2. 2
DIGITALWAYOFLIFE
PROTECTINGOUR
The Digital Age Brings Risk and Reward
Today’s digital landscape has seen tectonic shifts in recent years with innovations in technology.
These innovations have improved our way of life and doing business, but have also provided more
entry-points for cyber criminals.
Due to the threats in cyberspace, enterprises and organizations are exposed to unprecedented risks.
The number of victims of cyberattacks published by various research organizations are increasing by
more than 50% every year. Typical cyberattacks include unauthorized access, targeted attacks, DoS
attacks, phishing, spoofing, and TEMPEST. Attacks that target enterprises and organizations are
rapidly increasing. In contrast to conventional threats committed just for fun, targeted attacks are
conducted by organized groups in a more sophisticated manner, targeting valuable data and
information. The cumulative effect of this is the undermining of the fundamental trust in technology
that enables the digital age.
Security Measures at the Perimeter are not Sufficient
Advanced cyberattacks that are stealthy and persistent avoid traditional security measures
throughout the attack lifecycle in a sophisticated manner. Moreover, some of the attacks target
external businesses that have authorized access rights and infect them with malware to steal IDs and
passwords to access the network. Such cyberattack techniques suggest that security measures at
the organisational perimeter are not sufficient.
Pitfalls in Protection That Combine Security Products from Various Vendors
Organisations have implemented multi-layered protection using various security devices such as
firewalls, antivirus, sandboxes, and intrusion prevention systems (IPS). With legacy security
solutions, to the extent that organisations successfully detect any of the thousands of daily threats,
protection and remediation require manual intervention. There is no capability to automatically
coordinate or communicate with other security technologies on the network, let alone with other
networks not in your organization. This is a problem because defenders increasingly rely on their
least scalable resource—people—to fight machine-generated attacks.
The Palo Alto Networks Next-Generation Security Platform
enables enterprises, service providers, and governments to
protect our digital way of life with a prevention-first approach
to cybersecurity. Our platform allows organizations to reduce
their threat exposure by first enabling the applications for all
users or devices regardless of location, then preventing threats
within application flows and tying application use to user
identities across physical and cloud-based networks.
NEXT-GEN
SECURITY
PLATFORM
NEXT-GENERATION
FIREWALL
THREATINTELLIGENCE
CLOUD
AUTOMATED
EXTENSIBLENATIVELY
INTEGRATED
ADVANCED ENDPOINT
PROTECTION
CLOUD
NETWO
R
K EN
DPOINT
21
3. NEXT-GEN
As the foundational element of our enterprise
security platform, App-ID provides visibility and
control over applications – even those that try
to evade detection by masquerading as
legitimate traffic, hopping ports or sneaking
through the firewall using encryption (TLS/SSL
or SSH). App-ID includes a database containing
well over two thousand applications, with new
applications typically added every week.
The application identification engine implemented
in the next-generation firewall accurately identifies
applications in all traffic passing through the network.
● Automatically identifies applications using multiple
identification mechanisms, unlike conventional
firewalls that could identify applications only by their
IP addresses, ports and protocols.
● Capable of identifying traffic: communications disguised
as authorized traffic, communications using dynamic
ports, communications trying to go through the firewall
via an SSL encryption tunnel.
Even SSL or SSH encrypted communications are
examined by decrypting contents with policy-based
decryption, and application identification and contents
scanning can be performed.
● Applies policy-based identification, decryption, and
inspection to inbound and outbound SSL traffic.
● Performs policy-based identification and control of
SSH tunneled traffic.
APP-ID
Examines encrypted traffic
You can control application use depending on the
business and security risks because application activities
can be identified for each user (or for each group), as well
as for each IP address.
● Who uses which application when and how long is
visualized. Permission, prohibition, and warnings for
each user can be controlled.
● Identifies users (groups) in collaboration third-party
directory services, WLAN controllers, proxies,
terminal servers, and more.
By using various tools for visualization, analysis, and
reporting, you can quickly ascertain movements on the
network and perform incident analysis.
