Paloalto方案FOR销售

PaloAlto下代防火墙网络平安解决方案精品课件(二)1. PaloAlto下代防火墙的基本概念- PaloAlto下代防火墙是一种基于应用程序的防火墙，可以识别和控制网络流量中的应用程序，并且能够对应用程序的行为进行深度检测和分析。

- PaloAlto下代防火墙可以提供更精细的控制和更高的安全性，可以在网络层和应用层同时进行防御和保护，可以有效地防止各种恶意攻击和数据泄露。

2. PaloAlto下代防火墙的功能特点- 应用程序识别和控制：PaloAlto下代防火墙可以识别和控制网络流量中的应用程序，可以根据应用程序的特征和行为进行精细的控制和管理。

- 内容过滤和检测：PaloAlto下代防火墙可以对网络流量中的内容进行过滤和检测，可以防止各种恶意代码和攻击载荷的传播和执行。

- 安全策略管理：PaloAlto下代防火墙可以根据安全策略进行流量过滤和控制，可以实现网络访问控制和安全性管理。

- 威胁情报和事件响应：PaloAlto下代防火墙可以收集和分析网络威胁情报，并且可以对各种安全事件进行实时响应和处理。

3. PaloAlto下代防火墙的应用场景- 企业内部网络：PaloAlto下代防火墙可以用于企业内部网络的安全防护和管理，可以防止各种内部和外部的安全威胁和攻击。

- 互联网边界：PaloAlto下代防火墙可以用于互联网边界的安全防护和管理，可以防止各种网络攻击和数据泄露。

- 云安全：PaloAlto下代防火墙可以用于云安全的防护和管理，可以保护云服务器和云应用程序的安全性和可靠性。

- 移动安全：PaloAlto下代防火墙可以用于移动安全的防护和管理，可以保护移动终端和移动应用程序的安全性和可靠性。

4. PaloAlto下代防火墙的优势和劣势- 优势：PaloAlto下代防火墙具有应用程序识别和控制、内容过滤和检测、安全策略管理和威胁情报和事件响应等功能特点，可以提供更精细的控制和更高的安全性。

PaloAlto下代防火墙网络平安解决方案精品
课件(一)
PaloAlto下代防火墙网络平安解决方案精品课件是一种高效、先进的
网络安全方案。

它具有多种安全防护功能，可以满足企业多种需求，
是一款非常实用的网络安全工具。

下代防火墙是一种新型的网络安全防护设备，它能够通过深度分析数
据包，判断是否具有恶意代码，从而有效地防范网络攻击。

而
PaloAlto是一家领先的网络安全防护厂商，其下代防火墙产品在全球
范围内得到广泛应用。

PaloAlto下代防火墙网络平安解决方案精品课件所提供的功能非常全面。

它可以提供实时的威胁监测和防范，有效地防范网络攻击。

此外，该解决方案还提供了先进的入侵检测和防范功能，可以对网络中的异
常流量进行监测，及时发现和解决网络安全问题。

该解决方案还提供了端点安全管理功能，可以对企业内部网络进行全
面的安全管理和控制。

同时，它还能够提供全面的应用程序管理功能，可以控制和过滤用户使用的各种应用程序，保持网络的稳定和安全。

PaloAlto下代防火墙网络平安解决方案精品课件还支持基于身份的访
问控制，可以基于不同的用户身份进行访问控制和过滤。

这种访问控
制功能可以避免用户滥用网络资源，从而保护企业的重要信息资产。

总的来说，PaloAlto下代防火墙网络平安解决方案精品课件是一种高效、实用的网络安全工具。

它具有多种安全防护功能，可以满足企业
各种需求，保障企业网络的平安与稳定。

在当今信息化社会，网络安
全是企业的重要问题，采用PaloAlto下代防火墙网络平安解决方案精品课件是一个非常不错的选择。

How SOAR Is Transforming Threat IntelligenceThe benefits of digita l tra nsforma tion for a ny enterprise a re clea r, but thetra nsforma tion a lso comes with security implica tions a s new technologiesexpand the attack surface, enabling attackers to come from anywhere. Withcloud computing, a utoma tion, a nd a rtificia l intelligence now ma instrea m,a tta ckers ca n ca rry out their ca mpa igns a t unprecedented levels of sophis-tication and scale with minimal human intervention. Today, threat actors attackcomputers every 39 seconds.1 A report by Cybersecurity Ventures projects thatby 2021, a business will fall victim to ransomware every 11 seconds.2 This is onlypossible because attackers are taking advantage of machine speed.1. “Hackers Attack Every 39 Seconds,” Security Magazine, February 10, 2017, https:///articles/87787-hackers-attack-every-39-seconds.2. “Global Cybercrime Damages Predicted T o Reach $6 Trillion Annually By 2021,” Cybercrime Magazine, December 7, 2018, https:///cybercrime-damages-6-trillion-by-2021.Incident Responders Incident responders are worried about damage control. They look for possible breaches, and If they find evidence of one, their job is to investigate and prevent it from spreading. Due to the sensitive nature of breaches, all evidence needs to be well-documented and shared with all the stakeholders. Incident responders have access to tools that help them contain breach -es, such as EDR tools to kill the end host. They engage firewall administrators to deploy policies that block propagation at the network level. They heavily rely on external threat intelligence to learn about the profiles and common techniques of attackers, allowing them to respond confidently and with precision.Accordingly, incident responders are challenged when it comes to:• Knowledge transfer , where a lack of collaboration be-tween teams introduces gaps in security.• Case management , because generic case management is not ideal for security use cases, resulting in inefficiency and poor documentation.• Lack of threat intelligence as many incident responders are forced to use manual, flawed processes to gain context around external threats, causing delays and risks.Incident responders need:• Full security case management to document their find -ings in detail and enable them to collaborate in real time with other stakeholders as well as provide preventive and quarantine measures across the enterprise.•Threat intelligence to provide deeper context around attackers and their motivations.Disparate knowledge transfer introduces communication gaps Insufficient case management Lack of security centriccase-management results in inefficiency Lack of threat intelligence Missing real-world external context to prioritize alertsFigure 2:Incident responders challengesToo many alerts & not enough people to handle them Repetitive & manual actions across tools,process and people It takes days toinvestigate and respond to threatsFigure 1: SOC analyst challengesdetect, investigate, and respond to advanced cyberthreats.Unfortunately, security teams of all sizes are overwhelmed and unable to function at full capacity due to a shortage of cybersecurity skills, high volumes of low-fidelity alerts, a plethora of disconnected security tools, and lack of external threat