Palo Alto Networks – The Network Security Company

The evolution of the application landscape has made it more difficult for firewalls to protect the corporate network. An increasing number of consumer and business applications are using sophisticated security evasion techniques such as dynamic or random port numbers, and application emulation/tunneling. The result is an enterprise network that is rife with unapproved and uncontrollable applications – unseen by traditional firewalls – that brings unwanted exposure to a wide range of security and compliance related risks.

Palo Alto Networks’ next-generation firewalls enable enterprises to identify and control applications, users, and content—not just ports, IP addresses, and packets—using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies allow enterprises to securely enable application usage using business-relevant concepts, instead of following the traditional “all-or-nothing” approach offered by traditional port-blocking firewalls used in many security infrastructures.

VM-Series

The Palo Alto Networks VM-Series features three virtualized next-generation firewall models – the VM-100, VM-200, and VM-300. These platforms are supported on the VMware ESXi 4.1 and ESXi 5.0 platforms. 2, 4, or 8 CPU cores on your virtualized server platforms can be assigned for next-generation firewall processing.

1371570793467With 4 CPU cores running, the VM-Series delivers up to 1 Gbps firewall throughput with App-ID enabled. To ensure that management is accessible to you during heavy traffic, the data and control plane are separated.

In addition, our unique single-pass software architecture processes functions in a single pass to reduce latency.

The VM-Series runs PAN-OSTM, a security-specific operating system that:

  • Safely enables intra-virtual machine traffic
  • Protects you against all known and unknown threats
  • Integrates flexibly in the virtualized environment at layers 1, 2, or 3

1374272348411

Our PAN-OS next-generation firewall capabilities allow you to tie your security policies to virtual machine adds, moves and changes, and to create security policies that instantly sync with virtual workload creation.

Read More | PAN Next Generation Firewall – Brochure


PA-5000 Series

The PA-5000 Series of next-generation firewalls is designed to protect data centres, large enterprise Internet gateways, and service provider environments where traffic demands dictate predictable firewall and threat prevention throughput. These high performance platforms are tailor-made to provide enterprise firewall protection at throughput speeds of up to 20 Gbps.

The PA-5000 Series is powered by more than 40 processors distributed across four functional areas: networking, security, content inspection and management. Reliability and resiliency is delivered by active/active or active/passive high availability; physical separation of data and control plane; and redundant, hot swappable components.

Read More | PAN Next Generation Firewall – Brochure

PA-5060,  PA-5020 PA-5050 | Currently Available. Contact our Sales Team for further details: [email protected] 

pa-5060

PA-4000 Series

The PA-4000 Series is ideally suited for high speed Internet gateway deployments within enterprise environments. Tailor-made to provide enterprise firewall protection at throughput speeds of up to 10 Gbps using dedicated processing for networking, security, content inspection and management. The Palo Alto Networks PA-4000 Series uses a 10 Gbps backplane to smooth the pathway between processors, and the physical separation of data and control plane ensures that management access is always available, irrespective of the traffic load.

Read More | PAN Next Generation Firewall – Brochure

PA-4060,  4050,  4020 | Currently Available. Contact our Sales Team for further details: [email protected]

pa-4060

 


PA-3000 Series

The PA-3000 Series is comprised of two high performance platforms, the PA-3050 and the PA-3020, both of which are targeted at high speed Internet gateway deployments. The PA‑3000 Series manages network traffic flows using dedicated processing and memory for networking, security, threat prevention and management.

Read More | PAN Next Generation Firewall – Brochure

PA-3050, 3020Currently Available. Contact our Sales Team for further details: [email protected]

pa-3050

PA-2000 Series

The PA-2000 Series is ideally suited for high speed Internet gateway deployments within large branch offices and medium sized enterprises to ensure network security and threat prevention. The PA-2000 Series delivers next-generation firewall security using dedicated processing and memory for networking, security, threat prevention, URL filtering and management. A high speed backplane smoothes the pathway between processors and the separation of data and control plane ensures that management access is always available, irrespective of the traffic load.

