in on-premise environments but in private cloud data centres, public clouds,. SaaS applications and ... and for SaaS app
NEXT-GENERATION SECURITY PLATFORM
PROTECTING OUR DIGITAL WAY OF LIFE In recent years, the digital landscape has faced countless technological innovations. These have improved our ways of life and doing business, but they have also created more cyber risks. Such risks can hamper business significantly and negatively affect our daily lives – and unfortunately, various research firms find the number of victims of cyberattacks is growing significantly every year. In the early days of the digital age, people worried about script kiddie attacks committed just for fun, but today, people worry about sophisticated, targeted attacks conducted by organised groups. This could undermine the fundamental trust in technology that enables the digital age.
Perimeter Security Measures Are Not Sufficient Today’s organisations have become more complex, storing their data not only in on-premise environments but in private cloud data centres, public clouds, SaaS applications and even the devices of their mobile workforce. The threat landscape organisations must navigate has also changed significantly, such that security measures only at the perimeter, or other ‘point solutions’, are not sufficient anymore. Many of today’s stealthy, advanced and persistent cyberattacks avoid traditional security measures throughout the attack lifecycle.
In response to the evolving threat landscape, organisations began to combine security products from various vendors, resulting in multi-layered protection using various security devices, such as firewalls, antivirus, sandboxes and intrusion prevention systems IPS. Unfortunately, this approach doesn’t work. The different point products are not built with integration and automation in mind, instead designed to work in a ‘siloed’ environment. They lack the ability to automatically coordinate or communicate with other security technologies on an organisation’s network, let alone with other networks outside the organisation’s perimeter. This forces security personnel to rely on their least-scalable resource – people – to fight machine-generated attacks.
An Automated, Integrated Security Platform Based on Zero Trust Organisations need to be agile, capable of managing current and future threats. It’s impossible to fight a highly automated adversary with old-fashioned, nonintegrated tools. That requires an automated, integrated security platform grounded in a Zero Trust approach. Security should be focused on business outcomes, designed from the inside out, starting with the assets and/or data that need protection. Zero Trust requires determining who has access to what based on business need, as well as inspecting and logging all traffic.
NEXT-GENERATION SECURITY PLATFORM To enable organisations to securely roll out new services and apps, Palo Alto Networks built the Next-Generation Security Platform to provide prevention through automation, applied consistently across the network, endpoint and cloud. For this to be possible, we knew the platform had to be everywhere users, devices and applications were so it could provide visibility and coordinated enforcement of protections: •• On the network with the next-generation firewall, including to remote users and locations with GlobalProtect™ network security for endpoints and GlobalProtect cloud service. •TP • On the UF endpointWF with Traps™ AFadvanced LS endpoint LC protection, MM which replaces legacy antivirus with a unique, multi-method approach that prevents Threat Preven�on URL Filtering WildFire AutoFocus Logging Service LightCyber MineMeld malware and exploits.
•• WildFire® cloud-based threat analysis service, which detects and prevents unknown threats, then quickly and automatically shares protections across the platform. •• AutoFocus™ contextual threat intelligence, which provides organisations with intelligence they can use to drive proactive responses to unknown attacks. •• Logging Service, which provides the ability to centrally store logs in the cloud. •• M agnifier behaviour analytics, as part of Lightcyber, enables organizations to find active attackers within the organisation by monitoring anomalous activity. •• M ineMeld™ threat intelligence syndication engine, which allows the aggregation of third-party threat intelligence and automates prevention from indicators of compromise.
TP
UF
Threat Preven�on URL Filtering
•• In the public cloud with our VM-Series virtualised next-generation firewalls SECURITY SERVICES and for CLOUD-DELIVERED SaaS applications with Aperture™ SaaS security service.
WF
AF
LS
LC
MM
WildFire
AutoFocus
Logging Service
LightCyber
MineMeld
CLOUD-DELIVERED SECURITY SERVICES
The capabilities of the platform seamlessly extend through our cloud-delivered services, including: NETWORK SECURITY
ADVANCED ENDPOINT PROTECTION
CLOUD SECURITY
•• Threat Prevention, which blocks known malware, exploits and commandGP VMGP TR AP and-control activity on the network. Cloud Service
Series
•• URL Filtering, which provides safe web access by preventing users from malicious and phishing sites, amongst other functions.
NETWORK SECURITY GP
Cloud Service
GP
ADVANCED ENDPOINT PROTECTION
TR
CLOUD SECURITY VMSeries
AP
NEXT-GENERATION FIREWALL As the foundational element of the Next-Generation Security Platform, the next-generation firewall provides security for the entire network. It provides deep visibility and granular control over all applications – even malicious applications that try to evade detection by masquerading as legitimate traffic, hopping ports or using encryption (TLS/SSL or SSH).
The next-generation firewall: •• I nspects and controls content traversing the network to detect and block known and unknown threats in a single pass. •• P roactively identifies and defends against unknown or custom malware and exploits. •• M aximises performance using a single-pass architecture that scans traffic only once, regardless of which features are enabled.
4
App-ID
User-ID
Content-ID
The next-generation firewall uses App-ID™ technology to accurately identify applications in all traffic passing through the network. App-ID:
User-ID™ technology provides visibility into application activity at the user level, not just IP address level, allowing you to more effectively enable the applications traversing your network. You can align application usage with business requirements, inform users that they are in violation of policy or block their application usage outright, if appropriate. UserID lets you:
Content-ID™ technology delivers a new approach based on the complete analysis of all allowed traffic, using multiple advanced threat prevention technologies in a single, unified engine. With Content-ID, the next-generation firewall can:
•• A utomatically identifies applications using multiple identification mechanisms, unlike legacy firewalls that identify applications only by IP addresses, ports and protocols. •• I dentifies applications disguised as authorised traffic, using dynamic ports or trying to pass through the firewall via an SSL encryption tunnel. App-ID secures encrypted traffic with policy-based decryption. •• A pplies policy-based identification, decryption, and inspection to inbound and outbound SSL traffic. •• Performs policy-based identification and control of SSH tunneled traffic.
•• Define policies to safely enable applications based on users or user groups, in either outbound or inbound directions – for example, you can allow only the IT department to use tools like SSH, Telnet and FTP on standard ports. •• C reate policies that follow users no matter where they go – headquarters, branch offices or at home – and whatever devices they may use.
