Palo Alto Networks Next Generation Security Platform Mikko Kuljukka Janne Volotinen Palo Alto Networks ataglance 2 2015 Palo Alto Networks Confidential and Proprietary ID: 556575
Download Presentation The PPT/PDF document "1 | © 2016, Palo Alto Networks. Con..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
1 | © 2016, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks-Next Generation Security Platform
Mikko
Kuljukka
Janne
VolotinenSlide2
Palo Alto Networks at-a-glance
2 | © 2015, Palo Alto Networks. Confidential and Proprietary.
CORPORATE HIGHLIGHTS
Founded in 2005; first customer shipment in 2007
Safely enabling applications and preventing cyber threats
Able to address all enterprise cybersecurity needs
Exceptional ability to support global customers
Experienced team of
3,300
+ employeesQ2 FY16: $334.7M revenue
$MM
REVENUES
ENTERPRISE CUSTOMERSSlide3
Palo
Alto Networks is positioned as a Leader in the Gartner Magic Quadrant for enterprise network
firewalls.*
*
Gartner Magic Quadrant for Enterprise Network Firewalls, Adam
Hils
, Greg Young, Jeremy
D’Hoinne
, and
Rajpreet Kaur, May 2016. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.© 2016 Palo Alto Networks. All Rights Reserved. Palo Alto Networks is highest in execution and a visionary within the Leaders Quadrant.Slide4
DELIVERING THE NEXT-GENERATION SECURITY PLATFORM
NATIVELY INTEGRATED
EXTENSIBLE
AUTOMATED
CLOUD
NETWORK ENDPOINT
NEXT-GENERATION FIREWALL
ADVANCED ENDPOINT PROTECTION
THREAT INTELLIGENCE CLOUD
Next-Generation
Firewall
Inspects all traffic
Safely enables applications
Sends unknown threats to cloud
Blocks network based
threats
Next-Generation Threat Intelligence
Cloud
Gathers potential threats from network and endpoints
Analysis
and correlates threat intelligence
Disseminates threat intelligence to network and endpoints
Next-Generation
Endpoint
Inspects all processes and
files
Prevents
both known and unknown exploits
Protects fixed, virtual, and mobile endpoints
Lightweight client and cloud basedSlide5
Making the Firewall a Business Enablement Tool
Applications: Enablement begins with application classification by App-ID.Users: Tying users and devices, regardless of location, to applications with User-ID and GlobalProtect.
Content: Scanning content and protecting against all threats, both known and unknown, with Content-ID and WildFire
.Slide6
Enabling Applications, Users and ContentSlide7
Single-Pass Parallel Processing™ (SP3) Architecture
Single Pass
Operations once per packet
Traffic classification (app identification)
User/group mapping
Content scanning – threats, URLs, confidential data
One policy
Parallel Processing
Function-specific parallel processing hardware engines
Separate data/control planes
7
| ©2014, Palo Alto Networks. Confidential and ProprietarySlide8
PREVENTION AGAINST
UNKNOWN THREATS
Palo Alto Networks Customers
Anti-malware signatures
DNS intelligence
Malware URL database
Anti-C2 signatures
Soak sites, sinkholes,
3
rd
party sources
Command-and-control
Staged malware downloads
Host ID and data exfil
WildFire
TM
Global intelligence and protection shared with all customers
SUSPICIOUS
TRAFFIC
SANDBOX
TESTING
SIGNATURE
CREATION
1
2
3
4Slide9
Protecting all data center traffic
Segment North South (physical) and East West (virtual) traffic
Tracks virtual application provisioning and changes via dynamic address groups
Automation and orchestration support via REST-API
Securing East West traffic
V
irtualized servers
Physical servers
corporate network/DMZ
Orchestration systems
Securing North South trafficSlide10
Exploit Attack
Exploit Techniques
Begin
Malicious
Activitiy
Normal Application
Execution
Exploit
Technique
1
Exploit
Technique
2
Exploit
Technique
3
Gaps
Are
Vulnerabilities
Activate key
logger
Steal critical data
More…
2. PDF is opened and exploit techniques
are set in motion to exploit vulnerability in Acrobat Reader.
1. Exploit
attempt contained in a PDF sent by “known” entity.
3. Exploit evades AV and drops a malware payload onto the target.
4. Malware evades AV, runs in memory.Slide11
Exploit Techniques
Normal Application
Execution
Traps Exploit
Prevention
Modules (
EPM)
1. Exploit
attempt
blocked. Traps requires no prior knowledge of the vulnerability.
Exploit
Technique
Blocked
Traps
EPM
Exploit Attack
2. PDF is opened and exploit techniques
are set in motion to exploit vulnerability in Acrobat Reader.
1. Exploit
attempt contained in a PDF sent by “known” entity.
3. Exploit evades AV and drops a malware payload onto the target.
4. Malware evades AV, runs in memory.Slide12
Exploit Techniques
Normal Application
Execution
Exploit
Technique
1
Exploit
Technique
Blocked
No Malicious
Activity
Traps
EPM
Exploit Attack
2. PDF is opened and exploit techniques
are set in motion to exploit vulnerability in Acrobat Reader.
1. Exploit
attempt contained in a PDF sent by “known” entity.
3. Exploit evades AV and drops a malware payload onto the target.
4. Malware evades AV, runs in memory.
Traps Exploit
Prevention
Modules (
EPM)
1. Exploit
attempt
blocked. Traps requires no prior knowledge of the vulnerability.
2. If
you turn off EPM #1, the first technique will succeed but the next one will be blocked
, still preventing
malicious activity. Slide13
SAFELY ENABLE APPLICATIONS
REDUCE
AND
CONTROL
RISK
FACILITATE
ACCESS
Remove threats from wanted traffic
DATA
CENTER
Cloud
Allow desired applications by user,
l
imit high-risk features
Visibility into all applications & users
on the networkSlide14
DELIVERING THE NEXT-GENERATION SECURITY PLATFORM
NATIVELY INTEGRATED
EXTENSIBLE
AUTOMATED
CLOUD
NETWORK ENDPOINT
NEXT-GENERATION FIREWALL
ADVANCED ENDPOINT PROTECTION
THREAT INTELLIGENCE CLOUD
Next-Generation
Firewall
Inspects all traffic
Safely enables applications
Sends unknown threats to cloud
Blocks network based
threats
Next-Generation Threat Intelligence
Cloud
Gathers potential threats from network and endpoints
Analysis
and correlates threat intelligence
Disseminates threat intelligence to network and endpoints
Next-Generation
Endpoint
Inspects all processes and
files
Prevents
both known and unknown exploits
Protects fixed, virtual, and mobile endpoints
Lightweight client and cloud basedSlide15
15 | © 2016, Palo Alto Networks. Confidential and Proprietary.
Thank you!