A hybrid Architecture is one of the easiest ways to securely address new application requirements and cloud-first development initiatives. This approach allows you to start small and expand as your requirements change while maintaining a strong security posture. In this session, you will learn the 5 key steps to building a hybrid architecture using the VM-Series next-generation firewall.
Speaker: Bisham Kishnani, Consulting Engineer (APJC) – DataCenter & Virtualization, Palo Alto Networks
3. Bisham
Kishnani
Consulting Engineer – Data Center & Virtualization (APJC)
- Industry experience – 16+ years
- With Palo Alto Networks – 1+ year
- Previous Employer
- Juniper Networks – 9+ years
- US Telecoms – 2 years
- Apara Enterprises – 2years
- Wipro – 2 years
4. June
29,
2007
One
of
the
main
features
of
the
iPhone was
its
full-‐featured
browser.
The
thing
could
actually
visit
normal
webpages like
those
displayed
on
computers.
iPhone 1
7. Applications Have Changed, Security Hasn't
Network security policy is enforced at the
firewall
• Sees all traffic
• Defines boundary
• Enables access
Traditional firewalls don’t work any more
8. How Can You Build Security Using…..
• Two applications: browsing and email
• With predictable application behavior
• In a basic threat environment
Stateful inspection addresses:
9. Some Examples of How Applications Work
• Antivirus applications began using port 80 as their avenue for updates back in 1997. AV
is not a web application. The vendors did this to simplify access and better support their
customers
• AOL instant messenger (AIM) used to prompt you with “Find an open port?” if it could
not establish a connection
• BitTorrent, Skype both port hop and MS sharepoint uses a range of ports.
• Finally, MS-Lync – the messaging component for MS live 365 requires port 443, 3478
(stun), 5223 and a range of ports between 20,000-45,000 and 50,000-59,999
12. Private
Cloud
(NSX,
ACI,
Openstack)
DATA CENTEREVOLUTION
Public
Cloud
(IaaS,
PaaS)
Software
as
a
Service
(SaaS)
INTERNET
• Shift
to
dynamic,
scalable,
self-‐provisioned
DC
infrastructure
• Transition
to
Network
Virtualization
in
addition
to
compute
and
storage
virtualization
Virtualized Compute, Network &
Storage
13. This PutsMore Security Pressuresin the DataCenter…
Wired Wireless VPN VDI
Employees, Guests, Partners, Contractors, and Temporary Workers
•Modern threats –
targeted, multi-vector,
persistent
SAAS
Private
/
Public
Cloud
49. AWS Free Trial: Available now
Try one of the bundles for 15 days
• Just like an Eval
• PoC to production
• Free usage cannot be extended
• Automatically converts to hourly
purchase after 15 days if VM-
Series instance is running