•• Block vulnerability exploits, buffer overflows, port scans, and the evasion and obfuscation methods attackers use to hide their activity. It stops outbound malware communications, blocks access to known malware and phishing download sites, and reduces the risks associated with the transfer of unauthorised files and data. •• Use a stream-based approach that simplifies management, streamlines processing and maximises performance.
•• G enerate informative reports on user activities, using any of the predefined templates or by creating a custom template.
01010101010101010101010101010101010101010101010101010101010101010101010 10101010101010101010101010101010101010101010101010101010101010101010101 01010101010101010101010101010101010101010101010101010101010101010101010 10101010101010101010101010101010101010101010101010101010101010101010101 01010101010101010101010101010101010101010101010101010101010101010101010 10101010101010101010101010101010101010101010101010101010101010101010101 01010101010101010101010101010101010101010101010101010101010101010101010 10101010101010101010101010101010101010101010101010101010101010101010101 01010101010101010101010101010101010101010101010101010101010101010101010 10101010101010101010101010101010101010101010101010101010101010101010101 01010101010101010101010101010101010101010101010101010101010101010101010 10101010101010101010101010101010101010101010101010101010101010101010101 01010101010101010101010101010101010101010101010101010101010101010101010 101010101010101010101010101010101010101010101010101010101
5
GLOBALPROTECT
Deliver Security to Any User, on Any Device, Anywhere
Safely Enable BYOD and Contractor Access to Applications
GlobalProtect delivers the protection of the NextGeneration Security Platform to your mobile workforce to stop targeted cyberattacks, evasive application traffic, phishing, malicious websites, command-andcontrol traffic, and known and unknown threats.
GlobalProtect provides consistent security for BYOD. Users can access applications in the cloud and data centre with GlobalProtect Clientless VPN. You can also enable support for per-app VPN using integration with enterprise mobility management including AirWatch®, Microsoft® Intune® and MobileIron®.
You can’t secure what you can’t see. With a GlobalProtect subscription, you can stay on top of application usage for all users and bring all traffic through a next-generation firewall for full visibility into application traffic, across all ports, all the time.
6
GLOBALPROTECT CLOUD SERVICE GlobalProtect cloud service is a cloud-based security infrastructure, operated by Palo Alto Networks, that can be deployed in hours or days, not weeks or months. Based on our NextGeneration Security Platform, GlobalProtect cloud service is managed by Panorama, allowing you to create and deploy consistent security policies across your entire organisation. Following a shared ownership model, the service allows you to move your remote location and mobile user security expenditures to a more efficient and predictable Opex model.
In summary, GlobalProtect cloud service provides the following: •• Consistent next-generation security for your remote network and mobile users. •• Reduction of the operational burden associated with providing consistent security for all locations and users.
7
TRAPS Traps advanced endpoint protection brings multi-method prevention built into a single, lightweight agent that secures endpoints against known and unknown malware and exploits. Alone or as part of Palo Alto Networks Next-Generation Security Platform, Traps stops targeted, sophisticated threats, such as ransomware and file-less attacks, without relying on signatures.
•• Prevention of known threats: Traps first queries WildFire to learn whether a file has been encountered elsewhere and determine if any further analysis is required. •• Prevention of unknown threats: If a file is unknown, two processes launch in parallel: °° Local analysis to prevent unknown threats, based on a machine learning model trained with the rich data of our threat intelligence cloud. °° WildFire dynamic analysis to prevent highly evasive threats, utilizing the infinite scalability and power of the cloud.
8
•• Automated intelligence sharing: Once it identifies a threat as malicious or benign, WildFire automatically communicates this information across the entire community of Palo Alto Networks customers in as few as five minutes, without any human intervention. •• Prevention of script-based and file-less threats: For attacks where there is no file to analyse, malicious process preventions ensure child processes are spawning appropriately, including command-line examination for additional accuracy and granularity. •• Prevention of behaviour-based ransomware: To future-proof against evolving ransomware,
Traps includes a focused layer of protection that analyses ransomware behaviour to shut down attacks before they can encrypt customer data. •• Extensive exploit prevention: °° Reconnaissance protection: Traps automatically prevents vulnerability profiling used by exploit kits. °° T echnique-based exploit prevention: This measure blocks exploit techniques used to manipulate good applications. °° K ernel exploit protection: This offers protection against exploits targeting or originating from the kernel.
Multi-Method Exploit Prevention
Multi-Method Malware Prevention
Traps leads the industry in preventing both known and unknown exploits, protecting organizations from unpatched and unpatchable vulnerabilities as well as zero-day exploits.
Traps prevents malicious executables, DLLs and Office files, and maximises coverage against malware whilst simultaneously reducing the attack surface and reducing the number of false positives teams must investigate.
Traps delivers comprehensive exploit prevention using multiple methods: •• Reconnaissance protection: Traps automatically prevents vulnerability profiling used by exploit kits. •• T echnique-based exploit prevention: Rather than focus on the millions of individual attacks or their underlying software vulnerabilities, Traps focuses on blocking the exploitation techniques typically used by all exploit-based attacks. By removing the “tools” attackers use to manipulate applications, Traps prevents exploitation attempts before they can compromise endpoints. •• K ernel exploit prevention: Traps prevents exploits that leverage vulnerabilities in the operating system kernel as well as new exploit techniques used to execute malicious payloads, such as those seen in the recent WannaCry and NotPetya attacks, without any negative impact on legitimate processes.
•• W ildFire threat intelligence: Traps prevents previously seen malware using intelligence from WildFire cloudbased threat analysis service. Comprising millions upon millions of sensors spanning firewalls, endpoints and SaaS applications, and boasting more than 3.1 billion samples – with as much as 70 per cent of files unknown to VirusTotal® – WildFire is the world’s largest distributed sensor system focused on identifying and preventing unknown threats. More than 21,500 enterprise, government, and service provider customers and partners contribute to the collective immunity of all other users.
•• G ranular child process protection: Traps prevents script-based attacks by default with out-of-the-box, fine-grained controls over the launching of legitimate applications, such as script engines and command shells, and continues to grow these capabilities through regular content updates. Administrators get additional flexibility and control with the ability to whitelist or blacklist child processes, along with command-line comparisons to increase detection without negative impact to legitimate processes. •• B ehaviour-based ransomware protection: In addition to existing multi-method preventions, including exploit prevention, local analysis and WildFire, Traps monitors the system for ransomware behaviour and, upon detection, immediately blocks the attack and prevents encryption of customer data.
