SlideShare a Scribd company logo

cn-series-se-presentation.pptx

Download as PPTX, PDF
eli lama sabachtani sinaga
eli lama sabachtani sinaga

This document discusses Palo Alto Networks' CN-Series Kubernetes Next Generation Firewall (NGFW). It provides an overview of CN-Series' container network security capabilities including outbound traffic protection with URL filtering and threat prevention demonstrations. The document also reviews CN-Series' container-native architecture, easy Kubernetes orchestration using Helm charts, and product details such as supported infrastructures, software versions, performance metrics, and licensing model.

Technology
1 of 26
CN-Series: Kubernetes NGFW July, 2020 Raj Patil Sudeep Padiyar
● Comprehensive Cloud Native Security ● Container Network Security Use cases ● Industry first Kubernetes NGFW !! ● Demo ○ K8s Native Orchestration ○ URL Filtering for Outbound Security ○ Threat Prevention ● Product and Licensing details ● Resources Agenda 2 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
Asset Inventory Configuration Assessment Compliance Management IAM Governance Vulnerability Management Workload Security Network Visibility Microsegmentation Layer 7 Threat Protection Privileged Activity Monitoring User Entity Behavior Analytics Runtime Defense Visibility & Governance Compute Security Network Protection Identity Security Prisma Cloud Comprehensive cloud native security across the entire application lifecycle
Network Visibility 4 | © 2020 Palo Alto Networks, Inc. All rights reserved. A Multi-Layered Network Security Strategy Layer 7 Threat Protection Microsegmentation
Container Network Security with Prisma Cloud & NGFW Compute Security Limit east-west traffic based on the machine and application identity Network-based detection and protection of compromised applications 5 | © 2020 Palo Alto Networks, Inc. All rights reserved. Identity-based Microsegmentation Layer 7 Threat Protection Reduce risk and protect compute with runtime and application security Prisma™ Cloud Prisma™ Cloud Vulnerability Management
6 | © 2020 Palo Alto Networks, Inc. All rights reserved. Use Cases for VM-Series in Cloud Outbound Stop data exfiltration East-West Prevent lateral propagation Inbound Block attackers from breaking-in Ordering Payments for traffic crossing “trust boundaries” (VPCs in AWS, GCP / Subnets in Azure) Customers deploy VM-Series in these scenarios in the cloud Internet CN NGFW
7 | © 2020 Palo Alto Networks, Inc. All rights reserved. Outbound Lack of container context East-West Lack of Visibility and Control Inbound Lack of container context for traffic crossing “trust boundaries” (namespaces in containers) Internet K8s Cluster Node CN NGFW Node Node Ordering Payments Containers create blind spots for customers Customers cannot protect all traffic flows using existing firewalls like VM-Series
8 | © 2020 Palo Alto Networks, Inc. All rights reserved. Internet K8s Cluster Node CN NGFW Node Node Ordering Payments Outbound Stop data exfiltration with container- context East-West Prevent lateral propagation within container clusters Inbound Container-level protection against break-ins CN-Series providers comprehensive security for containerized applications By running a CN-Series NGFW on each node Introducing CN-Series (Containerized NGFW)
9 | © 2020 Palo Alto Networks, Inc. All rights reserved. Complete NFGW Security for K8s ● Outbound protection for pods accessing VMs/servers, repos etc. ● East West protection between pods ● Inbound protection for K8S services Container-Native Architecture ● Distributed PAN-OS architecture; CN-MGMT & CN-NGFW pods Easy K8s-native Orchestration ● CN-NGFW runs as a DaemonSet (one command to deploy on all nodes) ● CN-MGMT runs as a StatefulSet ● Network insertion via CNI-chaining (standard for all CNI providers) Context-aware Policies ● K8s Plugin for Panorama to enable context-aware policies K8s Cluster K8s Plugin CN MGMT Introducing NGFW for Kubernetes Node Node Node
CN-Series: Cloud Native Kubernetes Orchestration GKE/AKS/EKS, OpenShift, Native K8s
Helm Installation Demo
Default-NS GKE – K8S Cluster Internet DP DP MP Native K8S POD1 POD N K8S Plugin Panorama Deploying CN-Series using Helm MP
Helm Demo 13 | © 2016, Palo Alto Networks. Confidential and Proprietary.
URL Filtering Outbound Demo
Use case - Outbound Traffic Protection with URL Filtering Acme Dev Cluster Github.com/PaloAltoNetworks Acme-Dev-ns Acme-Staging-ns NODE NODE NODE Source Destination Application Action Profile Jenkins Any Github-download Allow Only Palo alto Repo Web App Any Any Allow Any Repo
Demo
Threat Prevention Demo
18 | © 2020 Palo Alto Networks, Inc. All rights reserved. Graboid - First ever crypto-jacking worm
Use case - Outbound Traffic Protection with Anti-Malware Acme-Dev-ns Acme-Staging-ns NODE NODE NODE Acme Dev Cluster Source Destination Application Action Vulnerability Protection Ngnix ( With Graboid ) Any Any Allow Strict
Graboid demo 20 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Product Details
Supported Cloud Native Infrastructures 22 | © 2020 Palo Alto Networks, Inc. All rights reserved. Self-Managed On-premises Public Cloud Cloud-Managed
Product Details 23 | © 2020 Palo Alto Networks, Inc. All rights reserved. Software Versions PAN-OS 10.0 K8s Panorama Plugin 1.0.0 Container Runtime Docker, CR-IO Provider Managed Kubernetes Azure AKS, AWS EKS, GCP GKE, Openshift 4.2 Native K8s 1.13, 1.14, 1.15 Kubernetes Host VM OS Ubuntu 16.04, 18.04, RHEL/Centos 7.3 +, CoreOS 21XX, 22XX CNI Plugins Calico, Weave, Flannel, Azure, AWS Metric Performance per core App-ID 500 mbps Threat 250 mbps
Licensing 24 | © 2020 Palo Alto Networks, Inc. All rights reserved. Pricing Model Component Approach Rationale Licensing Number of CN-Series firewall units (total number of firewalls protecting K8s nodes) ● Easy to understand, predict, and measure Licensing Model Term-based ● Aligned with cloud pricing models Pricing Structure and Price Levels ● Basic Bundle: (CN-Series + Support) ● Bundle One: (CN-Series + Support + TP) ● Bundle Two: (CN-Series + Support + TP + Wildfire + URL + DNS) ● Align with VM-Series bundle structure ● Align with VM pricing method License Terms Term based ( 1 to 5 years) ● Consistency with VM-Series licensing ELA Part of VM ELA (7 tokens for CN-Series) ● Enable VM ELA customers to adopt CN- Series easily
● Product Documentation ● Github ● Qwiklabs - Try it for free. ○ Request for Qwiklab access - cn- seriessupport@paloalto networks.com Resources 25 | © 2020 Palo Alto Networks, Inc. All Rights Reserved.
Thanks !

