@PaloAltoNtwks Palo Alto Networks - Next-Generation Security Platform

Download @PaloAltoNtwks Palo Alto Networks - Next-Generation Security Platform

Post on 16-Apr-2017

1.212 views

Category:

Technology

0 download

Embed Size (px)

TRANSCRIPT

  • 1 | 2015, Palo Alto Networks. Confidential and Proprietary.

    PALO ALTO NETWORKS

    NEXT-GENERATION

    SECURITY PLATFORM

  • PALO ALTO NETWORKS AT-A-GLANCE

    2 | 2015, Palo Alto Networks. Confidential and Proprietary.

    CORPORATE HIGHLIGHTS

    Founded in 2005; first customer

    shipment in 2007

    Safely enabling applications and

    preventing cyber threats

    Able to address all enterprise

    cybersecurity needs

    Exceptional ability to support global

    customers

    Experienced team of 3,300+ employees

    Q2 FY16: $334.7M revenue

    $MM

    REVENUES ENTERPRISE CUSTOMERS

    $13 $49

    $119

    $255

    $396

    $598

    $928

    $0

    $200

    $400

    $600

    $800

    $1.000

    FY09 FY10 FY11 FY12 FY13 FY14 FY15

    4.700

    9.000

    13,500

    19,000

    26.000

    0

    4.000

    8.000

    12.000

    16.000

    20.000

    24.000

    jul-11 jul-12 jul-13 jul-14 jul-15

  • 3 | 2014, Palo Alto Networks. Confidential and Proprietary.

    2015 MAGIC QUADRANT FOR ENTERPRISE NETWORK FIREWALLS

  • LA SEGURIDAD TRADICIONAL ES LA RESPUESTA?

    Enterprise Network

    Mas Cosas, resuelven los problemas?

    Los ayudantes del Firewall limitan la visualizacin del trfico

    Dificil de Administrar y con Altos Costos de Mantencin

    No abordan de manera inteligente el acceso a las aplicaciones

    4 | 2012, Palo Alto Networks. Confidential and Proprietary.

    IM DLP IPS Proxy URL AV

    UTM/Blades

    Internet

  • DELIVERING THE NEXT-GENERATION SECURITY PLATFORM

    5 | 2015, Palo Alto Networks. Confidential and Proprietary.

  • A COMPLETE SECURITY ARCHITECTURE

    Enterprise network

    Public

    cloud

    Private

    Cloud

    9 | 2015, Palo Alto Networks. Confidential and Proprietary.

  • REQUIREMENTS FOR THE FUTURE

    DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE ORGANIZATION

    At the internet

    edge

    Between employees

    and devices within

    the LAN

    At the data center

    edge, and

    between VMs

    At the mobile

    device

    Cloud

    Within private,

    public and hybrid

    clouds

    6 | 2015, Palo Alto Networks. Confidential and Proprietary.

  • LAS APLICACIONES HAN CAMBIADO PERO LA SEGURIDAD

    TRADICIONAL NO

    8 | 2012, Palo Alto Networks. Confidential and Proprietary.

  • *Based on Palo Alto Networks Application Usage and Risk Report

    Facebook allowedwhat

    about the other 299 apps?

    Policy Decision #2

    App-Control Add-on

    Applications

    Allow Facebook

    Policy Decision #1

    Firewall Allow port 80

    Open ports to

    allow the application

    Key Difference Ramifications

    Two separate policies More Work. Two policies, more admin effort Possible security holes. No policy reconciliation tools

    Two separate policy decisions Weakens the deny-all-else premise. Applications allowed by FW decision

    Two separate log databases Less visibility with more effort. Informed policy decisions require more effort , slows reaction time

    No concept of unknown traffic Increased risk. Unknown is found on every network = low volume, high risk More work, less flexible. Significant effort to investigate; limited management

    Lacking in shared context More work, less knowledge, slows reaction time. Finding and correlating app, user, content requires significant effort

    9 | 2013 Palo Alto Networks. Confidential and Proprietary.

    tcp service

    on port 80

    CONSECUENCIAS DEL CONTROL DE

    APLICACIONES CONVENCIONAL

  • 10 | 2014, Palo Alto Networks. Confidential and Proprietary.

    BENEFICIOS DEL CONTROL DE APLICACIONES EN EL

    FIREWALL

    Policy Decision

    Firewall App-ID

    Allow Facebook X Key Difference Benefit

    Single firewall policy Less work, more secure. Administrative effort is reduced; potential reconciliation holes eliminated.

