The document discusses the importance of a comprehensive enterprise security policy in light of increasing data breaches and security threats. It emphasizes the limitations of traditional firewalls and advocates for modern security technologies that integrate network security and identity management. The vision is to create a unified identity security platform that enhances safety through real-time automated responses to suspicious activities, improving overall organizational security.

1. ForgeRock
Using Network Security and Identity Management to
Empower CISOs Today
The Case For A Comprehensive Enterprise Security Policy

2. The Stolen Data Epidemic
Target Replaces CEO Steinhafel Following Massive Holiday Breach
- Wall Street Journal
‘Heartbleed Bug Exposes Millions of Web Sites To Security Risks
- NBC News April 8, 2014
18 million email addresses and passwords stolen in Germany
- ZDNet April 7, 2014
360m newly stolen passwords on the black market
- The London Free Press
Data breaches surge with 93,000 passwords stolen every hour
- Computer Business Review
Bitcoin miners unearth 30,000 college student SSNs
- Next Gov April 24, 2014

3. To be truly effective,
you need to see all
applications, all user
identities and most
importantly, all threats
But traditional firewalls only
gave you ports, protocols, and
IP addresses – missing the
malware threat completely
Traditional Firewalls Had Limitations
Confidential Data
Command &
Control Traffic
Regulated Data
Exploits
Copyrighted
Material
Malware

4. Palo Alto Networks Reinvented Network Security
It’s no longer be about Ports and Protocols but instead it’s about
User Identity, Applications, and how they communicate
But without User Identity and Context, You Cannot Create
a True Comprehensive Security Policy For the End User

5. 5
Modern Security Technologies
■ Users: Understanding users and devices,
regardless of location with User-ID
■ Applications: Safe enablement and security
begins with application classification by App-ID.
■ Content: Scanning content flowing between
Users and Applications and protecting against all
threats – both known and unknown; with
Content-ID

6. Palo Alto Networks
Next-Generation Threat Cloud
Palo Alto Networks
Next-Generation Endpoint
Palo Alto Networks
Next-Generation Firewall
Next-Generation Firewall
 Inspects all traffic
 Safely enables applications
 Sends unknown threats to cloud
 Blocks network based threats
Next-Generation Threat Cloud
 Gathers potential threats from
network and endpoints
 Analyses and correlates threat
intelligence
 Disseminates threat intelligence to
network and endpoints
Next-Generation Endpoint
 Inspects all processes and files
 Prevents both known and unknown exploits
 Protects fixed, virtual, and mobile endpoints
 Lightweight client and cloud based
Next-Generation Security Platform
• ~500,000 Wildfire samples/day
• ~5% determined to be Malware
• 1 new Android Malware App every 30 minutes
• 1/3 of all portable executables are Malware

7. 7
Next-Generation Identity Management
Highly Scalable, Modular, Easy To Deploy Architecture
 “All-in-One” solution delivered
as a single platform
 Access to any application –
Enterprise, SaaS, Social, Mobile
 Flexible and extensible
architecture
 Social sign-on and one-time
mobile password
 Architected for consumer scale
+100M users
FORGEROCK.COM | CONFIDENTIAL

8. Combine Capabilities To Reinvent Security
Creating A Unified Enterprise-wide Security Platform
Next-gen Network Security & Identity
Functions Natively Integrated In One Solution

9. 9
The Vision
Deliver the only unified identity security
platform that can make hyper intelligent
decisions based on both network security
and user identity context.
FORGEROCK.COM | CONFIDENTIAL

10. 10
Key Benefits
■ Understand more about the user before granting them access to
corporate resources
■ Create a feedback loop to take appropriate action on both ends:
– The network blocks traffic when suspicious identity activity occurs
– The identity platform blocks access when suspicious network activity occurs
■ Real-time, automated remediation of malicious activity
■ Organizations are much, much safer!!!!

11. 11
Security/Identity Feedback Loop
FORGEROCK.COM | CONFIDENTIAL
Data Center
Establish
Identity
Assert
Identity

12. 12
Security/Identity Feedback Loop
FORGEROCK.COM | CONFIDENTIAL
Data Center
Legitimate Traffic
As defined by user rights

13. 13
Security/Identity Feedback Loop
FORGEROCK.COM | CONFIDENTIAL
Data Center
Malware/Inappropriate Traffic
Block & Alarm
Feedback Identity of
Malicious Traffic

14. 14
Security/Identity Feedback Loop
FORGEROCK.COM | CONFIDENTIAL
Data Center
Change Identity Rights-
Restrict User Traffic to all resources
■ Network violations modify Identity Rights
■ Feedback changes ID state and security state

15. 15
Target data breach – APTs in action
Maintain access
Spearphishing
third-party HVAC
contractor
Moved laterally
within Target
network and
installed POS
Malware
Exfiltrated data
command-and-
control servers
over FTP
Recon on
companies
Target works with
Compromised
internal server
to collect
customer data
Breached Target
network with
stolen payment
system
credentials

16. Centralized Management
Any location
All Key Identity &
Network Security
Functions Natively
Integrated in One
Solution
Innovative Approach To Securing Today’s Enterprise
Eliminate Security Silios For A Unified Enterprise-wide Security Policy
Visibility & Control
Threat prevention
Any Infrastructure
Closed Loop Single
Enterprise Wide Policy
ProvisioningIdentity
Management

17. Unify Your Enterprise
Security Strategy
 Protect the enterprise from known threats and zero-day attacks
 Gain full control over your identity and network security investments
 Make informed decisions based upon correlated events & data points
 Adaptable closed loop security policy enforcement
 Drive top line business initiatives faster

18. 18
Thank You!
FORGEROCK.COM | CONFIDENTIAL