palo alto networks overview march 2012 data connectors micah richardson, account manager
TRANSCRIPT
![Page 1: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/1.jpg)
Palo Alto Networks OverviewMarch 2012
Data Connectors
Micah Richardson, Account Manager
![Page 2: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/2.jpg)
Agenda
• Corporate Overview
• Why a NGFW?
• Key Technologies, Architecture Review, Wildfire
• Web Interface
• Model Review
• 2011 Gartner Report
• Review
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 2 |
![Page 3: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/3.jpg)
About Palo Alto Networks
• Palo Alto Networks is the Network Security Company
• World-class team with strong security and networking experience
- Founded in 2005, first customer July 2007, top-tier investors
• Builds next-generation firewalls that identify / control ~1450+ applications
- Restores the firewall as the core of enterprise network security infrastructure
- Innovations: App-ID™, User-ID™, Content-ID™
• Global momentum: 7,500+ customers
- August 2011: Annual bookings run rate is over US$200 million*, cash-flow positive last five consecutive quarters
(*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable
orders received during the fiscal period. Palo Alto Networks’ fiscal year runs from August 1st until July 31st.
• A few of the many enterprises that have deployed more than $1M
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 3 |
![Page 4: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/4.jpg)
Applications Have Changed; Firewalls Have Not
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 4 |
Need to restore visibility and control in the firewall
BUT…applications have changed
• Ports ≠ Applications
• IP Addresses ≠ Users
• Packets ≠ Content
The firewall is the right place to enforce policy control
• Sees all traffic
• Defines trust boundary
• Enables access via positive control
![Page 5: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/5.jpg)
Technology Sprawl & Creep Are Not The Answer
• “More stuff” doesn’t solve the problem
• Firewall “helpers” have limited view of traffic
• Complex and costly to buy and maintain
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 7 |
Internet
• Putting all of this in the same box is just slow
![Page 6: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/6.jpg)
The Right Answer: Make the Firewall Do Its Job
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 8 |
New Requirements for the Firewall
1. Identify applications regardless of port, protocol, evasive tactic or SSL
2. Identify users regardless of IP address
3. Protect in real-time against threats embedded across applications
4. Fine-grained visibility and policy control over application access / functionality
5. Multi-gigabit, in-line deployment with no performance degradation
![Page 7: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/7.jpg)
Why Visibility & Control Must Be In The Firewall
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 9 |
• Port PolicyDecision
• App Ctrl PolicyDecision
Application Control as an Add-on• Port-based FW + App Ctrl (IPS) = two policies • Applications are threats; only block what you
expressly look for
Implications • Network access decision is made with no
information• Cannot safely enable applications
IPS
Applications
Firewall
PortTraffic
Firewall IPS
• App Ctrl PolicyDecision
• Scan Applicationfor Threats
Applications
ApplicationTraffic
NGFW Application Control • Application control is in the firewall = single policy• Visibility across all ports, for all traffic, all the time
Implications • Network access decision is made based on
application identity • Safely enable application usage
![Page 8: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/8.jpg)
Your Control With Port-based Firewall Add-on
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 12 |
![Page 9: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/9.jpg)
Identification Technologies Transform the Firewall
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 14 |
• App-ID™
• Identify the application
• User-ID™
• Identify the user
• Content-ID™
• Scan the content
![Page 10: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/10.jpg)
Single-Pass Parallel Processing™ (SP3) Architecture
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 15 |
Single Pass• Operations once per
packet
- Traffic classification (app identification)
- User/group mapping
- Content scanning – threats, URLs, confidential data
• One policy
Parallel Processing• Function-specific parallel
processing hardware engines
• Separate data/control planes
• Up to 20Gbps, Low Latency
![Page 11: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/11.jpg)