● Automatically correlate indicators of threats for
improved visibility and confirmation of compromised
hosts across your network.
● Centrally analyze, investigate and report on network
traffic, security incidents and administrative modifications.
● View a highly customizable graphical summary of
applications, users, content, and security threats.
● Generate actionable, customizable reports to view
application and threat traffic, SaaS usage, and user
behavior across your organization.
USER-ID
Visualizes usage status and attack trends
Content-ID™ technology delivers a new approach
based on the complete analysis of all allowed
traffic, using multiple advanced threat prevention
technologies in a single, unified engine.
● Blocks vulnerability exploits, buffer overflows,
and port scans, protects you from the evasion and
obfuscation methods used by attackers. Stops
malware outbound communications, blocks access
to known malware and phishing download sites,
and reduces the risks associated with the transfer
of unauthorized files and data.
● Uses a single stream-based approach that simplifies
management, streamlines processing, and
maximizes performance.
The next-generation firewall secures virtualized
datacenters, public and private clouds, and diverse
mobile environments by securely enabling applications
and preventing threats.
● VM-Series virtualized next-generation firewalls
support the same next-generation firewall and
threat prevention features provided by the physical
appliances. Supported environments include:
VMware NSX, ESXi, vCloudAir, Amazon Web
Services, Microsoft Azure and Hyper-V, KVM and
Citrix SDX.
● GlobalProtect that provides protection functions of
nextgeneration firewall for various
mobile devices
used inside and
outside of the
organization iOS,
Android, Windows,
and Mac devices are
supported.
CONTENT-ID
Supports various forms of deployment
● Inspects and controls content traversing the
network to detect and block known and unknown
threats in a single pass.
● Proactively identifies and defends against unknown,
new or custom malware and exploits.
● Single-pass software architecture maximizes
performance by scanning traffic only once,
regardless of which features are enabled.
43
4. WildFire™ controls unknown
threats intelligently.
One of the largest threat analysis services in the world
● By using sandbox technology, received files and URLs
are executed and analyzed in a protected virtual
environment in the cloud, and unknown threats used by
targeted attacks are discovered.
● For detected malware are distributed in as little as
5 minutes.
● Malware detection information worldwide is shared in
the cloud, and detection logic and the virtual
environment are updated to always respond to the latest
threats.
To discover unknown malware or exploits, the contents
are executed and detected on various operating
systems (OS) such as Windows and mobile devices.
● Various files: Windows PE (EXE and DLL), PDF,
Microsoft Office, Java, Android APK, and Adobe Flash
(6.1 and later) are supported.
● Links in e-mails
are accessed
and analyzed to
know whether
the websites
contain any
threats.
Security managers can access WildFire analysis reports
on the management screen for managers or the WildFire
portal, and see how malware will behave and affect the
system when the file is opened.
WildFire reports enable incident response teams to
quickly and easily respond to new threats and build
preventive control measures for them.
Unknown threats in various files are
analysed
Easy to understand WildFire reports
Conventional sandboxes support only fixed versions of
applications on fixed versions of OSs of the prepared
virtual environments and they cannot detect malware
that runs only on specific versions. On the other hand,
WildFire service supports multiple version inspection
that can simultaneously analyze multiple versions of
an application to analyze malware's behavior in greater
detail.
Each version of Adobe Acrobat Reader, Adobe Flash
(6.1 and later), and Microsoft Office is supported.
WildFire service running in a cloud environment
provides scalability and high expandability of the
sandbox environment. In addition, hybrid operation
together with WF-500, an on-site version appliance, is
supported allowing various malware analysis.
● A sandbox environment in the cloud that does not
require consideration of processing capacity
● New applications, versions, and file types are
supported as needed.
● Distributed operations are possible, such as files
downloaded from the Web are analyzed by the cloud
service and files attached to e-mail are analyzed by
the on-site version, WF-500.
The analysis supports multiple versions
Expandability provided by cloud
service
After a threat is detected, automatic protection from
the threat without manual intervention is required.
