At a Glance Public Cloud

  • Published on

  • View

  • Download

Embed Size (px)


  • 7/25/2019 At a Glance Public Cloud




    Next-Generaon Security for the Public Cloud

    Regardless of where your applicaons and data are located, they are an aackers target,

    and protecng them in the cloud introduces the same security challenges you face in your

    on-premises data center. To that end, your public cloud security soluon should be consistent

    with what is deployed in your data center so that, no maer where the applicaons and data

    reside, security is consistent and assured.

    The VM-Series analyzes all the trac traversing your cloud deployment to immediately

    determine three crical elements that drive your security policy: the applicaon identy,

    regardless of port; the content, malicious or otherwise; and the user identy. Determining

    the applicaon, content and user simultaneously enables you to improve your security

    posture by directly mapping your security policies to key business iniaves. This also

    provides greater visibility along with more rapid incident response and improved forensics.

    A consistent security posture is ensured through centralized management that can control

    your physical and virtualized rewalls while addional management features enable policy

    automaon and integraon to fully support your cloud-rst iniaves.

    The VM-Series enables you to deploy a hybrid architecture while maintaining the same secu-

    rity posture established on your physical network with Palo Alto Networksappliance-based

    rewalls. The VM-Series can act as a perimeter gateway protecng against inbound threats,

    as a segmentaon gateway that controls workload-to-workload communicaons, and as a

    mobile security soluon. The VM-Series is supported in the following public cloud environ-

    ments: AmazonWeb Services, MicrosoAzure, and VMwarevCloudAir.

    Palo Alto Networks | AT A GLANCE| 2016, Palo Alto Networks. Confdenal and Proprietary. 1

    An insatiable appetite for compute and storage resources, combined

    with cloud-first development initiatives to support your business,

    is driving a data center transformation that seamlessly integrates

    the public cloud with your existing data center as a means to

    more rapidly address your growing application and data demands.

    Commonly referred to as a hybrid data center, the use of the public

    cloud not only helps address your growing data center demands but

    also provides you with the added benefits of agility, scalability and

    global reach.

    Public Cloud Highlights:

    Visibility into the applicaons running in your cloud

    Whitelist applicaons to limit access and segment them for security and


    Control access based on user to limit risk exposure

    Extend policies from the network to your cloud to all devices

    Prevent advanced cyberaacks at the perimeter and from moving laterally

    Centrally manage physical and virtualized rewalls for policy consistency

    Ensure security keeps pace with the business







    Private Cloud

    Public Cloud



    Microsof AzurevCloud Air

    App 1

    Web FE

  • 7/25/2019 At a Glance Public Cloud





    Palo Alto Networks | AT A GLANCE| 2016, Palo Alto Networks. Confdenal and Proprietary. 2


    Improved visibility to make informed

    security decisions

    With applicaon visibility across all ports, you have far more relevant informaon about your cloud environment, which, in turn, means you

    can make more informed policy decisions.

    Greater control over your applicaons Firewall access control policies are based on the applicaon not the port, enforcing the deny all else premise to block all other

    trac at the applicaon level. This level of control becomes crically important as you deploy more of your data center assets in the

    public cloud.

    Segmentaon for data security and


    Using security zones and whitelisng policies allows you to control applicaon-to-applicaon communicaon for increased protecon

    against aacks along with regulatory compliance.

    Prevenon of aack lateral movement Todays cyberthreats commonly compromise an individual workstaon or user and then move laterally across your physical or virtualizednetwork, placing your mission-crical applicaons and data at risk. Exerng applicaon-level control between workloads will reduce

    the threat footprint while applying Threat Prevenon and WildFire policies to block both known and unknown threats can stop their

    lateral movement.

    User- and device-level access control Integraon with a wide range of user repositories introduces the user identy as a policy element, complemenng applicaon whitelis-

    ng with an added access control component. User-based policies enable you to grant access to crical applicaons and data based on

    user credenals and their respecve need.

    Protecon from advanced cyberaacks Aacks, much like many applicaons, are capable of using any port, rendering tradional prevenon mechanisms ineecve. The

    VM-Series allows you to apply applicaon-specic threat prevenon policies to protect your Azure deployment.

    Protecon across your network,your cloud, and your devices

    When deployed in conjuncon with GlobalProtect, the VM-Series enables you to extend your corporate security policies globally todevice users, regardless of their locaon. GlobalProtect establishes a secure connecon to protect the user from Internet threats and

    enforce applicaon-based access control policies. Whether the need is for access to the Internet, data center or SaaS applicaons, the

    user enjoys the full protecon provided our security plaorm.

    Policy consistency across all form factors Panorama enables you to manage your VM-Series deployments, along with your physical security appliances, thereby ensuring policy

    consistency and cohesiveness. Rich, centralized logging and reporng capabilies provide visibility into virtualized applicaons, users

    and content.

    Security that keeps pace with cloud-rst


    Nave VM-Series management features enable you to integrate security with your cloud-rst development projects. A fully documented

    XML API, Bootstrapping, Dynamic Address Groups and VM-Monitoring allow you to automate rewall deployments and policy updates.

    The end result is new applicaons that can be deployed with baked-in security.


View more >