INSERT WILDFIRE SLID HERE
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 16 |
![Page 12: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/12.jpg)
Comprehensive View of Applications, Users & Content
• Application Command Center (ACC)- View applications, URLs,
threats, data filtering activity
• Add/remove filters to achieve desired result
© 2010 Palo Alto Networks. Proprietary and Confidential.Page 18 | Filter on Facebook-base Filter on Facebook-base
and user cookRemove Facebook to expand view of cook
![Page 13: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/13.jpg)
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 19 |
PAN-OS Core Firewall Features
• Strong networking foundation- Dynamic routing (BGP, OSPF,
RIPv2)- Tap mode – connect to SPAN port- Virtual wire (“Layer 1”) for true
transparent in-line deployment- L2/L3 switching foundation- Policy-based forwarding
• VPN- Site-to-site IPSec VPN - SSL VPN
• QoS traffic shaping- Max/guaranteed and priority - By user, app, interface, zone, & more- Real-time bandwidth monitor
• Zone-based architecture- All interfaces assigned to
security zones for policy enforcement
• High Availability- Active/active, active/passive - Configuration and session
synchronization- Path, link, and HA monitoring
• Virtual Systems- Establish multiple virtual
firewalls in a single device (PA-5000, PA-4000, and PA-2000 Series)
• Simple, flexible management- CLI, Web, Panorama, SNMP,
Syslog
Visibility and control of applications, users and content complement core firewall features
PA-500
PA-2020
PA-2050
PA-4020
PA-4050
PA-4060
PA-5060
PA-5050
PA-5020
![Page 14: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/14.jpg)
2011 Magic Quadrant for Enterprise Network Firewalls
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 20 |
Source: Gartner, December 14, 2011
“Palo Alto Networks' high-performance NGFW functionality continues to drive competitors to react in the firewall market. It is assessed as a Leader mostly because of its NGFW design, redirection of the market along the NGFW path, consistent displacement of Leaders and Challengers, and market disruption forcing Leaders to react.”
![Page 15: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/15.jpg)
Addresses Three Key Business Problems
• Identify and Control Applications- Visibility of ~1450+ applications, regardless of port, protocol, encryption, or
evasive tactic
- Fine-grained control over applications (allow, deny, limit, scan, shape)
- Addresses the key deficiencies of legacy firewall infrastructure
• Prevent Threats- Stop a variety of threats – exploits (by vulnerability), viruses, spyware
- Stop leaks of confidential data (e.g., credit card #, social security #, file/type)
- Stream-based engine ensures high performance
- Enforce acceptable use policies on users for general web site browsing
• Simplify Security Infrastructure- Put the firewall at the center of the network security infrastructure
- Reduce complexity in architecture and operations
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 23 |
![Page 16: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/16.jpg)
Thank You
© 2010 Palo Alto Networks. Proprietary and Confidential.Page 24 |
![Page 17: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/17.jpg)
Additional InformationSpeeds and Feeds, Deployment, Customers,
TCO, Support, and Management
![Page 18: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/18.jpg)
Global Support. Local Availability. Enterprise Class.
• Global support infrastructure- Global TACs (Santa Clara HQ, Dallas, Antwerp, Singapore, Tokyo)
- Global Hardware Depots (Santa Clara, Amsterdam, Singapore)
• Programs and features to address global support demands- On-line Support Knowledge Portal
- Premium Support (24 x 7)
- Standard Support (8 x 5)
- Technical Account Managers
- Hardware support/replacement options (standard, premium, 4-hour, on-site spares, and system HA)
• Integrated approach to services, training, and support
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 26 |
![Page 19: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/19.jpg)
Next-Generation Firewalls Are Network Security
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 27 |
![Page 20: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/20.jpg)
August 2011: Extraordinary Business Results
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 28 |
(*) Bookings run rate is defined as 4 (four) times the bookings amount of the most recently finished fiscal quarter. Bookings are defined as non-cancellable orders received during the fiscal period. Palo Alto Networks’ fiscal year runs from August 1st until July 31st.