•• Local analysis via machine learning: Based on a model trained from WildFire, local analysis examine hundreds of file characteristics in a fraction of a second to render a malicous or benign verdict, without relying on signatures or scanning, before a file is allowed to run. •• Dynamic analysis: Traps makes use of WildFire to detect unknown malware and automatically reprogrammes itself to prevent known malware based on a secondary analysis engine that takes advantage of the infinite power and scalability of the cloud. Dynamic analysis detonates files in our custom-built virtual environment to observe their behaviour, detect advanced anti-evasive techniques and, if necessary, redirect them to a bare metal analysis environment to deal with highly advanced threats.
9
VM-SERIES
Next-Generation Security for Private and Public Clouds The VM-Series is a virtualised version of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware®, Amazon® Web Services, Microsoft, Citrix® and KVM. The VM-Series natively analyses all traffic in a single pass to identify the application, its content and the user. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports. In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
10
Securing the Private Cloud Defined as an environment in which you are responsible for the management of all aspects of the virtualisation, hardware, compute, networking and security, a private cloud is often considered to be synonymous with your data centre, and in fact, many data centres are 100 per cent virtualised using VMware, Microsoft Hyper-V®, KVM or other private cloud technologies. The VM-Series allows you to protect your private cloud infrastructure using application enablement policies whilst simultaneously preventing known and unknown threats. The VM-Series supports the following private cloud environments: VMware ESXi™ and NSX®, Citrix NetScaler ® SDX™, Microsoft Hyper-V and KVM/OpenStack®.
Securing the Public Cloud
The VM-Series
Defined as ready-made compute, networking and storage environments, public cloud offerings, such as AWS®, Microsoft Azure or Google® Cloud, bring users ubiquitous access, infrastructure consistency and rapid scalability to address workload ‘bursts’. In a public cloud, securing your applications and data against attackers is your responsibility, and that‘s where the VM-Series can help.
The VM-Series consists of five models that deliver App-ID-enabled throughput ranging from 200 Mbps with the VM-50 to 16 Gbps with the VM-700. To learn more about the performance and capacities of the VM-Series, please visit our firewall comparison tool:
The VM-Series protects your public cloud deployment using application enablement policies whilst simultaneously preventing known and unknown threats. The VM-Series support the mayor public cloud environments like Amazon Web Services, Azure and Google Cloud as well as the mayor private cloud environments like VMware, KVM, Hyper-V and others.
https://www.paloaltonetworks.com/ products/product-selection
VM
Series
11
APERTURE
The use of software-as-a-service, or SaaS, applications is creating new risks and gaps in security visibility for malware propagation, data leakage and regulatory noncompliance. Aperture™ SaaS security service delivers complete visibility and granular enforcement across all user, folder and file activity within sanctioned SaaS applications, providing detailed analysis and analytics on usage without requiring any additional hardware, software or network changes.
12
SaaS Security Challenges The concept of data residing only in a single, centralised location does not typically apply to today’s modern networks. Instead, an organisation’s data is often spread throughout multiple locations, including many that are not under the organisation’s control. Wherever data is located, IT organisations are still responsible for securing it as it moves. This is clearest when it comes to SaaS applications. It is quite difficult to control the use of or have visibility into these applications with a traditional security implementation. Since end users set up and use them directly, permission is not needed to access them or move sensitive corporate data to them. This presents a significant challenge as some end users act as their own IT departments, with control over the applications they use and how, but without data expertise, risk assessment or prevention strategies. Even skilled users with security experience can run into problems with SaaS applications if they don’t have the right tools that provide visibility into the data exposure and threat insertions SaaS can introduce. To gain control of SaaS usage, you need to start by clearly defining the SaaS applications that should be used and which behaviours are allowed within those applications. This requires a clear definition of which applications are allowed or not allowed – ‘sanctioned’ or ‘unsanctioned’, respectively – and putting solutions in place to control their access and usage.
Safely Enable SaaS/IaaS/PaaS Applications With Aperture Data that resides within enterprise-enabled SaaS applications might not always be visible to an organisation’s network perimeter. Aperture can connect directly to sanctioned software-, infrastructure- and platform-as-a-service applications to provide data classification, sharing and permission visibility, and threat detection within the application. This yields unparalleled visibility, allowing organisations to inspect content for data risk violations as well as control access to shared data via a contextual policy. Aperture builds upon the existing SaaS visibility and granular control capabilities of App-ID technology within our NextGeneration Security Platform with detailed SaaS-based reporting and granular control of SaaS access. Safely enabling SaaS applications via Aperture provides full, end-to-end security without any additional software, hardware or network changes required. The same applies to IaaS and PaaS applications.
Aperture Highlights • � Complete visibility across all user, folder and file activity, providing detailed analysis that helps you transition from a position of speculation to one of certainty at any given point in time. • Retroactive analysis of data exposure that looks at data in-line as well as from the creation of the SaaS account itself, up to three months ago. • Deep analytics into day-to-day usage that allow you to quickly determine if there are any data risks or compliance-related policy violations. • Granular, context-aware policy control that enables you to drive enforcement and quarantine users and data as soon as a violation occurs. • Advanced threat protection to block known malware as well as identify and block unknown malware.
13
WILDFIRE
World’s Largest Cloud-Based Threat Analysis Service •• W ildFire uses advanced malware analysis techniques to execute and analyse files and URLs in a custom-built, cloud-based virtual environment to discover unknown threats. •• G enerated protections are distributed to all WildFire subscribers in as few as five minutes, worldwide. •• D etection logic and the custom-built virtual environment are constantly updated to respond to the latest threats.
14
More than 21,500 customers worldwide are connected to WildFire and benefit from its static analysis, dynamic analysis and bare metal analysis capabilities.
Unknown Threat Analysis
Analysis Supports Multiple Versions
Protection Delivered in as Few as Five Minutes
To identify unknown malware and exploits, the contents of suspicious files are executed and analysed on various operating systems, including desktop, laptop and mobile device OS.
Conventional sandboxes support only fixed versions of applications on fixed versions of operating systems in their prepared virtual environments, meaning they cannot detect malware that runs only on specific, different versions. WildFire supports simultaneous multiversion inspection to analyse malware’s behaviour in greater detail. For instance, each version of Adobe Acrobat®, Reader ® and Flash (6.1 and later) is supported, amongst many other examples.
When a threat is detected, the network needs automatic protection, without manual intervention. When WildFire detects new malware, it automatically generates protection mechanisms to block command-and-control communications and distributes them to customers worldwide.
