Benvenuto in Scribd!

Salta carosello

SRTY-6003 - Week 1b - Platform Architecture-W19 PDF

Caricato da

partho

Il 0% ha trovato utile questo documento (0 voti)

83 visualizzazioni21 pagine

Titolo originale

SRTY-6003 - Week 1b - Platform Architecture-W19.pdf

Copyright

Formati disponibili

PDF, TXT o leggi online da Scribd

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Segnala questo documento

Copyright:

Formati disponibili

Scarica in formato PDF, TXT o leggi online su Scribd

Segnala contenuti inappropriati

Il 0% ha trovato utile questo documento (0 voti)

83 visualizzazioni21 pagine

SRTY-6003 - Week 1b - Platform Architecture-W19 PDF

Caricato da

partho

Copyright:

Formati disponibili

Scarica in formato PDF, TXT o leggi online su Scribd

Segnala contenuti inappropriati

Salta alla pagina

Sei sulla pagina 1di 21

Cerca all'interno del documento

SRTY-6003 Securing the Edge 1

Palo Alto Platforms and Architecture

Cyber Attack and Palo Alto
Next-Generation Security Platform
•NGFW – Identifies the network
traffic.

•Threat Intelligence Cloud –

Correlates threats, gather
information from multiple
sources. – AutoFocus/WildFire

•Advanced Endpoint Protection

– Block malicious at the
endpoint.
Next-Generation Security Platform
Development of Unified Threat Management

Internet
Serial Processing in the UTM
Palo Alto Networks Single-Pass Architecture

Single pass:
Operations per packet:
• Traffic classification with App-ID
• User/group mapping
• Content scanning – threats, URLs,
confidential data
One policy

Parallel processing:
Function-specific parallel
processing hardware engines
Separate data/control planes
Palo Alto Networks Single-Pass Architecture
Palo Alto Networks Firewall Architecture
Control Plane | Management
Provides configuration, logging, and report functions on
a separate processer, RAM, and hard drive

Signature Matching
Stream-based, uniform signature match including
vulnerability exploits (IPS), virus, spyware, CC#, and
SSN

Security Processing
High-density parallel processing for flexibility hardware-
acceleration for standardized complex functions

Network Processing
Front-end network processing, hardware-accelerated
per-packet route lookup, MAC lookup, and NAT

Can you imagine how much horse power to process regular

expressions?
Zero Trust Model
Zero trust model is an
alternative that
assumes there is not
default trust.

If a compromised host connects

to your network, the tradicional
egress security is not enough.

NEVER TRUST, ALWAYS VERIFY.

Threat Prevention Capabilities
Flow Logic of the Next-Generation Firewall
Flow Logic of the Next-Generation Firewall

Initial Packet Source Zone/ PBF/ NAT Policy

Destination
Address/ Forwarding
Processing User-ID Lookup
Zone Evaluated

Security Check Session

Pre-Policy Allowed Ports Created

Check for Application App-ID/

Decryption
Application Encrypted
Policy
Override Content-ID
Traffic Policy Labeling

Check Check
Security Policy Security Policy
Security
Profiles

Post-Policy Re-Encrypt NAT Policy Packet

Processing Traffic Applied Forwarded
Flow Logic of the Next-Generation Firewall

Initial Packet Source Zone/ PBF/ NAT Policy

Destination
Address/ Forwarding
Processing User-ID Lookup
Zone Evaluated

Security Check Session

Pre-Policy Allowed Ports Created

Check for Application App-ID/

Decryption
Application Encrypted
Policy
Override Content-ID
Traffic Policy Labeling

Check Check
Security Policy Security Policy
Security
Profiles

Post-Policy Re-Encrypt NAT Policy Packet

Processing Traffic Applied Forwarded
Flow Logic of the Next-Generation Firewall

Initial Packet Source Zone/ PBF/ NAT Policy

Destination
Address/ Forwarding
Processing User-ID Lookup
Zone Evaluated

Security Check Session

Pre-Policy Allowed Ports Created

Check for Application App-ID/

Decryption
Application Encrypted
Policy
Override Content-ID
Traffic Policy Labeling

