Components of the Palo Alto Networks Strata – Enterprise Security

Strata prevents attacks with the industry-leading network security suite that enables organizations to embrace network transformation while consistently securing users, applications, and data, no matter where they reside.

Next-Generation firewall

Palo Alto Networks firewalls enable you to adopt best practices using application-, user-, device-, and content-based policies to minimize opportunities for attack. These next-generation firewalls are available as physical appliances, virtualized appliances, and cloud-delivered services, and all are managed consistently with Panorama. The firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Palo Alto Networks NextGeneration Firewalls detect known and unknown threats, including those within encrypted traffic, using intelligence generated across many thousands of customer deployments. The firewalls reduce risks and prevent a broad range of attacks. For example, they enable users to access data and applications based on business requirements, and they stop credential theft and an attacker’s ability to use stolen credentials.

With these next-generation firewalls, you can quickly create security rules that mirror business policy and are easy to maintain and adapt to your dynamic environment. They reduce response times with automated policy-based actions, and you can automate workflows via integration with administrative tools such as ticketing services or any system with a RESTful API.

The family of next-generation firewalls includes:

VM-Series: VM-Series virtual firewalls provide all the capabilities of the Palo Alto Networks next-generation hardware firewall in a virtual machine form factor so you can secure the environments that are vital for your competitiveness and innovation. Now you can leverage a single tool to safeguard cloud speed and software-defined agility by infusing segments and micro-segments with threat prevention. The VM-Series firewalls support the following virtualization environments: Alibaba Cloud, Amazon Web Services, Cisco ACI, Citrix NetScaler SDX, Google CloudPlatform, Kernel-Based Virtual Machine (KVM), Microsoft Hyper-V, Microsoft Azure, OpenStack, Oracle Cloud Infrastructure, VMware ESXi/NSX, VMware vCloud Air.

CN-Series: With the release of PAN-OS 10.0, Palo Alto Networks introduced the Container Native Series firewall (CN-Series) firewall. The CN-Series firewall is a containerized next-generation firewall that provides visibility and security for containerized application workloads on Kubernetes clusters. The CN-Series firewall natively integrates into Kubernetes (K8s) to provide complete Layer 7 visibility, application level segmentation, DNS security, and advanced threat protection for traffic going across trusted zones in both public cloud or data center environments.

Physical firewalls: PA-Series Next-Generation Firewalls are architected to provide consistent protection to your entire network perimeter, from your headquarters and office campus, branch offices, and data center to your mobile and remote workforce. Physical firewalls available include the PA-220, PA-800, PA-3200, PA-5200, and PA-7000 Series.

Network Security Management: Panorama

Panorama offers easy-to-implement and centralized management features to gain insight into network-wide traffic and threats and to administer your NGFWs everywhere. Panorama is available in both appliance and virtual forms. Panorama provides the following:

• Policy management: Create and edit security rules in accordance with your organization’s Security policy across your firewall deployment from one central location.
• Centralized visibility: Get deep visibility and comprehensive insights into network traffic and threats via Application Command Center (ACC).
• Network security insights: Leverage the automated correlation engine to reduce data clutter to identify compromised hosts and reveal malicious behavior.
• Automated threat response: Automate and customize security workflows using REST APIs to integrate with third-party systems and your existing operational tools.
• Network security management: Centrally manage devices and security configuration for all groups of firewalls.
• Enterprise-level reporting and administration: This feature includes log aggregation of managed NGFWs, User-ID redistribution to managed devices, and implementation of enterprise-level administration.