Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

PAN-OS - Network Security/Prevention Everywhere Slide 1 PAN-OS - Network Security/Prevention Everywhere Slide 2 PAN-OS - Network Security/Prevention Everywhere Slide 3 PAN-OS - Network Security/Prevention Everywhere Slide 4 PAN-OS - Network Security/Prevention Everywhere Slide 5 PAN-OS - Network Security/Prevention Everywhere Slide 6 PAN-OS - Network Security/Prevention Everywhere Slide 7 PAN-OS - Network Security/Prevention Everywhere Slide 8 PAN-OS - Network Security/Prevention Everywhere Slide 9 PAN-OS - Network Security/Prevention Everywhere Slide 10 PAN-OS - Network Security/Prevention Everywhere Slide 11 PAN-OS - Network Security/Prevention Everywhere Slide 12 PAN-OS - Network Security/Prevention Everywhere Slide 13 PAN-OS - Network Security/Prevention Everywhere Slide 14 PAN-OS - Network Security/Prevention Everywhere Slide 15 PAN-OS - Network Security/Prevention Everywhere Slide 16 PAN-OS - Network Security/Prevention Everywhere Slide 17 PAN-OS - Network Security/Prevention Everywhere Slide 18 PAN-OS - Network Security/Prevention Everywhere Slide 19 PAN-OS - Network Security/Prevention Everywhere Slide 20 PAN-OS - Network Security/Prevention Everywhere Slide 21
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

2 Likes

Share

Download to read offline

PAN-OS - Network Security/Prevention Everywhere

Download to read offline

Slide deck from our "PAN-OS - Network Security/Prevention Everywhere" webinar. Using Palo Alto Networks, PAN-OS, enterprises can build an IT Security Platform capable of delivering protection against all stages of the Cyber-Attack Lifecycle. From Reconnaissance to Act on Objective, the PAN-OS Single-Pass Parallel Processing (SP3) engine combines efficient throughput with maximum data protection. Instructor Ryan Sharpston describes how the SP3 Architecture can increase network traffic visibility and enable you to control your environment. HE also explored the Palo Alto Networks “SP3” process, the definition of “Zero Trust” in regards to network security, and how “PAN-OS” stays “current” with today’s threat landscape. He also covers the options available to “test-drive” the PAN-OS against your network. For more information on Palo Alto training, visit https://www.globalknowledge.com/us-en/training/course-catalog/brands/palo-alto-networks/