Check Check
Security Policy Security Policy
Security
Profiles

Post-Policy Re-Encrypt NAT Policy Packet

Processing Traffic Applied Forwarded
Security on Cloud
Hardware Platforms
•PA-200, PA-500, PA-2000 Series (EoS), PA-3000 Series,
PA-4000 Series (EoS), PA-5000 Series, PA-7000 Series
•Nearly every feature is supported on every platform.
•Compare capacities at:
https://www.paloaltonetworks.com/products/product-selection.html
Virtual Platforms – PAN OS 7
• VM-100, VM-200, VM-300, and VM-1000
• Ideal for protecting virtualized data centers and “east-west” traffic
• RESTful APIs:
• Integrate VMs with external orchestration and management tools
• Virtual Machine Monitoring:
• Poll virtual machine inventory and changes, collecting data into tags
• Dynamic Address Groups:
• Identify newly deployed machines with tags instead of static addresses
Virtual Platforms PAN OS 8.0
VM-Series Hypervisors
•VMware:
• NSX: Install and manage firewalls on multiple ESXi servers.
• ESXi: Integrates with external management systems
• VMware vCloud Air: Protect your VMware-based public cloud
•Citrix NetScaler SDX
•Kernel-based Virtual Machine (KVM):
• Linux-based virtualization and cloud-based initiatives
•Microsoft Hyper-V and Azure
•Amazon Web Services
Questions?