context. To address these challenges, we first need to break down the inner workings of a SOC and get a sense of what happens. Only then will we be able to appreciate the enormity of what SOC teams are up against and begin to ap-ply solutions that work.In larger organizations, mature security operations teams have a lot of moving parts. Three main functions make up ef -fective security operations: SOC analysts, incident respond -ers, and threat analysts.SOC Analysts SOC analysts look at thousands of internal alerts daily, sourced by security information and event management (SIEM) technologies, endpoint detection and response (EDR) systems, and sometimes hundreds of other internal security tools. Their job is to be the eyes of the enterprise: to detect, investigate, determine root cause of, and respond quickly to security incidents. SOC analysts continuously monitor the network using detection tools, identifying and investigating potential threats. Once they identify a potential risk, ana-lysts also need to document their findings and share recom -mended actions with other stakeholders.All this means SOC analysts often struggle with:• Alert fatigue: The average enterprise receives more than 11,000 security alerts per day,3 and doesn’t have enough people to handle them.• Lack of time: Repetitive, manual, and administrative tasks take too long. A lack of integration across the many tools analysts must use slows down every stage of the process. • Limited context: It often takes days to investigate and respond to threats. Security tools don’t provide adequate context on alerts or their relevance to the environment,forcing analysts to piece these things together manually.To overcome these problems, analysts need:• Automation to take care of daily tasks so they can f ocus on what really matters.• Real-time collaboration with the rest of the team so they are always in sync and learning from one another. • Threat intelligence that delivers context to help them un -derstand the relevance and potential impact of a threat.3.According to a commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, February 2020. As of the publication of this document, the report has not yet been officially released.IP 1.1.1.1feeds How bad is it?Malware analysisEndpoint detection and response SIEM Spreadsheet Bad IP 1.1.1.1Security SIEM ToolsResearch ReportsWho is behind it?EmailEnd usersAssets FirewallNetwork topology Internet accessNews/Blog Threat actors use 1.1.1.1 To attack!Industry peersAre we impacted?Who is using this IP address?Which policy isblocking this IP address?• Difficulty taking action since putting threat intel into a ction is highly manual and relies on other teams.Threat intelligence analysts need:• Full control over threat intelligence feed indicators to build their own logic and reputation based on their environment and business needs.• Collaboration with other teams to quickly arm them with rich context and up-to-date research.• Robust documentationto capture their ck of controlManually tuningand scoring of IOCS Siloed workflows Incidents and threat intel are broken across tools, people and process Putting threat intel intoaction is highly manual and repetitiveFigure 3: Difficulties facing threat analysts Figure 4: Holistic view of a typical day in a SOCThreat Intelligence Analysts/ Programs Threat analysts identify potential risks to organizations that have not been observed in the network. They provide c ontext around potential threats by combining external threat i ntelligence feeds from multiple sources with human intelli-gence. According to a recent survey conducted by the SANS Institute, 49.5% of organizations have some type of a threat intelligence team or program with its own dedicated budget and staffing.4 This is evidence of the growing importance of threat intelligence analysts, who help to identify attackers, uncovering their motivations, techniques, and processes. Threat intelligence teams pass their findings on specific at -tacks as well as broader threat landscape reports to SOC and incident response teams to build better preventive measures.Threat intelligence analysts face:• Lack of control over threat intelligence feeds, forcing the analysts to manually tune and score indicators of compro-mise (IOCs) to match their environment.