When WildFire detects new malware, it automatically
generates throughout the cyberattack lifecycle, and
signatures protection mechanisms for prevention to
block C&C communications by the malware itself or
terminals infected
by the malware
are automatically
generated and
distributed to
customers worldwide.
● In addition to anti-malware signatures, C&C
signatures, DNS based callback signatures, and
malicious URLs are distributed globally in as little as
5 minutes.
Protections are generated in as little
as 5 minutes
WildFire utilizes not only
static analysis (a look at the
characteristics of a file), but also
dynamic analysis (a detailed look
at the behavior of a file) in its
process of detecting unknown
threats. In addition, WildFire
uses machine learning to apply
new knowledge to future analysis
requests.
- Static Analysis
- Dynamic Analysis
- Machine Learning
Cutting edge analysis methods
3.0 3.1 3.2 4.0 4.1 5.0
5 minutes
WILDFIRE
More than 10,000 companies worldwide
are connected to WildFire, and its ability
to conduct static analysis (characteristics
of a file), dynamic analysis (behavior of a
file), and machine learning.
65
5. Palo Alto Networks Traps replaces
traditional antivirus with multi-method
prevention, a proprietary combination of
purpose-built malware and exploit
prevention methods that protect users and
endpoints from known and unknown
threats. Traps prevents security breaches,
in contrast to breach detection and
incident response after critical assets have
already been compromised.
Traps uses an entirely new and unique approach to
prevent exploits. Instead of focusing on the millions
of individual attacks, or their underlying software
vulnerabilities, Traps focuses on the core exploits on
techniques used by all exploit-based attacks.
● Memory Corruption Prevention: Traps prevents
the exploitation on techniques that manipulate the
operating system’s normal memory management
mechanisms for the application that opens the
weaponized data file containing the exploit.
● Logic Flaw Prevention: Traps recognizes and blocks
the exploitation techniques that allow an exploit to
manipulate the operating system’s normal application
process and execution mechanisms.
● Malicious Code Execution Prevention: In most
cases, the end goal of exploitation on is to execute
the attacker’s commands that are embedded in the
exploit file. This prevention method recognizes the
exploitation on techniques that allow the attacker’s
malicious code to execute and blocks them before
they succeed.
Multi-Method Exploit Prevention
The Traps agent is very light, having almost no impact on
system resources. So it can be used in a virtual machine
environment.
● The consumed memory size is about 25 MB and CPU
utilization is 0.1%, requiring no daily pattern file
update or periodic system scanning.
● Supported OSs are Windows Server and Workstation
in a physical or virtual environment. Windows XP is
supported even though it is no longer supported by
Microsoft.
Simple, Light and Easy to Understand
Traps prevents malicious executables with a unique,
multi-method prevention approach that maximizes
coverage against malware while simultaneously
reducing the attack surface and increasing the accuracy
of malware detection.
Traps can collaborate with WildFire, a threat intelligence
cloud solution, enhancing protection against unknown
attacks and malware.
● Executable files of unknown attacks are automatically
uploaded to WildFire.
● By exchanging threat information on unknown attacks
with enterprises and organizations worldwide via
WildFire, comprehensive security measures are in place.
Multi-Method Malware Prevention Collaboration with Networks and
the Cloud
When attacked, a wide range of data needed for
analysis is gathered from the Traps agent and stored to
support later investigative activities.
● Information on each running process is recorded and
sent to the Endpoint Security Manager (ESM) server
on an ongoing basis.
● Information on any attempt to stop, remove, or
manipulate Traps is notified.
● When an attack is prevented, a full memory capture
and information on the activities attempted by the
malicious code are gathered from the endpoint.
Forensic Data Gathering
Traps Advanced Endpoint Protection:
● Prevents cyber breaches by preemptively blocking known
and unknown malware, exploits and zero-day threats.
● Protects and enables users to conduct their daily activities
and use web-based technologies without concern for known
or unknown cyberthreats.
