End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)

End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
Copyright © 2014, Palo Alto Networks End to End Security With Palo Alto Networks Onur Kasap Systems Engineer November 2014-Kiev
PALO ALTO NETWORKS AT-A-GLANCE CORPORATE HIGHLIGHTS • Founded in 2005; first customer shipment in 2007 • Safely enabling applications and preventing cyber threats • Able to address all enterprise cybersecurity needs • Exceptional ability to support global customers • Experienced team of 1,700+ employees • Q4FY14: $178.2M revenue Copyright © 2014, Palo Alto Networks $13 REVENUES ENTERPRISE CUSTOMERS $49 $255 $MM $119 $598 $396 $600 $400 $200 $0 FY09 FY10 FY11 FY12 FY13 FY14 4,700 9,000 13,500 19,000 20,000 16,000 12,000 8,000 4,000 0 Jul-11 Jul-12 Jul-13 Jul-14
A clear market leader – again Copyright © 2014, Palo Alto Networks A leader for 3 years in a row in the magic quadrant for enterprise network firewalls
Applications Have Changed, Firewalls Haven’t Network security policy is enforced at the firewall • Sees all traffic • Defines boundary • Enables access Traditional firewalls don’t work any more Copyright © 2014, Palo Alto Networks
Encrypted Applications: Unseen by Firewalls What happens traffic is encrypted? • SSL • Proprietary encryption Copyright © 2014, Palo Alto Networks
Technology Sprawl and Creep Aren’t the Answer Copyright © 2014, Palo Alto Networks Enterprise Network • “More stuff” doesn’t solve the problem • Firewall “helpers” have limited view of traffic • Complex and costly to buy and maintain • Doesn’t address application “accessibility” features UTM IPS DLP IM AV URL Proxy Internet
Competitors Firewall Architecture Copyright © 2014, Palo Alto Networks App Signatures IPS Signatures Virus Signature s URL Signatures Application Policy Application Inspection IPS Policy Threat Inspection Anti-Virus Proxy AV Inspection Web Filtering Policy URL Inspection Packet Inspection Flow L4 Session Table Stateful FW policy Port-based session Inspection
Application Control Belongs in the Firewall Traffic Port Port Policy Decision Copyright © 2014, Palo Alto Networks App Ctrl Policy Decision Application Control as an Add-on • Port-based decision first, apps second • Applications treated as threats; only block what you expressly look for Ramifications • Two policies/log databases, no reconciliation • Unable to effectively manage unknowns IPS Applications Firewall Traffic Application Firewall IPS App Ctrl Policy Decision Scan Application for Threats Applications Application Control in the Firewall • Firewall determines application identity; across all ports, for all traffic, all the time • All policy decisions made based on application Ramifications • Single policy/log database – all context is shared • Policy decisions made based on shared context • Unknowns systematically managed
Evasive Applications •Yahoo Messenger •BitTorrent Client Copyright © 2014, Palo Alto Networks •Port 80 •Open Port 5050 Blocked Port 6681 Blocked Port-Based Firewall
Scenario 1: DNS Traffic Legacy Firewalls Firewall Rule: ALLOW Port 53 Firewall Rule: ALLOW DNS DNS DNS DNS DNS Copyright © 2014, Palo Alto Networks Palo Alto Networks Firewalls with App-ID Firewall Firewall Bittorrent BitTorrent Packet on Port 53: Allow DNS = DNS: Allow BitTorrent ≠ DNS: Deny Visibility: BitTorrent detected and blocked BitTorrent Packet on Port 53: Allow Visibility: Port 53 allowed
Scenario 2: BitTorrent with Application IPS Legacy Firewalls Firewall Rule: ALLOW Port 53 Firewall Rule: ALLOW DNS Application IPS Rule: Block Bittorrent DNS DNS DNS DNS DNS Firewall App IPS Firewall Bittorrent Packet on Port 53: Allow DNS=DNS: Allow Copyright © 2014, Palo Alto Networks Bittorrent Bittorrent ≠ DNS: Deny Visibility: Bittorrent detected and blocked Bittorrent Bittorrent: Deny Visibility: Bittorrent detected and blocked Palo Alto Networks Firewalls with App-ID
Scenario 3: Zero-day Malware Application IPS Rule: Block Bittorrent Firewall App IPS Firewall DNS DNS DNS DNS Copyright © 2014, Palo Alto Networks Legacy Firewalls Firewall Rule: ALLOW Port 53 Firewall Rule: ALLOW DNS Zero-day C & C Packet on Port 53: Allow DNS=DNS: Allow Command & Control ≠ DNS: Deny Visibility: Unknown traffic detected and blocked Bittorrent Visibility: Packet on Port 53 allowed DNS Bittorrent Bittorrent Zero-day C & C Zero-day C & C Zero-day C & C C & C ≠ Bittorrent: Allow Palo Alto Networks Firewalls with App-ID
