As you may know from past posts (read here), Focus has partnered up with Palo Alto Networks. Palo Alto Networks is a next-generation security company, leading a new era in cyber security by safely enabling all applications and preventing advanced threats from achieving their objectives for tens of thousands of organizations around the world. Palo Alto is one of the fastest growing security companies in the market because of their deep expertise, commitment to innovation, and game-changing security platform focused on bringing an end to the era of breaches by uniquely integrating their Next-Generation Firewall, Advanced Endpoint Protection, and Threat Intelligence Cloud.
Palo Alto’s next generation firewall hardware product line has a variety of models. These different models can scale from a small/branch office to a highly redundant enterprise datacenter.
Palo Alto also has a line of Virtual Appliances. These can be used in a virtual enviornment, and integrate with a technology like VMware NSX to improve datacenter security within your virtual environment.
An application called Panorama is used to centrally administer and manage logs within a Palo Alto physical and/or virtual enviornment. This application is very useful to see what your whole environment is doing. Some people leverage an SIEM tool such as Splunk to further analyze and correlate log and threat data.
How does this protect my environment?
Palo Alto has an attack lifecycle methodology, illustrated below. The focus is on protecting the enterprise throughout the entire lifecycle of an attack. Initial focus is at the perimeter with the hardware based nextgen firewalls. Here we focus on dangerous file types, URL filtering, known and unknown exploits, etc. Next we protect against malware and command & control attacks from known malicious domains. In the datacenter we want to protect against lateral movement using the VM Series firewalls with VMware NSX. Lastly it’s critical to protect against data exfiltration so your data doesn’t end up in the hands of an attacker, using all of the previously stated technologies.
Can I leverage the cloud?
Palo Alto has their own cloud service called Wildfire. It is a “Sandbox” type of an environment that is used to analyze unknown threats. Essentially, the firewall can send an unrecognized or unknown threat up to the cloud and wildfire will put that threat in a sandbox and emulate the unknown situation. This allows them to analyze the behavior and turn this unknown situation into a known situation.
What to do next?
If you think this is something you would like to pursue contact your Focus account manager and talk to them about Palo Alto Networks. We can setup a meeting and discuss what you want to get out of Palo Alto. If you like what you see we can assist with the acquisition of the licensing and design a final solution.
Thanks for reading!
Brad Maher | Director of Technology