Potrebbero piacerti anche

CASB & Netskope
Documento6 pagine
CASB & Netskope
Alberto Huamani
Nessuna valutazione finora
Microsoft Cybersecurity Reference Architecture (MCRA)
Documento2 pagine
Microsoft Cybersecurity Reference Architecture (MCRA)
Gabriel Morales Angarita
Nessuna valutazione finora
Big-Ip Afm: Philippe Bogaerts
Documento25 pagine
Big-Ip Afm: Philippe Bogaerts
Network Engineer
100% (1)
Cybersecurity Resume
Documento5 pagine
Cybersecurity Resume
srinu katams
Nessuna valutazione finora
AZ-500: Azure Security Engineer: Subtitle or Speaker Name
Documento62 pagine
AZ-500: Azure Security Engineer: Subtitle or Speaker Name
Sherif_Salamh
Nessuna valutazione finora
PAN-OS Simple Packet Flow Sequence-Arrows
Documento1 pagina
PAN-OS Simple Packet Flow Sequence-Arrows
John
Nessuna valutazione finora
Pa 220
Documento3 pagine
Pa 220
Cynthia Indah Febriyanti
Nessuna valutazione finora
Barracuda Web Application Firewall DS US 1-2
Documento6 pagine
Barracuda Web Application Firewall DS US 1-2
Freddiel Medan
Nessuna valutazione finora
Palo Alto Networks Stallion Autumn Seminar
Documento20 pagine
Palo Alto Networks Stallion Autumn Seminar
masterlinh2008
Nessuna valutazione finora
Asa Remote Access VPN Technologies: SSLVPN Webvpn Ipsecvpn: Security Consulting Se Ccie, Cissp
Documento43 pagine
Asa Remote Access VPN Technologies: SSLVPN Webvpn Ipsecvpn: Security Consulting Se Ccie, Cissp
Nam Vu
Nessuna valutazione finora
Cisco Umbrella - Future of Cloud Security
Documento65 pagine
Cisco Umbrella - Future of Cloud Security
Alejandro Murguia Gonzalez
Nessuna valutazione finora
CompTIA CASP+ CAS-004 Exam Objectives (6.0)
Documento20 pagine
CompTIA CASP+ CAS-004 Exam Objectives (6.0)
black manna
Nessuna valutazione finora
Next Gen and Traditional FW Comparison
Documento2 pagine
Next Gen and Traditional FW Comparison
ali raza
Nessuna valutazione finora
Cisco Umbrella Package Comparison - News
Documento2 pagine
Cisco Umbrella Package Comparison - News
johnmaars71
Nessuna valutazione finora
PCNSE 10.1 Domain #1 - Planning and Core Concepts
Documento107 pagine
PCNSE 10.1 Domain #1 - Planning and Core Concepts
Fernala Sejmen-Banjac
0% (1)
Pa 800
Documento3 pagine
Pa 800
bakacpasa
Nessuna valutazione finora
(ENG) AhnLab TrusGuard
Documento6 pagine
(ENG) AhnLab TrusGuard
Phạm Luyến
Nessuna valutazione finora
SANGFOR NGAF V8.0.35 Associate 2021 01 Introduction
Documento33 pagine
SANGFOR NGAF V8.0.35 Associate 2021 01 Introduction
Kusuma Negara
Nessuna valutazione finora
Robust Anti-Malware Solution: A Fast, Strong, and Entirely New Approach To Endpoint Protection
Documento2 pagine
Robust Anti-Malware Solution: A Fast, Strong, and Entirely New Approach To Endpoint Protection
oof o
Nessuna valutazione finora
By Palo Alto Networks - PA-3200 Series - Datasheet
Documento3 pagine
By Palo Alto Networks - PA-3200 Series - Datasheet
yoni
Nessuna valutazione finora
Pa 220
Documento3 pagine
Pa 220
MAd
Nessuna valutazione finora
Network Security Software Bundles at A Glance
Documento2 pagine
Network Security Software Bundles at A Glance
Yeruel Birku
Nessuna valutazione finora
Hillstone VFW CloudEdge V5.5R10 EN
Documento5 pagine
Hillstone VFW CloudEdge V5.5R10 EN
mouiez
Nessuna valutazione finora
Fasoo Brochure Fasoo Enterprise DRM
Documento2 pagine
Fasoo Brochure Fasoo Enterprise DRM
sarontomiguel
Nessuna valutazione finora
Firewalls
Documento16 pagine
Firewalls
Vitoria Baldan
Nessuna valutazione finora
335041-TIS TD CCCv2
Documento27 pagine
335041-TIS TD CCCv2
Vijju Vijayendra PS
Nessuna valutazione finora
Ra Network Security Reference Architecture
Documento13 pagine
Ra Network Security Reference Architecture
tjvec
Nessuna valutazione finora
Bitscape - Azure Networking and Security Services
Documento70 pagine
Bitscape - Azure Networking and Security Services
aavimanyiu Kumar
Nessuna valutazione finora
How To Secure and Automate Your Cisco Network
Documento21 pagine
How To Secure and Automate Your Cisco Network
Javed Hashmi
Nessuna valutazione finora
3 Security Architecture
Documento20 pagine
3 Security Architecture
Matt
Nessuna valutazione finora
Manage Network Traffic With Advanced Intelligence