![Page 21: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/21.jpg)
© 2011 Palo Alto Networks. Proprietary and ConfidentialPage 29 |
Palo Alto Networks Next-Gen Firewalls
PA-4050• 10 Gbps FW/5 Gbps threat
prevention/2,000,000 sessions• 8 SFP, 16 copper gigabit
PA-4020• 2 Gbps FW/2 Gbps threat
prevention/500,000 sessions• 8 SFP, 16 copper gigabit
PA-4060• 10 Gbps FW/5 Gbps threat
prevention/2,000,000 sessions• 4 XFP (10 Gig), 4 SFP (1 Gig)
PA-2050• 1 Gbps FW/500 Mbps threat
prevention/250,000 sessions• 4 SFP, 16 copper gigabit
PA-2020• 500 Mbps FW/200 Mbps threat
prevention/125,000 sessions• 2 SFP, 12 copper gigabit
PA-500• 250 Mbps FW/100 Mbps threat
prevention/50,000 sessions• 8 copper gigabit
PA-5050• 10 Gbps FW/5 Gbps threat
prevention/2,000,000 sessions• 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12
copper gigabit
PA-5020• 5 Gbps FW/2 Gbps threat
prevention/1,000,000 sessions• 8 SFP, 12 copper gigabit
PA-5060• 20 Gbps FW/10 Gbps threat
prevention/4,000,000 sessions• 4 SFP+ (10 Gig), 8 SFP (1 Gig), 12
copper gigabit
![Page 22: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/22.jpg)
Introducing GlobalProtect
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 30 |
• Users never go “off-network” regardless of location
• All firewalls work together to provide “cloud” of network security
• How it works:- Small agent determines network
location (on or off the enterprise network)
- If off-network, the agent automatically connects the laptop to the nearest firewall via SSL VPN
- Agent submits host information profile (patch level, asset type, disk encryption, and more) to the gateway
- Gateway enforces security policy using App-ID, User-ID, Content-ID AND host information profile
![Page 23: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/23.jpg)
A Modern Architecture for Enterprise Network Security
• Establishes a logical perimeter that is not bound to physical limitations
• Users receive the same depth and quality of protection both inside and out
• Security work performed by purpose-built firewalls, not end-user laptops
• Unified visibility, compliance and reporting
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 31 |
malware
botnets
exploits
![Page 24: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/24.jpg)
Redefine Network Security – and Save Money!
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 32 |
Cut by as much as 80%
Cut by as much as 65%
• Capital cost – replace multiple devices- Legacy firewall, IPS, URL filtering device (e.g.
proxy, secure web gateway…)
• “Hard” operational expenses- Support contracts- Subscriptions
- Power and HVAC
• Save on “soft” costs too- Rack space, deployment/integration, headcount,
training, help desk calls
![Page 25: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/25.jpg)
Flexible Deployment OptionsVisibility Transparent In-Line Firewall Replacement
• Application, user and content visibility without inline
deployment
• IPS with app visibility & control• Consolidation of IPS & URL
filtering
• Firewall replacement with app visibility & control• Firewall + IPS
• Firewall + IPS + URL filtering
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 33 |
![Page 26: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/26.jpg)
Enables Visibility Into Applications, Users, and Content
![Page 27: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/27.jpg)
![Page 28: Palo Alto Networks Overview March 2012 Data Connectors Micah Richardson, Account Manager](https://reader038.vdocument.in/reader038/viewer/2022102814/5519cd86550346443e8b4935/html5/thumbnails/28.jpg)
A few simple guidelines…
• Never use ‘PAN’ in slides, always use Palo Alto Networks.
• The easiest way to avoid typing that all the time is by using an automatic text expansion tool, such as:- Typinator for Mac OS (€19.99)
http://www.ergonis.com/products/typinator/
- Texter for Windows (free) http://lifehacker.com/software/texter/lifehacker-code-texter-windows-238306.php
• Our corporate colors in PowerPoint are:
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 36 |
Green Blue