• Siloed workflows causing poor communication and i ntegration between incident response and threat intelli-gence tools, teams, and processes.4. “2020 SANS Cyber Threat Intelligence (CTI) Survey,” SANS Institute, February 11, 2020, https:///reading-room/whitepapers/threats/paper/39395.with instant clarity into high-priority threats to drive the right response, in the right way, across the entire enterprise.Cortex XSOAR unifies case management, r eal-time c in the industry’s first extended security mation, and response platform.security orchestration, automation, and response (SOAR) platforms to manage alerts across all sources, standardize processes with playbooks, and automate response for any security use case, but there is still a significant gap when it comes to threat intelligence management.as an i ssue, o ffering guidance that SOAR and TIPs need to converge. TIPs are merely adding complexity by aggregating intelligence sources without the real-world context or auto -mation required to take quick, confident action. It’s time for a different approach.We Need an Extended SOAR PlatformCortex™ XSOAR, with native Threat I ntel Management, just makes sense. As part of the extensible C ortex XSOAR platform,Threat Intel Management defines a new approach by unify -ing threat intelligence aggregation, scoring, and sharing with playbook-driven automation. It empowers securityleaders370+Third-party tools Cortex XDR Tools People APIOther sources source ISAC Premium AutoFocus AFresponseTake complete control of your threat intelligence feeds Make smarter incident response decisions by enriching every tool and process Close the loop between intelligence and action with playbook-driven automation Figure 7: Benefits of Threat Intel Management Figure 6: Cortex XSOAR playbook-driven automationintelligence platforms Figure 5: A typical SOAR + TIP siloed deployment Cortex XSOAR allows you to:• Eliminate manual tasks with automated playbooks to ag-gregate, parse, deduplicate, and manage millions of daily indicators across multiple feed sources. Extend and edit IOC scoring with ease. Find providers that have the most relevant indicators for your specific environment.• Reveal critical threats by layering third-party threati ntelligence with internal incidents to prioritize alerts and make smarter response decisions. Supercharge i nvestigations with high-fidelity, built-in threat intel -ligence from Palo Alto N etworks AutoFocus™ service. Enrich any detection, monitoring, or response tool withcontext from curated threat intelligence.Security analysts deal with millions of indicators collected from hundreds of multi-sourced intelligence feeds. These indicators lack context required for analysts to make informed decisions, p recision. tools at their disposal can’t handle the sheer volume of indi cators, and analysts end up re-prioritizing indicators to match native Threat Management gives analysts complete control and flexibility to incorporate any business logic into their scoring. Built-in inte-gration with more than 370 vendors allows analysts to react in real time as the indicators are consumed.report millions of indicators on a daily basis the context analysts need to make informed decisions and take action handle limited amounts of threat intelligence data and need to constantlyre-prioritize indicators Figure 9: Challenges of disconnected intelligence toolsFigure 10: Intelligence management before and after Cortex XSOAR ISACs AAPIAutomated playbooksIndicatorvalue report Indicator lifecycle Third-party Intel sharingvisualization Threat intelligence enrichment and prioritization3000 Tannery Way Santa Clara, CA 95054M a in: +1.408.753.4000S a les: +1.866.320.4788Support: +1.866.898.9087© 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered t rademark of Palo Alto Networks. A list of our trademarks can be found at https:///company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. how-cortex-is-transforming-threat-intelligence-wp-041720of the most common use cases include phishing, s ecurity op-erations, incident alert handling, cloud security orchestration, vulnerability management, and threat hunting.The future of SOAR includes native Threat Intel Manage -ment, enabling teams to break down silos between securi-ty operations and threat intelligence functions. When these are offered together in one platform, SOC analysts, incident responders, and threat intelligence teams can unify their efforts against advanced adversaries, optimizing their com -munication, efficiency, and access to insights.Cortex XSOAR redefines orchestration, automation, and response with the industry’s firstextended SOARplatform that includes automation, orchestration, real-time collab-oration, case management, and Threat Intel Management, enabling security teams to keep pace with attackers now and in the future.Visit us online to learn more about Cortex XSOAR.Breadth of Cortex XSOAR Use Cases The open and extensible Cortex XSOAR platform can be applied to a wide range of use cases—even to processes outside the purview of the SOC or security incident response team. SomeIncorporate any business logic into collection, scoring,and integrations to security devices React in real time to new indicators as they are consumed Defend your network instead of spending time building integrations integrations Figure 11: Cortex XSOAR benefits across the SOC。