Documento30 pagine
Manage Network Traffic With Advanced Intelligence
saag
Nessuna valutazione finora
Hillstone E-Pro Series: Next-Generation Firewall
Documento6 pagine
Hillstone E-Pro Series: Next-Generation Firewall
Raul Spada Orlandini
Nessuna valutazione finora
Cloud WAF CDN Technical in Depth
Documento46 pagine
Cloud WAF CDN Technical in Depth
tuanlt
Nessuna valutazione finora
Barracuda Web Application Firewall VX DS US
Documento3 pagine
Barracuda Web Application Firewall VX DS US
Tenishan Fernando
Nessuna valutazione finora
CompTIA CySA cs0 003+objectives
Documento12 pagine
CompTIA CySA cs0 003+objectives
abhilash
Nessuna valutazione finora
Hadoop Security S360 2015v8 PDF
Documento27 pagine
Hadoop Security S360 2015v8 PDF
Luis Demetrio Martinez Ruiz
Nessuna valutazione finora
Comptia Cysa cs0 003 Exam Objectives 2 0
Documento13 pagine
Comptia Cysa cs0 003 Exam Objectives 2 0
ubaydullah.onabanjo160591162
Nessuna valutazione finora
Safe Architecture Toolkit
Documento59 pagine
Safe Architecture Toolkit
Sherif Salama
Nessuna valutazione finora
Mandatory Equipment Specification
Documento8 pagine
Mandatory Equipment Specification
ishtiaq hussain
Nessuna valutazione finora
Pulling Data From A Cloud-Based DNS Security
Documento21 pagine
Pulling Data From A Cloud-Based DNS Security
know_idea8867
Nessuna valutazione finora
DBF Intro and Best Practices v2
Documento49 pagine
DBF Intro and Best Practices v2
hoangtruc.ptit
Nessuna valutazione finora
Cisco Siem Integration
Documento31 pagine
Cisco Siem Integration
Cesar Almada
Nessuna valutazione finora
Cyberoam CR25 I
Documento2 pagine
Cyberoam CR25 I
niaz08
Nessuna valutazione finora
01.NGFW Introduction
Documento28 pagine
01.NGFW Introduction
dika
Nessuna valutazione finora
Security Basics Pap, Chap, Eap Radius Examples
Documento35 pagine
Security Basics Pap, Chap, Eap Radius Examples
aqib ahmed
Nessuna valutazione finora
Blockchain Defined Perimeter
Documento4 pagine
Blockchain Defined Perimeter
Block Armour
Nessuna valutazione finora
Idps Siem PDF
Documento33 pagine
Idps Siem PDF
aqib ahmed
Nessuna valutazione finora
5.1 Cnse Study Guide
Documento145 pagine
5.1 Cnse Study Guide
KORATE BOY
Nessuna valutazione finora
CR 50ia Datasheet
Documento2 pagine
CR 50ia Datasheet
Alfred Martins
Nessuna valutazione finora
Dhansham - Engineer's Notebook Checkpoint Firewalls Gaia - Palo Alto - Useful CLI Commands
Documento11 pagine
Dhansham - Engineer's Notebook Checkpoint Firewalls Gaia - Palo Alto - Useful CLI Commands
Heera Singh
Nessuna valutazione finora
Security+ Prep Guide
Documento39 pagine
Security+ Prep Guide
avinash
Nessuna valutazione finora
Stormshield SN510: Business Continuity in Complex Architectures
Documento4 pagine
Stormshield SN510: Business Continuity in Complex Architectures
T Annapoorani
Nessuna valutazione finora
F23 CST8804 Lab1 Presentation
Documento20 pagine
F23 CST8804 Lab1 Presentation
Reham Bakouny
Nessuna valutazione finora
Hemanth Cybersecurity
Documento5 pagine
Hemanth Cybersecurity
mujahidpro6
Nessuna valutazione finora
6-Security and NAT Policies
Documento58 pagine
6-Security and NAT Policies
Matt
Nessuna valutazione finora
Aprile - CyberArk Privileged Account Security
Documento9 pagine
Aprile - CyberArk Privileged Account Security
srinivas ch
Nessuna valutazione finora
Chapter 2 - Working Principle of Hillstone Firewall - 5.5R7
Documento32 pagine
Chapter 2 - Working Principle of Hillstone Firewall - 5.5R7
Heshitha Pushpawela
Nessuna valutazione finora
Hillstone E-2000 Series en
Documento4 pagine
Hillstone E-2000 Series en
lestuardo
Nessuna valutazione finora
Cloud Computing Security
Documento27 pagine
Cloud Computing Security
Feisal Mohamed
Nessuna valutazione finora
Hillstone VFW CloudEdge V5.5R7 EN
Documento4 pagine
Hillstone VFW CloudEdge V5.5R7 EN
Muhammad Imran
Nessuna valutazione finora
Pre Installation Checklists
Documento22 pagine
Pre Installation Checklists
Ahmed Fathy
Nessuna valutazione finora
CISSP Fast Track Master: CISSP Essentials for Exam Success - Exam Cram Notes: 1st Edition - 2024
Da Everand