The Answer? Make the Firewall Do Its Job 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify and control users regardless of IP address, location, or device 3. Protect against known and unknown application-borne threats 4. Fine-grained visibility and policy control over application access / functionality 5. Multi-gigabit, low latency, in-line deployment Copyright © 2014, Palo Alto Networks .
Making the Firewall a Business Enablement Tool •App-ID™ •Identify the application •Content-ID™ •Scan the content •User-ID™ •Identify the user Copyright © 2014, Palo Alto Networks
Enabling Applications, Users and Content Copyright © 2014, Palo Alto Networks
Single-Pass Parallel Processing™ (SP3) Architecture Copyright © 2014, Palo Alto Networks Single Pass • Operations once per packet - Traffic classification (app identification) - User/group mapping - Content scanning – threats, URLs, confidential data • One policy Parallel Processing • Function-specific parallel processing hardware engines • Separate data/control planes
Single Pass Platform Architecture Copyright © 2014, Palo Alto Networks
PAN-OS Core Firewall Features Visibility and control of applications, users and content complement core firewall features  Strong networking foundation  Dynamic routing (BGP, OSPF, RIPv2)  Tap mode – connect to SPAN port  Virtual wire (“Layer 1”) for true transparent in-line deployment  L2/L3 switching foundation  Policy-based forwarding  VPN  Site-to-site IPSec VPN  Remote Access (SSL) VPN  QoS traffic shaping  Max/guaranteed and priority  By user, app, interface, zone, & more  Real-time bandwidth monitor Copyright © 2014, Palo Alto Networks  Zone-based architecture  All interfaces assigned to security zones for policy enforcement  High Availability  Active/active, active/passive  Configuration and session synchronization  Path, link, and HA monitoring  Virtual Systems  Establish multiple virtual firewalls in a single device (PA-7050, PA-5000, PA- 3000, and PA-2000 Series)  Simple, flexible management  CLI, Web, Panorama, SNMP, Syslog PA-7050 PA-5000 Series PA-5060, PA-5050 PA-5020 PA-3000 Series PA-3050, PA-3020 PA-2000 Series PA-2050, PA-2020 PA-500 PA-200 VM-Series VM-300, VM-200, VM-100, VM-1000-HV
Flexible Deployment Options For Ethernet Interfaces Tap Mode Virtual Wire Mode Layer 3 Mode • Application, user and content visibility without inline deployment • Evaluation and Audit of existing networks Copyright © 2014, Palo Alto Networks • Application ID, Content ID, User ID, SSL Decryption • Includes NAT capability • All of the Virtual Wire Mode capabilities with the addition of Layer 3 services: Virtual Routers, VPN and, Routing Protocols
Threat Prevention of Zero-Day Attacks Copyright © 2014, Palo Alto Networks WildFire and Traps
Why change Copyright © 2014, Palo Alto Networks Attackers are more 91%increase in targeted attacks in 2013 sophisticated and well funded of exploit kits utilize vulnerabilities less than 2 years old 78% Launching Zero-Day attacks is more accessible and common of breaches involve a targeted user device 71% Targeted attacks can only be solved on the endpoint
Flow of a RAT Attack with 0-day Malware The victim downloads and installs the malware that takes the station in the botnet Copyright © 2014, Palo Alto Networks Hop Point Popular websites(Landing Site) Malware repository Víctim Attacker (C&C) The victim visits the URL and the drive-by download executes The victim visits the site and is redirected to the malicious URL (iframe) @ The attacker injects the URL, in a legitimate site preferably, under his control
Attack Stages of a Drive-by Download / Web Attack Targeted malicious email sent to user Copyright © 2014, Palo Alto Networks User clicks on link to a malicious website Malicious website silently exploits client-side vulnerability With Web Attack Toolkit Drive-by download of malicious payload
Targeted Attack Example Source; http://infosec3t.com/wp-content/uploads/2010/03/contagio_targeted_attack_email_2.png Copyright © 2014, Palo Alto Networks
