Next-Generation Firewall

Roberto Maina | Systems Engineer

Alessandro Senni | Brand Manager

Maggio 2020

Emerging Challengesin Network Security

2 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Cyber Evolution Trends

Virtualization, IoT, BYOD and SaaS adoption have increased threat vectors

Data Is Everywhere Security Skills Shortage

A lack of skilled personnel leaves

organizations at risk

Advanced Threats

Attacks are becoming more pervasive and sophisticated

25B+connected devices

in use by 2021

300M+never-before-seen

samples every month

53%of organizations

report a shortage of skilled staff

32%YoY increase in

malware delivered in encrypted traffic

3 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Cyber Evolution: Enterprise

Data Is Everywhere

Mobile Users IoT CloudBranch Data Center

4 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Cyber Evolution: Threats

Easiest to Execute Most Sophisticated and Damaging

Increasingly Advanced Threat Landscape

Known Threats Evasive Malware Zero-Day Attacks Fileless Attacks Targeted AttacksLow and SlowInsider Threats

5 | © 2020 Palo Alto Networks, Inc. All rights reserved.

The Security Skills Gap Is Widening

Source: https://www.csoonline.com/article/3331983/the-cybersecurity-skills-shortage-is-getting-worse.html

2018–2019

2017–2018

2016–2017

2015–2016

0% 60%50%40%30%20%10%Reported Shortage of Cybersecurity Skills

6 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Palo Alto NetworksNext-Generation Firewall

Unique Approach

7 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Today’s Reality for a User

Public Cloud SaaS Data CenterInternet

Home PC

Work Laptop

BYODPhone

HQ

On the Go

Branch

Home

8 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Today’s Reality for a User

Home PC BYODPhone

HOME HQ

Work Laptop

CAFE

Work Laptop

BRANCH

Work Laptop

9 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Public Cloud SaaS Data CenterInternet

Phishing and Stolen Credentials

Top 2 threat action varieties in 1,774 breaches

– 2019 Verizon Data Breach Investigations Report

10 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Image recognitionStops evasive phishing with ML-based deep learning

2018 Microsoft

Coordinated analysisIdentify new types of phishing pages with higher accuracy

URL FILTERING: CONTINUOUSLY ADVANCING PHISHING DETECTION

2018 Microsoft

User Identity Protected from a Variety of Attacks

GENERAL ATTACKS TARGETED ATTACKS

Malware analysis,including machine

learning

URLclassification

CUSTOM ATTACK

User enters corporatecredentials on a fake SSO page

Next-Gen Firewall identifies corporate credentials

12 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Protection from Successful Credential Reuse

Web Application

Legacy Application

Attacker uses stolen credentials1

4Attacker fails to gain access, attempt recorded

2 User receives MFA request

Da

ta C

en

ter

User denies request to access sensitive data3

13 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Typical Application Use

SANCTIONED TOLERATED UNSANCTIONED

DENYCONTROLSAFELY ENABLE

14 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Complete Visibility into All Applications in Use

Understand app usage by threats transferred, category and user

Get a comprehensive report on SaaS usage in your organization

Understand risky SaaS app usage based on risk characteristics

15 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Enable Apps Safely in Policies

SAAS APPLICATIONAPPLICATION

Evasive

Excessive bandwidth

Prone to misuse

Transfers files

Tunnels other apps

Used by malware

Vulnerabilities

Audio streaming

Encrypted tunnel

File sharing

Gaming

Proxy

Remote access

Software UpdateSoftware update

PCI DSS

SOC 1

SOC 2

SSAE 16

HIPAA

FedRAMP

FINRA

No certifications

Poor financial viability

Poor terms of service

IP-based restrictions

History of data breaches

SaaS CharacteristicsCharacteristicsCategories

HIPAA

16 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Control the Use of Sanctioned/Tolerated Apps

APPLICATION

Download Upload Posting

Enterprise vs. consumer(personal) accounts

Screen sharing/remote control

File blockingDocument sharing

File sandboxingWildFire

File transfer

Audio and video

Select

.EXE

.RAR

.XLS

.PDF

Select

.EXE

.RAR

.XLS

.PDF

17 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Malware

Prevention Requires Securing Encrypted Traffic

“Percent of time spent on encrypted websites and apps, Windows and Mac”

>80%Encrypted

HTTPS encryption on the web – Google Transparency Report

Upatre

Steals credentials

Dridex

Unit 42 Research

Transfers funds illegally

Ehdoor

Steals sensitive information

Encrypted traffic carried nearly 3.5 million unique malware samples in 2017

Encrypted Traffic

18 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Governed byRegulations

Secure Encrypted Traffic Without Compromising Privacy

Dangerous

Self-signed certsUntrusted certs

Expired certs

HealthcareGovernment

Banking

Unsafe

Unsafe TLS versionsWeak cipher suites

All Else

?