Recommended

Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019
Sean Xie
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma Access
Haris Chughtai
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASB
Alberto Rivai
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application Security
Ory Segal
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
Belsoft
 

Recommended

Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019
Sean Xie
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma Access
Haris Chughtai
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASB
Alberto Rivai
 
Realizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application SecurityRealizing the Full Potential of Cloud-Native Application Security
Realizing the Full Potential of Cloud-Native Application Security
Ory Segal
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
Belsoft
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
Castleforce
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptx
ahmad661583
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptx
infoeliechahine
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
Mostafa El Lathy
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Amazon Web Services
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
arnaudlh
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
Maganathin Veeraragaloo
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
Rayan Darine
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018
Robert Parker
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
Mostafa El Lathy
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
Laurent Daudré-Vignier
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
Jimmy Saigon
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
Amazon Web Services
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
AEC Networks
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
Cloudify Community
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
ADVA
 

More Related Content

What's hot

Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
Castleforce
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptx
ahmad661583
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptx
infoeliechahine
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
Mostafa El Lathy
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
Amazon Web Services
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
arnaudlh
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
Maganathin Veeraragaloo
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
Rayan Darine
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018
Robert Parker
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
Mostafa El Lathy
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
Laurent Daudré-Vignier
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
Jimmy Saigon
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
Amazon Web Services
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
AEC Networks
 

What's hot (20)

Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptx
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptx
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall concepts
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
 
