SlideShare a Scribd company logo

cn-series-se-presentation.pptx

Download as PPTX, PDF
eli lama sabachtani sinaga
eli lama sabachtani sinaga

Paloalto CN series solution

Technology
1 of 26
CN-Series: Kubernetes NGFW July, 2020 Raj Patil Sudeep Padiyar
● Comprehensive Cloud Native Security ● Container Network Security Use cases ● Industry first Kubernetes NGFW !! ● Demo ○ K8s Native Orchestration ○ URL Filtering for Outbound Security ○ Threat Prevention ● Product and Licensing details ● Resources Agenda 2 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
Asset Inventory Configuration Assessment Compliance Management IAM Governance Vulnerability Management Workload Security Network Visibility Microsegmentation Layer 7 Threat Protection Privileged Activity Monitoring User Entity Behavior Analytics Runtime Defense Visibility & Governance Compute Security Network Protection Identity Security Prisma Cloud Comprehensive cloud native security across the entire application lifecycle
Network Visibility 4 | © 2020 Palo Alto Networks, Inc. All rights reserved. A Multi-Layered Network Security Strategy Layer 7 Threat Protection Microsegmentation
Container Network Security with Prisma Cloud & NGFW Compute Security Limit east-west traffic based on the machine and application identity Network-based detection and protection of compromised applications 5 | © 2020 Palo Alto Networks, Inc. All rights reserved. Identity-based Microsegmentation Layer 7 Threat Protection Reduce risk and protect compute with runtime and application security Prisma™ Cloud Prisma™ Cloud Vulnerability Management
6 | © 2020 Palo Alto Networks, Inc. All rights reserved. Use Cases for VM-Series in Cloud Outbound Stop data exfiltration East-West Prevent lateral propagation Inbound Block attackers from breaking-in Ordering Payments for traffic crossing “trust boundaries” (VPCs in AWS, GCP / Subnets in Azure) Customers deploy VM-Series in these scenarios in the cloud Internet CN NGFW
7 | © 2020 Palo Alto Networks, Inc. All rights reserved. Outbound Lack of container context East-West Lack of Visibility and Control Inbound Lack of container context for traffic crossing “trust boundaries” (namespaces in containers) Internet K8s Cluster Node CN NGFW Node Node Ordering Payments Containers create blind spots for customers Customers cannot protect all traffic flows using existing firewalls like VM-Series
8 | © 2020 Palo Alto Networks, Inc. All rights reserved. Internet K8s Cluster Node CN NGFW Node Node Ordering Payments Outbound Stop data exfiltration with container- context East-West Prevent lateral propagation within container clusters Inbound Container-level protection against break-ins CN-Series providers comprehensive security for containerized applications By running a CN-Series NGFW on each node Introducing CN-Series (Containerized NGFW)
9 | © 2020 Palo Alto Networks, Inc. All rights reserved. Complete NFGW Security for K8s ● Outbound protection for pods accessing VMs/servers, repos etc. ● East West protection between pods ● Inbound protection for K8S services Container-Native Architecture ● Distributed PAN-OS architecture; CN-MGMT & CN-NGFW pods Easy K8s-native Orchestration ● CN-NGFW runs as a DaemonSet (one command to deploy on all nodes) ● CN-MGMT runs as a StatefulSet ● Network insertion via CNI-chaining (standard for all CNI providers) Context-aware Policies ● K8s Plugin for Panorama to enable context-aware policies K8s Cluster K8s Plugin CN MGMT Introducing NGFW for Kubernetes Node Node Node
CN-Series: Cloud Native Kubernetes Orchestration GKE/AKS/EKS, OpenShift, Native K8s
Helm Installation Demo
Default-NS GKE – K8S Cluster Internet DP DP MP Native K8S POD1 POD N K8S Plugin Panorama Deploying CN-Series using Helm MP
Helm Demo 13 | © 2016, Palo Alto Networks. Confidential and Proprietary.
URL Filtering Outbound Demo
Use case - Outbound Traffic Protection with URL Filtering Acme Dev Cluster Github.com/PaloAltoNetworks Acme-Dev-ns Acme-Staging-ns NODE NODE NODE Source Destination Application Action Profile Jenkins Any Github-download Allow Only Palo alto Repo Web App Any Any Allow Any Repo
Demo
Threat Prevention Demo
18 | © 2020 Palo Alto Networks, Inc. All rights reserved. Graboid - First ever crypto-jacking worm
Use case - Outbound Traffic Protection with Anti-Malware Acme-Dev-ns Acme-Staging-ns NODE NODE NODE Acme Dev Cluster Source Destination Application Action Vulnerability Protection Ngnix ( With Graboid ) Any Any Allow Strict
Graboid demo 20 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Product Details
Supported Cloud Native Infrastructures 22 | © 2020 Palo Alto Networks, Inc. All rights reserved. Self-Managed On-premises Public Cloud Cloud-Managed
Product Details 23 | © 2020 Palo Alto Networks, Inc. All rights reserved. Software Versions PAN-OS 10.0 K8s Panorama Plugin 1.0.0 Container Runtime Docker, CR-IO Provider Managed Kubernetes Azure AKS, AWS EKS, GCP GKE, Openshift 4.2 Native K8s 1.13, 1.14, 1.15 Kubernetes Host VM OS Ubuntu 16.04, 18.04, RHEL/Centos 7.3 +, CoreOS 21XX, 22XX CNI Plugins Calico, Weave, Flannel, Azure, AWS Metric Performance per core App-ID 500 mbps Threat 250 mbps
Licensing 24 | © 2020 Palo Alto Networks, Inc. All rights reserved. Pricing Model Component Approach Rationale Licensing Number of CN-Series firewall units (total number of firewalls protecting K8s nodes) ● Easy to understand, predict, and measure Licensing Model Term-based ● Aligned with cloud pricing models Pricing Structure and Price Levels ● Basic Bundle: (CN-Series + Support) ● Bundle One: (CN-Series + Support + TP) ● Bundle Two: (CN-Series + Support + TP + Wildfire + URL + DNS) ● Align with VM-Series bundle structure ● Align with VM pricing method License Terms Term based ( 1 to 5 years) ● Consistency with VM-Series licensing ELA Part of VM ELA (7 tokens for CN-Series) ● Enable VM ELA customers to adopt CN- Series easily
● Product Documentation ● Github ● Qwiklabs - Try it for free. ○ Request for Qwiklab access - cn- seriessupport@paloalto networks.com Resources 25 | © 2020 Palo Alto Networks, Inc. All Rights Reserved.
Thanks !

