PALO ALTO NETWORKS NEXT-GENERATION SECURITY PLATFORM · • Palo Alto Networks is positioned as a...

transcript

PALO ALTO NETWORKSNEXT-GENERATION

SECURITY PLATFORMNovember 2018

Volume of alerts and logs is

overwhelming

Highly manual response lacking

coordination

SECURITY DOESN’T WORK TODAY

Legacy approach to visibility and prevention

ANALYTICS

PREVENTING SUCCESSFUL CYBERATTACKS

Visibility

Network Endpoint Cloud

Visibility

Reduce attack surface

AUTOMATION OF ENFORCEMENT

REDUCE MANUAL EFFORT WITH ANALYTICS

Visibility

Prevent known threats

Visibility

Prevent unknown threats

Prevent known threats

NEUTRALIZE UNKNOWN THREATS

REQUIREMENTS FOR THE FUTURE

At the internet edge

Between employees and devices within

the LAN

At the data center edge, and

between VM’s

At the mobile device

Within private, public and

hybrid clouds

DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE ORGANIZATION

LEADERSHIP POSITION

• Palo Alto Networks is positioned as a Leader in the Gartner Magic Quadrant for enterprise network firewalls.*

• Palo Alto Networks is highest in execution and a visionary within the Leaders Quadrant.

*Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D’Hoinne, and Rajpreet Kaur, September 2018

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

NEXT-GENERATION FIREWALL

The firewall should regain control of the network

BUT ... applications have changed:• Port≠ Application• IP-adress≠ User• Packages≠ Content

Firewall policies are based on control:• Ports• IP addresses• Protocols

COMPARISON OF APPLICATION DEFINITION FUNCTIONALITY

Palo Alto Networks (App-ID) Traditional approach

Security Policy: Allow DNS Firewall security policy: Allow port 53

DNS DNS

Bittorrent Bittorrent

App BladeFirewall

Application Definition Module Security Policy: Block Bittorrent

CnC≠DNS: CnC over port 53:

Full visibility of traffic on the network, traffic like “unknown” is detected and blocked on the Firewall

AllowCnC = Bittorrent?

O-day CnC O-day CnC

No, allow

The lack of full visibility, the ability to circumvent security policies !!!

WE CATCH ATTACKS THROUGH SSL

TOP 10 APPLICATIONS DELIVERING UNKNOWN MALWARE (BY THE NUMBER OF SESSIONS)

SINGLE PASS ARCHITECTURE• Separate control plane

and data plane so that management processes do not impact data flow

• Single-pass software uses a stream-based, uniform signature matching engine for content inspection

• No multi-pass scanning

• No use of file proxies

file-sharingURL category

PowerPointfile type

“Confidential and Proprietary”

content

rivanovuser

marketinggroup

canadadestination country

172.16.1.10source IP

64.81.2.23destination IP

TCP/443destination port

SSLprotocol

HTTPprotocol

slideshareapplication

slideshare-uploadingapplication function

DIFFERENCEBETWEEN L4 ANDL7

ADVANCED ENDPOINTPROTECTION

EXPLOITS SUBVERT AUTHORIZED APPLICATIONS

BeginMaliciousActivity

AuthorizedApplication

Heap Spray

UtilizeOS Functions

Vendor Patches

Download malware Steal critical data Encrypt hard drive Destroy data More…

Bug/Vulnerability

TRAPS BLOCKS EXPLOIT TECHNIQUES

HeapSpray

TrapsEPM

No MaliciousActivity

AuthorizedApplication

CLOUD SECURITY

Private Cloud (NSX, OpenStack)

Public Cloud(AWS, Azure)

Software as a Service(SaaS)

EXPANDED DATA AND APPLICATION LOCATIONS

OUR PLATFORM APPROACH

REMOTE USERS

SANCTIONED

UNSANCTIONED

TRUSTED USERS

UNTRUSTED USERS

TOLERATED

Monitor and control in-cloud activity with Aperture

Complete visibility and control for on premise activity with PAN-OS Next Generation Firewall

Complete visibility and control for remote users via GlobalProtect

ON-PREM USERS

EFFECTIVELY UNDERSTAND SAAS USAGE• ACC improvements

• Easily explore SaaS application activity

• View apps by risk or sanctioned state

• Extensions to existing PAN-OS SaaS reports

• Create targeted reports based on user groups and zones

• Summarize SaaS application usage by group

• Leverage full functionality with Panorama without PAN-OS upgrade

HARDWARE FOR EVOLVING NEEDS

Consistency Cloud Datacenter Enterprise perimeter Distibuted/BYOD Endpoint

Products Aperture™ Traps™

Subscriptions

Threat Prevention

URL Filtering

GlobalProtect™

WildFire™

AutoFocus™

Use cases

Management systems Panorama, M-100 & M-500 appliances, GP-100 appliance

Operating system PAN-OS™

UNIQUE PLATFORM OFFERING

Next-Generation Firewall

Cybersecurity:IDS / IPS / APT Web gateway VPN Mobile security

Physical: PA-200, PA-500, PA-3000 Series, PA-5000 Series, PA-7050, PA-7080

WildFire: WF-500 Virtual: VM-Series for NSX, AWS, and KVM

PA-220PA-800 SeriesPA-5200 Series

PA-7080PA-7080 System PA-7050 System

NGFW Gbps 200 120

NGFW + TP Gbps 100+ 60+

Built-in logging system 2TB RAID1 2TB RAID1

100150200250

1 3 5 7 9G

App-IDTP

andrei.rusnac@rts.onehttps://rts.md

RTSolutions– Palo Alto Networks official partner in Moldova

PALO ALTO NETWORKS NEXT-GENERATION SECURITY PLATFORM · • Palo Alto Networks is positioned as a...

Documents