New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

Slides:



Advertisements
Similar presentations
Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
Advertisements

Palo Alto Networks Jay Flanyak Channel Business Manager
Palo Alto Networks Overview
Business Solutions Network Security Solutions Gateway Security
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
Visibility. Then Control. Keep good employees from doing bad things on the Internet.
IBM Security Network IPS models, End of Support Dates and Replacement options 1.
Next Generation Network Security Carlos Heller System Engineering.
True Unified Threat Management
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Palo Alto Networks Solution Overview May 2010 Denis Pechnov Sales, EMEA.
© 2007 Palo Alto Networks. Proprietary and Confidential Page 1 | Next Generation Firewalls Nir Zuk Founder and CTO.
Palo Alto Networks Customer Presentation
SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.
MIGRATION FROM SCREENOS TO JUNOS based firewall
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
What Are We Missing? Practical Use of the Next-Generation Firewall: Controlling Modern Malware and Threats Jason Wessel – Solutions Architect.
Barracuda Networks Steve Scheidegger Commercial Account Manager
Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks.
Next-Generation Firewall Palo Alto Networks. Page 2 | Applications Have Changed, firewalls have not The gateway at the trust border is the right place.
Palo Alto Networks security solution - protection against new cyber-criminal threats focused on client-side vulnerabilities Mariusz Stawowski, Ph.D., CISSP.
© 2007 Palo Alto Networks. Proprietary and Confidential Page 1 | Palo Alto Networks – next page in firewalling It’s time to fix the firewall! Tiit Sokolov.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Secure the Web with Blue Coat Stop the Bad. Allow the Good.
What Did You Do At School Today Junior?
NEXT GENERATION FIREWALLS Why NGFWs are Next-Generation FWs?
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Chapter 5: Implementing Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
About Palo Alto Networks
APPLICATION PERFORMANCE MANAGEMENT The Next Generation.
Moving from Reactive to Proactive – DeepNines and ESU 3 Nate Jackson, Territory Manager Greg Jackson, Vice President of Technical Services Martin Rosas,
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Ton den Braber Channel Manager Benelux Dell SonicWALL The Promises and Pitfalls of BYOD.
NSA 240 Overview For End Users. 2 New Challenges To Solve  Threats Are Increasing  Web 2.0 & SaaS  Impacts to servers, users & networks  Threats go.
Palo Alto Networks - Next Generation Security Platform
Palo Alto Networks SLO WUG NG Silvester Drobnič, CHS d.o.o.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Web Content Security Unlock the Power of the Web
Barracuda NG Firewall ™
Barracuda SSL VPN 2012.
Palo Alto Networks Certified Network Security Engineer
Barracuda Firewall The Next-Generation Firewall for Everyone
Web Content Security Unlock the Power of the Web
Network Security Solution
Module 3: Enabling Access to Internet Resources
Barracuda Web Security Flex
PCNSE7 Palo Alto Networks Certified Network Security Engineer
Barracuda Firewall The Next-Generation Firewall for Everyone
Barracuda Web Filtering Service
PCNSE7 Palo Alto Networks Certified Network Security Engineer
Basic Policy Overview Palo Alto.
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Virtualization & Security real solutions
Prevent Costly Data Leaks from Microsoft Office 365
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
UNM Enterprise Firewall
Check Point Connectra NGX R60
Hosted Security.
Presentation transcript:

New Solutions to New Threats

The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential

Security Technology Hasn’t Kept Up The gateway on the trust border is the right place to exert control - All traffic goes through - Defines trust boundary Strategy is sound… BUT… - Can only see ports, protocol, and IP address - Blind to applications, users, and content - Blind to dynamic, multipronged threats Execution is flawed Collaboration / Media SaaS Personal Page 3 | © 2008 Palo Alto Networks. Proprietary and Confidential

Threat Prevention Must Get Smarter Stop threats - Block bad applications - Block a widening array of threats (exploits, viruses, spyware downloads and phone home) Enable business - Safely enable applications - Don’t slow down business traffic – i.e., manage risk at speed of business One policy = no gaps Page 4 | © 2008 Palo Alto Networks. Proprietary and Confidential