Copyright © 2014, Palo Alto Networks Source: http://www.symantec.com/threatreport/topic.jsp?id=malicious_code_trends&aid=triage_analysis_of_targeted_attacks
Copyright © 2014, Palo Alto Networks
Detection-focused technology investments Network Security  IPS deployed as IDS  App blades that only detect and report  SSL traffic allowed without decryption  When decrypted, SSL just port-mirrored  Sandboxes deployed to detect malware  Snort engines to detect traffic to high risk IPs Copyright © 2014, Palo Alto Networks Endpoint Protection  Forensics agents to capture what happened  IOC scanners  Massive PCAP storage  Remediation tools to try and fix what was detected  $1,000/hour incident response consultants to tell you who stole your data Answer: Detection and Prevention of Advanced Threats
Advanced threat requires a solution, not point products 1 Reduce the attack surface Known viruses and exploits Copyright © 2014, Palo Alto Networks Client Exploit Command/Control HTTP SSL DNS URL / C&C EXE, Java, .LNK, DLL High-risk applications 2 Detect the unknown 3 Create protections • Whitelist applications or block high-risk apps • Block known viruses, exploits • Block commonly exploited file types • Analysis of all application traffic • SSL decryption • WildFire sandboxing of exploitive files Detection and blocking of C&C via: • Bad domains in DNS traffic • URLs (PAN-DB) • C&C signatures (anti-spyware) Failed attempts Successful spear-phishing email Post-compromise activity
Why do you need network, endpoint, and cloud Copyright © 2014, Palo Alto Networks working together?
Requirements for a new approach 1 Prevent attacks - even attacks seen for the first time 2 Protect all users and applications - including mobile and virtualized 3 Seamlessly combine network and endpoint security, as each has unique strengths 4 Provide rapid analysis of new threats Requires next-generation network, endpoint, and threat intelligence cloud capabilities Copyright © 2014, Palo Alto Networks
Platform approach Next-Generation Firewall  Inspects all traffic  Blocks known threats  Sends unknown to cloud  Extensible to mobile & virtual networks Copyright © 2014, Palo Alto Networks
Platform approach Copyright © 2014, Palo Alto Networks Next-Generation Endpoint Protection  Inspects all processes and files  Prevents both known & unknown exploits  Integrates with cloud to prevent known & unknown malware
Platform approach Copyright © 2014, Palo Alto Networks Threat Intelligence Cloud  Gathers potential threats from network and endpoints  Analyzes and correlates threat intelligence  Disseminates threat intelligence to network and endpoints
The making of a platform: information sharing Unknowns Copyright © 2014, Palo Alto Networks Unknowns & zero-day discoveries
The making of a platform: prevention distribution Copyright © 2014, Palo Alto Networks Real-time signatures
The making of a platform: correlated analytics Copyright © 2014, Palo Alto Networks Integrated reporting Confirm detection
Reaching Effects of WildFire AV Signatures DNS Signatures Malware URL Filtering Anti-C&C Signatures Copyright © 2014, Palo Alto Networks Threat Intelligence Sources WildFire Users
Next-Generation Appliances | Malware Management WF-500 is a private cloud Designed for organizations with regulatory or privacy concerns. Copyright © 2014, Palo Alto Networks WF-500
WildFire cloud-based architecture scales Manual analysis Copyright © 2014, Palo Alto Networks Web Sandbox Email Sandbox File share Sandbox Central manager APT Add-on Approach WildFireTM Public cloud or Private cloud appliance WildFire Approach  Easy to manage and operationalize  Scalable  Cost effective  Hard to manage  Doesn’t scale  Expensive  Requires multiple devices at each ingress, egress, and point of segmentation
WildFire Subscription Copyright © 2014, Palo Alto Networks WildFire WildFire Subscription WildFire analysis of PE analysis Daily signature feed (TP subscription required) WildFire logs integrated within PAN-OS WildFire analysis of all other file types (PDF, MS Office, Java, Flash, APK*) 15-min signature feed WildFire Cloud API key Use of WF-500
