+ All Categories
Home > Documents > Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container...

Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container...

Date post: 12-Oct-2020
Category:
Upload: others
View: 12 times
Download: 0 times
Share this document with a friend
19
Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020
Transcript
Page 1: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Introduction to CN -Series Container Firewalls

Partner Enablement for CN -Series June 2020

Page 2: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Data Center (Private Cloud)

Interconnectivity in Hybrid Clouds Creates Security Complexity

Public Cloud 1 Public Cloud 2

2 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Page 3: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Container Adoption is Increasing

3 | © 2020 Palo Alto Networks, Inc. All rights reserved.

By 2023, more than 70% of global organizations will be running three or more containerized

applications in production.

“”Gartner, 2019

Page 4: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Complete Cloud Native Security

Asset Inventory

Configuration Assessment

Compliance Management

IAM GovernanceVulnerability Management

Workload Security

Network Visibility

Microsegmentation

Layer 7 Inspection & Threat Protection

Privileged Activity Monitoring

User Entity Behavior AnalyticsRuntime Defense

Visibility & Governance Compute Security Network Protect ion Ident ity Security

Page 5: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Network Visibility

5 | © 20 20 P a lo Alto Ne tw orks, In c . All rig h t s re se rve d .

A Multi -Layered Network Security Strategy

La ye r 7 Th re a t P ro t e c t io nMicro se g m e n t a t io n

Page 6: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Container Network Security with Prisma Cloud & NGFW

Compute Security

Limit east -west traffic based on the machine and application identity

Network -based detection and protection of compromised

applications

6 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Identity -based Microsegmentation

Layer 7 Threat Protection

Reduce risk and protect compute with runtime and

application security

Prisma ™

Cloud Prisma ™

Cloud

Vulnerability Management

Page 7: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Why can’t we use a virtual or hardware firewall?

Page 8: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Other FW Form Factors Lack Container Visibility and Context

8 | © 2020 Palo Alto Networks, Inc. All rights reserved.

ContainerCluster

Ordering Payments

NODE NODE NODE

!!

INTERNET

Page 9: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

CN-Series Container Firewall Product Overview

Page 10: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

CN-Series Container Firewalls

NGFW for Kubernetes Environments

10 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Containerized PAN -OS

L7 Network Security & Threat Protection

Kubernetes Integrated

Page 11: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Network Visibility and Threat Protection in Kubernetes

11 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Visibility into K8’s constructs for context -based,

app -level control

Consistent policy creation and

management with Panorama

Automate and scale with deep

Kubernetes integration

Page 12: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

CN-Series Deployed on Each Node

ContainerCluster

Ordering Payments

NODE NODE NODE

12 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Page 13: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Supported Cloud Native Infrastructures

13 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Self -Managed

On -premises Public Cloud

Cloud -Managed

Page 14: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Key Use Cases

Page 15: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

CN-Series Container Firewall Use Cases

15 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Enforce trust boundaries between namespaces and other

workload types

East -West Layer 7 Traffic Protection

Inbound Threat Prevention

Outbound Traffic Protection

Stop known andunknown threats

URL filtering andcontent inspection

Page 16: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Use Case 1: East -West Layer 7 Traffic Protection

SharedContainer

Cluster

Ordering Payments

NODE NODE NODE

16 | © 2020 Palo Alto Networks, Inc. All rights reserved.

RecommendedSubscriptions:

Page 17: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Use Case 2: Outbound Traffic Protection

SharedContainer

Cluster

Ordering Payments

NODE NODE NODE

17 | © 2020 Palo Alto Networks, Inc. All rights reserved.

DEV RESOURCES(i.e. GitHub)

RecommendedSubscriptions:

Page 18: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Use Case 3: Inbound Traffic Protection

SharedContainer

Cluster

Ordering Payments

NODE NODE NODE

INTERNET

18 | © 2020 Palo Alto Networks, Inc. All rights reserved.

RecommendedSubscriptions:

Page 19: Introduction to CN-Series Container Firewalls to CN... · Introduction to CN - Series Container Firewalls Partner Enablement for CN -Series June 2020

Thank You


Recommended