● Automates prevention by autonomously reprogramming
itself using threat intelligence gained from WildFire.
TRAPS
Static Analysis via Machine Learning
provides the ability to prevent
execution of unknown malware
by instantly examining hundreds
of a file’s characteristics, without
reliance on signatures, scanning or
behavioral analysis.
WildFire Inspection and Analysis
leverages the WildFire cloud-based
malware analysis environment to detect
unknown malware and automatically
reprogram Traps to prevent known
malware.
Trusted Publisher Execution
Restrictions allows organizations
to identify executable files that are
among the “unknown good” because
they are published and digitally
signed by trusted publishers.
Policy-Based Execution Restrictions:
Organizations can easily define
policies to restrict specific execution
scenarios, thereby reducing the
attack surface of any environment.
Admin Override Policies: This
method allows organizations to
define policies, based on the hash of
an executable file, to control what is
allowed to run in any environment
and what is not.
Any executable file that is deemed
to be malicious and prevented from
running on the endpoint can be
quarantined.
87
8
6. Panorama: Integrated Management Platform Deployment Scenarios
With Panorama, you can view all your next-generation firewalls' traffic,
manage device configurations overall, allocate global policies, and
generate reports on traffic patterns or security incidents - all from one
central location. Logs of next-generation firewalls under Panorama are
stored and managed in an integrated way.
● Unified Visibility: Applications of all managed next-generation
firewalls, URLs, threats, and data (files and patterns) can be
graphically displayed.
● Flexible Policy Control: Globally consistent policy control as well
as local level policy control are supported, allowing well balanced
security management according to your requirements.
● Flexible Deployment Options: Deployment with a Dedicated
Management Appliance or Virtual Machines: Can be deployed on
either M-100 or M-500 dedicated high performance hardware
or on VMware ESX/ESX i virtual appliances. Appliances can also
be deployed as dedicated log collectors for a more distributed
deployment and streamlined log collection.
Panorama's management function and logging
function can be deployed with a dedicated appliance.
Furthermore, a distributed environment that separates
the management and logging functions can also be built.
● Memory size: 16 GB
● Internal SSD 120 GB
● Up to 4 TB storage (RAID1)
Note: Rack size is 1U
Panorama dedicated appliance suitable
for deployment in datacenters and large
environments.
● Memory size: 128 GB
● Internal SSD 240 GB
● Up to 8 TB storage (RAID1)
Note: Rack size is 2U
M-100 M-500
Palo Alto Networks enterprise security platform provides a
consistent security platform in various scenarios and locations,
such as deployment in the boundaries between enterprise
networks and the Internet, deployment in networks distributed
to different locations, and deployment in a physical datacenter as
well as private and public clouds. In order to implement our next-
generation security platform, installation of various subscription
based functions as well as the basic functions of the next-
generation firewall are required.
● Network visualization and control functions provided by next-generation firewalls: App-
ID and User-ID
● Control of Web use, protection from threats, and restrictions on unauthorized transfer
of files and data: Threat Prevention and URL Filtering
● Countermeasures for targeted attacks and unknown malware: WildFire
● Multi-tenant function to implement multiple virtual firewalls: Virtual Systems
Boundaries of Enterprise Networks
● Next-generation firewall appliances can function at the boundary between a datacenter
and the network, enabling applications and preventing threats with: App-ID, User-ID,
Threat Prevention, URL Filtering, and WildFire
● The VM-Series virtualized next-generation firewall enabling applications and
preventing threats in private and public clouds
● Panorama centrally manages policies across appliance and virtualized instances of the
next-generation firewall
● All functions of the next-generation firewall are provided in a consistent way by models
appropriate for the size of headquarters and local sites: App-ID, User-ID, and others
● Endpoint protection against zero-day attacks exploiting software vulnerabilities: Traps
● Safe communications for various devices of mobile workers: GlobalProtect
● Centralised management of next-generation firewalls in various locations: Panorama
Distributed Enterprise
Datacenter, Private and Public Cloud
corporate network / DMZ
N
etw
ork
Security
M
anagem
ent
Securing
North - South
Traffic
V
irtualServers
P
hysicalServers
Securing
East - West
Traffic
VMware ESXi
VH-0001-MV
W
EB
A
P
P
D
B
NSX vSwitch
VMware ESXi
VH-0001-MV
W
EB
A
P
P
D
B
NSX vSwitch
PANORAMA
APPLICATION
NETWORK
SECURITY
VMware
ESXi
VH-0001-MV
W
EB
A
P
P
D
B
NSX vSwitchVMware
ESXi
VH-0001-MV
W
EB
A
P
P
D
B
NSX vSwitch
Securing
East - West
Traffic
Virtual Servers
Physical Servers
VMware ES
Xi
VH-0001-MV
W
EB
APP
DB
NSX
vS
witch
Mobile
Branches Headquarters Data Center
GP
TR
AF
WF
T Threat Prevention
U URL Filterring
A App-ID
U User-ID
W WildFire*
V Virtual System
T U
A U
W
V
G
G
GlobalProtect*
* Some functions are free.