•• M any file types, including Windows® PE (EXE and DLL), PDF, Microsoft Office, Java®, Android® APK, Linux ELF, ZIP, 7ZIP, RAR and Adobe® Flash® (6.1 and later), are supported. For a complete list, download the WildFire datasheet. •• L inks in emails are accessed and analysed to determine whether the linked domains contain any threats.
Easy-to-Understand WildFire Reports Security managers can access WildFire analysis reports on the management screen, via the WildFire portal or through the AutoFocus dashboard to see how malware will behave and affect their systems when the file is opened. WildFire reports enable incident response teams to quickly and easily respond to new threats and build preventive control measures for them.
Flexible Deployment
•• Anti-malware, C2 and DNS-based callback signatures, as well as malicious URLs, are distributed globally in as few as five minutes. •• WildFire delivers an average of 230,000 protections each day.
WildFire running in a cloud environment provides scalability and extensibility of the sandbox environment. Customers who don’t want to share their threat data in the WildFire cloud can opt for the WF-500, an on-site, physical appliance. WildFire offers: •• A cloud-based sandbox environment that eliminates concerns over processing capacity. •• S upport for new applications, versions, and file types as needed. •• T he ability to configure distributed operations, such as sending files downloaded from the web to the cloud for analysis, but sending email attachments to an on-site WF-500 appliance.
Cutting-Edge Methods In its process of detecting unknown threats, WildFire utilises static analysis to examine file characteristics and dynamic analysis to study file behaviour. In addition, WildFire uses machine learning to apply new knowledge to future analysis requests. When WildFire encounters evasive malware – i.e., malware that can hide itself when it detects a virtual sandbox WF environment, it employs bare metal analysis.
15
AUTOFOCUS
AF
TARGETED THREAT RESPONSE AT YOUR FINGERTIPS
AutoFocus accelerates analysis, correlation and prevention workflows, leading to significant savings in time and resources. It automatically prioritises unique, targeted attacks and provides full context, allowing security teams to respond to critical attacks more quickly without additional IT resources.
16
Assistance for Determining Security Priorities AutoFocus enables you to distinguish the most important threats from everyday commodity attacks. With AutoFocus, instead of seeing only that a malicious event has occurred, you immediately know the context around it, such as the malware family, campaign or malicious actor targeting your organisation. AutoFocus will alert your security team about high-priority events it identifies, enabling you to take swift action to mitigate their impact.
Visibility Into the Unknown
Accelerated Analysis and Simplified Workflows
AutoFocus provides unprecedented visibility into unknown threats with the collective insight of thousands of global enterprises, service providers and governments. AutoFocus aggregates and correlates intelligence from numerous sources:
Legacy approaches to security rely on aggregating an increasing number of detection-focused alerts with complex analysis workflows after an event.
•• WildFire cloud-based threat analysis •• URL Filtering with PAN-DB •• MineMeld threat intelligence syndication engine •• Traps advanced endpoint protection •• Aperture SaaS security service •• Unit 42 threat intelligence and research team •• Intelligence from technology partners •• Palo Alto Networks global passive DNS network
AutoFocus puts the entire wealth of Palo Alto Networks threat intelligence at your fingertips, dramatically cutting the time it takes to conduct analysis, forensics or hunting efforts. Threat intelligence and context are available directly in PAN-OS®, Panorama or the AutoFocus portal for in-depth searching across indicators of compromise.
Threat Intelligence Drives Prevention Security teams require more than just raw threat intelligence – they need to be able to automatically transform it into actionable controls that prevent future attacks. AutoFocus simplifies workflows to create and enforce new controls, from fully automated to user-directed, within the same unified security platform.
Aggregate Any Third-Party Intelligence Source Organisations rely on multiple sources of threat intelligence to ensure wide visibility into emerging threats, but they struggle to aggregate, correlate, validate and share indicators across different feeds. As part of AutoFocus, the MineMeld application provides a single, unified threat feed and indicator management system.
Find the important events
Who is behind the attack
Respond to the incident
Tags & statistical analysis highlight critical events
Identify the actor and attack techniques
Block relevant indicators
17
PANORAMA Panorama provides static rules and dynamic security updates in an everchanging threat landscape, significantly reducing administrator workload and improving overall security posture with a single rule base for firewall, threat prevention, URL filtering, application awareness, user identification, file blocking and data filtering.
INTEGRATED MANAGEMENT Panorama enables you to control your distributed network of firewalls from one central location. Panorama is available as a dedicated management appliance or virtual machine.
18
In summary, Panorama provides: •• Streamlined policy management •• Simplified operations •• Unparalleled network and threat visibility •• Comprehensive log collection, including from your next-generation firewalls and Traps •• Flexible deployment options
With Panorama, you can view all next-generation firewall traffic, manage device configurations overall, allocate global policies, and generate reports on traffic patterns or security incidents, all from one central location. Logs of next-generation firewalls under Panorama are stored and managed in an integrated way. •• Unified visibility: You can opt to graphically display all applications, URLs, threats and data traversing all managed next-generation firewalls. •• Flexible policy control: Panorama supports locally and globally consistent policy control, allowing well-balanced security management according to your requirements. •• Flexible deployment options: Panorama can be deployed on M-100 or M-500 dedicated high-performance hardware, or on VMware ESX/ESXi virtual appliances. Appliances can also serve as dedicated log collectors for more distributed deployment and streamlined log collection.
M-100 Panorama’s management and logging functions can be deployed with a dedicated appliance. You can also build a distributed environment that separates the management and logging functions. •• Memory: 16GB •• Internal SSD: 120GB •• Storage: up to 4TB RAID 1 •• Rack size: 1U
M-500 This appliance is suitable for deployment in data centres and large environments. •• Memory: 128GB •• Internal SSD: 240GB •• Storage: up to 8TB RAID 1 •• Rack size: 2U
19
LOGGING SERVICE Enable Innovative Security Applications Adversaries constantly change their tactics, making it more difficult to detect attacks. To surface evasive threats and prevent successful cyber breaches, organisations must be able to perform advanced analytics on all available data. Applications that perform such analytics need access to scalable storage capacity and processing power. Palo Alto Networks Logging Service is a cloud-based offering for context-rich enhanced network logs generated by our security offerings, including those of our NGFWs and GlobalProtect cloud service. The cloud-based nature of the Logging Service allows customers to collect ever-expanding rates of data without needing to plan for local compute and storage. The Logging Service is the cornerstone of Palo Alto Networks Application Framework, which provides a scalable ecosystem of security applications that can apply advanced analytics in concert with Palo Alto Networks enforcement points to prevent the most advanced attacks. You are no longer limited by how much hardware is available nor how quickly sensors can be deployed.