Recommended

Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma AccessHaris Chughtai
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto NetworksLaurent Daudré-Vignier
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedMoti Sagey מוטי שגיא
 

Recommended

Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma AccessHaris Chughtai
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto NetworksLaurent Daudré-Vignier
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedMoti Sagey מוטי שגיא
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy conceptsMostafa El Lathy
 
SD WAN
SD WANSD WAN
SD WANBri Molina
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityOry Segal
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Anthos
AnthosAnthos
AnthosMeena Sambamurthy
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-reviewRayan Darine
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackElasticsearch
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instruction6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instructionMostafa El Lathy
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesCloudify Community
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud ADVA
 

More Related Content

What's hot

Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy conceptsMostafa El Lathy
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityOry Segal
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackElasticsearch
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instruction6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instructionMostafa El Lathy
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
 

What's hot (20)

Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
 
SD WAN
SD WANSD WAN
SD WAN
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application Security
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Anthos
AnthosAnthos
Anthos
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
Hunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic StackHunting for Evil with the Elastic Stack
Hunting for Evil with the Elastic Stack
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instruction6 pan-os software update & downgrade instruction
6 pan-os software update & downgrade instruction
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centre
 

Similar to cn-series-se-presentation.pptx

Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesCloudify Community
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud ADVA
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXNGINX, Inc.
 