Read More | PAN Next Generation Firewall – Brochure

PA-2050, 2020 | Currently Available. Contact our Sales Team for further details: [email protected]

pa-2050

PA-500 Firewall

The Palo Alto Networks PA-500 delivers next-generation firewall security to Internet gateway deployments within medium to large branch offices and medium sized enterprises. The PA-500 protects enterprise networks using high performance processing and dedicated memory for networking, security, threat prevention, URL filtering and management

Currently Available. Contact our Sales Team for further details: [email protected]

Read More | PAN Next Generation Firewall – Brochure

pa-500

250 Mbps firewall throughput (App-ID enabled1)
100 Mbps threat prevention throughput
50 Mbps IPSec VPN throughput
64,000 max sessions
7,500 new sessions per second
250 IPSec VPN tunnels/tunnel interfaces
100 SSL VPN Users
3 virtual routers
N/A virtual systems (base/max)
20 security zones
1,000 max number of policies

1 All performance and capacities are measured under ideal testing conditions using PAN-OS 5.0.


PA-200 Firewall

The PA-200 is small and quiet enough to sit on a desk, yet powerful enough to deliver next-generation firewall security to a distributed enterprise office. This new platform extends visibility and control over applications, users and content into enterprise branch offices.

Currently Available. Contact our Sales Team for further details: [email protected]

Read More | PAN Next Generation Firewall – Brochure

pa-200

100 Mbps firewall throughput(App-ID enabled1)
50 Mbps threat prevention throughput
50 Mbps IPSec VPN throughput
64,000 max sessions
1,000 new sessions per second
25 IPSec VPN tunnels/tunnel interfaces
25 SSL VPN Users
10 security zones
250 max number of policies

1 All performance and capacities are measured under ideal testing conditions using PAN-OS 5.0.


Management Tools

Managing network security can be a difficult task. Keeping up with the latest threats, monitoring the next hacking trend and dealing with adds, moves and changes can make for a very busy day. Inconsistent security device management mechanisms only make the administrator’s life more difficult. Find out more about Palo Alto Networks Subscription Services.


Benefits

Find out more about the features and benefits of deploying a Next Generation firewall from Conversation Piece. –  Contact Us on +353 1800 300 678

Conversation Piece offer a number of subscription based services in conjunction with Palo Alto Networks. These cover Threat Prevention, URL Filtering, and Global Protect.

Details of these subscriptions can be found below.

Screen Shot 2013-08-21 at 16.44.35

Sandbox analysis to identify and block unknown threats.

Attacks on your network are increasingly driven by sophisticated malware designed to avoid traditional antivirus controls.wildfire-architecture
WildFire extends the capabilities of our next-generation firewalls to identify and block targeted and unknown malware by actively analyzing it in a safe, cloud-based virtual environment.
In our ‘sandbox,’ we directly observe the behavior of malicious malware, then through WildFire we automatically generate and distribute protections globally for the newly discovered malware.
A subscription to WildFire allows you to better protect your network.

If your organisation requires a dedicated device and you would prefer not to use a public cloud due to regulatory and privacy concerns WildFire as a private cloud using the WF-500.

wf-500

Contact our dedicated sales team on [email protected] or call +353 1 687 6500 to find out more about a Palo Alto Networks Wildfire Subscription or the dedicated device.

Find out more information about Wildfire by downloading our Datasheet here.


GlobalProtect: Consistent Security Everywhere

Whether your users check email from home, or update corporate documents from the airport, most of them work outside of your office at times. Workforce mobility improves productivity and flexibility, but it also introduces significant network security risks. Every time a user works on their laptop outside your building, they bypass your corporate firewall and the associated policies designed to protect them and your network. GlobalProtect extends the same next-generation firewall-based policies that are enforced within your office to all of your users, regardless of their location.

Global Protect

Learn more about the Mobile Security and VPN Features.

Contact our dedicated sales team on [email protected] or call +353 1 687 6500 to find out more about a Palo Alto Networks Global Protect Solution.

Find out more information about Global Protect Solution by downloading our Datasheet here. 


Control Web Activity with URL Filtering.

The perfect complement to the policy-based application control provided by App-ID is our on-box URL filtering database, which gives you total control over related web activity. By addressing your lack of visibility and control from both an application and web perspective, App-ID and URL Filtering together protect you from a full spectrum of legal, regulatory, productivity, and resource utilization risks.

Learn more about Content-ID Technology.

On-box URL database maximizes performance and flexibility.

URL filtering is enabled through local lookups, as well as querying our master database in the cloud. Local lookups ensure maximum inline performance and minimal latency for the most frequently accessed URLs, while cloud lookups provide coverage for the latest sites. Our combination of application control and URL filtering allow you to implement flexible policies to control employee and network activity.

– Control web browsing based on category or through customized white or blacklists.
– Specify your group-based web browsing policies with user repository integration provided by User-ID.
– Enable SSL decryption policies by allowing encrypted access to specific web sites about topics your employees enjoy – like health, finance, and shopping – while decrypting traffic to all other sites such as blogs, forums, and entertainment sites.
– Enable bandwidth control for designated categories by creating QoS policies for specified URL categories.

