietary and Confidential. Page | <ul><li>Content Scanning HW Engine </li></ul><ul><li>Palo Alto Networks’ uniform signatures </li></ul><ul><li>Multiple memory banks – memory bandwidth scales performance </li></ul><ul><li>Multi-Core Security Processor </li></ul><ul><li>High density processing for flexible security functionality </li></ul><ul><li>Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) </li></ul><ul><li>Dedicated Control Plane </li></ul><ul><li>Highly available mgmt </li></ul><ul><li>High speed logging and route updates </li></ul>10Gbps Dual-core CPU RAM RAM HDD <ul><li>10 Gig Network Processor </li></ul><ul><li>Front-end network processing offloads security processors </li></ul><ul><li>Hardware accelerated QoS, route lookup, MAC lookup and NAT </li></ul>CPU 16 . . SSL IPSec De-Compression CPU 1 CPU 2 10Gbps Control Plane Data Plane RAM RAM CPU 3 QoS Route, ARP, MAC lookup NAT Content Scanning Engine RAM RAM RAM RAM
    16. 16. Enables Executive Visibility © 2009 Palo Alto Networks. Proprietary and Confidential. Page | © 2008 Palo Alto Networks. Proprietary and Confidential. Page | © 2008 Palo Alto Networks. Proprietary and Confidential. Page |
    17. 17. Palo Alto Networks-OS Features <ul><li>Strong networking foundation </li></ul><ul><ul><li>Dynamic routing (OSPF, RIPv2) </li></ul></ul><ul><ul><li>Site-to-site IPSec VPN </li></ul></ul><ul><ul><li>SSL VPN for remote access </li></ul></ul><ul><ul><li>Tap mode – connect to SPAN port </li></ul></ul><ul><ul><li>Virtual wire (“Layer 1”) for true transparent in-line deployment </li></ul></ul><ul><ul><li>L2/L3 switching foundation </li></ul></ul><ul><li>QoS traffic shaping </li></ul><ul><ul><li>Max/guaranteed and priority </li></ul></ul><ul><ul><li>By user, app, interface, zone, and more </li></ul></ul><ul><li>Zone-based architecture </li></ul><ul><ul><li>All interfaces assigned to security zones for policy enforcement </li></ul></ul><ul><li>High Availability </li></ul><ul><ul><li>Active / passive </li></ul></ul><ul><ul><li>Configuration and session synchronization </li></ul></ul><ul><ul><li>Path, link, and HA monitoring </li></ul></ul><ul><li>Virtual Systems </li></ul><ul><ul><li>Establish multiple virtual firewalls in a single device (PA-4000 Series only) </li></ul></ul><ul><li>Simple, flexible management </li></ul><ul><ul><li>CLI, Web, Panorama, SNMP, Syslog </li></ul></ul>© 2009 Palo Alto Networks. Proprietary and Confidential. Page | Visibility and control of applications, users and content are complemented by core firewall features PA-500 PA-2020 PA-2050 PA-4020 PA-4050 PA-4060
    18. 18. Flexible Deployment Options © 2009 Palo Alto Networks. Proprietary and Confidential. Page | Visibility Transparent In-Line Firewall Replacement <ul><li>Application, user and content visibility without inline deployment </li></ul><ul><li>IPS with app visibility & control </li></ul><ul><li>Consolidation of IPS & URL filtering </li></ul><ul><li>Firewall replacement with app visibility & control </li></ul><ul><li>Firewall + IPS </li></ul><ul><li>Firewall + IPS + URL filtering </li></ul>
    19. 19. You decide how much control is needed <ul><li>Unprecedented level of application control </li></ul><ul><ul><li>Decrypt where appropriate </li></ul></ul><ul><ul><li>Deny – even unknown applications </li></ul></ul><ul><ul><li>Allow </li></ul></ul><ul><ul><li>Allow but scan </li></ul></ul><ul><ul><li>Allow certain users </li></ul></ul><ul><ul><li>Allow certain functions </li></ul></ul><ul><ul><li>Shape (QoS) </li></ul></ul><ul><ul><li>… and various combinations of the above </li></ul></ul>Page |
    20. 20. Next-generation firewalls for everyone <ul><li>Performance </li></ul><ul><li>Remote Office/ Medium Enterprise </li></ul><ul><li>Large Enterprise </li></ul>PA-2000 Series PA-4000 Series PA-500 Page |
    21. 21. Leading Organisations Trust Palo Alto Networks © 2009 Palo Alto Networks. Proprietary and Confidential Page | Financial Services Government Media / Entertainment / Retail Service Providers / Services
    22. 22. Leading Organisations Trust Palo Alto Networks © 2009 Palo Alto Networks. Proprietary and Confidential Page | Education Mfg / High Tech / Energy Healthcare Industry
    23. 23. Thank You Please contact us on Tel : +44(0)118 907 1600 Tel: +44(0)151 203 1400 Email: Need a Quote for Palo Alto Firewall