The document discusses the results of analyzing network traffic across 60 enterprises. It found that HTTP has become the universal protocol and video consumes the most bandwidth. Most common threats exploit popular applications. Next generation firewalls are needed that can identify applications, users, and threats to better manage risks and allow business benefits of internet applications.

1. Managing the Security Risks and Business Rewards of Internet Applications © 2007 Palo Alto Networks. Proprietary and Confidential Page |

2. Real Data – What’s on Enterprise Networks Application usage assessment of 60 enterprises 960,000 users Across verticals: financial services, health care, manufacturing, government, retail, education Important questions How are networks being used? What applications are running on enterprise networks? Which applications are considered high-risk? What are the risks associated with the existing application mix? What threats are on enterprise networks? © 2008 Palo Alto Networks. Proprietary and Confidential. Page |

3. Key Findings – the Internet is the Network HTTP has become the universal application protocol All types of applications have converged on HTTP Video consumes the greatest amount of bandwidth Streaming media applications consume far more enterprise bandwidth than file sharing Applications are the major unmanaged threat vector Most common threats ride on the most common applications © 2008 Palo Alto Networks. Proprietary and Confidential. Page |

4. Internet Business Applications Are Common © 2008 Palo Alto Networks. Proprietary and Confidential. Page | Google applications (Docs, Calendar) found in most organizations Collaborative/utility apps are high risk (file transfer, evasive, etc.) Used in nearly all of the organizations studied

5. Video is Everywhere and YouTube is King © 2008 Palo Alto Networks. Proprietary and Confidential. Page | Streaming media in every enterprise Consumes 10% of total bandwidth Video is biggest consumer Streaming media uses 30x more bandwidth than file sharing YouTube is king Even P2P is going streaming video (43%), but file sharing is going browser-based

6. New Threats at the Application Layer © 2008 Palo Alto Networks. Proprietary and Confidential. Page | Threats are now targeting applications – including media applications 86% of organizations had “drive by” download exploits of browser apps Every organization experiences spyware (200 different varieties) Most Frequently Targeted Media Applications

7. Savvy Users Know How To Get Around Security © 2008 Palo Alto Networks. Proprietary and Confidential. Page | Users circumvent IT security controls Public proxy services/private proxies at home Encrypted tunnels

8. Example: UltraSurf Tunneling/anonymizing client Client-server Web surf any site, bypassing all traditional security controls Firewall IPS/IDS URL filtering But…it presents risk File transfer Evasive Prone to misuse Tunnels other applications UltraSurf is a Risky Application – With Questionable Value

9. Example: Groove Collaborative workspace Peer-to-peer Effective, just-in-time shared workspace But…it presents risk File transfer Malware Evasive Prone to misuse Business Applications Present Risk Too

10. Example: eBuddy Instant messaging aggregator application Browser-based Log in to all of your IM networks from a single web page But…it presents risk File transfer Malware Evasive Tunnels other applications Personal Applications Might Be Used for Business

11. Inability to Manage Application Risks and Rewards ? ? ? ? ? ? ? ? ? Risks Lower employee productivity Compliance Loss of sensitive data Higher operational cost Business disruption Rewards Increased collaboration Market expansion Higher productivity Reduced time to market Lower operational costs

12. Firewalls Have Not Kept Pace with Applications © 2008 Palo Alto Networks. Proprietary and Confidential. Page | Collaboration / Media SaaS Personal Hundreds of applications, users, and threats may be passing through your firewall . . . . . . but the only things you see are ports, protocols, and IP addresses.

13. As a result, IT is Confronted with 5 Problems Most IT organizations don’t really know what’s on their networks User policies may exist, but can’t be enforced More devices added to compensate for firewall ineffectiveness Network security becoming more expensive, harder to manage, and less effective Risks are increasing, rewards are decreasing

14. Requirements for Next Generation Firewalls © 2007 Palo Alto Networks. Proprietary and Confidential Page | © 2007 Palo Alto Networks. Proprietary and Confidential Page | New Requirements for the Firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Granular visibility and policy control over application access / functionality 4. Protect in real-time against threats embedded across applications 5. Multi-gigabit, in-line deployment with no performance degradation