Cloud security
Cloud security Cloud security
Cloud security
 
IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018IBM MQ in Containers - Think 2018
IBM MQ in Containers - Think 2018
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 

Similar to cn-series-se-presentation.pptx

Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
Cloudify Community
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
ADVA
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Olivia LaMar
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
Contrail integrated with Kubernetes and Openstack
Contrail integrated with Kubernetes and OpenstackContrail integrated with Kubernetes and Openstack
Contrail integrated with Kubernetes and Openstack
Daisuke Nakajima
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
Gadgeon profile
Gadgeon profileGadgeon profile
Gadgeon profile
SREERAJ NAIR
 
LKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIMLKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
Eric Zhaohui Ji
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration
Open Source Technology Center MeetUps
 
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid Cloud Hosting
 
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Hidetsugu Sugiyama
 
Implementing holistic security for containers and Kubernetes with Calico and ...
Implementing holistic security for containers and Kubernetes with Calico and ...Implementing holistic security for containers and Kubernetes with Calico and ...
Implementing holistic security for containers and Kubernetes with Calico and ...
NETWAYS
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
stackconf 2022: Data Management in Kubernetes – Backup, DR, HA
stackconf 2022: Data Management in Kubernetes – Backup, DR, HAstackconf 2022: Data Management in Kubernetes – Backup, DR, HA
stackconf 2022: Data Management in Kubernetes – Backup, DR, HA
NETWAYS
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT Devices
QAware GmbH
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
IBM France Lab
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
 
The rise of microservices
The rise of microservicesThe rise of microservices
The rise of microservices
Cloud Technology Experts
 

Similar to cn-series-se-presentation.pptx (20)

Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
Control Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINXControl Kubernetes Ingress and Egress Together with NGINX
Control Kubernetes Ingress and Egress Together with NGINX
 
Contrail integrated with Kubernetes and Openstack
Contrail integrated with Kubernetes and OpenstackContrail integrated with Kubernetes and Openstack
Contrail integrated with Kubernetes and Openstack
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
Gadgeon profile
Gadgeon profileGadgeon profile
Gadgeon profile
 
LKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIMLKNOG3 - Telco Cloud Common – VIM/ CIM
LKNOG3 - Telco Cloud Common – VIM/ CIM
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration
 
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
GoGrid 3.0 Webinar: Complex Infrastructure Made Easy - Learn About the GoGrid...
 
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
Kubernetes Native Infrastructure and CoreOS Operator Framework for 5G Edge Cl...
 
Implementing holistic security for containers and Kubernetes with Calico and ...
Implementing holistic security for containers and Kubernetes with Calico and ...Implementing holistic security for containers and Kubernetes with Calico and ...
Implementing holistic security for containers and Kubernetes with Calico and ...
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
 
stackconf 2022: Data Management in Kubernetes – Backup, DR, HA
stackconf 2022: Data Management in Kubernetes – Backup, DR, HAstackconf 2022: Data Management in Kubernetes – Backup, DR, HA
stackconf 2022: Data Management in Kubernetes – Backup, DR, HA
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
 
Kubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT DevicesKubernetes für Workstations Edge und IoT Devices
Kubernetes für Workstations Edge und IoT Devices
 
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
20200113 - IBM Cloud Côte d'Azur - DeepDive Kubernetes
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
The rise of microservices
The rise of microservicesThe rise of microservices
The rise of microservices
 

Recently uploaded

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 

Recently uploaded (20)