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

PAN-OS - Network Security/Prevention Everywhere

  1. 1. PAN-OS - Network Security/Prevention Everywhere Presented by Ryan Sharpston
  2. 2. © Global Knowledge Training LLC. All rights reserved. Page 2 Presenter Ryan Sharpston Senior Technical Instructor at Global Knowledge • 20 years of telecom field installation and maintenance experience. • Courses include Palo Alto Networks, SonicWALL, and Avaya technologies. • The lead SME for Global Knowledge integration and lab design for new course/environment updates.
  3. 3. EDU-210 Version A PAN-OS® 9.0 SECURITY OPERATING PLATFORM AND ARCHITECTURE PREVENTION EVERYWHERE • Security platform overview • Next-generation firewall architecture • Zero Trust security model • Firewall offerings
  4. 4. After you complete this module, you should be able to: Learning Objectives • Describe the characteristics of the Security Operating Platform • Describe the single-pass architecture • Describe the Zero Trust security model and how it relates to traffic moving through your network 4 | © 2019 Palo Alto Networks, Inc.
  5. 5. Cyber-attack Lifecycle Stop the attack at any point! Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Act on Objective | © 2019 Palo Alto Networks, Inc.5
  6. 6. Security Operating Platform Network Security Advanced Endpoint Protection Cloud Security Customer Apps Third-Party Partner Apps Application Framework and Logging Service Palo Alto Networks Apps Cloud-Delivered Security Services | © 2019 Palo Alto Networks, Inc.6 Common Framework for new Apps/Services
  7. 7. Security Operating Platform (Cont.) • Panorama: Management and reporting • Aperture: Software-as-a-service (SaaS) security • GlobalProtect: Extend platform externally • AutoFocus: Threat intelligence that can be acted on • MineMeld: Aggregate threat intelligence Network Security GlobalProtect Cloud-Delivered Security Services AutoFocusAperture | © 2019 Palo Alto Networks, Inc.7 Panorama MineMeld
  8. 8. Security platform overview Next-generation firewall architecture Zero Trust security model Firewall offerings
  9. 9. Palo Alto Networks Single-Pass Architecture Single pass: • Operations per packet: • Traffic classification with App-ID technology • User or group mapping • Content scanning: threats, URLs, confidential data • One single policy (per type) Parallel processing: • Function-specific parallel processing hardware engines • Separate data and control planes | © 2019 Palo Alto Networks, Inc.9
  10. 10. Palo Alto Networks Firewall Architecture Control Plane | Management Provides configuration, logging, and reporting functions on a separate processor, RAM, and hard drive Signature Matching Stream-based, uniform signature match including vulnerability exploits (IPS), virus, spyware, CC#, and SSN Security Processing High-density parallel processing for flexible hardware acceleration for standardized complex functions Network Processing Front-end network processing, hardware-accelerated per-packet route lookup, MAC lookup, and NAT Control Plane Data Plane SIGNATURE MATCHING exploits (IPS) | virus | spyware | CC# | SSN REPORT AND ENFORCE POLICY CPU RAM STORAGE configuration | logging | reporting SECURITY PROCESSING App-ID | User-ID | URL match policy match | app decoding | SSL/IPsec | decompression NETWORK PROCESSING flow control | route lookup | MAC lookup | QoS | NAT CPU RAM RAM FPGA Management configuration | logging | reporting Signature Matching exploits | virus | spyware | CC# | SSN Security Processing App-ID | User-ID | URL match | policy match | SSL/IPsec | decompression Network Processing flow control | MAC lookup | route lookup | QoS | NAT Data Interfaces MGT interfaceCPU Single-Pass Pattern Match consoleRAM SSD Enforce Policy Network Processing Components Hardware component types and sizes per layer vary per firewall model. Security Processing Components Signature Matching Components | © 2019 Palo Alto Networks, Inc.10 SSD=Solid State Drive
  11. 11. Security platform overview Next-generation firewall architecture Zero Trust security model Firewall offerings
  12. 12. Data Flows in an Open Network North- South Traffic East-West Traffic | © 2019 Palo Alto Networks, Inc.12
  13. 13. Data Flows Secured by Palo Alto Networks Solution | © 2019 Palo Alto Networks, Inc.13
  14. 14. Exploitation Installation Act on ObjectiveC2Delivery App-ID Block high-risk applications Block C2 on non- standard ports Prevent exfiltration and lateral movement URL Filtering Block known malware sites Block malware, fast-flux domains Vulnerabilit y Block the exploit Prevent lateral movement Anti- spyware Block spyware, C2 traffic Antivirus Block malware Prevent lateral movement Traps Monitor allowed processes and executables Prevent the exploit Prevent malicious .exe from running File Blocking Prevent drive-by downloads Prevent exfiltration and lateral movement DoS and/or Zone Prevent evasions Prevent DoS attacks WildFire® Identify malware Detect unknown malware Detect new C2 traffic coordinated Threat PreventionIntegrated Approach to Threat Prevention | © 2019 Palo Alto Networks, Inc.14
  15. 15. Security platform overview Next-generation firewall architecture Zero Trust security model Firewall offerings
  16. 16. Physical Platforms Panorama Next-Generation Firewalls M-200 M-500/WF-500/600 PA-220 PA-800 Series PA-5200 Series PA-7000 Series PA-3200 Series PA-220R | © 2019 Palo Alto Networks, Inc.16
  17. 17. VM-Series Models and Capacities Performance and Capacities VM-700 VM-500 VM-300 VM-100/ VM-200 VM-50 /Lite Firewall throughput (App-ID enabled) 16Gbps 8Gbps 4Gbps 2Gbps 200Mbps Threat prevention throughput 8Gbps 4Gbps 2Gbps 1Gbps 100Mbps New sessions per second 120,000 60,000 30,000 15,000 3,000 Dedicated CPU cores 2, 4, 8, 16 2, 4, 8 2, 4 2 2 Dedicated memory (minimum) 56GB 16GB 9GB 6.5GB 4.5GB/4GB Dedicated disk drive capacity (minimum) 60GB 60GB 60GB 60GB 32GB | © 2019 Palo Alto Networks, Inc.17
  18. 18. Virtual Systems • Separate, logical firewalls within a single physical firewall • Creates an administrative boundary • Use case: multiple customers or departments Physical firewall vsysA TrustZone UntrustZone vsysB TrustZone UntrustZone Data Interfaces Data Interfaces | © 2019 Palo Alto Networks, Inc.18
  19. 19. Now that you have completed this module, you should be able to: Module Summary • Describe the characteristics of the Security Operating Platform • Describe the single-pass architecture • Describe the Zero Trust security model and how it relates to traffic moving through your network | © 2019 Palo Alto Networks, Inc.19
  20. 20. © Global Knowledge Training LLC. All rights reserved. Page 20 Courses Firewall 9.0: Essentials - Configuration and Management Palo Alto Networks Training Courses Cybersecurity Certification Training
  21. 21. © Global Knowledge Training LLC. All rights reserved. Page 21 Learning More GlobalKnowledge.com For additional on-demand and live webinars, white papers, courses, special offers and more, visit us at…
  • KarthikKrishnamoorth6

    Oct. 21, 2020
  • SteveDowner

    Jun. 22, 2020

Slide deck from our "PAN-OS - Network Security/Prevention Everywhere" webinar. Using Palo Alto Networks, PAN-OS, enterprises can build an IT Security Platform capable of delivering protection against all stages of the Cyber-Attack Lifecycle. From Reconnaissance to Act on Objective, the PAN-OS Single-Pass Parallel Processing (SP3) engine combines efficient throughput with maximum data protection. Instructor Ryan Sharpston describes how the SP3 Architecture can increase network traffic visibility and enable you to control your environment. HE also explored the Palo Alto Networks “SP3” process, the definition of “Zero Trust” in regards to network security, and how “PAN-OS” stays “current” with today’s threat landscape. He also covers the options available to “test-drive” the PAN-OS against your network. For more information on Palo Alto training, visit https://www.globalknowledge.com/us-en/training/course-catalog/brands/palo-alto-networks/

Views

Total views

734

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

43

Shares

0

Comments

0

Likes

2

×