15. About Palo Alto Networks Founded in 2005 by Nir Zuk, inventor of stateful inspection technology World class team with strong security and networking experience Innovative next generation firewalls identify and control 700+ applications Named Gartner Cool Vendor in 2008; 2008 Best of Interop Grand Prize © 2008 Palo Alto Networks. Proprietary and Confidential Page |

16. Identification Technologies Help Manage Risk App-ID Identify the application User-ID Identify the user Content-ID Scan the content © 2008 Palo Alto Networks. Proprietary and Confidential. Page |

17. Restored Visibility and Control of the Network User Port Protocol Application Port 80 is much more than Web browsing. . . 216.27.61.137 80 HTTP Web Browsing? Mary Jones 80 IM Yahoo-IM Port 443 is an encrypted mystery . . . 136.49.15.395 443 HTTPs Secure banking? Paul King 443 email Google g-Mail Other ports are being exploited . . . 315.44.29.603 2543 SIP VOIP? John Smith many Gnutella Limewire P2P

18. Innovative Visibility and Reporting Tools

19. Managing Risks and Rewards of Internet Applications Application Visibility and Control Risks Lower employee productivity Compliance Loss of sensitive data Higher operational cost Business disruption Rewards Increased collaboration Market expansion Higher productivity Reduced time to market Lower operational costs

20. Palo Alto Networks Next Generation Firewalls Performance Remote Office/ Medium Enterprise Large Enterprise 1 Gbps 500 Mbps 2 Gbps 10 Gbps 10 Gbps + 10G ports PA-2000 Series PA-4000 Series

21. Performance Tuned Hardware Architecture Flash Matching HW Engine Palo Alto Networks’ uniform signatures Multiple memory banks – memory bandwidth scales performance Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Dedicated Control Plane Highly available mgmt High speed logging and route updates 10Gbps Dual-core CPU RAM RAM HDD 10 Gig Network Processor Front-end network processing offloads security processors Hardware accelerated QoS, route lookup, MAC lookup and NAT CPU 16 . . SSL IPSec De-Compression CPU 1 CPU 2 10Gbps Control Plane Data Plane RAM RAM CPU 3 QoS Route, ARP, MAC lookup NAT Flash Matching Engine RAM RAM RAM RAM

22. Flexible Deployment Options © 2007 Palo Alto Networks. Proprietary and Confidential Page | Firewall Replacement Replace existing firewall Provides application and network-based visibility and control, consolidated policy, high performance Application Visibility Connect to span port Provides application visibility without inline deployment Transparent In-Line Deploy transparently behind existing firewall Provides application visibility & control without networking changes

23. Leading Organizations Trust Palo Alto Networks © 2007 Palo Alto Networks. Proprietary and Confidential Page | Health Care Financial Services Government Mfg / High Tech / Energy Education Services Media / Entertainment / Retail

24. Thank You! © 2007 Palo Alto Networks. Proprietary and Confidential Page |

25. App-ID: Comprehensive Application Visibility Policy-based control more than 700 applications distributed across five categories and 25 sub-categories Balanced mix of business, internet and networking applications and networking protocols ~ 5 new applications added weekly © 2008 Palo Alto Networks. Proprietary and Confidential. Page |

26. Users no longer defined solely by IP address Leverage existing Active Directory infrastructure Understand users application and threat behavior based on actual AD username, not just IP Manage and enforce policy based on user and/or AD group Investigate security incidents, generate custom reports User-ID: Enterprise Directory Integration © 2008 Palo Alto Networks. Proprietary and Confidential. Page |

27. Content-ID: Real-Time Content Scanning Detect and block a wide range of threats, limit unauthorized file transfers and control non-work related web surfing Stream-based, not file-based, for real-time performance Uniform signature engine scans for broad range of threats in single pass Vulnerability exploits (IPS), viruses, and spyware (both downloads and phone-home) Block a wide range of file transfers by type Looks into file to determine type – not extension based Web filtering enabled via fully integrated URL database 20M URLs across 54 categories Local database ensure highly scalable solution (1,000’s URLs/sec) © 2008 Palo Alto Networks. Proprietary and Confidential. Page |