Key Benefits •• L everages powerful, elastic cloud-based computing to provide analytics and insights on large amounts of data. •• S implifies operations by eliminating activities required to operationalise logging capacity. •• I ncreases agility, allowing you to be more responsive to your changing business needs.
20
Agile and Simple
Economic Model of Choice
Assessing the space, power, networking and high availability needs of logging infrastructure requires time and effort. In addition, how quickly you can deploy on-premise logging depends on the speed of shipping, installation and configuration of the hardware. Ongoing maintenance and monitoring of the logging infrastructure require continuous investment of resources, forcing you to deal with complex activities that aren’t core to your business.
Security products generate large amounts of valuable data that can be correlated to surface evasive threats and prevent attacks. However, to convert that data into actionable information, organisations need an affordable way to store, process and analyse as much of it as possible.
Logging Service is ready to scale from the time you start using it. No more waiting for the hardware to ship, and no more time spent planning for space, power and high availability requirements. We take care of all the infrastructure needs, including storage and compute, to provide you with analytics and insights you can use. If you already have on-premise log collectors, the new Logging Service can easily complement them. You purchase Logging Service capacity to fit your current logging needs, and if your requirements change, you can always modify the plan. The ability to procure and deploy Logging Service quickly allows you to be responsive to your business needs.
The combination of Logging Service and on-premise log collectors gives you complete flexibility to align logging capacity purchase to your economic model of choice. Use your current on-premise log collectors where they exist or where regulations mandate their use. Augment those collectors with cloud-based Logging Service to address capacity needs for new locations or rapidly changing business needs according to the economic model that aligns best with your business. Panorama analyses your log data and provides actionable insights, giving you unparalleled network and threat visibility whether logs are stored in log collectors or Palo Alto Networks Logging Service.
21
APPLICATION FRAMEWORK Palo Alto Networks is ushering in the future of security innovation, reinventing how customers rapidly access, evaluate and adopt the most compelling new security technologies as an extension of the Next-Generation Security Platform they already operate. The all-new Application Framework is a culmination of more than a decade of security disruption, providing customers with superior security through compelling cloud-based apps developed by Palo Alto Networks and today’s most innovative security providers, large and small. This new framework enables Palo Alto Networks, third-party developers, MSSPs and customers to rapidly build and deliver innovative cloud-based security services through a suite of cloud APIs, services, compute and native access to customer-specific data stores. Apps are engineered on a common framework for seamless integration and information exchange between different apps, the customer data store, and the infrastructure, enabling automated threat identification, prevention, analytics and orchestration use cases from any provider, large or small.
22
Customer-Specific Data Store Powered by the Logging Service, the data store allows apps to deliver precise, instrumented outcomes built upon high-fidelity data across the entire platform. It enables apps to deliver unique value from data collected through next-generation firewall enhanced logs, endpoint events and SaaS security events from the components of the platform, including: •• Threat intelligence: This intelligence is derived from more than 21,500 WildFire subscribers, human-curated threat context from Unit 42 and telemetry from more than 100 other sources. •• Logging Service: Data contained within the Palo Alto Networks Logging Service, which serves as the central cloud-based repository for all application data and logs, allows customers to collect ever-expanding types of data without needing to plan for local storage. This includes event data from elements across the entire platform and information produced by neighboring apps running in the framework. By leveraging Palo Alto Networks security services and sensors across the platform, app developers can focus on driving new security capabilities, not generating, ingesting and storing high-volume data.
App Partners Apps featured on the Application Framework come from security providers of all sizes, including dozens of leading organisations across independent software vendors, managed security service provider, and customers.
23
SUBSCRIPTIONS FOR NEXT-GENERATION FIREWALLS Threat Prevention
S
This service detects and stops vulnerability exploits, buffer overflows, port scans and exploit kits through the use of signatures, heuristics and statistical anomaly detection. In addition, it delivers predictable IPS performance through hardware acceleration, a uniform signature format and a single-pass software architecture. URL Filtering
WildFire
WildFire analyses files and links globally, and then designates never-beforeseen items for further investigation with static and dynamic analysis over multiple operating systems and application versions. If it categorises a sample as malicious, WildFire automatically generates and distributes new preventions for the Next-Generation Security Platform and integration partners in as few as five minutes. •• Supports Windows XP, Windows 7, Mac® OS X®, macOS® and Android operating systems; with full visibility into common file types, including EXE, DLL, ZIP, PDF, as well as Microsoft Office documents, Java files, Android APKs, and Adobe Flash applets; and webpages, including high-risk embedded content, such as Java and Flash files and images.
S
The integration of URL Filtering with WildFire and the single-pass architecture of our next-generation firewall enhances your company’s security posture quickly and automatically, and keeps it up to date. Combining fast URL look-ups with a local cache, instead of a big database download, significantly reduces latency and increases the accuracy and relevance of the categorisation in addition to lowering your total cost of ownership.
S
•• WF-500 appliance is available as a private cloud for additional data privacy. GlobalProtect
S
This service provides endpoint security for remote users and mobile devices outside the boundaries of physical networks. •• Next-generation firewalls, GlobalProtect and GlobalProtect Mobile Security Manager collaborate to provide three functions: device management, device control and data access control. •• Supports Android 4.0.3 and later, iOS 6.0 and later, Windows 7/8/8.1, and Mac OS X 10.6 and later.
S
24
Subscription: Right to use requires annual payment
LICENSES FOR NEXT-GENERATION FIREWALLS
SUBSCRIPTIONS FOR ENDPOINT PROTECTION AND THREAT INTELLIGENCE
Virtual System
Traps
L
Virtual systems are separate, logical firewall instances within a single physical Palo Alto Networks firewall. Rather than using multiple individual firewalls, managed service providers and enterprises can use a pair of firewalls in a high availability configuration and enable virtual systems on them. Each virtual system functions as an independent, separately managed firewall with its traffic kept separate from that of other virtual systems.
S
Advanced endpoint protection keeps endpoints safe from advanced malware and zero-day vulnerability exploits. •• Provides functions such as exploit protection, malware protection and forensic data gathering. •• Exchanges intelligence on unknown threats with WildFire users worldwide.