URL filter

Customisable URL database and categories.

To account for your unique traffic patterns, on-device caches store the most recently accessed URLs. Devices can also automatically query a master database in the cloud for URL category information when a URL is not found on-device. Lookup results are automatically inserted into the cache for future activity. You can also create custom URL categories.

Customisable end-user notifications.

There are multiple ways to inform your end users that they are trying to visit a web page that does not adhere to your corporate policy:

– Customizable block page: A page informing a user that they are violating policy can include your corporate logo, references to the username, IP address, the URL attempting to be accessed, and the category of the URL.
– URL filtering block and continue: Users accessing a page that potentially violates your URL filtering policy see a block page with a “Warning and Continue” button.
– URL filtering override: Requires a user to correctly enter a password in order to bypass the block page and continue surfing.

Flexible, policy-based control over web usage.

To complement the application visibility and control enabled by our App-ID, you can use URL categories as a match criteria for your policies. Instead of creating policies limited to either ‘allow all or block’ all behavior, URL as a match criteria permits exception-based behavior. This increases your flexibility and gives you more granular policy enforcement capabilities. Examples of how URL categories can be used in your policy include:

– Identify and allow exceptions to your general security policies for users who may belong to multiple groups within Active Directory (e.g., deny access to malware and hacking sites for all users, yet allow access to users that belong to the security group).
– Allow access to streaming media category, but apply QoS to control your bandwidth consumption.
– Prevent file download/upload for URL categories that represent higher risk (e.g., allow access to unknown sites, but prevent upload/download of executable files from unknown sites to limit malware propagation).
– Apply SSL decryption policies that allow encrypted access to finance and shopping categories, but decrypts and inspects traffic to all other categories.

 


Threat Prevention

Palo Alto Networks addresses threat prevention with abilities that you cannot find in other security solutions. Our next-generation firewall removes the methods that threats use to hide from security through completely analyzing all traffic, on all ports, regardless of evasion, tunneling or circumvention techniques.

Palo Alto Networks leverages multiple threat prevention disciplines, including IPS and anti-malware, along with URL filtering and file and content blocking, to control known threats. Finally, WildFire provides automated sandbox analysis of suspicious files to reveal unknown and targeted malware, and uses our Behavioral Botnet Report to identify the unique patterns of botnet infections in your network.

Unique visibility and threat prevention architecture.

Palo Alto Networks threat prevention is built on the unique ability to inspect all of your traffic on all ports, regardless of evasion tactics. Our solution decodes more than 100 applications and protocols to look for threats hidden within streams of your application data. You can selectively decrypt SSL by policy to ensure that threats are not allowed to hide inside the encrypted stream, and you can control the proxies, circumventors, and encrypted tunnels attackers use to hide.

Palo Alto Networks designed a unique approach that performs all threat analysis in a single unified engine, and leverages a common signature format. This means that your content is processed only once, and performance remains steady even as additional protections are enabled.

threat-prevention-1

Multiple coordinated threat disciplines for known threats.

Palo Alto Networks brings multiple security disciplines into a single context and single threat prevention engine. This context enables your security team to easily see beyond individual security events and recognize the full extent of a threat. In a uniform context, you can see the interconnection of:

  • Applications
  • Exploits
  • Malware
  • URLs
  • Anomalous network behaviours
  • Targeted malware

This context leads you to important conclusions faster, streamlines management and reporting, and ensures predictable performance by analyzing traffic once instead of progressive scanning in multiple engines.

WildFire: Protection from targeted and unknown threats.

Widfire diagram

Modern attackers have increasingly turned to targeted and new unknown variants of malware to sneak past traditional security solutions. To meet this challenge, Palo Alto Networks developed WildFire, which provides the ability to identify malicious behaviors in executable files by running them in a virtual environment and observing their behaviors. This enables us to identify malware quickly and accurately, even if the particular sample of malware has never been seen before.

Once a file is deemed malicious, WildFire automatically generates signatures for both the infecting malware and the resulting command and control traffic. Signatures are delivered with regular security updates to provide automated in-line protection from these highly advanced threats. Your IT team receives a wealth of forensics to see exactly who was targeted, the application used in the delivery, and any URLs that played a part in the attack.

If you would like to find out more information about Palo Alto Networks Threat Prevention technologies, download our threat-prevention datasheet here.