Palo Alto Networks Datacenter security

Palo Alto Networks helps you protect your Data Center – whether physical or Cloud Computing environment-based – with new-generation firewall synchronization solutions and threat prevention deployed either by hardware device or in virtualization form. Integrated management tools standardize and synchronize policy implementation and help reduce the time difference between application load deployment and policy update, enabling you to operate at high and responsive speed with a fast change in Cloud computing environment if you intend to use it later.

Helps to operate applications safely using the Zero Trust model

Often, the question of whether or not to administer/control applications is appropriate for an increasing Data Center environment is due to the need to limit the known applications that are being used commonly. Philosophically, if we know what applications are being used in the Data Center, it makes us easier to protect them. It can be seen from the fact of well-known data theft and loss that attackers will use common applications in the network (including Data Center networks) to attack and steal the data. Here are some examples:

According to the report by iSight Partners regarding loss of Target data, FTP, Netbios and Webdav are applications used by attackers to travel inside the network when stealing data about credit cards and users. This reflects the tendency of attackers to hide their behavior with regular applications. Based on Palo Alto Networks 2014 Application Usage and Threat Report, the applications above were found to be used on all of the 5,500 networks that we analyzed.

RDP and other remote access applications are also used by the attackers, according to Verizon’s statistics in its annual Data Breach Reports. According to the 2014 Application Usage and Threat Report, an average of about 9 remote access applications were detected to be used in 90% of the network systems that we analyzed.

Many other business applications such as Microsoft Lync, SharePoint, and Active Directory use a wide range of service portals – including 80, 443 and a range of high-index ports – making the application control necessary. For example, only Lync app have access while other apps are not allowed to use with the regular ports that are already used on Lync.

On average, 8-10% of the network is unknown throughput – it could be a custom application, an unknown commercial application, or a threat. The key function you need is the ability to manage systematically the unknown throughput by quickly analyzing it, determining what it is, where it comes from, and then managing them through policies, custom applications or threat prevention capabilities.

With each of the examples above, our new-generation firewall allows you to deploy information security policies based on the Zero Trust model, providing the greater capabilities in information security.

The Zero Trust model extends the application of network segmentation to application-specific access authorization levels, allowing users to access based on identity details and to control over what content can be sent at each point of segmentation. All are based on the philosophy: Never trust, always check.

Determines that SharePoint is allowed, forces it to use standard portals designed to be used, and prohibits all other applications from being used.

Allows access from the web server layer to SharePoint through a predefined set of service portals and applies application-specific threat prevention policies.

Limits access to Microsoft SQL databases from SharePoint application, prohibits access to databases from the web server layer.

Allows users of the Marketing team to, based on its permissions, access each of SharePoint Docs and not to perform any other function. Only allows the IT team to use SharePoint Admin permissions when analyzing throughput in depth by using the relevant application-specific threat prevention policies.

Detects and prevents the applications misused or misconfigured such as RDP or TeamViewer, and proactively stop with policy.

Systematically manages the unknown throughput by policy. Creates custom App-ID for internal applications, allowing you to control user-based access, analyze them for known and unknown malicious codes; unidentified applications or unused commercial applications may be prohibited by the policy, and submit requests for App-ID development; finally, forensics tools and reporting tools can help you get rid of unknown throughput that may be associated with a threat.

Data Center protection using Zero Trust model can be also applied to both traditional (physical) Data Center model and modern Cloud Computing model, enabling you to control application-based access or to load computing applications associated with the user’s identity while to avoid unauthorized and dangerous applications and prevent any threats from entering the Data Center and moving to approach the targets inside.

Prevents known and unknown threats from entering and traversing the Data Center

Information security threats nowadays often infiltrate the networks through actions unsuspected by system users/employees such as accessing malicious links, drive-by download or many other means. Once entering the networks, they continue to traverse the networks and find the targets. In your Data Center, information security threats can traverse and approach the targets through physical or virtual application load, placing your applications and paramount data into risky situations.

The key of protecting your Data Center is the implementation of defense and prevention techniques that enable containment and protection at each stage of the attack chain as below:

In the Data Center, applying the level of application-based monitoring among workloads helps to minimize the impact of threats at the same time of segmentation of throughput in the Data Center based on the Zero Trust model. Application-specific threat prevention policies can help prevent the known and unknown threats from entering your Data Center.

Reduces difficulties in management

The need to continue to protect the physical network in combination with protecting the Cloud Computing environment means that it is rare to encounter deployment scenarios where only a few firewall devices are used. In order to reduce difficulties and accelerate deployment, a combination of centralized management and built-in features that can help standardize and simplify the policy update process becomes more urgent than ever.

Centralized management:

Panorama allows you to centrally manage all of Palo Alto Networks new-generation firewall devices – including hardware devices and in virtualization form, thereby ensuring the consistency in policy and management. Using an interface like the administration interface on each individual device, Panorama eliminates the need to learn more when switching from one interface to another. Panorama allows you to generally administer Palo Alto Networks new-generation firewall devices including:

Implements policies including information security, NAT, QoS, policy-based forwarding, decryption, application override, captive portal, and DoS prevention.

Shared policies based on pre- and post-rules are implemented by the Panorama administrator to enforce common policies while allowing policy modifications internally below. The laws between pre- and post-rules can be modified internally or by the Panorama administrator.

Updating software and content (Applications, Threats, Antivirus, WildFire), and licenses can be managed throughout implementations from a centralized point.

Collects logs and flexibly reports from managed firewall devices. Panorama can be deployed either in virtualization form or with dedicated hardware devices. Dedicated hardware devices M-100 or M-500 can be used to build a distributed management architecture using separate M-100 or M-500 devices for respective management and logging functions.

Unifies policy implementation and update:

In both physical and virtualized network environments, you are always faced the challenge of managing the change that can occur among addition, removal, or modification of workload and how information security policy can be implemented as quickly as possible. To help reduce these challenges, our new-generation firewall devices provide a set of full management features that help unify and simplify policy implementation to help the information security policy keep up with the changes in your computing application load.

As a result, you achieve a huge reduction in latency possible between workload changes and information security policy updates. Additionally, in order to help automate and standardize future policy updates, a REST-based API system is provided to enable you to integrate with third party management solutions such as OpenStack and CloudStack.

Operates high-performance information security with dedicated hardware architecture

Palo Alto Networks offers a range of hardware products dedicated to keep the information security of the Data Center. The underlying architecture of dedicated hardware is based on a Single-Pass Parallel Processing (SP3) model, which allows to identify the applications right from the start, regardless of which service portal it is running on, while simultaneously determining whether the content is malicious or not and who the user is. Three factors that are relevant to running your business including applications, users and content become the key factors of your information security policy. The Single-Pass Parallel Processing architecture not only enhances your information security capabilities, but also eliminates redundant policy decisions, thereby reducing latency and improving the operating throughput in conjunction with network-specific processing, information security, threat prevention and management functions.