Signature hierarchy App-ID updates “IPS” signatures Copyright © 2014, Palo Alto Networks Weekly (vulnerability, anti-spyware) Daily 15-minute IP geolocation Antivirus Botnet support (zone file, dynamic DNS, malware URLs) DNS signatures WildFire signatures
Copyright © 2014, Palo Alto Networks Traps Advanced Endpoint Protection
The failures of traditional approaches EXE Targeted Evasive Advanced PDF NO Copyright © 2014, Palo Alto Networks Known signature? NO Known strings? NO Previously seen behavior? Legacy Endpoint Protection Malware direct execution Exploit vulnerability to run any code
Introducing Traps The right way to deal with advanced cyber threats Prevent Exploits Including zero-day exploits Prevent Malware Including advanced & unknown malware Collect Attempted-Attack Forensics For further analysis Scalable & Lightweight Must be user-friendly and cover complete enterprise Integrate with Network and Cloud Security For data exchange and crossed-organization protection Copyright © 2014, Palo Alto Networks
Block the core techniques – not the individual attacks Software Vulnerability Exploits Exploitation Techniques Thousands of new vulnerabilities and Copyright © 2014, Palo Alto Networks exploits a year Only 2-4 new exploit techniques a year Malware Malware Techniques Millions of new malware every year 10’s – 100’s of new malware sub-techniques every year
Exploitation technique prevention – Clandestine Fox Preparation Triggering Circumvention Post Malicious Activity Heap Spray Use after free Utilizing OS Prevention of one technique in the chain will block the entire attack Copyright © 2014, Palo Alto Networks Memory Corruption Mitigation Logic-Flaws Real-Time Intervention OS Functions Shielding Algorithmic Memory Traps Placement function ROP CVE-2014-1776
Exploit technique prevention how it works Document is opened by user Copyright © 2014, Palo Alto Networks Traps seamlessly injected into processes CPU <0.1% Process is protected as exploit attempt is trapped Forensic data is collected Reported to ESM Process is Safe! terminated Attack is blocked before any successful malicious activity Useradmin is notified Traps triggers immediate actions When an exploitation attempt is made, the exploit hits a “trap” and fails before any malicious activity is initiated.
Malware prevention Policy-Based Restrictions WildFire Inspection Malware Techniques Mitigation Copyright © 2014, Palo Alto Networks Limit surface area of attack control source of file installation Prevent known malware with cloud-based integration Prevent unknown malware with technique-based mitigation
User tries to open executable file Copyright © 2014, Palo Alto Networks Policy-based Restrictions Applied HASH checked against WildFire File is allowed to execute Malware technique prevention employed Malware prevention how it works Safe! Reported to ESM
Forensics capture Ongoing capture and attack-triggered capture Copyright © 2014, Palo Alto Networks Ongoing recording - Any files execution - Time of execution - File name - File HASH - User name - Computer name - IP address - OS version - File’s malicious history - Any interference with Traps service - Traps Process shutdown attempt - Traps Service shutdown attempt - Related system logs Exploit or malware hits a “trap” and triggers real-time collection - Attack-related forensics - Time stamp - Triggering File (non executable) - File source - Involved URLsURI - Prevented exploitation technique - IP address - OS version - Version of attempted vulnerable software - All components loaded to memory under attacked process - Full memory dump - Indications of further memory corruption activity - User name and computer name
Coverage and system requirements Supported operating systems Workstations • Windows XP SP3 • Windows 7 • Windows 8.1 Servers • Windows Server 2003 • Windows Server 2008 (+R2) • Windows Server 2012 (+R2) Copyright © 2014, Palo Alto Networks Footprint • 25 MB • 0.1% CPU • Very Low IO
Benefits Copyright © 2014, Palo Alto Networks Business  Prevent breaches, not just detect  Increases business continuity  Lowers TCO Operations  Save time and money on Forensics and remediation  Easy to manage, does not require frequent updates  Zero-day coverage IT  Install patches on your own schedule  Compatible with existing solutions  Minimal performance impact Intelligence  Access to threat intel through WildFire integration  Attack-triggered forensics collection