<Charged Functions> <Functions Free of Charge>
The Panorama management platform can manage a
distributed network of Palo Alto Networks next-generation
firewalls in a centralized way, reducing the workload and cost
for security management.
10
P
A
N
O
R
A
M
A
vCloud Air
SQ
L
D
B
ShareP
oint
W
eb
FE
9
7. Next-Generation Firewall Specifications Overview
VM Series Specifications Overview
PA-7080 PA-7050 PA-7000-20G-NPC PA-7000-20GQ-NPC PA-5060 PA-5050 PA-5020 PA-3060 PA-3050 PA-3020 PA-500 PA-200
App-ID Firewall
Throughput*
200 Gbps 120 Gbps 20 Gbps 20 Gbps 20 Gbps 10 Gbps 5 Gbps 4 Gbps 4 Gbps 2 Gbps 250 Mbps 100 Mbps
Threat Prevention
Throughput*
100 Gbps 60 Gbps 10 Gbps 10 Gbps 10 Gbps 5 Gbps 2 Gbps 2 Gbps 2 Gbps 1 Gbps 100 Mbps 50 Mbps
Max Sessions
(IPv4 or IPv6)
80,000,000 48,000,000 4,000,000 4,000,000 4,000,000 2,000,000 1,000,000 500,000 500,000 250,000 64,000 64,000
Connections
Per Second
1,200,000 720,000 120,000 120,000 120,000 120,000 120,000 50,000 50,000 50,000 7,500 1,000
Maximum Number
of Ports
Up to 10 NPC
are supported.
Up to 6 NPC
are supported.
4x
SFP+, 8xSFP,
12x10/100/1000
2x40Gig QSFP +
12xSFP+
4 SFP+
8 SFP
12 copper gigabit
4 SFP+
8 SFP
12 copper gigabit
8 SFP
12 copper gigabit
2 SFP+
8 SFP
8 copper gigabit
8 SFP
12 copper gigabit
8 SFP
12 copper gigabit
8 copper gigabit 4 copper gigabit
Management
Interfaces
CLI
WebUI (HTTP/ HTTPS)
Telnet SSH2 XML API
N/A N/A
CLI
WebUI (HTTP/ HTTPS)
Telnet SSH2 XML API
CLI
WebUI (HTTP/ HTTPS)
Telnet SSH2 XML API
Management Tools
SNMPv2c/ v3
Syslog NetFlow
N/A N/A
SNMPv2c/ v3
Syslog NetFlow
SNMPv2c/ v3
Syslog NetFlow
Rack Size 19U 9U N/A N/A 2U 2U 2U 1.5U 1U
1U
(Mount Kit Option)
Weight
135.8kg
(Chassis Unit)
85.0kg
(Chassis Unit)
N/A N/A 18.6kg 8.17kg 6.8kg 3.62kg 1.27kg
Power Supply
2+2 2500W
AC/ DC
4+4 2500W
AC/ DC
2+2 2500W
AC/ DC
N/A N/A
450W AC/ DC
(Redundant)
400W AC
(Redundant)
250W AC 180W AC 40W AC
Disk Size 2TB RAID1 N/A N/A 120 GB or 240 GB SSD, RAID Option 120GB SSD 160GB 16GB SSD
VM-1000-HV VM-300 VM-200 VM-100
App-ID Firewall
Throughput**
1 Gbps 1 Gbps 1 Gbps 1 Gbps
Threat Prevention
Throughput**
600 Mbps 600 Mbps 600 Mbps 600 Mbps
Max Sessions
(IPv4 or IPv6)
250,000 250,000 100,000 50,000
Connections
Per Second
8,000 8,000 8,000 8,000
Subscriptions for next-generation firewalls
Subscriptions for Endpoint Protection
and Threat Intelligence
AutoFocus cyberthreat intelligence service provides correlation data of cyberthreat
information collected globally for each organization. The correlation data is created based
on WildFire information being used worldwide, research results of the threat research team,
and information from AutoFocus users. Equipped with a function showing priorities of threat
information, AutoFocus also provides background information on attack contents, attackers,
and organized attacks such as information on the specific industry being attacked.
Protects endpoint completely from zero-day attacks that exploit software vulnerabilities and
advanced malware attacks.