    Positive control model Allow by policy, all else is denied. Its a firewall.

    Single log database Less work, more visibility. Policy decisions based on complete information.

    Systematically manage unknowns Less work, more secure. Quickly identify high risk traffic and systematically manage it.

    Shared context Less work, more secure. App, content and user are pervasive - visibility, policy control, logging, reporting.

  • CUAL ES LA RESPUESTA QUE DEBE DAR UN NGFW?

    Identificar las aplicaciones independientemente del puerto, protocolo, tctica evasiva o trfico SSL

    Identificar los usuarios en forma independiente de las direcciones IP

    Proteccin en tiempo real contra las amenazas conocidas y desconocidas.

    Granularidad, visibilidad y control de polticas sobre el acceso de la aplicacin / funcionalidad

    Performance asegurado. No degradacion del rendimiento por nuevos modulos.

  • CUAL ES NUESTRO VALOR QUE MARCA LA DIFERENCIA?

    Application Enablement

    Palo Alto Networks permite el uso de

    aplicaciones en forma segura, ofreciendo

    beneficios para el negocio y minimizando el

    riesgo asociado a problemas de seguridad.

    Application Prevention

    Los metodos de seguridad convencionales

    fuerzan a las empresas a bloquear todo o

    permitir el uso en forma insegura de las

    nuevas y modernas aplicaciones.

    12 | 2014, Palo Alto Networks. Confidential and Proprietary.

  • TECNOLOGIAS + ARQUITECTURA =

    TRANSFORMAMOS EL FIREWALL

    App-ID

    Identify the application

    User-ID

    Identify the user

    Content-ID

    Scan the content

    SP3 Architecture

    Single-Pass Parallel Processing

  • SINGLE-PASS PARALLEL PROCESSING (SP3)

    ARCHITECTURE Single Pass Parallel Processing

    Una sola vez por paquete

    - Traffic classification (app identification)

    - User/group mapping

    - Content scanning threats, URLs, confidential data

    Una sola politica

    Hardware especifico para proceso en paralelo

    Bus de data/control en forma separada

    Hasta 200Gbps

  • PROTECCIN DE TRFICO VERTICAL Y HORIZONTAL

    15 | 2013, Palo Alto Networks. Confidential and Proprietary.

    Seguridad en su Datacenter:

    Segmentacin de red por aplicacin y/o servicios, generando niveles de confianza

    Inspecciona todo el trfico entre segmentos de la red (zonas de seguridad)

    Administra su trfico desconocido

    Virtualized servers Physical servers

    PA-5000 / 7000

    Series VM-Series

  • UNIQUE PLATFORM OFFERING

    Cloud Datacenter Enterprise perimeter Distributed/BYOD Endpoint

    Next-Generation

    Firewall

    Cybersecurity:

    IDS / IPS / APT Web gateway VPN Mobile security

    Panorama, M-100 & M-500 appliances, GP-100 appliance

    PAN-OS

    Consistency

    Products

    Subscriptions

    Use cases

    Management system

    Physical: PA-200, PA-500, PA-3000 Series, PA-5000 Series, PA-7050, PA-7080

    WildFire: WF-500

    Virtual: VM-Series for NSX, AWS, and KVM

    URL Filtering

    GlobalProtect

    WildFire

    Threat Prevention

    Operating system

    Traps Aperture

    16 | 2015, Palo Alto Networks. Confidential and Proprietary.

  • WHY PALO ALTO NETWORKS?

    17 | 2015, Palo Alto Networks. Confidential and Proprietary.

    Prevention

    Ze

    ro-D

    ay

    Reduce Risk Policy

    Visibility

    Remediation

    Detection

    Endpoint

    Data Center

    Mobility

    BYOD Management

    Vulnerability

    Resp

    on

    siv

    e

    Exploit

    Anti-Malware Forensics

    Automation

    Private Cloud

    Public Cloud

    Pe

    rform

    an

    ce

    Scalability

    Platform

    Se

    gm

    en

    tatio

    n

    Applications

    Users

    Control

    Ag

    ile

    Perimeter

    Inte

    gra

    ted

    Support

    Web Security

    Com

    mand-&

    -Contro

    l

    Virtualization

    Ecosystem

    Context

    Correlation

    Services

    People

    Culture

    Safe Enablement

    Application