PALO ALTO

PALO ALTO

Leaders in Next Generation Firewall Technology

Palo Alto Networks are a highly respected maker of high-performance Firewall and Security solutions.They offer a consistent level of performance across all devices and offer centralised management for larger Enterprise clients. Palo Alto can also provide targeted security subscriptions that offer real-time security protection that extends to their GlobalProtect mobile device protection solution.

Next Generation Firewalls (NGFW)

Palo Alto Networks provides easily managed security safeguards that protect your organisation’s perimeter.

PA-7000 Series
Redefining High-Performance Network Security
Palo Alto’s PA-7000 Series high-performance network security appliances blend of power, security intelligence and simplicity in management to create the market leader in Enterprise firewall technology. The powerful PA-7000 family combines an ultra-efficient, single-pass software engine with nearly 700 function-specific processors for networking, security, content inspection, and management. The PA-7000 offers a unified approach toward management and licensing that lowers ownership costs.

Data Sheet

Palo Alto Security and Securite - Partners

PA-5000 Series
Consistent Architecture, High-Performance Versatility
The PA-5000 Series next-generation firewalls prevent threats and manages applications across a versatile Internet Gateways data centre of campus environments.The PA-5000 Series enables you to secure your digital assets through advanced visibility and control of applications, users, and content at throughput speeds of up to 20 Gbps. Dedicated processing resources assigned to networking, security, signature matching, and management functions ensure predictable performance.

Data Sheet

PA-3000 Series
Consistent Architecture, Multi-Gig Throughput
The PA-3000 Series next-generation firewalls prevent threats and safely enable applications, provide advanced visibility and control of applications, users, and content at throughput speeds of up to 4 Gbps. Dedicated computing and programmable hardware resources are assigned to networking, security, signature matching, and management functions ensure predictable performance.

Data Sheet

PA-500
Entry Level Rack Mounted
The PA-500 next-generation Enterprise firewall comes in a rack-mount form factor and is ideal for smaller enterprise deployments boasting a continuous throughput of 100-250Mb depending on how the feature set is configured.The PA-500 offers advanced application visibility and control that allows granular management of users, and content at throughput speeds of up to 250 Mbps. Dedicated computing resources are dynamically assigned to networking, security, signature matching, and management functions ensure predictable performance.

Data Sheet

PA-200
The PA-200 entry level firewall prevents threats and is ideal for small organisations or branch offices. It features a form factor ideally sized for desktop deployments and enables you to secure your organisation with advanced visibility and control of applications, users, and content at throughput speeds of up to 100 Mbps. Dedicated computing resources can be assigned to networking, security, signature matching, and management functions ensuring predictable, reliable performance.

Palo Alto Security and Securite - Partners

Data Sheet

NGFW Management

Panorama
Panorama™ provides static rules, and dynamic security updates, in an ever-changing threat landscape. Reduce administrator workload and improve your overall security posture with a single rule base for firewall, threat prevention, URL filtering, application awareness, user identification, sandboxing, file blocking, and data filtering. Panorama keeps enterprise users in mind. Control the Internet and data center edge, and private and public cloud deployments, from a single console. Deploy Panorama as either a physical or virtual appliance or deploy both depending on the business need. Use appliances as management units, or log collectors, in hierarchical deployment options. Automated threat correlation cuts through the data clutter, identifying compromised hosts and surfacing malicious behaviour that would otherwise be buried in information noise. Our fully customisable Application Command Center (ACC) provides comprehensive, correlated insight into current and historical network and threat data.
Panorama network security management enables you to control your distributed network of Palo Alto firewalls from one central location and view all your firewall traffic, manage all aspects of device configuration, push global policies, and generate reports on traffic patterns or security incidents — all from a single console. Panorama is available either as a dedicated management appliance or as a virtual machine.

Palo Alto Panorama and Securite - Partners

Benefits from managing your security infrastructure with Panorama

  • Streamlined policy management
  • Simplified operations
  • Unparalleled network and threat visibility
  • Flexible deployment options

Resources

Panorama Appliances
M-100 and M-500
In addition to deployment across traditional platforms, Panorama can be deployed in a rack monunted appliance form factor. The M-100 appliance allows you to deploy Panorama management and logging functions on a dedicated appliance, or you can separate the functions in a distributed manner for improved performance and scalability.
The large-capacity M-500 offers great performance and scalability with front-to-back airflow and dual power supplies, making it ideal for deployment in data centres. You can deploy Panorama as a virtual appliance on VMware® ESXi™, allowing you to support your virtualisation initiatives and consolidate rack space. For larger, distributed deployments, both the M-100 and M-500 appliances can be used as log collectors to streamline the log collection process.

Virtualised Next Generation Firewalls

Virtualised NGFW’s can help protect your information assets irrespective of locality or platform
VM-Series
The VM-Series is a virtualised form factor of our next-generation firewall that can be deployed in a range of public and private cloud computing environments based on technologies from VMware®, Amazon® Web Services, Microsoft®, Citrix® and KVM.In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, preventing threats from moving from workload to workload.