19 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Detect and Prevent New Threats with WildFire

Malware, URLs, DNS, Auto-C2

Update within seconds

Static analysis

Dynamic analysis

Machine learningBare metal analysis

Dynamic unpacking

Network traffic profiling

SANDBOX

Binaries Documents

Flash Web Archive

Data collected from a vast global community

Analysis techniques far beyond traditional sandboxing

Automated protection against multiple attack variants

CloudNetwork Endpoint

20 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Un

kno

wn

sP

rote

ctio

ns

Prevent Patient Zero with ML

Centralized Configuration, Policy, Logging

Mobile users

Branch

Configuration

Configuration

Logs Logs

Logs

PolicyReporting

Panorama

Cortex™ Data LakePrisma™ Access Public cloud

HQ

NGFW

Momentum

23 | © 2020 Palo Alto Networks, Inc. All rights reserved.

2019 Gartner Magic Quadrant for Network Firewalls

8-time Leader in the Gartner Firewall MQ, NSS Labs Recommended

NSS Labs Recommended

66,000+customers

in 150+ countries

85of the Fortune 100

rely on Palo Alto Networks

63% of the Global 2Kare Palo Alto Networks customers

FY15 FY16 FY17 FY18 FY19

#1in enterprise security

revenue trend 33% CAGRFY15‒FY19

20% year-over-yearrevenue growth*

9.1/10average CSAT score

Q2FY2020. Fiscal year ends July 31Gartner, Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 3Q19, 6 March 2020,

Palo Alto Networks 10-k

24 | © 2020 Palo Alto Networks, Inc. All rights reserved.

The World’s Leading Cybersecurity Company

The Next-Generation Firewall Continues to Evolve

25 | © 2020 Palo Alto Networks, Inc. All rights reserved.

NGFWs for All Your Deployment Needs

PA-220

PA-220R

PA-800 Series

PA-3200 Series

PA-5200 Series

PA-7000 Series

26 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Small Branches & Remote Locations

Network Perimeter

LargeData Centers

100+ New Capabilities in PAN-OS 8.1, 9.0, 9.1

App-ID• Policy Optimizer• HTTP/2 inspection• SIP enhancements• App-default with decryption• Streamlined schedule• SaaS app characteristics

User-ID• Dynamic User Groups• Increased terminal services capacity• Improved scalability with virtual

systems

Security Subscriptions• New DNS Security subscription• Improved phishing detection via ML• Multi-category URL filtering• High, Medium, Low risk classification

More• EDL capacity and performance

improvements• GTP security for IoT• More flexible data filtering

Panorama• Manage up to 5,000 NGFWs with single

Panorama instance; up to 30,000 NGFWs with Panorama Interconnect

• Device group/template config management

• Optimized bulk onboarding of NGFWs• Proactive health and metrics monitoring

Management• Dynamic Address Groups: increased

capacity, performance, and visibility• API security• API simplification• Wildcard Address Support for policy

match• Rule audit comments• Tag-based rule management• Policy/Infrastructure testing in UI• Policy UUID

Networking• DHCP/FQDN support for dest NAT• FQDN refresh responsiveness

improvement• VxLAN inspection• GRE tunneling• TrustSec SGT Tag support

Decryption• Decryption broker

GlobalProtect• Managed/Unmanaged device

identification• HIP redistribution• Detailed logs for rapid

troubleshooting

New hardware• All-new hardware portfolio from PA-

220 to PA-7000 Series with new cards

27 | © 2020 Palo Alto Networks, Inc. All rights reserved.

DNS Security - One Year in, Amazing Growth ...D

NS

re

qu

est

s a

na

lyze

d(B

illio

ns)

Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan

0

2

3

5

6

8

9

11

12

14

28 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Refresh Bundle Offer

29 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Exclusive Bundle For Customers With Refresh EligibleHardware

30 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Trade-in Levels and Credit Amount

PA-3220 € 900

PA-3250 € 1,250

PA-3260 € 1,500

PA-5220 € 2,250

PA-5250 € 4,500

PA-5260 € 7,500

PA-5280 € 8,500

PA-7000 Chasis € 5,000

PA-7000 100GNPC € 5,000

Product being purchased Credit

PA-7000 Chasis&

100G Cards

PA-4060 PA-5060

PA-5280

PA-5260

PA-4050 PA-5050 PA-5250

PA-4020 PA-5020 PA-5220

PA-2050

PA-3060 PA-3260

PA-3050 PA-3250

PA-2020 PA-3020 PA-3220

Generation 1 Generation 2 Current Product

Hardware level to be equivalent to

current product or higher asdenoted

by direction of arrow to qualify

for trade-incredit.

Example

31 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Terms and Condition

➢ Valid until 31 July.

➢ Hardware level to be equivalent to current product or higher

➢ Bundle Offer is valid for 3 or 5 Years

➢ Customer will be asked to sing “Certificate of Decommision”

➢ Insert code FY20 HW Refresh Offer Bundle in DR Qualifying Campaign Code

➢ Contact us or your Palo Alto Networks Account Manager

32 | © 2020 Palo Alto Networks, Inc. All rights reserved.

Thank you

asenni@exclusive-networks.com

rmaina@exclusive-networks.com