● Functions such as protection against exploits (attack codes that use vulnerabilities),
protection against malware, and forensic data gathering are provided.
● By exchanging analysis information on unknown threats with WildFire users worldwide in
collaboration with WildFire, integrated security measures are in place.
AutoFocus
Traps
Vulnerability exploits, buffer overflows, port scans,
and exploit kits are detected and stopped using
signatures, heuristics, and statistical anomaly
detection. In addition, we deliver predictable IPS
performance to you through hardware acceleration,
a uniform signature format, and a single-pass
software architecture.
Threat Prevention
WildFire™ cloud-based analysis service analyzes files and links globally and designates never-before-
seen items for further investigation using static and dynamic analysis over multiple operating systems
and application versions. If a sample is categorized as malicious, WildFire automatically generates new
preventions for our Next-Generation Security Platform and integration partners in as little as 5 minutes.
● Windows® XP, Windows 7, Android® and Mac® OS X® operating systems, with full visibility into
common file types, including: EXE, DLL, ZIP, PDF, as well as Microsoft® Office documents, Java® files,
Android APKs, Adobe® Flash® applets, and webpages, including high-risk, embedded content, such as
Java and Adobe Flash files and images.
● WildFire appliance WF-500 available as a private cloud for additional data privacy.
WildFire
Endpoint security solution for remote users of note PCs and mobile devices who are expanding the
boundaries of physical networks.
● Next-generation firewalls, GlobalProtect, and GlobalProtect Mobile Security Manager collaborate to
provide 3 functions: device management, device control, and data access control.
● Android 4.0.3 and later, iOS 6.0 and later, Windows 7/8/8.1, and Mac OS X 10.6 and later are supported.
GlobalProtect
The integration of URL Filtering with both WildFire
and the next-generation firewalls' single pass
architecture quickly and automatically enhances your
company’s security posture and keeps it up to date.
Combining fast cloud URL lookups with a local cache,
instead of a big database download, significantly
reduces latency and increases both the accuracy and
relevance of the categorization, and lowers total cost
of ownership.
URL Filtering
Licenses for next-generation
firewalls
Virtual systems are separate, logical firewall instances
within a single physical Palo Alto Networks firewall. Rather
than using multiple firewalls, managed service providers
and enterprises can use a single pair of firewalls (for high
availability) and enable virtual systems on them. Each
virtual system (vsys) is an independent, separately-managed
firewall with its traffic kept separate from the traffic of other
virtual systems.
Virtual System L
S
S
S
S
S
S
* The performance is measured in an ideal test environment on PAN-OS7.0 when App-ID enabled.