ResourcesData Sheet

VM-Series for AWS
VM for AWS helps administrators identify the applications in use within Amazon® Web Services environment. providing visibility into your AWS environment irrespective of port. This helps organisations make more-informed security policy decisions and setting a baseline AWS security policy enables you to leverage the deny-all-else premise that a firewall is based upon for both gateway and VPC-to-VPC protection. It offers granular control that allows the applications you select to function or deny all others. In order to further protect your AWS environment, you can deploy application-specific threat prevention policies that will block both identified and unknown malware.

Resources

VM-Series for Citrix
Secure application delivery is achieved with VM-Series running on Citrix® NetScaler® SDX™. The VM consolidates next-generation security and ADC services on an integrated hardware appliance resulting in the easy deployment and safe enablement of applications and the prevention of all threats. VM for Citrix helps address multi-tenant security for business. Palo Alto’s approach to protecting Citrix
provides dedicated per-application load balancing and next-generation firewalling services per tenant. To bolster this security, REST and XML APIs enable real-time orchestration of individual technologies and capabilities in response to changing conditions. The Palo Alto VM for Citrix also protects your Virtual Desktop Infrastructure (VDI). VM-Series on Citrix NetScaler SDX delivers consolidated security and availability for Citrix XenApp® and XenDesktop® users with safe application enablement and Zero Trust segmentation of Virtual Desktop Infrastructure (VDI).

Resources

VM-Series for KVM & OpenStack
The Palo Alto Networks VM-Series for KVM brings next-generation firewall and threat protection capabilities to protect KVM (Kernel-based Virtual Machine) hypervisor-based virtual infrastructure from advanced cyberthreats. VM-Series for KVM can be deployed and managed across a range of Linux operating systems, including Red Hat (RHEL), CentOS and Ubuntu. The VM-Series for KVM can be deployed to address a number of different use cases, each of which takes full advantage of our next-generation firewall and advanced threat prevention features.For enterprises embarking down a build-your-own cloud computing environment, the VM-Series for KVM enables you to apply all of our next-generation firewall and advanced threat prevention features to the traffic traversing your cloud computing perimeter. OpenStack orchestration is assisted where service providers use KVM and OpenStack to efficiently and cost-effectively scale their cloud computing service offerings for customers. When combined with the next-generation firewall and automation features in the VM-Series, service providers can build highly profitable cloud computing service offerings.

Resources

VM-Series for Microsoft Azure
Palo Alto’s VM-Series for Azure enables administrators to use next-generation firewall security and advanced threat prevention to protect Azure deployments from advanced cyberthreats. The VM-Series for Azure natively analyses all traffic in a single pass to determine the application identity, the content within, and the user identity. These core business elements can then be used as integral components of your security policy, helping you to improve your security efficacy through positive control model rules and reduce your incident response time though more complete visibility into applications across all ports.The VM-Series for Azure can be deployed to address a number of different use cases, each of which takes full advantage of Palo Alto’s next-generation firewall and advanced threat prevention features.
Your organisation can establish a hybrid cloud that seamlessly integrates with your on-premises data center with Azure via a site-to-site IPsec VPN connection. With the VM-Series for Azure, your next-generation firewall policies can include an IPsec VPN tunnel element that enables moving applications and data from your network to the cloud securely. Cybercriminals have shown they are adept at moving laterally across network level boundaries such as subnets and VNETs to find their target. Connecting workloads of different trust levels with the VM-Series using segmentation policies means you have more control over lateral data movement of all types that would not visible with port based security. The VM-Series for Azure also allows you to encrypt the traffic moving across your Azure deployment to prevent snooping and man in the middle attacks.As more of your business applications and data are deployed in Azure, you can build upon your hybrid deployment by using the VM-Series to control access to Azure with application whitelisting policies that are based on user while preventing advanced threats. When combined with GlobalProtect, you can extend your security policies to any user or device, regardless of their location. GlobalProtect establishes a secure connection to protect the user from Internet threats and enforce application-based access control policies.

Resources

VM-Series for Microsoft Hyper-V
The VM-Series for Hyper-V brings safe application enablement and advanced threat prevention capabilities to protect Hyper-V-based virtual infrastructure in private cloud environments. VM-Series for Hyper-V includes support for Linux® Integration Services package for better integration with the hypervisor and visibility of virtual machine attributes.The VM-Series for Hyper-V can be deployed to address a number of different use cases, each of which takes full advantage of Palo Alto’s next-generation firewall and advanced threat prevention features. For organisations embarking on a build-your-own cloud computing environment, the VM-Series for Hyper-V enables you to apply all of the Palo Alto Networks® Next-Generation Firewall and advanced threat prevention features to the traffic traversing your cloud computing perimeter. Segmentation Gateway Cybercriminals are adept at hiding in plain sight, bypassing perimeter controls and moving at will across the network, whether physical and virtualised. To improve security efficacy, you can deploy the VM-Series for Hyper-V as a segmentation gateway, using its application-level control and threat prevention capabilities to direct and protect the east-west traffic moving between workloads.