•• PA-3000 Series: maximum 6 instances •• PA-5020: standard 10/maximum 20 instances
AutoFocus
•• PA-5050: standard 25/maximum 125 instances
AutoFocus provides contextual threat intelligence that accelerates analysis, correlation and prevention workflows with data sourced from WildFire, the Unit 42 threat research team and other AutoFocus users. Equipped to show threat information by business priority, AutoFocus also provides specific background information on attack contents, attackers and organised attacks.
•• PA-5060/PA-7050/PA-7080: standard 25/maximum 225 instances
S
L
License: Permanent right to use paid at the time of purchase
S
Subscription: Right to use requires annual payment
25
Platform Specifications and Features Summary
Performance and Capacities1
PA-7080 System2
PA-7050 System2
PA-5260
PA-5250
PA-5220
Firewall throughput (App-ID)
200 Gbps
120 Gbps
72.2 Gbps
35.9 Gbps
18.5 Gbps
Threat prevention throughput
100 Gbps
60 Gbps
30 Gbps
20.3 Gbps
9.2 Gbps
IPSec VPN throughput
80 Gbps
48 Gbps
21 Gbps
14 Gbps
5 Gbps
New sessions per second
1,200,000
720,000
458,000
348,000
169,000
Max sessions
40,000,000/80,000,000 3
24,000,000/48,000,000 3
32,000,000
8,000,000
4,000,000
Virtual systems (base/max 2)
25/225
25/225
25/225
25/125
10/20
PA-7080 System
PA-7050 System
PA-5260
PA-5250
PA-5220
Interfaces supported NPC option 1
Up to (20) QSFP+, (120) SFP+
Up to (12) QSFP+, (72) SFP+
Interfaces supported NPC option 24
Up to (120) 10/100/1000, (80) SFP, (40) SFP+
Up to (72) 10/100/1000, (48) SFP, (24) SFP+
Hardware Specifications 4
Management I/O
(2) 10/100/1000, (2) QSFP+ high availability, (1) 10/100/1000 out-of-band management, (1) RJ45 console
Rack mountable?
19U, 19” standard rack
9U, 19” standard rack or 14U, 19” standard rack with optional Airduct kit
Power supply
4x2500W AC (2400W / 2700) expandable to 8
4x2500W AC (2400W / 2700W)
(4) 100/1000/10G Cu, (16) 1G/10G SFP/SFP+, (4) 40G QSFP+
(2) 10/100/1000 Cu, (1) 10/100/1000 out-of-band management, (1) RJ45 console (1) 40G/100G QSFP28 HA
(1) 40G QSFP+ HA
3U, 19” standard rack 2x1200W AC or DC (1:1 Fully Redundant)
Redundant power supply?
Yes
Yes
Disk drives
2TB RAID1
System: 240GB SSD, RAID1. Log: 2TB HDD, RAID1
Hot swap fans
Yes
Yes
(1) Performance and capacities are measured under ideal testing conditions with PAN-OS 8.0. For VM-Series, they may vary based on underlying virtualization infrastructure(hypervisor/cloud). Refer to the individual datasheets for detailed performance and testing information. (2) Adding virtual systems to the base quantity requires a separately purchased license. (3) Max session capacity for PA-7000 NPCs with standard memory/extended memory. (4) Optical/Copper transceivers are sold separately. (5) CPU oversubscription supported with up to 5 instances running on a 2 CPU configuration. (6) 60GB required at initial boot. VM-Series will use 32GB after license activation.
26
(4) 100/1000/10G Cu, (16) 1G/10G SFP/SFP+, (4) 40G/100G QSFP28
Platform Specifications and Features Summary
Performance and Capacities1
PA-5060
PA-5050
PA-5020
PA-3060
PA-3050
PA-3020
Firewall throughput (App-ID)
20 Gbps
10 Gbps
5 Gbps
4 Gbps
4 Gbps
2 Gbps
Threat prevention throughput
10 Gbps
5 Gbps
2 Gbps
2 Gbps
2 Gbps
1 Gbps
IPSec VPN throughput
4 Gbps
4 Gbps
2 Gbps
500 Mbps
500 Mbps
500 Mbps
New sessions per second
120,000
120,000
120,000
50,000
50,000
50,000
Max sessions
4,000,000
2,000,000
1,000,000
500,000
500,000
250,000
Virtual systems (base/max 2)
25/225
25/125
10/20
1/6
1/6
1/6
Hardware Specifications
PA-5060
PA-5050
PA-5020
PA-3060
PA-3050
PA-3020
(12) 10/100/1000, (8) SFP, (4) 10 SFP+
(8) 10/100/1000, (8) SFP, (2) 10 SFP+
Interfaces supported4
(12) 10/100/1000, (8) SFP, (4) 10 SFP+
(12) 10/100/1000, (8) SFP
Management I/O
(2) 10/100/1000 high availability, (1) 10/100/1000 out-of-band management, (1) RJ45 console
(1) 10/100/1000 out-of-band management,(2) 10/100/1000 high availability, (1) RJ-45 console
Rack mountable?
2U, 19” standard rack
1.5U, 19” standard rack
1U, 19” standard rack
Power supply
Redundant 450W AC or DC
Redundant 400W AC
250W AC
Redundant power supply?
Yes
Yes
No
Disk drives
120GB or 240GB SSD, RAID Optional
120GB SSD
Hot swap fans
Yes
No
(1) Performance and capacities are measured under ideal testing conditions with PAN-OS 8.0. For VM-Series, they may vary based on underlying virtualization infrastructure(hypervisor/cloud). Refer to the individual datasheets for detailed performance and testing information. (2) Adding virtual systems to the base quantity requires a separately purchased license. (3) Max session capacity for PA-7000 NPCs with standard memory/extended memory. (4) Optical/Copper transceivers are sold separately. (5) CPU oversubscription supported with up to 5 instances running on a 2 CPU configuration. (6) 60GB required at initial boot. VM-Series will use 32GB after license activation.
