O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Next generation Firewalls from PaloAlto              VFM Systems & Services (P) Ltd.
About Palo Alto Networks• Palo Alto Networks is the Network Security Company• World-class team with strong security and ne...
Applications Have Changed; Firewalls Have Not The gateway at the trust border is the right place to enforce policy control...
Applications Carry Risk Applications can be “threats”              Applications carry threats    • P2P file sharing, tunne...
Enterprise 2.0 Applications and Risks Widespread Palo Alto Networks’ latest Application Usage & Risk Report   highlights a...
Technology Sprawl & Creep Are Not The Answer                                                      Internet  “More stuff” ...
The Right Answer: Make the Firewall Do Its Job  New Requirements for the Firewall  1. Identify applications regardless of ...
Identification Technologies Transform the Firewall   •App-ID™   •Identify the application   •User-ID™   •Identify the user...
Single-Pass Parallel Processing™ (SP3) Architecture                                        Single Pass                    ...
Transforming The Perimeter and DatacenterPerimeter                                                 Internet               ...
Comprehensive View of Applications, Users & Content                                                                      ...
Enables Visibility Into Applications, Users, and Content
PAN-OS Core Firewall Features                                                                                             ...
Next-Generation Firewalls Are Network Security
Summary  Identify and Control Applications       Visibility of 1200+ applications, regardless of        port, protocol, ...
For your attention and time.Questions?Write to : solutions@vfmindia.bizResponse Guaranteed
Próximos SlideShares
Carregando em…5
×

Vfm palo alto next generation firewall

  • Seja o primeiro a comentar

Vfm palo alto next generation firewall

  1. 1. Next generation Firewalls from PaloAlto VFM Systems & Services (P) Ltd.
  2. 2. About Palo Alto Networks• Palo Alto Networks is the Network Security Company• World-class team with strong security and networking experience - Founded in 2005 by security visionary Nir Zuk - Top-tier investors• Builds next-generation firewalls that identify / control 1100+ applications - Restores the firewall as the core of the enterprise network security infrastructure - Innovations: App-ID™, User-ID™, Content-ID™• Global footprint: 2,200+ customers in 50+ countries, 24/7 support
  3. 3. Applications Have Changed; Firewalls Have Not The gateway at the trust border is the right place to enforce policy control • Sees all traffic • Defines trust boundary BUT…applications have changed • Ports ≠ Applications • IP Addresses ≠ Users • Packets ≠ Content Need to restore visibility and control in the firewall
  4. 4. Applications Carry Risk Applications can be “threats” Applications carry threats • P2P file sharing, tunneling • SANS Top 20 Threats – majority are applications, anonymizers, application-level threats media/videoApplications & application-level threats result in major breaches – Pfizer, VA, US Army
  5. 5. Enterprise 2.0 Applications and Risks Widespread Palo Alto Networks’ latest Application Usage & Risk Report highlights actual behavior of 1M+ users in 723 organizations - Enterprise 2.0 applications continue to rise for both personal and Top 5 Applications business use. That Can Hop Ports - Tunneling and port hopping are common 100% - Bottom line: all had firewalls, most had IPS, proxies, & URL filtering – but none of these organizations could control what 80% applications ran on their networks 60% Frequency of Enterprise 2.0 Applications 96% 93% 92% 40% 100% 79% 85% 79% 80% 60% 47% 20% 40% 20% 12% 0% 0%
  6. 6. Technology Sprawl & Creep Are Not The Answer Internet  “More stuff” doesn’t solve the problem  Firewall “helpers” have limited view of traffic  Complex and costly to buy and maintain • Putting all of this in the same box is just slow
  7. 7. The Right Answer: Make the Firewall Do Its Job New Requirements for the Firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Protect in real-time against threats embedded across applications 4. Fine-grained visibility and policy control over application access / functionality 5. Multi-gigabit, in-line deployment with no performance degradation
  8. 8. Identification Technologies Transform the Firewall •App-ID™ •Identify the application •User-ID™ •Identify the user •Content-ID™ •Scan the content
  9. 9. Single-Pass Parallel Processing™ (SP3) Architecture Single Pass • Operations once per packet - Traffic classification (app identification) - User/group mapping - Content scanning – threats, URLs, confidential data • One policy Parallel Processing • Function-specific parallel processing hardware engines • Separate data/control planes Up to 20Gbps, Low Latency
  10. 10. Transforming The Perimeter and DatacenterPerimeter Internet Datacenter Enterprise Datacenter Page | Same Next-Generation Firewall, Different Benefits…
  11. 11. Comprehensive View of Applications, Users & Content  Application Command Center (ACC)  View applications, URLs, thr eats, data filtering activity  Add/remove filters to achieve desired resultFilter on Facebook-base Filter on Facebook-base Remove Facebook to and user cookPage 11 | expand view of cook
  12. 12. Enables Visibility Into Applications, Users, and Content
  13. 13. PAN-OS Core Firewall Features PA-5060 Visibility and control of applications, users and content complement core firewall features PA-5050Strong networking foundation Zone-based architecture PA-5020  Dynamic routing (BGP, OSPF, RIPv2)  All interfaces assigned to security  Tap mode – connect to SPAN port zones for policy enforcement  Virtual wire (“Layer 1”) for true transparent in-line deployment High Availability  Active/active, active/passive PA-4060  L2/L3 switching foundation  Policy-based forwarding  Configuration and session synchronizationVPN  Path, link, and HA monitoring PA-4050   Site-to-site IPSec VPN SSL VPN Virtual Systems Establish multiple virtual firewalls in aQoS traffic shaping  single device (PA-5000, PA-4000, and PA-4020  Max/guaranteed and priority PA-2000 Series)  By user, app, interface, zone, & more Simple, flexible management  Real-time bandwidth monitor  CLI, Web, Panorama, SNMP, Syslog PA-2050 PA-2020 PA-500
  14. 14. Next-Generation Firewalls Are Network Security
  15. 15. Summary  Identify and Control Applications  Visibility of 1200+ applications, regardless of port, protocol, encryption, or evasive tactic  Fine-grained control over applications (allow, deny, limit, scan, shape)  Addresses the key deficiencies of legacy firewall infrastructure  Prevent Threats  Stop a variety of threats – exploits (by vulnerability), viruses, spyware  Stop leaks of confidential data (e.g., credit card #, social security #)  Stream-based engine ensures high performance  Enforce acceptable use policies on users for general web site browsing  Simplify Security Infrastructure  Put the firewall at the center of the network security infrastructure  Reduce complexity in architecture and operations
  16. 16. For your attention and time.Questions?Write to : solutions@vfmindia.bizResponse Guaranteed

×