notes to presenter slides 3-6 are very different than what you may have seen before. review the...

Palo Alto Networks Technology Update

context |ˈkänˌtekst| nounthe circumstances that form the setting for an event, statement, or idea, and in terms of which it can be fully understood and assessed

3 | ©2014 Palo Alto Networks. Confidential and Proprietary.

context

intelligence

action


5 | ©2014, Palo Alto Networks. Confidential and Proprietary.

344 KB

file-sharingURL category

pdffile type

roadmap.pdffile name

bjacobsuser

prodmgmtgroup

canadadestination

country

172.16.1.10

source IP

64.81.2.23destination IP

tcp/443destination port

SSLprotocol

HTTPprotocol

slideshareapplication

slideshare-uploadingapplication function

344 KB


unknownURL category

exefile type

shipment.exefile name

fthomasuser

financegroup

chinadestination

country

SSLprotocol

HTTPprotocol

web-browsingapplication

172.16.1.10

source IP

64.81.2.23destination IP

tcp/443destination port

SecondaryPayload

Spread Laterally

Custom C2 & Hacking

Data Stolen

Exploit Kit Contact New Domain

ZeroAccessDelivered

C2 Established

Hides withinSSL

New domain, no reputation

Payload evades AV

C2 hides using non-standard ports

No signature for custom malware

Hides in plain sight

Payload evades C2 signatures

Exfiltration via RDP & FTP


Context: A Unique Approach to Protecting your Network

Scans ALL applications (including SSL traffic) to secure all avenues in/out of a network, reduce the attack surface area, and provide context for forensics

Prevents attacks across ALL attack vectors (exploit, malware, DNS, command & control, and URL) with content-based signatures

Detects zero day malware & exploits using public/private cloud and automatically creates signatures for global customer base


Traditional Bolt-on Approach

App Control

---------

Application Signatures

---------

Port/Protocol---------

Networking, policy,

management, reporting

Firewall-

Source/Dest, User

---------Port/Protocol

---------Networking,

policy, management,

reporting

IPS

---------

IPS Signatures,IPS Decoder

---------


Networking, policy,


Antivirus/

---------

AV SignaturesDecoder &

Proxy---------


Networking, policy,


L2

L3

L4

L5

L6

L7


PA-7050

100 gbpsnetwork

connection

oracledatacenter app

credit card data

security zone financegroup


Security Performance Drivers

Increasing sophistication of application level attacks, insatiable appetite for more bandwidth drive the need for scalable high performance security

Internet Gateway

• Secure all users on all devices• Requires 10+ Gbps

Data Center

• Secure all apps, control access for all users & devices

• Requires 20+ Gbps

NetworkSegmentation

• Contain and protect internal resources• Requires 20-40+ Gbps


PA-7050: The Fastest Next-generation Firewall

Safely enable all applications; full next-generation firewall capabilities

Ground-breaking application layer performance

Simple yet flexible chassis architecture


Our Unique Approach Applied Across the Network

All Applications, All Attack Vectors, All Threats

Segmentation• Isolate critical data, business functions • Enable applications based on users• Block known/unknown threats

Gateway • Visibility into all traffic • Enable apps to reduce exposure• Block known/unknown threats

Datacenter• Validate business applications & users• Find rogue/misconfigured apps• High speed threat prevention


Scalable, Purpose-built Architecture


PA-7050: Performance and Capacities Summary

PA-7050 System PA-7000 NPC

Firewall Gbps (App-ID) 120 20

Threat Gbps (DSRI) 100 16+

Threat Gbps (Full) 60 10

Firewall PPS (Millions) 72 12

IPSec VPN Gbps 24 4

New sessions per second 720,000 120,000

Max sessions (Millions) 24 4

Virtual systems (base/max2) 25/225 --


• PA-7050 requires PAN-OS 6.0• All PAN-OS features are supported except Netflow• DSRI and full threat metrics will be published

NGFW Throughput vs. Advertised Max

Fortinet Juniper Check Point Palo Alto Networks

0%

25%

50%

75%

100%

13% 15% 18%

83%

NGFW Rate Advertised Max


Source: Performance metrics are from public facing datasheets for fully loaded Palo Alto Networks PA-7050, Check Point 61000, Juniper SRX 5800 and Fortinet 5140B

NGFW Security Performance Relative to Max


Source: Performance metrics are from public facing datasheets for fully loaded Palo Alto Networks PA-7050, Check Point 61000, Juniper SRX 5800 and Fortinet 5140B

Scalable• Linear performance and interface density with each added card

• High speed backplane supports future network processing cards

Simple & Flexible Chassis Architecture

Flexible• Flexible and dynamic load distribution across multiple network

processing modules allows seamless scalability

Simple• Single system view for administration – all PAN-OS features supported

• System-wide subscriptions and support provide predictable cost model


Virtualization

windows

operating system

sharepoint

container

UUIDVM

instance

production

data center


Transforming network security for the data center

Challenges SolutionFW doesn’t see the traffic Automated, transparent services insertion at workload

