Palo Alto Networks is a network security company founded in 2005 that provides next-generation firewalls and cloud-based malware analysis. It has over 1,000 employees globally and 11,000 enterprise customers. Palo Alto Networks firewalls can identify applications, users, and threats within network traffic through its single-pass parallel processing architecture. This allows fine-grained security policies to be applied based on applications rather than just ports. The company also operates a cloud-based malware analysis service called WildFire that automatically analyzes suspicious files and shares threat intelligence with customer firewalls.

1. the network security company
tm
Palo Alto Networks Overview
Carlos Alberto Pérez
Systems Engineer Manager LATAM
cperez@paloaltonetworks.com

2. Palo Alto Networks at a Glance
Corporate highlights
Founded in 2005; first customer shipment in 2007
Safely enabling applications
Able to address all network security needs
Exceptional ability to support global customers
Experienced technology and management team
1,000+ employees globally
1,800
4,700
11,000
0
2,000
4,000
6,000
8,000
10,000
12,000
Jul-10 Jul-11
$13
$49
$255
$119
$0
$50
$100
$150
$200
$250
$300
FY09 FY10 FY11 FY12
Revenue
Enterprise customers
$MM
FYE July
Feb-13
2 | ©2013, Palo Alto Networks. Confidential and
Proprietary.

3. Applications Have Changed, Firewalls Haven’t
3 | ©2012, Palo Alto Networks. Confidential and
Proprietary.
• Network security policy is
enforced at the firewall
• Sees all traffic
• Defines boundary
• Enables access
• Traditional firewalls don’t work any
more

4. The Right Answer: Make the Firewall Do Its Job
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 4 |
New Requirements for the Firewall
1. Identify applications regardless of port,
protocol, evasive tactic or SSL
2. Identify users regardless of IP address
3. Protect in real-time against threats
embedded across applications
4. Fine-grained visibility and policy control
over application access / functionality
5. Multi-gigabit, in-line deployment with no
performance degradation

5. Enabling Applications, Users and Content
5 | ©2012, Palo Alto Networks. Confidential and
Proprietary.

6. Single-Pass Parallel Processing™ (SP3) Architecture
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 6 |
Single Pass
• Operations once per
packet
- Traffic classification (app
identification)
- User/group mapping
- Content scanning –
threats, URLs,
confidential data
• One policy
Parallel Processing
• Function-specific parallel
processing hardware
engines
• Separate data/control
planes
• Up to 20Gbps, Low Latency

7. Application Control Belongs in the Firewall
• Port Policy
Decision
• App Ctrl Policy
Decision
Application Control as an Add-on
• Port-based decision first, apps second
• Applications treated as threats; only block what
you expressly look for
Ramifications
• Two policies/log databases, no reconciliation
• Unable to effectively manage unknowns
IPS
Applications
Firewall
PortTraffic
Firewall IPS
• App Ctrl Policy
Decision
• Scan Application
for Threats
Applications
ApplicationTraffic
Application Control in the Firewall
• Firewall determines application identity; across all
ports, for all traffic, all the time
• All policy decisions made based on application
Ramifications
• Single policy/log database – all context is shared
• Policy decisions made based on shared context
• Unknowns systematically managed
7 | ©2012, Palo Alto Networks. Confidential and
Proprietary.

8. NGFW in The Enterprise NetworkPerimeter
• App visibility and
control in the
firewall
• All apps, all ports,
all the time
• Prevent threats
• Known threats
• Unknown/
targeted malware
• Simplify security
infrastructure
DataCenter
• Network
segmentation
• Based on
application and
user, not port/IP
• Simple, flexible
network security
• Integration into all
DC designs
• Highly available,
high performance
• Prevent threats
DistributedEnterprise
• Consistent
network security
everywhere
• HQ/branch
offices/remote
and mobile users
• Logical perimeter
• Policy follows
applications and
users, not
physical location
• Centrally
managed
8 | ©2012, Palo Alto Networks. Confidential and
Proprietary.

