PALO ALTO – NEW GENERATION CLOUD DATA SECURITY PLATFORM (Part 01)

1. DATA SECURITY CHALLENGES

In the current 4.0 industrial revolution: data explosion (Big data), digital transformation, cloud computing… are inevitable trends and development opportunities for the whole world, from governments, businesses, to individuals.

The ever-increasing volume of data forces individuals and organizations to store and protect their data in cloud data centers. This raises many concerns related to data safety and security such as:

– Data leakage and loss

– Data breach, privacy

– Access control

– Denial-of-service – DDoS (denial-of-service)

More specifically, in a network system, controlling user behavior, controlling the applications that users use, controlling access of users in the system and important network areas (such as dedicated servers…) as well as protecting the system from the risk of being attacked by bad guys, infected with viruses, spyware are the top important tasks to secure data.

2. LIMITATIONS OF TRADITIONAL SECURITY MODEL

In a real network system, there are often many different security devices as shown in the following model:

Processing of a packet in a multi-layered security system:

 

It can be seen that this traditional security model has many disadvantages as follows:

–  Reduces   system performance: each time a packet passes through a device ,  it will be disassembled for inspection and many processes such as unpacking, checking Port/Protocol are repeated many times, further reducing system performance.

–  Expensive operating costs:  The more security devices in the system, the more budget is spent to purchase and maintain operations.

–  Difficulty in providing a unified centralized policy for the system:  Having too many security devices and each security device must have its own individual security policy, this causes many difficulties for administrators in setting up security policies correctly, avoiding conflicts between devices.

–  It is very difficult to have a complete view of what is happening on the system:  Each individual security device has its own log database such as Proxy will have logs about users’ website access behavior, IPS has logs about attacks on the system… however, they are separate logs, not linked together.

–  Lack of connection between devices in the system:  Different security devices often come from different security companies and therefore have different databases, which makes it impossible for these devices to connect with each other to coordinate work.

3. PALO ALTO NEW GENERATION SECURITY PLATFORM

a. Identify and control applications:

Palo Alto Network (PAN) provides system visibility and control across applications, users, and content regardless of port, protocol, evasion, or encryption methods.

b. Real-time control of object content:

Allows users to set up a mechanism to scan and control the internal content of applications sent in real time to detect security vulnerabilities, viruses, spyware, sensitive data…

c. High throughput and performance:

With intelligent scanning mechanism and optimized hardware structure, PAN’s working performance always ensures to meet the system’s speed requirements.

b. Simplify the security system, reduce costs effectively:

PAN provides customers with a series of essential security functions from Firewall, DLP, Anti-virus, IPS, URL Filtering… on a single hard Box, avoiding the need to use too many individual devices in the system.

c. Diverse operating environment:

PAN can be deployed across enterprise network environments, including data centers, at the network perimeter, at branches, and in evolving cloud, virtualization, and mobile environments.

The system will become extremely simple, easy to manage, and operate effectively with PA.

4.  MAIN TECHNOLOGIES  OF PALO ALTO NETWORKS

With its custom-designed hardware architecture, the next-generation Palo Alto firewall delivers transparency and control over applications, users, and content using three advanced identification technologies:  App-ID, User-ID, and Content-ID .

Apply all advanced technology into the product

App-ID : Using four different data classification mechanisms, App-ID™ accurately identifies which applications are actually running on the network infrastructure regardless of which service port the application is running on, which protocol, or whether it is SSL encrypted or not. This helps administrators create comprehensive policies to manage application usage and inbound and outbound traffic to increase the security of the network infrastructure.

Content-ID:  A stream-based scanning engine that detects and blocks threats and limits unauthorized transfers of sensitive files and content. Additionally, a comprehensive URL database controls non-work-related web browsing. Application visibility and control, combined with threat prevention capabilities enabled by Content-ID, allow IT to regain control of applications and threats.

User-ID:  Integrates with Microsoft Active Directory to associate IP addresses with users and groups, allowing IT departments to control applications and content based on employee information stored in Active Directory. User-ID allows administrators to associate user information with applications, create policies, log data, and report.