Contrail integrated with Kubernetes and Openstack
Contrail integrated with Kubernetes and OpenstackContrail integrated with Kubernetes and Openstack
Contrail integrated with Kubernetes and OpenstackDaisuke Nakajima
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformKangaroot
 
LKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIMLKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIMLKNOG
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackEric Zhaohui Ji
 
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...GoGrid Cloud Hosting
 
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...Hidetsugu Sugiyama
 
Implementing holistic security for containers and Kubernetes with Calico and ...
Implementing holistic security for containers and Kubernetes with Calico and ...Implementing holistic security for containers and Kubernetes with Calico and ...
Implementing holistic security for containers and Kubernetes with Calico and ...NETWAYS
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyDenys Vasyliev
 
stackconf 2022: Data Management in Kubernetes – Backup, DR, HA
stackconf 2022: Data Management in Kubernetes – Backup, DR, HAstackconf 2022: Data Management in Kubernetes – Backup, DR, HA
stackconf 2022: Data Management in Kubernetes – Backup, DR, HANETWAYS
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomCloud Native Day Tel Aviv
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesQAware GmbH
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive KubernetesIBM France Lab
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 

Similar to cn-series-se-presentation.pptx (20)

Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
 
Contrail integrated with Kubernetes and Openstack
Contrail integrated with Kubernetes and OpenstackContrail integrated with Kubernetes and Openstack
Contrail integrated with Kubernetes and Openstack
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
Gadgeon profile
Gadgeon profileGadgeon profile
Gadgeon profile
 
LKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIMLKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIM
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration
 
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
 
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
 
Implementing holistic security for containers and Kubernetes with Calico and ...
Implementing holistic security for containers and Kubernetes with Calico and ...Implementing holistic security for containers and Kubernetes with Calico and ...
Implementing holistic security for containers and Kubernetes with Calico and ...
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
 
stackconf 2022: Data Management in Kubernetes – Backup, DR, HA
stackconf 2022: Data Management in Kubernetes – Backup, DR, HAstackconf 2022: Data Management in Kubernetes – Backup, DR, HA
stackconf 2022: Data Management in Kubernetes – Backup, DR, HA
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT Devices
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
The rise of microservices
The rise of microservicesThe rise of microservices
The rise of microservices
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