About Palo Alto Networks Founded in 2005 by Nir Zuk, inventor of stateful inspection technology World class team with strong security and networking experience Builds next generation firewalls with innovative identification technologies that manage applications, users, and content Named Gartner Cool Vendor in 2008; 2008 Best of Interop Grand Prize Page 5 | © 2008 Palo Alto Networks. Proprietary and Confidential

Our Identification Technologies Change the Game App-ID Identify the application User-ID Identify the user Content-ID Scan the content Page 6 | © 2008 Palo Alto Networks. Proprietary and Confidential

Traditional Multi-Pass Architectures Port/Protocol-based ID L2/L3 Networking, HA, Config Management, Reporting Port/Protocol-based ID HTTP Decoder L2/L3 Networking, HA, Config Management, Reporting URL Filtering Policy Port/Protocol-based ID IPS Signatures L2/L3 Networking, HA, Config Management, Reporting IPS Policy Port/Protocol-based ID AV Signatures L2/L3 Networking, HA, Config Management, Reporting AV Policy Firewall Policy IPS Decoder AV Decoder & Proxy Page 7 | © 2008 Palo Alto Networks. Proprietary and Confidential

PAN-OS Architecture L2/L3 Networking, HA, Config Management, Reporting APP-ID CONTENT-ID Policy Engine Application Protocol Detection and Decryption Application Protocol Decoding Heuristics Application Signatures URL Filtering Real-Time Threat Prevention Data Filtering Page 8 | © 2008 Palo Alto Networks. Proprietary and Confidential

Real-Time Content Scanning With Content-ID Stream-based, not file-based, for real-time performance - Dynamic reassembly Uniform signature engine scans for broad range of threats in single pass Threat detection covers vulnerability exploits (IPS), virus, and spyware (both downloads and phone-home ) Time File-based ScanningStream-based Scanning ID Content Buffer File Time Scan File Deliver Content ID Content Scan Content Deliver Content Page 9 | © 2008 Palo Alto Networks. Proprietary and Confidential

Purpose-Built Hardware: PA-4000 Series Flash Matching HW Engine Palo Alto Networks’ uniform signatures Multiple memory banks – memory bandwidth scales performance Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Dedicated Control Plane Highly available mgmt High speed logging and route updates 10Gbps 10 Gig Network Processor Front-end network processing offloads security processors Hardware accelerated QoS, route lookup, MAC lookup and NAT. 10Gbps Control Plane Data Plane Page 10 | © 2008 Palo Alto Networks. Proprietary and Confidential

Adds Up to Superior Performance Performance Remote Office/ Medium Enterprise Large Enterprise PA-2000 Series 1Gbps; 500Mbps threat prevention PA-4000 Series 500Mbps; 200Mbps threat prevention 2Gbps; 2Gbps threat prevention 10Gbps; 5Gbps threat prevention 10Gbps; 5Gbps threat prevention (XFP interfaces) Page 11 | © 2008 Palo Alto Networks. Proprietary and Confidential

Flexible Deployment Options Application Visibility Transparent In-Line Firewall Replacement Connect to span port Enables threat and application visibility without inline deployment Connect to span port Enables threat and application visibility without inline deployment Deploy transparently behind existing firewall Enables application control and threat prevention without networking changes Deploy transparently behind existing firewall Enables application control and threat prevention without networking changes Replace existing firewall Enables threat prevention, application and network visibility and control, consolidated policy, high performance Replace existing firewall Enables threat prevention, application and network visibility and control, consolidated policy, high performance Page 12 | © 2008 Palo Alto Networks. Proprietary and Confidential

App-ID enables visibility and control over applications - Safe usage Traditional perimeter security technology hasn’t kept up with change in threats SPA Next Gen Firewall delivers - Performance - Single policy - TCO Summary Page 13 | © 2008 Palo Alto Networks. Proprietary and Confidential

Thank You