Palo Alto Networks VM-Series for VMware vCloud® AirTM Next-Generation Security for Hybrid Clouds Palo Alto Networks 24-Aug-2015 © 2014 VMware Inc. All rights reserved. vCloud Air Security Requirements • Cloud environments provide basic security – Security is a shared responsibility between cloud provider and customer – Port and protocol security is not sufficient • Cloud environments lack – visibility and control of applications and traffic sources – protection against known and unknown threats (APTs) The VM-Series can be deployed to protect the green highlighted use cases CONFIDENTIAL 2 Securing Applications and Data in vCloud Air • Step 1: Import VM-Series OVF using vCloud Director or OVF Tool – Deploy the VM-Series behind the Edge Gateway with destination NAT and static routes • Step 2: VM-Series as the gateway/perimeter firewall – Protect your public facing deployments in vCloud Air with a next generation firewall • Step 3: Securely extend the data center into the cloud – Use the VM-Series to control applications and users accessing the cloud over IPSec • Step 4: Protect against lateral threats between subnets and app-tiers – Use the VM-Series to control traffic between vApp subnets in the vDC CONFIDENTIAL 3 Improving Security in vCloud Air Deployments • Identify and control applications – Control applications based on their behavior and identity - not the port they use – Restrict application usage based on user identity - not just IP address • Prevent known and unknown threats – Block known exploits, malware and inbound command-and-control communications – Block known malicious URLs and IP addresses – Analyze files and email links to detect previously unknown threats; automatically deliver protections globally • Streamline management and policy updates – Single management interface can manage both physical and virtual firewalls • Flexible integration options – REST-based API enables integration with 3rd party ecosystem of partner solutions CONFIDENTIAL 4 Licensing and Deployment Options • VM-Series Next-Generation firewall – Same security features as the physical firewalls – Consistent management interfaces: web UI, CLI, REST API – Manage both physical and virtual versions centrally with Panorama • Available through a bring your own license (BYOL) model – VM-Series for ESXi – All SKU’s: VM-100, -200, -300, -1000-HV – Subscriptions: Threat Prevention, WildFire, URL Filtering, GlobalProtect • How to deploy – Import VM-Series into vCloud Air just like any other VM – Deploy in L3 mode and add license authcode For Partners: Expand Business Opportunities • Leverage a partnership that is multi-level and now 2 years+ old – Executive, product management, field sales and marketing – Proven in the market and in customer deployments • Improve customer data center security posture – Visibility and control over applications, not ports – Micro-segmentation using zero-trust principles – Prevent known and unknown threats both North-South and East-West • Engage in long term, business critical projects that bring: – Significant architecture and design opportunities – Trusted advisor status and ongoing revenue streams • Expand your business partnerships and competencies – Security market is roughly $16B – The 5 year life time value of our customer base is 10X the initial purchase Thank You