cn-series-se-presentation.pptx

  • 2. ● Comprehensive Cloud Native Security ● Container Network Security Use cases ● Industry first Kubernetes NGFW !! ● Demo ○ K8s Native Orchestration ○ URL Filtering for Outbound Security ○ Threat Prevention ● Product and Licensing details ● Resources Agenda 2 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
  • 3. Asset Inventory Configuration Assessment Compliance Management IAM Governance Vulnerability Management Workload Security Network Visibility Microsegmentation Layer 7 Threat Protection Privileged Activity Monitoring User Entity Behavior Analytics Runtime Defense Visibility & Governance Compute Security Network Protection Identity Security Prisma Cloud Comprehensive cloud native security across the entire application lifecycle
  • 4. Network Visibility 4 | © 2020 Palo Alto Networks, Inc. All rights reserved. A Multi-Layered Network Security Strategy Layer 7 Threat Protection Microsegmentation
  • 5. Container Network Security with Prisma Cloud & NGFW Compute Security Limit east-west traffic based on the machine and application identity Network-based detection and protection of compromised applications 5 | © 2020 Palo Alto Networks, Inc. All rights reserved. Identity-based Microsegmentation Layer 7 Threat Protection Reduce risk and protect compute with runtime and application security Prisma™ Cloud Prisma™ Cloud Vulnerability Management
  • 6. 6 | © 2020 Palo Alto Networks, Inc. All rights reserved. Use Cases for VM-Series in Cloud Outbound Stop data exfiltration East-West Prevent lateral propagation Inbound Block attackers from breaking-in Ordering Payments for traffic crossing “trust boundaries” (VPCs in AWS, GCP / Subnets in Azure) Customers deploy VM-Series in these scenarios in the cloud Internet CN NGFW
  • 7. 7 | © 2020 Palo Alto Networks, Inc. All rights reserved. Outbound Lack of container context East-West Lack of Visibility and Control Inbound Lack of container context for traffic crossing “trust boundaries” (namespaces in containers) Internet K8s Cluster Node CN NGFW Node Node Ordering Payments Containers create blind spots for customers Customers cannot protect all traffic flows using existing firewalls like VM-Series
  • 8. 8 | © 2020 Palo Alto Networks, Inc. All rights reserved. Internet K8s Cluster Node CN NGFW Node Node Ordering Payments Outbound Stop data exfiltration with container- context East-West Prevent lateral propagation within container clusters Inbound Container-level protection against break-ins CN-Series providers comprehensive security for containerized applications By running a CN-Series NGFW on each node Introducing CN-Series (Containerized NGFW)
  • 9. 9 | © 2020 Palo Alto Networks, Inc. All rights reserved. Complete NFGW Security for K8s ● Outbound protection for pods accessing VMs/servers, repos etc. ● East West protection between pods ● Inbound protection for K8S services Container-Native Architecture ● Distributed PAN-OS architecture; CN-MGMT & CN-NGFW pods Easy K8s-native Orchestration ● CN-NGFW runs as a DaemonSet (one command to deploy on all nodes) ● CN-MGMT runs as a StatefulSet ● Network insertion via CNI-chaining (standard for all CNI providers) Context-aware Policies ● K8s Plugin for Panorama to enable context-aware policies K8s Cluster K8s Plugin CN MGMT Introducing NGFW for Kubernetes Node Node Node
  • 10. CN-Series: Cloud Native Kubernetes Orchestration GKE/AKS/EKS, OpenShift, Native K8s
  • 12. Default-NS GKE – K8S Cluster Internet DP DP MP Native K8S POD1 POD N K8S Plugin Panorama Deploying CN-Series using Helm MP
  • 13. Helm Demo 13 | © 2016, Palo Alto Networks. Confidential and Proprietary.
  • 15. Use case - Outbound Traffic Protection with URL Filtering Acme Dev Cluster Github.com/PaloAltoNetworks Acme-Dev-ns Acme-Staging-ns NODE NODE NODE Source Destination Application Action Profile Jenkins Any Github-download Allow Only Palo alto Repo Web App Any Any Allow Any Repo
  • 16. Demo
  • 18. 18 | © 2020 Palo Alto Networks, Inc. All rights reserved. Graboid - First ever crypto-jacking worm
  • 19. Use case - Outbound Traffic Protection with Anti-Malware Acme-Dev-ns Acme-Staging-ns NODE NODE NODE Acme Dev Cluster Source Destination Application Action Vulnerability Protection Ngnix ( With Graboid ) Any Any Allow Strict
  • 20. Graboid demo 20 | © 2020 Palo Alto Networks, Inc. All rights reserved.
  • 22. Supported Cloud Native Infrastructures 22 | © 2020 Palo Alto Networks, Inc. All rights reserved. Self-Managed On-premises Public Cloud Cloud-Managed
  • 23. Product Details 23 | © 2020 Palo Alto Networks, Inc. All rights reserved. Software Versions PAN-OS 10.0 K8s Panorama Plugin 1.0.0 Container Runtime Docker, CR-IO Provider Managed Kubernetes Azure AKS, AWS EKS, GCP GKE, Openshift 4.2 Native K8s 1.13, 1.14, 1.15 Kubernetes Host VM OS Ubuntu 16.04, 18.04, RHEL/Centos 7.3 +, CoreOS 21XX, 22XX CNI Plugins Calico, Weave, Flannel, Azure, AWS Metric Performance per core App-ID 500 mbps Threat 250 mbps
  • 24. Licensing 24 | © 2020 Palo Alto Networks, Inc. All rights reserved. Pricing Model Component Approach Rationale Licensing Number of CN-Series firewall units (total number of firewalls protecting K8s nodes) ● Easy to understand, predict, and measure Licensing Model Term-based ● Aligned with cloud pricing models Pricing Structure and Price Levels ● Basic Bundle: (CN-Series + Support) ● Bundle One: (CN-Series + Support + TP) ● Bundle Two: (CN-Series + Support + TP + Wildfire + URL + DNS) ● Align with VM-Series bundle structure ● Align with VM pricing method License Terms Term based ( 1 to 5 years) ● Consistency with VM-Series licensing ELA Part of VM ELA (7 tokens for CN-Series) ● Enable VM ELA customers to adopt CN- Series easily
  • 25. ● Product Documentation ● Github ● Qwiklabs - Try it for free. ○ Request for Qwiklab access - cn- seriessupport@paloalto networks.com Resources 25 | © 2020 Palo Alto Networks, Inc. All Rights Reserved.