Incomplete security capabilities Virtualized next-generation security supporting PAN-OSTM

Static policies Dynamic security policies with VM context

VM-Series and VMware NSX Integration


VMware vCenter or ESXi

Dynamic address groups and VM monitoring

Name IP Guest OS Container

web-sjc-01 10.1.1.2 Ubuntu 12.04 Web

sp-sjc-04 10.1.5.4 Win 2008 R2 SharePoint

web-sjc-02 10.1.1.3 Ubuntu 12.04 Web

exch-mia-03 10.4.2.2 Win 2008 R2 Exchange

exch-dfw-03 10.4.2.3 Win 2008 R2 Exchange

sp-mia-07 10.1.5.8 Win 2008 R2 SharePoint

db-mia-01 10.5.1.5 Ubuntu 12.04 MySQL

db-dfw-02 10.5.1.2 Ubuntu 12.04 MySQL

PAN-OS Security Policy

Source Destination Action

PAN-OS Dynamic Address Groups

Name Tags Addresses

SharePoint Servers

MySQL Servers

Miami DC

San Jose LinuxWeb Servers

Name Tags Addresses

SharePoint Servers

SharePointWin 2008 R2

“sp”

MySQL ServersMySQL

Ubuntu 12.04“db”

Miami DC “mia”


“sjc”“web”

Ubuntu 12.04

Name Tags Addresses

SharePoint Servers

SharePointWin 2008 R2

“sp”10.1.5.410.1.5.8

MySQL ServersMySQL

Ubuntu 12.04“db”

10.5.1.510.5.1.2

Miami DC “mia”10.4.2.210.1.5.810.5.1.5


“sjc”“web”

Ubuntu 12.0410.1.1.210.1.1.3

IP

10.1.1.2

10.1.5.4

10.1.1.3

10.4.2.2

10.4.2.3

10.1.5.8

10.5.1.5

10.5.1.2

Name

SharePoint Servers

MySQL Servers

Miami DC


Source Destination Action


SharePoint Servers ✔

MySQLServers Miami DC

db-mia-05 10.5.1.9 Ubuntu 12.04 MySQL

10.5.1.9


Introducing VM-Series on Citrix NetScaler SDX

• VM-Series (running PAN-OSTM) now supported on SDX 11500 and 17550 Series:

• Safely enable applications by apps, users, content

• Protect against known and unknown threats

• Address risk and compliance mandates

• Key use cases (details on next 2 slides):

• Integrated solution for XA/XD deployments

• Multi-tenant (business units, application owners, service provider) cloud deployments


Citrix NetScaler SDX

Consolidated Security and Availability for XenApp/XenDesktop


Validated, consolidated security and ADC for XenApp/XenDesktop• Secure remote access and high availability

• Safe application enablement for XenApp/XenDesktop users

• Unique User-ID & Terminal-Services agent integration

• Segmentation of XenApp/XenDesktop infrastructure

Any UserAny DeviceAnywhere

Internet applications

Citrix NetScaler SDX with VM-Series

On-premise applications

Citrix Receiver

XenApp/XenDesktop(VDI Environment)

Multi-tenant Security and ADC Services


Multi-tenant security and availability for enterprises and cloud data centers• Dedicated instances of network services for different tenants

• Addresses independent security and load balancing needs

• Per application load balancing with dedicated firewalling

Firewall

ADC

Tenant 1 Tenant 2 Tenant 3

Citrix NetScaler with VM-Series

WildFire

registry changes

DNS lookups

visited URLs

C2 traffic

system file tampering

RAT download

global input


Basic WildFire WildFire SubscriptionWF-500

PAN-OS 5.0 PAN-OS 6.0 PAN-OS 5.0 PAN-OS 6.0

30 minute signatures ✓ ✓ Public Cloud

Integrated logging ✓ ✓ ✓ ✓

WF-500 support ✓ ✓ N/A

API access ✓ ✓ Public Cloud

Windows PE (DLL & EXE) ✓ ✓ ✓ ✓ ✓

PDF ✓ ✓

Office Documents ✓ ✓

Java ✓ ✓

Windows XP ✓ ✓ ✓ ✓ ✓

Windows 7 ✓ ✓ ✓ ✓ ✓

Android APK ✓


GlobalProtect patched

encrypted storage

corporate device

OS version

jailbroken

passcode

malware installed


Headquarters Branch OfficeHome Office

Hotel

Airport

Enterprise-secured with full protection

Exposed to threats, risky apps, and data leakage


GlobalProtect Mobile Security Solution

Summary

New, high performance hardware platforms

Continued innovation in the battle against advanced cyber threats

More security automation in virtualized environments

Expanding further into mobile security


notes to presenter slides 3-6 are very different than what you may have seen before. review the...

Documents

application function

application signatures

ips signatures

c2 signatures exfiltration

source ip

av c2 hides

context kn

context datapoints