SAFELY ENABLE YOUR
SAAS APPLICATIONS
BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS
AGILITY DRIVING CHANGE
Public Cloud
(IaaS, PaaS)
Private Cloud
(SDN, NSX, ACI)
2 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Software as a Service
(SaaS)
DATA BREACHES SURGE
MALICIOUS
INSIDER
ACCIDENTAL
DATA LOSS
3 | © 2015, Palo Alto Networks. Confidential and Proprietary.
1,541
15%
25%
55%
MALICIOUS
OUTSIDER
Source: http://breachlevelindex.com/
BUSINESS IMPACTS OF SAAS
SANCTIONED
UNSANCTIONED
Fast to deploy
Minimal cost
Infinitely Scalable
Violates Compliance
Loss of corporate IP
Malware distribution
4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
SAAS SECURITY REQUIREMENTS
VISIBILITY
ANALYSIS
ENFORCEMENT
Apps, users, usages,
categories and
statistics
Data volume and
direction, malware
and threats
Granular policy
based on function
5 | © 2015, Palo Alto Networks. Confidential and Proprietary.
SAAS DISCOVERY AND ANALYSIS
New SaaS characteristics, ~400 apps, in 26 categories
Leverage next-generation tools; NGFW, CASB, or CAP
Build custom reports
6 | © 2015, Palo Alto Networks. Confidential and Proprietary.
SAAS REPORTING
7 | © 2015, Palo Alto Networks. Confidential and Proprietary.
SAAS SPECIFIC RISKS
MALWARE
PROPAGATION
8 | © 2015, Palo Alto Networks. Confidential and Proprietary.
ACCIDENTAL
DATA EXPOSURE
MALICIOUS
DATA EXFILTRATION
MALWARE PROPAGATION
9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
ACCIDENTAL DATA EXPOSURE
Share With:
mark
Marketing
Mark (CFO)
Anyone with the link
10 | © 2015, Palo Alto Networks. Confidential and Proprietary.
MALICIOUS DATA EXFILTRATION
Share
all files
publicly!
11 | © 2015, Palo Alto Networks. Confidential and Proprietary.
SOLUTION REQUIREMENTS
DETAILED
CONTENT
INSPECTION
AND
ANALYTICS
CONTEXTUAL
CONTROL
OF DATA
EXPOSURE
12 | © 2015, Palo Alto Networks. Confidential and Proprietary.
PROGRAMABLE
DOCUMENT
CLASSIFICATION
MALWARE
DETECTION
AND
REMOVAL
CLOUD DELIVERED SECURITY
APERTURE
DEPLOYMENT
AGNOSTIC
USER
AGNOSTIC
PREVENTS
THREATS
RETROACTIVE
POLICY
No network
changes or new
HW/SW to install
No agents
required or app
limitations
Malware detection
Policy applies
to past and
future events
13 | © 2015, Palo Alto Networks. Confidential and Proprietary.
CLOUD DELIVERED SECURITY
APERTURE
WILDFIRE
14 | © 2015, Palo Alto Networks. Confidential and Proprietary.
SAAS SECURITY PILLARS
NGFW PLATFORM
VISIBILITY
SAAS ACCESS
Applications usage Access to and
and statistics
from SaaS
applications
15 | © 2015, Palo Alto Networks. Confidential and Proprietary.
CASB/CAP
SAAS CONTROL
Data exposure and
threat protection
COMPLETE SAAS SECURITY
APERTURE
GLOBALPROTECT
WILDFIRE
16 | © 2015, Palo Alto Networks. Confidential and Proprietary.
COMPLETE DATA SECURITY
APERTURE
GLOBALPROTECT
Public Cloud
Private Cloud
17 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Software as a Service