Editor's Notes

  1. Racquel
  2. Now, network security is not the end all be all of container security. Prisma Cloud provides a comprehensive toolset for securing cloud native apps, inclusive of features that deliver governance, compute security and workload protection, and identity security. As you can see, CN-Series rounds out the Network Protection pillar with its layer 7 threat protection capabilities.
  3. When it comes to network security, micro-segmentation and segmentation in general is only part of the picture. To illustrate this point, let’s think about how we secure airports. In an airport, we install cameras so that the security team can see everything that’s going on. In the network security world, security cameras are akin to network visibility. They’re ideal for reactive investigative work after an incident has already taken place, but they’re most likely not going to help stop the incident from happening in the first place. A more proactive security measure is issuing every traveler a boarding pass. Boarding passes dictate where a traveler is allowed to go, just like micro-segmentation dictates where traffic can flow in an enterprise network. But boarding passes alone aren’t enough to prevent threats from getting into the airport or onto planes. A boarding pass has no concept of whether or not I’m carrying a weapon onto the plane. That’s why airport security uses metal detectors at strategic parts of the airport, forcing travelers through a deeper level of inspection for threats. This is the role that next-gen firewalls play in internal network security, as well.
  4. Palo Alto offers a suit of products PCC : Vulnerability management for containers in your CICD pipeline prior to containers being deployed and runtime threat analytics on the host Aporeto : Reducing the scope of lateral attacks within your infrastructure by minimizing allowed connections. When an unpatched asset is potentially compromised reduce the spread of the attack. NGFW: Threat analytics for allowed connections at your network trust boundaries. Example : Enforcing egress controls for traffic leaving my k8s cluster, VM environment. This is how both PayPal and Comcast mix NGFW with Aporeto’s capabilities
  5. Racquel
  6. https://drive.google.com/file/d/1HmrKOOjx9V-w3-nRsPTGuDh593cEth8A/view?usp=drivesdk
  7. https://drive.google.com/file/d/1Eh99K3ngMW6G5VYRrFEyPoNo0QtIRhpj/view?usp=drivesdk
  8. https://drive.google.com/file/d/146tcBhjY-p39-tD1yFNI9o2zItKXjXfi/view?usp=drivesdk
  9. CN-Series can be deployed in self-managed Kubernetes environments hosted on-prem or in the public cloud. This includes RedHat Openshift environments, as well. It can also be deployed into managed Kubernetes environments offered by cloud service providers. These environments include the Google Kubernetes Engine, Amazon’s Elastic Kubernetes Service, the Azure Kubernetes Service. For an exhaustive list of supported environments, versions, and operating systems, reference the CN-Series data sheet.
  10. Racquel