Copyright © 2014, Palo Alto Networks The Virtual Data Center
East/West Traffic flows often greater than North/South flows Copyright © 2014, Palo Alto Networks Enterprise Network
Security challenges Physical firewalls may not see the East-West traffic DB App Web Copyright © 2014, Palo Alto Networks  Firewalls placement is designed around expectation of layer 3 segmentation  Network configuration changes required to secure East-West traffic flows are manual, time-consuming and complex  Ability to transparently insert security into the traffic flow is needed Hypervisor Hardware Firewall
Security challenges Static policies cannot keep pace with dynamic workload deployments Copyright © 2014, Palo Alto Networks  Provisioning of applications can occur in minutes with frequent changes  Security approvals and configurations may take weeks/months  Dynamic security policies that understand VM context are needed
What happens when a VM is vMotioned? App Web Hypervisor Copyright © 2014, Palo Alto Networks DB Hypervisor vMotion Data Center Core Network Hardware Firewall
VM-Series Next Generation Security Platform Copyright © 2014, Palo Alto Networks • Consistent Features as hardware-based next-generation firewall  App-ID  User-ID  Content-ID  Wildfire • Inspects and Safely Enables Intra-Host Communications (East-West traffic) • Tracks VM Creation and Movement with Dynamic Address Group objects  API integration with orchestration: Automate Workflows  Centrally Managed through Panorama 58 | ©2014, Palo Alto Networks. Confidential and Proprietary.
VM-Series deployment options VM-Series for VMware vSphere (ESXi) • VM-100, VM-200, VM-300, and VM-1000-HV deployed as guest VMs on VMware ESXi • Deployed as part of virtual network configuration for East- West traffic inspection Copyright © 2014, Palo Alto Networks VM-Series for Citrix NetScaler SDX • VM-100, VM-200, VM-300, and VM-1000-HV deployed as guest VMs on Citrix NetScaler SDX • Consolidates ADC and security services for multi-tenant and Citrix XenApp/XenDesktop deployments VM-Series for VMware NSX • VM-Series for NSX deployed as a service with VMware NSX and Panorama • Ideal for East-West traffic inspection
Dynamic Address Groups and VM Monitoring VMware vCenter or ESXi Name IP Guest OS Container web-sjc-01 10.1.1.2 Ubuntu 12.04 Web sp-sjc-04 10.1.5.4 Win 2008 R2 SharePoint web-sjc-02 10.1.1.3 Ubuntu 12.04 Web exch-mia-03 10.4.2.2 Win 2008 R2 Exchange exch-dfw-03 10.4.2.3 Win 2008 R2 Exchange sp-mia-07 10.1.5.8 Win 2008 R2 SharePoint db-mia-01 10.5.1.5 Ubuntu 12.04 MySQL db-dfw-02 10.5.1.2 Ubuntu 12.04 MySQL Copyright © 2014, Palo Alto Networks PAN-OS Dynamic Address Groups Name Tags Addresses SharePoint Win 2008 R2 “sp” SharePoint Servers MySQL Servers MySQL Servers MySQL Ubuntu 12.04 “db” Miami DC Miami DC “mia” San Jose Linux Web Servers San Jose Linux Web Servers “sjc” “web” Ubuntu 12.04 10.1.5.4 10.1.5.8 10.5.1.5 10.5.1.2 10.4.2.2 10.1.5.8 10.5.1.5 10.1.1.2 10.1.1.3 PAN-OS Security Policy Source Destination Action SharePoint Servers San Jose Linux Web Servers ✔ MySQL Servers Miami DC  db-mia-05 10.5.1.9 Ubuntu 12.04 MySQL 10.5.1.9 60 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Copyright © 2014, Palo Alto Networks Model Sessions Rules Security Zones Address Objects IPSec VPN Tunnels SSL VPN Tunnels VM-100 50,000 250 10 2,500 25 25 VM-200 100,000 2,000 20 4,000 500 200 VM-300 250,000 5,000 40 10,000 1,000 500 VM-1000-HV 250,000 10,000 40 100,000 2,000 500
2 Core Configuration: Core 1 = Management Plane Core 2 = Data Plane 4 Core Configuration: Core 1 = Management Plane Core 2 = Data Plane: Read & Transmit packets Core 3 & Core 4 = Data Plane: Process packets 8 Core Configuration: Core 1 = Management Plane Core 2 = Data Plane: Reads packets Core 3 = Data Plane: Transmit packets Core 4 thru Core 8 = Data Plane: Process packets Copyright © 2014, Palo Alto Networks Effect of dedicating cores
Copyright © 2014, Palo Alto Networks Safely Enabling Mobile Devices GlobalProtect™
