Palo Alto Networks Oleksandr Rapp, Systems Engineer Ведущая в мире компания по кибербезопасности 85 #1 60,000+ of Fortune 100 in enterprise security клиентов доверяют Palo Alto Networks в 150+ странах Тренд выручки 40% CAGR FY14 ‒ FY18 FY14 63% из Global 2000 клиенты Palo Alto Networks FY15 FY16 FY18 29% год за годом рост выручки* Q4FY2018. Fiscal year ends July 31 Gartner, Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q18, 14 June 2018 3 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary. FY17 9.1/10 Средний бал CSAT Security Appliances Market Share 20% 19,3% 18,6% 17,9% 18% 17,0% 16,3% 15,9% 16% 14% 12,8% 12,7% 12,6% 13,0% 12,5% 14,0% 12,6% 12% 12,1% 9,3% 10% 10,6% 9,8% 8% 7,2% 6,9% 6,2% 7,1% 6% 5,9% 4% 8,2% 5,5% 4,8% 4,5% 4,1% 3,4% 2,8% 2% 2,2% 0% Q2'12 Q2'13 Q2'14 Cisco Check Point Source: IDC WW Quarterly Security Appliance Tracker 2017Q1; Published: September 14, 2017 Q2'15 Palo Alto Networks Q2'16 Fortinet Juniper Q2'17 Many Happy Customers Q1FY18 ~45,300 50 000 45 000 Q1FY17 ~35,700 40 000 Q1FY16 >28,000 35 000 30 000 Q1FY15 >20,600 25 000 Q1FY14 >14,000 20 000 Q1FY13 >10,000 15 000 10 000 5 000 - Q1FY10 ~600 Q1FY11 >2,500 Q1FY12 >6,000 ПОЗИЦИЯ ЛИДЕРСТВА GARTNER • Palo Alto Networks позиционируется как лидер в магическом квадранте Gartner для корпоративных сетевых файерволов 7 лет подряд. • Palo Alto Networks обладает высочайшей эффективностью и дальновидностью в квадранте лидеров. Gartner не поддерживает какого-либо поставщика, продукт или услугу, описанную в его исследовательских публикациях, и не советует пользователям технологии выбирать только тех поставщиков, которые имеют наивысший рейтинг или другое назначение. Исследовательские публикации Gartner состоят из мнений исследовательской организации Gartner и не должны рассматриваться как констатация факта. Gartner отказывается от всех гарантий, явных или подразумеваемых, в отношении данного исследования, включая любые гарантии товарной пригодности или пригодности для определенной цели. Платформа безопасности нового поколения Palo Alto Networks Next-Generation Threat Cloud Next-Generation Threat Cloud Анализ подозрительных файлов в облаке Распространение сигнатур безопасности на МЭ Next-Generation Firewall Инспекция трафика Контроль приложений и пользователей Защита от угроз 0-ого дня Блокировка угроз и вирусов на уровне сети Next-Generation Endpoint Palo Alto Networks Next-Generation Firewall Инспекция процессов и файлов Защиты от известных и неизвестных угроз Защиты стационарных, виртуальных и мобильных пользователей Интеграция с облачной защитой от угроз 55 | © 2017, Palo Alto Networks. Confidential and Proprietary. Palo Alto Networks Next-Generation Endpoint Attacks are not so straight forward anymore Attack Stages of Modern Malware Targeted malicious email sent to user Malicious website exploits client-side vulnerability User clicks on link to a malicious website Drive-by download of malicious payload Applications Have Changed; Firewalls Have Not BUT…applications have changed • Ports ≠ Applications • IP Addresses ≠ Users • Packets ≠ Content Need to restore visibility and control in the firewall Keeping Up With Applications and Users in the Datacenter Lync ports to open as recommended by Microsoft Random, non-contiguous communication ports and protocols …… accessed by distributed workforce with different security risk profiles Preventing attacks Reduce attack surface area Complete visibility • • • • Network & endpoint (different views) All applications, inc. cloud & SaaS All users & devices, inc. all locations Encrypted traffic 12 | © 2016, Palo Alto Networks. Confidential and Proprietary. • • • • • Enable business apps Block “bad” apps Limit app functions Limit high risk websites and content Require multi-factor authentication Prevent all known threats • • • • • Exploits Malware Command & control Malicious & phishing websites Bad domains Detect & prevent new threats • • • Unknown malware Zero-day exploits Custom attack behavior Automate the Reduction of Attack Surface Full visibility 0 1 Limit network traffic to businessrelevant applications and geo-locations 83 427 223 2 Eliminate all known threats UDP 3 TCP * Eliminate all unknown threats Preventing Known Threats – TP License Intrusion Prevention System Anti-Virus Drive by Download Protection 14 | ©2012, Palo Alto Networks. Confidential and Proprietary. Command & Control Protection DNS Protection and Sinkhole Preventing Known Threats – URL Filtering License Malware Hosting Sites Phishing Sites URL Filtering for Productivity Prevent Credential Phishing 15 | ©2012, Palo Alto Networks. Confidential and Proprietary. Preventing Unknown Threats Preventing Unknown Threats Protections Files WildFire Public Cloud NON-SENSITIVE FILES • APK • PE • JAR/CLASS • FLASH Internet Protections Enterprise Network Files Palo Alto Networks security platform SENSITIVE FILES • OFFICE DOCS • PDF Darknet WildFire Private Cloud 1 to many НЕМЕДЛЕННОЕ ПРЕДОТВРАЩЕНИЕ С ПОМОЩЬЮ АВТОМАТИЗАЦИИ 1 NGFWs, Aperture, and Traps send unknowns or suspicious files and links to WildFire Third-party integration Static analysis 2 Machine Dynamic Network Dynamic Bare metal learning analysis Profiling Unpacking analysis WildFire malware analysis WildFire analyzes the unknown, renders a verdict, and shares threat intelligence 3 Automatically reprogram network, endpoint, and cloud to protect against new threats Cloud Network Endpoint Сервис Wildfire в цифрах 7,500+ 31,000+ корпоративных клиентов сервиса в мире 5-15 мин. NGFW – сенсоры и источники файлов время реакции Wildfire на новую угрозу WildFire THREAT INTELLIGENCE CLOUD 44 | © 2017, Palo Alto Networks. Confidential and Proprietary. URL Filtering Forensics & Reporting сигнатур безопасности каждые 15 мин. до 330,000+ 150,000 Вариантов вирусов закрывает 1 сигнатура (≠ hash, URL) сигнатур DNS и URL каждые 15 мин. до 77.5% Threat Prevention 120,000 Вирусов неизвестны другим AV (VirusTotal) AutoFocus & MineMeld: Automating Network Consumption Unit 42 & Other TAGs 3rd party Integration API WildFireTM ”Consume” ”Consume” URL/DNS BlackList File Hashes IP Address Reputation Lists ”Write” (Samples, URL’s, etc.) ”Read” Signature Packages Third Party SIEM Third Party - AntiVirus - Web Proxy Mobile / Branch Users SaaS Assets Public Cloud IaaS Datacenters Traditionally, More Security = Poor Performance Traditional Security Each security box or blade robs the network of performance Best Case Performance Threat prevention technologies are often the worst offenders Firewall Leads to the classic friction between network and security IPS Anti-Malware 24 | ©2012, Palo Alto Networks. Confidential and Proprietary. Инновационные технологии Palo Alto Networks •App-ID™ •Идентификация •приложений User-ID™ •Идентификация •пользователей •Content-ID™ •Контроль данных •+ SSL decryption UTM Firewall Mimarisi L4 Session Table App Signatures Stateful FW policy Application Policy Packet Inspection Flow Port-based session Inspection Application Inspection URL Signatures IPS Signatures Virus Signature s Web Filtering Policy IPS Policy Anti-Virus Proxy URL Inspection Threat Inspection AV Inspection Архитектура параллельной обработки Один проход • Каждый пакет сканируется только один раз • При сканировании одновременно определяется: - Приложение - Пользователь/группа - Контент – угрозы, URL и т.д. Параллельная обработка • Специализированное аппаратное обеспечение для каждой задачи • Разделение Data plane и Control plane До 200 Гбит/с, низкая задержка Palo Alto Networks NGFW and SP3 Technology SINGLE PASS F W IP S A V UR L SSL Security vs Performance Threat Preven on Performance (Mbps) Security vs Performance 180 160 160 6000 140 5000 5372 5318 5265 4000 120 100 80 3000 60 2000 36 40 20 20 1000 10 14 10 7,5 0 10 5,5 0 Firewall (L4) 0 Firewall + IPS Firewall + IPS +AV Firewall + IPS + AV + Spyware Firewall (L7) FW (L7) + IPS Palo Alto Networks FW (L7) + IPS + AV FW (L7) + IPS + AV + BOT + DNS Other Vendor “Regardless of which UTM features we enabled - intrusion prevention, antispyware, antivirus, or any combination of these - results were essentially the same as if we'd turned on just one such feature. Simply put, there's no extra performance cost…” NetworkWorld, 2012 29 | ©2012, Palo Alto Networks. Confidential and Proprietary. Performance vs Price Security Modules Palo Alto Product Palo Alto Price Other Vendor Product Other Vendors Price IPS $$ $ IPS AV $$ $$ IPS AV BOT DNS $$ $$$$ 30 | ©2012, Palo Alto Networks. Confidential and Proprietary. Delivering Security as a Service In One “Platform” Next-Generation Firewall: Обезопасьте свои публичные и приватные облака SDN Integration Orchestration Frameworks Microsoft Azure Hypervisor support Public clouds Аппаратная линейка NGFWs 2019 PA-7000 SERIES PA-5200 SERIES PA-3200 SERIES PA-800 SERIES PA-220R PA-220 SMALL BRANCHES & REMOTE LOCATIONS 34 | © 2019 Palo Alto Networks. All Rights Reserved. NETWORK PERIMETER LARGE DATACENTERS PA-7080 - самый производительный в мире NGFW 350 Gbps Threat Prevention throughput: 2x Nearest Competitor 3x decryption performance increase, 25x decryption session capacity increase* 100G and 40G connectivity options Investment protection: Use new cards with existing chassis 35 | © 2019 Palo Alto Networks. All Rights Reserved. Performance without compromising security * Compared to first generation network processing cards PANORAMA • Panorama is the central management Platform for our NGFW • Panorama provides the ability to manage all aspects of multiple firewalls from a centralized location. • Panorama has an internal Log Service incl. DB. Traps ESM Server (Log only) Cloud SSL SSL HTTPS Branch Offices SSL SSL Headquarters PANORAMA: DEPLOYMENT OPTIONS • Panorama Management Server mode • • Central Management and log collection Log Collector mode • • Dedicated log collection (Panorama 8.1: also on a virtual Panorama device) No web interface; CLI only and Panorama only Logs PA-5060 Panorama Management Server Logs Dedicated Log Collector PAN-OS 9.0: НОВЫЕ ИНТЕГРИРОВАННЫЕ ИННОВАЦИИ ЧТО БЫ ОСТАНОВИТЬ АТАКИ INTEGRATED DNS SECURITY Разрушает атаки с использованием DNS протокола NEW POLICY OPTIMIZER помогает закрыть опасные пробелы в политиках ENTERPRISE PA-7000 SERIES Самый быстрый NGFW в индустрии СВЫШЕ 60 НОВЫХ ФИЧ СОХРАНЯЕТ ВРЕМЯ И УСИЛИВАЕТ ЗАЩИТУ 38 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary. TRAPS ПРЕДОТВРАЩАЕТ ИНФИЦИРОВАНИЕ КОМПЬЮТЕРОВ BLOCK RANSOMWARE, EXPLOITS AND FILELESS THREATS 39 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary. STOP SPREAD OF THREATS WITH SHARED INTELLIGENCE ENTERPRISE DETECTS AND RESPONDS TO ATTACKS WITH MACHINE LEARNING EXPLOIT PROTECTION FOCUSES ON TECHNIQUE ROP Heap Spray Heap Spray Utilize OS Functions Document opened by user Endpoint protected from exploit Attacker attempts to exploit vulnerability in OS/application Exploit attempt blocked before successful malicious activity Traps focuses on exploit techniques rather than the exploit itself 40 | © 2018, Palo Alto Networks, Inc. All Rights Reserved. ЗАЩИТА ВАШЕГО ТРАНСФОРМИРОВАНОГО ПРЕДПРИЯТИЯ SECURE THE ENTERPRISE DATA CENTER SOC SECURE THE FUTURE CONNECTED DEVICES DATA LAKE AI / MACHINE LEARNING SECURE ACCESS SECURE THE CLOUD 42 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary. PUBLIC CLOUD SAAS ПУТЕШЕСТВИЯ В ОБЛАКА CLOUD ACCESS SAAS APPLICATIONS CLOUD APPLICATIONS Connect users and transport data to and from the cloud Discover and control the use of third party applications running in the cloud Design, build, deploy, and run applications in the cloud 43 | © 2019 Palo Alto Networks. All Rights Reserved. СТРАТЕГИЯ ЗАЩИТЫ ОБЛАКОВ Secure DevOps CLOUD Cloud-enabled Mobile Workforce Cloud-connected Branch Cloud Threat Protection Cloud Data Protection. 44 | © 2019 Palo Alto Networks. All Rights Reserved. Zero Trust Cloud Security Cloud Governance & Compliance CORTEX XDR DETECTS AND INVESTIGATES SOPHISTICATED ATTACKS FUTURE CortexTM XDR CortexTM Data Lake NETWORK Automatically detect attacks using rich data & cloud-based behavioral analytics 47 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary. ENDPOINT Accelerate investigations by stitching data together to reveal root cause CLOUD Tightly integrate with enforcement points to stop threats & adapt defenses ЭКОСИСТЕМА ТЕХНИЧЕСКИХ ПАРТНЕРОВ CLOUD ENTERPRISE SECURITY IDENTITY& ACCESS MANAGEMENT IOT MOBILITY THREAT INTELLIGENCE NETWORKING ORCHESTRATION & SECURITY AUTOMATION VIRTUALIZATION SECURITY ANALYTICS SD-WAN EXPERIENCE THE DIFFERENCE https://apps.paloaltonetworks.com/marketplace/slr 51 | © 2015, Palo Alto Networks. Confidential and Proprietary. https://www.paloaltonetworks.com/events/test-drive