** The performance of VM-series is measured in an ideal test environment on PAN-OS7.0 and with four CPU cores when App-ID enabled.
L
S
License: Permanent right to use paid at the time of purchase
Subscription: Right to use requiring annual updates
● PA-3000 series: Maximum 6 instances
● PA-5020: Standard 10/Maximum 20 instances
● PA-5050: Standard 25/Maximum 125 instances
● PA-5060/PA-7050/PA-7080: Standard 25/
Maximum 225 instances
1211
Appliances
M-100 M-500 WF-500
Hardware
Specifications
16GB memory
120GB SSD (Internal use)
Up to 4 TB storage
(RAID1)
128GB memory
240GB SSD (Internal use)
Up to 8 TB storage
(RAID1)
128GB memory
120GB SSD
2 TB storage
(RAID1)
Rack Size 1U 2U 2U
Remarks
Panorama Management
Appliances
Select either 1 TB or 4 TB
log storage.
M-100's expanded capacity
version.
Can be used as offline
PAN-DB as well as
conventional Panorama/log
collector function.
On-site version of
Wildfire Cloud
8. Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of
thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment
to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first
strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how
helps customer organizations grow their business and empower employees all while maintaining complete visibility and
the control needed to protect their critical control systems and most valued data assets.
Revenue
FY09
$13m
FY10
$49m
FY11
$119m
FY12
$255m
FY13
$396m
FY14 FY15 FY16
$598m
$928m
$1.4bn
$1400
$1200
$1000
$800
$600
$400
$200
$0
Analysis report of applications and risks are provided free of charge.
Security Lifecycle Review is a set of services in which we bring our
next-generation firewalls into your network environment, analyze
application usage, and security risks based on collected traffic data,
and provide you with the countermeasures in writing. Based on
application operating characteristics defined by Palo Alto Networks
research team, the risk level of each application is ranked at 1 to
5, and the top 35 applications are classified into categories and
subcategories and displayed; moreover, the top 25 applications in
the order of how much bandwidth is consumed and use HTTP the
most, and high level threats passing through networks are displayed
and reported.
Business Risks Caused by High Risk Applications
For high risk applications with their risk level 4 or 5, their business risks are evaluated based on the following
factors and presented: activity hiding, file transfer/information leaks/copyright infringement, personal use of
communication applications, heavy consumption of bandwidth, and so on.
Recommended measures based on risk analysis and evaluation are presented
For risk items identified by traffic analysis, specific measures are recommended such as policies to be applied
to the use of applications and Web, handling of high risk applications such as transfer/sharing of online files,
and policies to be applied to the use of proxies and remote access applications.
Services can be used without requiring changes to your network environment
The design of the existing network does not need to be changed. After you set mirror ports in your network
devices (such as firewalls and L2/L3 switches), we install the next-generation firewalls.
For the use of Security Lifecycle Review services, contact our website.
go.paloaltonetworks.com/slr
Palo Alto Networks History
2005 Founded.
2007 Started shipment of next-generation firewalls.
November 2011 Started offering the WildFire™ Cloud service against
targeted attacks.
July 2012 IPO on the NYSE
November 2012 Started shipping the VM-Series virtualized next-generation
firewall.
November 2012 Started shipping the M-100 dedicated high-performance
management appliances.
May 2013 Obtained Common Criteria EAL4+ Certification.
Jun 2013 Started shipping the WildFire™ Appliance WF-500.
September 2014 Launched Traps (Endpoint Security).
April 2015 Ranked as "leader" in Gartner Magic Quadrant for 4th
consecutive year.
October 2015 Launched AutoFocus threat analysis service.
April 2016 Released the lastest OS for the next-generation firewall:
PAN-OS 7.1
May 2016 Ranked as “leader” in Gartner Magic Quadrant for 5th
consecutive year.
August 2016 Closed fiscal year 2016 with over 34,000 customers
worldwide.
ABOUT
PALO ALTO NETWORKS
SECURITY
LIFECYCLE
REVIEW
1413