Challenge: Quality of Security Tied to Location Headquarters Branch Offices Enterprise-secured with full protection Copyright © 2014, Palo Alto Networks malware botnets exploits Airport Hotel Home Office Exposed to threats, risky apps, and data leakage
GlobalProtect™: Consistent Security Everywhere •Headquarters •Branch Office Copyright © 2014, Palo Alto Networks malware botnets exploits • VPN connection to a purpose-built firewall that is performing the security work • Automatic protected connectivity for users both inside and outside • Unified policy control, visibility, compliance and reporting
Unlocking The Potential of Mobile Depends On Security Copyright © 2014, Palo Alto Networks Intranet Running Your Business on Mobile Devices Benefits to Business Mobile Maturity Email Accessing Business Apps
New Approach to Safely Enabling Mobile Devices Manage the Device Protect the Device Control the Data Ensure devices are safely enabled while simplifying deployment & setup • Ensure proper settings in place, such as strong passcodes and encryption • Simplify provisioning of common configuration like email and certificates Copyright © 2014, Palo Alto Networks Protect the mobile device from exploits and malware • Protecting the device from infection also protects confidential data and unauthorized network access Control access to data and movement of between applications •Control access by app, user, and device state •Extend data movement controls to the device to ensure data stays within “business apps”
GlobalProtect Mobile Security Solution Copyright © 2014, Palo Alto Networks GlobalProtect App GlobalProtect Gateway Delivers mobile threat prevention and policy enforcement based on apps, users, content and device state Enables device management, provides device state information, and establishes secure connectivity GlobalProtect Mobile Security Manager Provides device management, malware detection, and device state
Manage The Device Manage Device Settings Copyright © 2014, Palo Alto Networks  Enforce security settings such as passcode  Restricts device functions such as camera  Configure accounts such as email, VPN, Wi- Fi settings Understand Device State  Monitor and report device state for policy enforcement, such as:  Whitelisted / blacklisted apps  Rooted / jailbroken Perform Key Operations  Ex: lock, unlock, wipe, send a message Detect Android Malware  Detect and react to the presence of malware GlobalProtect Mobile Security Manager GlobalProtect App
Protect The Device Consistent Security Everywhere Copyright © 2014, Palo Alto Networks  IPsec/SSL VPN connection to a purpose- built next-generation security platform for policy enforcement regardless of the device location Mobile Threat Prevention  Vulnerability (IPS) and malware (AV) protection for mobile threats  URL filtering for protection against malicious websites  WildFire™ static and dynamic analysis for advanced mobile threats Threats GlobalProtect Gateway GlobalProtect App
Control The Data Copyright © 2014, Palo Alto Networks Control Access to Applications and Data  Granular policy determines which users and devices can access sensitive applications and data  Policy criteria based on application, user, content, device, and device state for control and visibility  Identify device types such as iOS, Android, Windows, Mac devices  Identify device ownership such as personal (BYOD) or corporate issued  Identify device states such as rooted/jailbroken  File blocking based on content and content type Control Data Movement Between Apps on the Device  Solution provides the foundation for future developments in data protection Applications and Data GlobalProtect Gateway GlobalProtect App
How the Integrated Solution Works Copyright © 2014, Palo Alto Networks
Copyright © 2014, Palo Alto Networks Internet WildFire Cloud Traps Advanced Endpoint Protection
Copyright © 2014, Palo Alto Networks

End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)

Check these out next

End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)

Recomendados

Mais conteúdo relacionado

Apresentações para você(20)

Destaque(18)

Similar a End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)(20)

Mais de BAKOTECH(20)

Último(20)

End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)