27
Platform Specifications and Features Summary Performance and Capacities1
PA-850
PA-820
PA-500
PA-220
PA-200
Firewall throughput (App-ID)
1.9 Gbps
940 Mbps
250 Mbps
500 Mbps
100 Mbps
Threat prevention throughput
780 Mbps
610 Mbps
100 Mbps
150 Mbps
50 Mbps
IPSec VPN throughput
500 Mbps
400 Mbps
50 Mbps
100 Mbps
50 Mbps
New sessions per second
9,500
8,300
7,500
4,200
1,000
Max sessions
192,000
128,000
64,000
64,000
64,000
Virtual systems (base)
1
1
N/A
1
N/A
Hardware Specifications
PA-850
PA-820
PA-500
PA-220
PA-200
Interfaces supported
(4) 10/100/1000, (4/8) SFP, (0/4) 10 SFP+
(4) 10/100/1000, (8) SFP
(8) 10/100/1000
(8) 10/100/1000
(4) 10/100/1000
(1) 10/100/1000 out-of-band management, (2) 10/100/1000 high availability, (1) RJ-45 console, (1) USB, (1) Micro USB console
(1) 10/100/1000 out-of-band management, (1) RJ-45 console
(1) 10/100/1000 out-of-band management, (1) RJ-45 console, (1) USB, (1) Micro USB console
(1) 10/100/1000 out-ofband management, (1) RJ-45 console
1U, 19” standard rack
4
Management I/O Rack mountable?
1U, 19” standard rack
1.62”H X 6.29”D X 8.07”W
1.75” H x 7”D x 9.25”W
Power supply
Two 500W AC. One is redundant.
200W
180W
Dual redundant 40W
40W
Redundant power supply?
Yes
No
No
Yes (optional)
No
Disk drives
240GB SSD
160GB
32GB EMMC
16GB SSD
Hot swap fans
No
No
No
No
Performance and Capacities1
VM-50
VM-100/VM-200
VM-300/VM-1000HV
VM-500
VM-700
Firewall throughput (App-ID)
200 Mbps
2 Gbps
4 Gbps
8 Gbps
16 Gbps
Threat prevention throughput
100 Mbps
1 Gbps
2 Gbps
4 Gbps
8 Gbps
IPSec VPN throughput
100 Mbps
1 Gbps
1.8 Gbps
4 Gbps
6 Gbps
New sessions per second1
3,000
15,000
30,000
60,000
120,000 2,4,8,16
CPU Configurations Supported
25
2
2,4
2,4,8
Dedicated Memory (Minimum)
4.5GB
6.5GB
9GB
16GB
56GB
Dedicated Disk drive capacity (Min)
32GB6
60GB
60GB
60GB
60GB
Supported Environments VMware ESXi 5.1/5.5/6.0 (Standalone) KVM on CentOS/RHEL and Ubuntu Microsoft Hyper-V (Windows 2012 R2 Server)
Yes
NSX Manager 6.0/6.1/6.2 Citrix Xen Server on SDX 10.1 Amazon AWS Microsoft Azure
Yes
Yes No Y (BYOL Only)
Y (BYOL and Marketplace)
(1) Performance and capacities are measured under ideal testing conditions with PAN-OS 8.0. For VM-Series, they may vary based on underlying virtualization infrastructure(hypervisor/cloud). Refer to the individual datasheets for detailed performance and testing information. (2) Adding virtual systems to the base quantity requires a separately purchased license. (3) Max session capacity for PA-7000 NPCs with standard memory/extended memory.
28
No
No Y (BYOL Only)
(4) Optical/Copper transceivers are sold separately. (5) CPU oversubscription supported with up to 5 instances running on a 2 CPU configuration. (6) 60GB required at initial boot. VM-Series will use 32GB after license activation.
Next-Generation Firewall Specifications Overview Key Features
Supported Across All Platforms
Firewall Thousands of applications for visibility and control, ability to create custom applications, ability to manage unknown traffic based on policy User identification and control: VPNs, WLAN Controllers, Captive Portal, Proxies, Active Directory, eDirectory, Exchange, Terminal Services, Syslog parsing, XML API Granular SSL decryption & inspection (inbound and outbound), per-policy SSH control (inbound and outbound) Networking: Dynamic routing (RIP, OSPF, BGP, Multiprotocol BGP), DHCP, DNS, NAT, Route redistribution, ECMP, LLDP, BFD, Tunnel content inspection QoS: Policy-based traffic shaping (priority, guaranteed, maximum) per application, per user, per tunnel, based on DSCP classification Virtual systems: Logical, separately-managed firewall instances within a single physical firewall, with each virtual system’s traffic kept separate Zone-based network segmentation and zone protection; DoS protection against flooding of new sessions Threat Prevention (subscription required) Prevention of a wide variety of threats, including vulnerability exploits, malware and botnets Blocking polymorphic malware by focusing on payload, instead of hash or filename Protections automatically updated every five minutes (with WildFire subscription) Advanced Malware Protection (WildFire subscription required) Dynamic analysis: Detonation of files in a custom-build evasion resistant virtual environment, enabling detection of zero-day malware and exploits Static analysis: Detection of malware and exploits that attempt to evade dynamic analysis, as well as instantly identifying variants of existing malware Machine learning: Extraction of thousands of unique features from each file, training a predictive machine learning classifier to identify new malware and exploits Bare metal analysis: Evasive threats automatically sent to a real hardware environment for detonation, entirely removing an adversary’s ability to deploy anti-VM analysis Automated signature updates every 5 minutes for zero-day malware and exploits discovered by any WildFire subscriber Contextual Threat Intelligence Service (AutoFocus subscription required) Context around attacks, adversaries and campaigns, including targeted industries Accelerated analysis and response efforts, including prioritized alerts for the most critical threats URL Filtering (Subscription Required) Protection against malicious sites exposing your people and data to malware and exploit kits Protection from credential phishing by inspecting webpages to determine whether the content and purpose is malicious in nature Custom URL categories, customizable alerts and notification pages File and Data Filtering Bidirectional control over the unauthorized transfer of file types and Social Security Numbers, Credit Card Numbers, and custom data patterns Mobile Security (GlobalProtect subscription required) Remote access VPN (SSL, IPSec, clientless) and mobile threat prevention and policy enforcement based on apps, users, content, device and device state BYOD: app-level VPN for user privacy Management and Visibility Tools (Panorama subscription required for managing multiple firewalls) Intuitive policy control with applications, users, threats, advanced malware protection, URL, file types, data patterns – all in the same policy Actionable insight into traffic and threats with Application Command Center (ACC), fully customizable reporting Aggregated logging and event correlation Consistent management of all hardware and all VM-Series, role-based access control, logical and hierarchical device groups, and templates GUI, CLI, XML-based REST API
29
HOW THE NEXT-GENERATION SECURITY PLATFORM CONTRIBUTES TO GDPR COMPLIANCE
30
WHAT IS THE GDPR? The General Data Protection Regulation, or GDPR, is the European Union’s forthcoming personal data protection law. In May 2018, the GDPR will replace the 1995 Data Protection Directive, significantly changing the rules surrounding protection of personal data of EU residents. The GDPR aims to provide Europeans with greater say in how their personal data is collected and managed, particularly in light of technological advances over the last 20 years. Under the GDPR, individuals have many rights, including access, rectification and erasure of personal data held on them (the so-called right to be forgotten), and the right of data portability. The GDPR also introduces data breach notification requirements and large administrative fines, up to 4 per cent of companies’ annual global turnover.