Resources

VM-Series for VMware NSX
The VMware NSX and VM-Series integrated solution enables application-level micro-segmentation by extending the NSX basic firewall services to include comprehensive, next-generation firewall and advanced threat prevention capabilities via the VM-Series. The joint solution enables customers to automate the provisioning of next-generation security, dynamically update policies when new workloads are created or changed, and protect virtualised applications and data from threats from all vectors. Automated provisioning and deployment enables integration between Panorama and NSX manager and also allows a VM-Series to be dynamically provisioned on demand. Whenever a new workload is provisioned, next-generation security can be deployed simultaneously.As workloads change, security policies often lag or cause deployment delays. To minimise these delays, the integrated solution will exchange contextual information between NSX manager and Panorama to drive policy updates. This results in a dramatic reduction in the number of delays that may occur between workload changes and security policy updates.

Resources

VM-Series for VMware ESXi/vCloud Air
The VM-Series for ESXi is a virtualised form factor of our next-generation firewall that spans VMware-based private, public and hybrid cloud deployments. Whichever scenario you choose, the VM-Series can act as a perimeter gateway, an IPSec VPN termination point, and a segmentation gateway, preventing threats from moving from workload to workload. The VM-Series for AWS can be deployed to address a number of different use cases, each of which takes full advantage of our next-generation firewall and advanced threat prevention features. The VM-Series can be deployed as a gateway firewall and IPSec VPN termination point, enabling you to quickly and securely create a hybrid cloud that expands your private cloud or on-premises data center into vCloud Air. In this scenario, the VM-Series also acts as a segmentation gateway, controlling east-west traffic and preventing threats. As new workloads are added or change, VM Monitoring and Dynamic Address Groups will enable your security policies to keep pace with the changes. Cybercriminals are adept at hiding in plain sight, bypassing perimeter controls and moving at will across the network, whether physical and virtualised. To improve security efficacy, you can deploy the VM-Series for ESXi as a segmentation gateway, using its application-level control and threat prevention capabilities to direct and protect the traffic moving between workloads.

Resources

Security Subscriptions

AutoFocus threat intelligence
Palo Alto Networks® AutoFocus™ threat intelligence service reimagines how security teams protect their organisations from unique, targeted attacks. The hosted security service provides the intelligence, analytics and context required to understand and prioritise which attacks require an immediate defensive response. AotoFocus aggregateds this analytical information and applies this knowledge to flag these indicators and make them actionable and prevent future attacks.
AutoFocus further provides the ability to;

  • Prioritise alerts for advanced attacks that require immediate attention
  • Understand context around attacks, adversaries and campaigns, including targeted industries
  • Respond proactively to threats and prevent future attacks.

ResourcesData Sheet

GlobalProtect
GlobalProtect – Policy Enforcement of Mobile Security
Palo Alto’s GlobalProtect™ mobile security extends the protection of your firewall to endpoints both inside and outside your corporate network, delivering consistent security to users in each location.
Mobile devices can use GlobalProtect applications for iOS and Android to connect to the corporate firewall, and administrators can apply the state of the endpoint device as part of the context for security policy, using the Host Information Profile (HIP). GlobalProtect subscriptions can also be deployed internally to apply policy that protects local and wireless network users.

ResourcesData Sheet

Threat Prevention
Palo Alto’s Threat Prevention subscription adds integrated protection against network-borne threats that include exploits, malware, command and control traffic, and a variety of hacking tools.It adds further security in depth through IPS functionality and stream-based blocking of millions of known malware and malware variation samples. The Threat Prevention subscription is a key component of Palo Alto’s closed-loop detection process. This proactive approach receives protection updates from WildFire malware analysis based on our global threat intelligence. When combined with WildFire, real-time protection alerts are updated in as little as 5 minutes, meaning your security is in a content state of readiness to repel the latest threats.

ResourcesData Sheet

URL Filtering PAN-DB
Palo Alto’s URL Filtering subscription provides your organisation with protection from web-borne threats through malicious categories like “malware” and “phishing”. It adds granular, user-based controls over web activity through URL categories and customisable white (goodies)- and black-lists (baddies). The URL Filtering subscription utilises PAN-DB, our URL database that automatically categorises unknown URLs. PAN-DB is constantly updated by WildFire, which means you’re always protected against malicious, high-risk threats posed from unknown or inappropriate websites.

ResourcesData Sheet

WildFire
Palo Alto’s WildFire™ cloud-based malware-analysis subscription actively analyses unknown files and links, including malware, websites, and command and control traffic, and delivers automatically created protection and intelligence back to subscribed customers that enables proactive, global prevention. WildFire protections are created to account for innovative tactics, such as polymorphism, commonly used in advanced attacks. WildFire is also natively integrated with Palo Alto’s newest technologies, Traps™, AutoFocus™, and Aperture. This keeps security across your organisation both coordinated and current.

ResourcesData Sheet