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 

cn-series-se-presentation.pptx

  • 2. ● Comprehensive Cloud Native Security ● Container Network Security Use cases ● Industry first Kubernetes NGFW !! ● Demo ○ K8s Native Orchestration ○ URL Filtering for Outbound Security ○ Threat Prevention ● Product and Licensing details ● Resources Agenda 2 | © 2019 Palo Alto Networks, Inc. All Rights Reserved.
  • 3. Asset Inventory Configuration Assessment Compliance Management IAM Governance Vulnerability Management Workload Security Network Visibility Microsegmentation Layer 7 Threat Protection Privileged Activity Monitoring User Entity Behavior Analytics Runtime Defense Visibility & Governance Compute Security Network Protection Identity Security Prisma Cloud Comprehensive cloud native security across the entire application lifecycle
  • 4. Network Visibility 4 | © 2020 Palo Alto Networks, Inc. All rights reserved. A Multi-Layered Network Security Strategy Layer 7 Threat Protection Microsegmentation
  • 5. Container Network Security with Prisma Cloud & NGFW Compute Security Limit east-west traffic based on the machine and application identity Network-based detection and protection of compromised applications 5 | © 2020 Palo Alto Networks, Inc. All rights reserved. Identity-based Microsegmentation Layer 7 Threat Protection Reduce risk and protect compute with runtime and application security Prisma™ Cloud Prisma™ Cloud Vulnerability Management
  • 6. 6 | © 2020 Palo Alto Networks, Inc. All rights reserved. Use Cases for VM-Series in Cloud Outbound Stop data exfiltration East-West Prevent lateral propagation Inbound Block attackers from breaking-in Ordering Payments for traffic crossing “trust boundaries” (VPCs in AWS, GCP / Subnets in Azure) Customers deploy VM-Series in these scenarios in the cloud Internet CN NGFW
  • 7. 7 | © 2020 Palo Alto Networks, Inc. All rights reserved. Outbound Lack of container context East-West Lack of Visibility and Control Inbound Lack of container context for traffic crossing “trust boundaries” (namespaces in containers) Internet K8s Cluster Node CN NGFW Node Node Ordering Payments Containers create blind spots for customers Customers cannot protect all traffic flows using existing firewalls like VM-Series
  • 8. 8 | © 2020 Palo Alto Networks, Inc. All rights reserved. Internet K8s Cluster Node CN NGFW Node Node Ordering Payments Outbound Stop data exfiltration with container- context East-West Prevent lateral propagation within container clusters Inbound Container-level protection against break-ins CN-Series providers comprehensive security for containerized applications By running a CN-Series NGFW on each node Introducing CN-Series (Containerized NGFW)
  • 9. 9 | © 2020 Palo Alto Networks, Inc. All rights reserved. Complete NFGW Security for K8s ● Outbound protection for pods accessing VMs/servers, repos etc. ● East West protection between pods ● Inbound protection for K8S services Container-Native Architecture ● Distributed PAN-OS architecture; CN-MGMT & CN-NGFW pods Easy K8s-native Orchestration ● CN-NGFW runs as a DaemonSet (one command to deploy on all nodes) ● CN-MGMT runs as a StatefulSet ● Network insertion via CNI-chaining (standard for all CNI providers) Context-aware Policies ● K8s Plugin for Panorama to enable context-aware policies K8s Cluster K8s Plugin CN MGMT Introducing NGFW for Kubernetes Node Node Node
  • 10. CN-Series: Cloud Native Kubernetes Orchestration GKE/AKS/EKS, OpenShift, Native K8s
  • 12. Default-NS GKE – K8S Cluster Internet DP DP MP Native K8S POD1 POD N K8S Plugin Panorama Deploying CN-Series using Helm MP
  • 13. Helm Demo 13 | © 2016, Palo Alto Networks. Confidential and Proprietary.
  • 15. Use case - Outbound Traffic Protection with URL Filtering Acme Dev Cluster Github.com/PaloAltoNetworks Acme-Dev-ns Acme-Staging-ns NODE NODE NODE Source Destination Application Action Profile Jenkins Any Github-download Allow Only Palo alto Repo Web App Any Any Allow Any Repo
  • 16. Demo
  • 18. 18 | © 2020 Palo Alto Networks, Inc. All rights reserved. Graboid - First ever crypto-jacking worm
  • 19. Use case - Outbound Traffic Protection with Anti-Malware Acme-Dev-ns Acme-Staging-ns NODE NODE NODE Acme Dev Cluster Source Destination Application Action Vulnerability Protection Ngnix ( With Graboid ) Any Any Allow Strict
  • 20. Graboid demo 20 | © 2020 Palo Alto Networks, Inc. All rights reserved.
  • 22. Supported Cloud Native Infrastructures 22 | © 2020 Palo Alto Networks, Inc. All rights reserved. Self-Managed On-premises Public Cloud Cloud-Managed
  • 23. Product Details 23 | © 2020 Palo Alto Networks, Inc. All rights reserved. Software Versions PAN-OS 10.0 K8s Panorama Plugin 1.0.0 Container Runtime Docker, CR-IO Provider Managed Kubernetes Azure AKS, AWS EKS, GCP GKE, Openshift 4.2 Native K8s 1.13, 1.14, 1.15 Kubernetes Host VM OS Ubuntu 16.04, 18.04, RHEL/Centos 7.3 +, CoreOS 21XX, 22XX CNI Plugins Calico, Weave, Flannel, Azure, AWS Metric Performance per core App-ID 500 mbps Threat 250 mbps
  • 24. Licensing 24 | © 2020 Palo Alto Networks, Inc. All rights reserved. Pricing Model Component Approach Rationale Licensing Number of CN-Series firewall units (total number of firewalls protecting K8s nodes) ● Easy to understand, predict, and measure Licensing Model Term-based ● Aligned with cloud pricing models Pricing Structure and Price Levels ● Basic Bundle: (CN-Series + Support) ● Bundle One: (CN-Series + Support + TP) ● Bundle Two: (CN-Series + Support + TP + Wildfire + URL + DNS) ● Align with VM-Series bundle structure ● Align with VM pricing method License Terms Term based ( 1 to 5 years) ● Consistency with VM-Series licensing ELA Part of VM ELA (7 tokens for CN-Series) ● Enable VM ELA customers to adopt CN- Series easily
  • 25. ● Product Documentation ● Github ● Qwiklabs - Try it for free. ○ Request for Qwiklab access - cn- seriessupport@paloalto networks.com Resources 25 | © 2020 Palo Alto Networks, Inc. All Rights Reserved.