CISSP Fast Track Master: CISSP Essentials for Exam Success - Exam Cram Notes: 1st Edition - 2024
VERSAtile Reads
Nessuna valutazione finora
Security in SAP HANA PDF
Documento15 pagine
Security in SAP HANA PDF
Arturo Seijas
Nessuna valutazione finora
Cyber Threat Intelligence From Honeypot Data Using Elasticsearch
Documento8 pagine
Cyber Threat Intelligence From Honeypot Data Using Elasticsearch
Francesco Schifilliti
Nessuna valutazione finora
2023 Privacy Mini Guide
Documento52 pagine
2023 Privacy Mini Guide
Eboka Chukwuka
Nessuna valutazione finora
Spring Security Reference
Documento310 pagine
Spring Security Reference
Friends Learning
Nessuna valutazione finora
Bchat: A Decentralized Chat Application: International Research Journal of Engineering and Technology (Irjet)
Documento6 pagine
Bchat: A Decentralized Chat Application: International Research Journal of Engineering and Technology (Irjet)
Ankit Das
Nessuna valutazione finora
COP Data Diodes
Documento13 pagine
COP Data Diodes
Amal Katrib
Nessuna valutazione finora
Binary Exploitation Lab: Michael Schwarz June 18, 2017
Documento46 pagine
Binary Exploitation Lab: Michael Schwarz June 18, 2017
basofi luqman
Nessuna valutazione finora
VNCS - Gioi Thieu Dich Vu SoC PDF
Documento46 pagine
VNCS - Gioi Thieu Dich Vu SoC PDF
pham dat
Nessuna valutazione finora
SonicWall Bridge Course Questions
Documento6 pagine
SonicWall Bridge Course Questions
Eng. Rodrigo Pedrosa
Nessuna valutazione finora
Owasp API Top 10
Documento1 pagina
Owasp API Top 10
deepakhn
Nessuna valutazione finora
Cybersecurity Framework For Requirements of Repair, Update, and Renovation in Industry 4.0
Documento4 pagine
Cybersecurity Framework For Requirements of Repair, Update, and Renovation in Industry 4.0
L.A Flores
Nessuna valutazione finora
Chapter 3
Documento17 pagine
Chapter 3
vanitha
Nessuna valutazione finora
An Overview of The Bro Intrusion Detection System: Brian L. Tierney, Vern Paxson, James Rothfuss
Documento12 pagine
An Overview of The Bro Intrusion Detection System: Brian L. Tierney, Vern Paxson, James Rothfuss
Emotelvad Telusko
Nessuna valutazione finora
Ke 9 Bulan 5
Documento6 pagine
Ke 9 Bulan 5
indra.perdana2345
Nessuna valutazione finora
AV Paper PDF
Documento32 pagine
AV Paper PDF
Sándor Bányai
Nessuna valutazione finora
Past Question ICS
Documento2 pagine
Past Question ICS
Ananya Swaminathan
Nessuna valutazione finora
Lab Assignment-2 Classical Encryption Techniques Due: 3 February, 2019 Total Mark: 30
Documento2 pagine
Lab Assignment-2 Classical Encryption Techniques Due: 3 February, 2019 Total Mark: 30
Mehedi Hasan
Nessuna valutazione finora
2 Authentication - Access Control & Cryptography
Documento39 pagine
2 Authentication - Access Control & Cryptography
Agostinho Manuel Duarte Seixas Novo
100% (1)
PowerScale OneFS 9 0 0 0 Web Admin Guide
Documento396 pagine
PowerScale OneFS 9 0 0 0 Web Admin Guide
juhwa
Nessuna valutazione finora
CSE - 4 1 Sem - CS Syllabus - UG - R20 Revised On 27 02 2023
Documento96 pagine
CSE - 4 1 Sem - CS Syllabus - UG - R20 Revised On 27 02 2023
Surya Narayana Murthy Panangipalli
Nessuna valutazione finora
2015-Poster PenTest Infrastructure
Documento1 pagina
2015-Poster PenTest Infrastructure
Cristhoper Reverte Vera
Nessuna valutazione finora
Rumus Coding
Documento5 pagine
Rumus Coding
Riza Rizkiyanto
0% (1)
Icced 2019 Paper 156
Documento18 pagine
Icced 2019 Paper 156
Ghulam Mustafa GM
Nessuna valutazione finora
A Game Theory Method To Cyber-Threat Information Sharing in Cloud Computing Technology
Documento12 pagine
A Game Theory Method To Cyber-Threat Information Sharing in Cloud Computing Technology
asusmaxprom177
Nessuna valutazione finora
UAN Guidelines
Documento31 pagine
UAN Guidelines
Gurmeet Arora
Nessuna valutazione finora
Master Card Icc Card
Documento233 pagine
Master Card Icc Card
Dimitris Hatzigiannidis
100% (1)
Malware Runbook
Documento5 pagine
Malware Runbook
Ashwini Bala
Nessuna valutazione finora
Dhs Ics-Cert and Dhs Cyber Security Evaluation Tool (Cset) Demonstration PDF
Documento32 pagine
Dhs Ics-Cert and Dhs Cyber Security Evaluation Tool (Cset) Demonstration PDF
Andrew Arim
Nessuna valutazione finora