PALO ALTO NETWORKSNEXT-GENERATION
SECURITY PLATFORMNovember 2018
Volume of alerts and logs is
overwhelming
Highly manual response lacking
coordination
SECURITY DOESN’T WORK TODAY
Legacy approach to visibility and prevention
2 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
ANALYTICS
PREVENTING SUCCESSFUL CYBERATTACKS
Visibility
Network Endpoint Cloud
3 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
PREVENTING SUCCESSFUL CYBERATTACKS
Visibility
Reduce attack surface
AUTOMATION OF ENFORCEMENT
REDUCE MANUAL EFFORT WITH ANALYTICS
4 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
PREVENTING SUCCESSFUL CYBERATTACKS
Visibility
Prevent known threats
Reduce attack surface
AUTOMATION OF ENFORCEMENT
REDUCE MANUAL EFFORT WITH ANALYTICS
5 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
PREVENTING SUCCESSFUL CYBERATTACKS
Visibility
Prevent unknown threats
Prevent known threats
Reduce attack surface
NEUTRALIZE UNKNOWN THREATS
AUTOMATION OF ENFORCEMENT
REDUCE MANUAL EFFORT WITH ANALYTICS
6 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
REQUIREMENTS FOR THE FUTURE
At the internet edge
Between employees and devices within
the LAN
At the data center edge, and
between VM’s
At the mobile device
Within private, public and
hybrid clouds
DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE ORGANIZATION
Cloud
7 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
LEADERSHIP POSITION
• Palo Alto Networks is positioned as a Leader in the Gartner Magic Quadrant for enterprise network firewalls.*
• Palo Alto Networks is highest in execution and a visionary within the Leaders Quadrant.
*Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hils, Greg Young, Jeremy D’Hoinne, and Rajpreet Kaur, September 2018
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
8 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
NEXT-GENERATION FIREWALL
9 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
The firewall should regain control of the network
BUT ... applications have changed:• Port≠ Application• IP-adress≠ User• Packages≠ Content
Firewall policies are based on control:• Ports• IP addresses• Protocols
10 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
COMPARISON OF APPLICATION DEFINITION FUNCTIONALITY
Palo Alto Networks (App-ID) Traditional approach
Security Policy: Allow DNS Firewall security policy: Allow port 53
DNS DNS
Bittorrent Bittorrent
App BladeFirewall
Application Definition Module Security Policy: Block Bittorrent
CnC≠DNS: CnC over port 53:
Full visibility of traffic on the network, traffic like “unknown” is detected and blocked on the Firewall
AllowCnC = Bittorrent?
O-day CnC O-day CnC
No, allow
The lack of full visibility, the ability to circumvent security policies !!!
Deny
11 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
WE CATCH ATTACKS THROUGH SSL
12 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
TOP 10 APPLICATIONS DELIVERING UNKNOWN MALWARE (BY THE NUMBER OF SESSIONS)
13 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
SINGLE PASS ARCHITECTURE• Separate control plane
and data plane so that management processes do not impact data flow
• Single-pass software uses a stream-based, uniform signature matching engine for content inspection
• No multi-pass scanning
• No use of file proxies
14 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
file-sharingURL category
PowerPointfile type
“Confidential and Proprietary”
content
rivanovuser
marketinggroup
canadadestination country
172.16.1.10source IP
64.81.2.23destination IP
TCP/443destination port
SSLprotocol
HTTPprotocol
slideshareapplication
slideshare-uploadingapplication function
DIFFERENCEBETWEEN L4 ANDL7
15 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
ADVANCED ENDPOINTPROTECTION
16 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
EXPLOITS SUBVERT AUTHORIZED APPLICATIONS
BeginMaliciousActivity
AuthorizedApplication
Heap Spray
ROP
UtilizeOS Functions
Vendor Patches
Download malware Steal critical data Encrypt hard drive Destroy data More…
Bug/Vulnerability
17 | © 2018, Palo Alto Networks. Confidential and Proprietary.
TRAPS BLOCKS EXPLOIT TECHNIQUES
HeapSpray
TrapsEPM
No MaliciousActivity
AuthorizedApplication
18 | © 2018, Palo Alto Networks. Confidential and Proprietary.
CLOUD SECURITY
19 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
Private Cloud (NSX, OpenStack)
Public Cloud(AWS, Azure)
Software as a Service(SaaS)
EXPANDED DATA AND APPLICATION LOCATIONS
20 | © 2018 Palo Alto Networks, Inc. Confidential and Proprietary.
OUR PLATFORM APPROACH
REMOTE USERS
SANCTIONED
UNSANCTIONED
TRUSTED USERS
UNTRUSTED USERS
TOLERATED
Monitor and control in-cloud activity with Aperture
Complete visibility and control for on premise activity with PAN-OS Next Generation Firewall
Complete visibility and control for remote users via GlobalProtect
ON-PREM USERS
X
21 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
EFFECTIVELY UNDERSTAND SAAS USAGE• ACC improvements
• Easily explore SaaS application activity
• View apps by risk or sanctioned state
• Extensions to existing PAN-OS SaaS reports
• Create targeted reports based on user groups and zones
• Summarize SaaS application usage by group
• Leverage full functionality with Panorama without PAN-OS upgrade
22 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
HARDWARE FOR EVOLVING NEEDS
23 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
Consistency Cloud Datacenter Enterprise perimeter Distibuted/BYOD Endpoint
Products Aperture™ Traps™
Subscriptions
Threat Prevention
URL Filtering
GlobalProtect™
WildFire™
AutoFocus™
Use cases
Management systems Panorama, M-100 & M-500 appliances, GP-100 appliance
Operating system PAN-OS™
UNIQUE PLATFORM OFFERING
Next-Generation Firewall
Cybersecurity:IDS / IPS / APT Web gateway VPN Mobile security
Physical: PA-200, PA-500, PA-3000 Series, PA-5000 Series, PA-7050, PA-7080
WildFire: WF-500 Virtual: VM-Series for NSX, AWS, and KVM
PA-220PA-800 SeriesPA-5200 Series
24 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.
PA-7080PA-7080 System PA-7050 System
NGFW Gbps 200 120
NGFW + TP Gbps 100+ 60+
Built-in logging system 2TB RAID1 2TB RAID1
050
100150200250
1 3 5 7 9G
bps
App-IDTP
25 | © 2018, Palo Alto Networks, Inc. Confidential and Proprietary.