9. Flexible Deployment Options
Visibility Transparent In-Line Firewall Replacement
• Application, user and content
visibility without inline
deployment
• IPS with app visibility & control
• Consolidation of IPS & URL
filtering
• Firewall replacement with app
visibility & control
• Firewall + IPS
• Firewall + IPS + URL filtering
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 9 |

10. WildFire Architecture
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 10 |
✓ ✓
✓
• WildFire Analysis Center!
• Potentially malicious
files from Internet
• Protection delivered to
all customer firewalls
• Policy-based forwarding to
WildFire for analysis
• Sandbox-based analysis looks for over
80 malicious behaviors
• Generates detailed forensics report
• Creates antivirus and C&C signatures

11. 0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
1
3
5
7
9
11
13
15
17
19
21
23
25
27
29
31
33
35
Hours
The First 24 Hours is Critical
• 11 | ©2012, Palo Alto Networks. Confidential and Proprietary.
* Sample size = 50 malware files

12. What is the WF-500?
§ Appliance-based version of the WildFire
sandbox for on-premises, private cloud
deployments
§ Ideal for customers that want to avoid sending
all files to the public cloud
§ All files analyzed locally on the WF-500
§ Identical detection as the public cloud
§ Optionally sends confirmed malware to the WildFire
public cloud for signature generation
§ Provides a private cloud where all firewalls can
integrate with the WF-500
• WildFire Cloud
• All unknown files
• Confirmed
Malware
• (optional)
• Signatures
• Customer
Firewalls
• Local Customer Network
• 12 | ©2013 Palo Alto Networks. Confidential and Proprietary.

13. © 2011 Palo Alto Networks. Proprietary and ConfidentialPage 13 |
PA-­‐3050
• 4 Gbps FW
• 2 Gbps Threat Prevention
• 500,000 sessions
• 8 SFP, 12 copper gigabit
PA-­‐3020
• 2 Gbps FW
• 1 Gbps Threat Prevention
• 250,000 sessions
• 8 SFP, 12 copper gigabit
PA-­‐500
• 250 Mbps FW
• 100 Mbps Threat Prevention
• 64,000 sessions
• 8 copper gigabit
PA-­‐200
• 100 Mbps FW
• 50 Mbps Threat
Prevention
• 64,000 sessions
• 4 copper gigabit
Palo Alto Networks Next-Gen Firewalls
PA-­‐5050
• 10
Gbps
FW
• 5
Gbps
threat
preven:on
• 2,000,000
sessions
• 4
SFP+
(10
Gig),
8
SFP
(1
Gig),
12
copper
gigabit
PA-­‐5020
• 5
Gbps
FW
• 2
Gbps
threat
preven:on
• 1,000,000
sessions
• 8
SFP,
12
copper
gigabit
PA-­‐5060
• 20
Gbps
FW
• 10
Gbps
threat
preven:on
• 4,000,000
sessions
• 4
SFP+
(10
Gig),
8
SFP
(1
Gig),
12
copper
gigabit

14. Segmenting Traffic in the Virtual Datacenter
• Hardware firewalls will continue to be deployed to secure and segment
datacenters at the edge and for legacy servers
• VM-Series introduces the ability for secure segmentation to be done within
VMware ESXi
14 | ©2012, Palo Alto Networks. Confidential and Proprietary.
• VLAN
• VLAN

15. Panorama Distributed Architecture
§ With M-100, manager and log collector functions can be split
§ Deploy multiple log collectors to scale collection infrastructure
• 15 | ©2012, Palo Alto Networks. Confidential and Proprietary.

16. © 2009 Palo Alto Networks. Proprietary and Confidential.Page 16 |
New Threats Require a Different Model for IPS Functions
• Stand-alone IPS has a negative security
model – can only “find it and kill it”
• Stand-alone IPS can’t see into growing
volumes of SSL-encrypted traffic, nor
into compressed content
• Next-generation firewalls enable “allow
application, but scan for threats” policy
response
• Gartner’s Recommendations:
- Move to next-generation firewalls at
the next refresh opportunity – whether
for firewall, IPS, or the combination of
the two.

17. • 17 | ©2012, Palo Alto Networks. Confidential and Proprietary.