The GDPR applies to entities that control or process personal data on EU residents. ‘Personal data’ is defined in the law quite broadly. In general, it is data that identifies or can be used to contact a person (e.g., name, email address, date of birth, user ID); identifies a unique device (potentially) used by a single person (e.g., an IP address or unique device ID); or reflects or represents a person’s behaviour or activity (e.g., location, applications downloaded, websites visited, etc.).¹ The GDPR applies to entities that are established in the EU, as well as entities established outside the EU if they offer goods or services to EU residents or monitor the behaviour of EU residents that takes place within the EU. In practical terms, this means any service provider that processes EU residents’ personal data must be compliant.
The GDPR introduces mandatory breach notification requirements for personal data. Supervisory authorities must be informed, in most instances, if personal data is lost, stolen or otherwise compromised without undue delay and, where feasible, not later than 72 hours after the breach is discovered. In certain cases, individuals must be notified as well. Notifications must describe a range of details about the breach, such as its nature, categories and number of personal data records concerned, likely consequences, and measures taken to address the breach and mitigate its effects. Finally, the GDPR introduces administrative fines. The consequences of noncompliance (whether egregious or accidental) are severe: a potential maximum fine of 4 per cent of annual global revenue (or maximum €20,000,000, whichever is higher) for noncompliance with many of its collection, processing and administrative obligations (such as the requirement to get consent, or various rules regarding data transfers to third countries), and 2 per cent (or maximum €10,000,000, whichever is higher) for security and data breach notification-related obligations, amongst others. The GDPR’s mandatory data breach notification mandate, with potential resulting reputational harm, regulators’ investigations and significant administrative fines, has firmly placed personal data protection as a board-level concern.
1. GDPR Article 4 (1): “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
31
HOW THE PALO ALTO NETWORKS PLATFORM CONTRIBUTES TO GDPR COMPLIANCE Cybersecurity is an essential investment to protect personal data and comply with the GDPR. The vast majority of GDPR requirements centre around data management, namely data collecting and processing. There are obligations to provide notice when collecting personal data, prohibitions on unauthorised data processing, requirements to keep records of data processing, a duty to appoint a data protection officer in certain instances, and rules regarding transfer of personal data to third parties and third countries, amongst others. This should not overshadow the fact that data security is also a pillar of the GDPR. The GDPR has specific security-related language, as described in detail below. Further, a key component of protecting personal data is keeping it secure – both from exfiltration by cyber adversaries and from internal leakage. Thus, as they prepare for the GDPR, it is imperative that organisations’ investments in compliance activities and information management processes and technologies be complemented with appropriate investments in cybersecurity.
Palo Alto Networks can help with organisations’ security and data protection efforts related to GDPR compliance by assisting in: •• S ecuring personal data: The GDPR requires security of data processing, accounting for the state of the art. Our Next-Generation Security Platform provides security at the application, network and endpoint levels, as well as in the cloud. •• D ata breach prevention: Prevention of data breaches, whether they are due to hacking or accidental leakage, is crucial for compliance with the GDPR. Proper cybersecurity is essential to ensure your organisation’s personal and business-critical data and applications remain protected. Our Next-Generation Security Platform is built for prevention. •• D ata breach notification: In the unfortunate instance of a data breach, it must be reported. Our Next-Generation Security Platform can help determine what personal data was compromised and contribute key facts about measures taken to address the breach.
Read the white paper ‘How the Next-Generation Security Platform Contributes to GDPR Compliance’ to learn more.
Download Whitepaper: https://get.info.paloaltonetworks.com/webApp/gdpr-compliance-en
32
NAVIGATING THE DIGITAL AGE Technology has transformed our world and will continue to do so. As we move more of our lives, business operations, and critical infrastructure into the digital arena, cyberattacks become more successful and damaging. Securing the trust in our digital networks is fundamental to protecting our way of life in this digital age. In order for companies to thrive in today’s global economy, they need to deliver their services along with security; however, this can only happen once leaders see cybersecurity and risk management as an extension of their business operations and growth. Wherever on the globe, this conversation must be a continuous and interactive one so that all business-minded leaders, regardless of industry or background, have the proper tools and guidance they need to effectively navigate cyber risk in the digital age.
Download the e-book version of ‘Navigating the Digital Age’ for your region: https://www.securityroundtable.org/library/ Second Edition coming August 2018!
SECURITY LIFECYCLE REVIEW The Security Lifecycle Review, or SLR, is a complimentary service that gives you an overview of your network and its applications, vulnerabilities, and risks. Here’s how it works: 1) We place a NGFW into your network environment – preferably at the SPAN port – and scan the traffic. 2) We analyse application usage and identify vulnerabilities and security risks based on the collected traffic data. 3) Finally, we provide you with an extensive report detailing proposed countermeasures.
34
Based on application operating characteristics defined by our research team, the risk level of each application is scored 1 to 5, and the top 35 applications are classified into categories and subcategories. Moreover, the top 25 applications are ranked in order of bandwidth consumption and HTTP use. High-level threats passing through your network are also displayed and reported.
Business Risks Caused by High-Risk Applications For applications with risk levels of 4 or 5, business risks are evaluated and presented based on multiple factors, including activity hiding, file transfer/information leaks/copyright infringement, personal use of communication applications and heavy consumption of bandwidth.
Recommended Measures Based on Risk Analysis and Evaluation For risk items identified by traffic analysis, we recommend specific measures, such as policies to apply to applications and web use; handling of high-risk applications, such as transfer/sharing of online files; and policies to apply to the use of proxies and remote access applications.
No Network Environment Changes Required The design of your existing network does not need to be changed. After you set mirror ports in your network devices, such as your firewalls and L2/L3 switches, we install the next-generation firewalls.
To learn more or request your SLR, visit go.paloaltonetworks.com/slr. go.paloaltonetworks.com/slr
35
Palo Alto Networks Oval Tower De Entrée 99-197, 5th Floor Amsterdam, The Netherlands EMEA Support: +31 20 808 4600 www.paloaltonetworks.com
© 2018 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at http://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.