Editor's Notes

  1. Racquel
  2. Now, network security is not the end all be all of container security. Prisma Cloud provides a comprehensive toolset for securing cloud native apps, inclusive of features that deliver governance, compute security and workload protection, and identity security. As you can see, CN-Series rounds out the Network Protection pillar with its layer 7 threat protection capabilities.
  3. When it comes to network security, micro-segmentation and segmentation in general is only part of the picture. To illustrate this point, let’s think about how we secure airports. In an airport, we install cameras so that the security team can see everything that’s going on. In the network security world, security cameras are akin to network visibility. They’re ideal for reactive investigative work after an incident has already taken place, but they’re most likely not going to help stop the incident from happening in the first place. A more proactive security measure is issuing every traveler a boarding pass. Boarding passes dictate where a traveler is allowed to go, just like micro-segmentation dictates where traffic can flow in an enterprise network. But boarding passes alone aren’t enough to prevent threats from getting into the airport or onto planes. A boarding pass has no concept of whether or not I’m carrying a weapon onto the plane. That’s why airport security uses metal detectors at strategic parts of the airport, forcing travelers through a deeper level of inspection for threats. This is the role that next-gen firewalls play in internal network security, as well.
  4. Palo Alto offers a suit of products PCC : Vulnerability management for containers in your CICD pipeline prior to containers being deployed and runtime threat analytics on the host Aporeto : Reducing the scope of lateral attacks within your infrastructure by minimizing allowed connections. When an unpatched asset is potentially compromised reduce the spread of the attack. NGFW: Threat analytics for allowed connections at your network trust boundaries. Example : Enforcing egress controls for traffic leaving my k8s cluster, VM environment. This is how both PayPal and Comcast mix NGFW with Aporeto’s capabilities
  5. Racquel
  6. https://drive.google.com/file/d/1HmrKOOjx9V-w3-nRsPTGuDh593cEth8A/view?usp=drivesdk
  7. https://drive.google.com/file/d/1Eh99K3ngMW6G5VYRrFEyPoNo0QtIRhpj/view?usp=drivesdk
  8. https://drive.google.com/file/d/146tcBhjY-p39-tD1yFNI9o2zItKXjXfi/view?usp=drivesdk
  9. CN-Series can be deployed in self-managed Kubernetes environments hosted on-prem or in the public cloud. This includes RedHat Openshift environments, as well. It can also be deployed into managed Kubernetes environments offered by cloud service providers. These environments include the Google Kubernetes Engine, Amazon’s Elastic Kubernetes Service, the Azure Kubernetes Service. For an exhaustive list of supported environments, versions, and operating systems, reference the CN-Series data sheet.
  10. Racquel