世界网络安全厂商排名随着互联网的发展，网络安全已成为一个全球范围的重要议题。

为了应对不断增长的网络威胁，许多公司专门从事网络安全技术的研发和销售。

以下是世界上一些知名的网络安全厂商以及他们的排名：1. Symantec（赛门铁克）：作为全球最大的网络安全厂商之一，Symantec提供了一系列的解决方案，包括防病毒软件、防火墙和入侵检测和防御系统。

他们的产品广泛应用于企业和个人用户，并在全球范围内有着广泛的用户群体。

2. McAfee（迈克菲）：McAfee是一家全球领先的网络安全厂商，为用户提供了一系列的防病毒软件、防火墙和数据安全解决方案。

他们的产品在全球范围内得到了广泛的认可和应用，深受用户信赖。

3. Cisco（思科）：作为网络设备制造商，思科在网络安全领域也有着丰富的经验和技术积累。

他们提供了一系列的安全解决方案，包括防火墙、入侵检测和防御系统以及虚拟专用网（VPN）等。

4. Check Point（查阅点）：Check Point是一家以色列的网络安全厂商，以其先进的防火墙技术和入侵检测和防御系统而闻名。

他们的产品广泛应用于企业网络和云安全领域。

5. Fortinet（飞塔）：Fortinet是一家网络安全厂商，提供全面的防火墙、入侵检测和防御系统以及其他网络安全解决方案。

他们广泛用于中小型企业和个人用户。

6. Trend Micro（趋势科技）：作为一家全球知名的网络安全厂商，趋势科技提供了一系列的防病毒软件、入侵检测和防御系统以及其他数据安全解决方案。

他们的产品在全球范围内得到了广泛的应用和推广。

7. Palo Alto Networks（棕榈网络）：Palo Alto Networks是一家总部位于美国的网络安全公司，他们的产品包括防火墙、入侵检测和防御系统以及其他网络安全解决方案，主要应用于企业和云安全领域。

8. Kaspersky Lab（卡巴斯基实验室）：作为俄罗斯的一家知名网络安全厂商，卡巴斯基实验室在全球范围内拥有庞大的用户群体。

简介相对于传统的用IP来表示流量，Paloalto的User-ID可以做到，将IP与用户进行关联。

1）可以基于用户来配置策略，使得策略配置更加人性化；2）可以基于用户来查看日志信息，使得信息查看更加直观。

Paloalto的User-ID借助于User-Agent来实现。

它的User-Agent分为2种，一种是防火墙自带的，另一种是需要在客户机上安装的客户端软件。

本文内容在于讲述如何配置Agentless的User-ID，也就是配置防火墙自带用户识别功能，需要与AD进行通信。

通过本文的配置，可以实现信息呈现用户化，而非不太直观的IP表示，另外，还可以基于User-ID来配置策略。

需求需求一：对所有用户做身份识别。

需求二：基于User-ID做policy。

需求一：对所有用户做身份识别步骤一：在windows服务器上创建User-Agent专用账号，供防火墙提取用户信息为了能够顺利提取信息，要将这个用户添加到下面的这几个组中。

步骤二：配置service-route本实验环境中，由于网管口和Windows服务器不能够直接通信，所以需要在防火墙与Windows服务器通信的接口上开启对应的service，因此要配置下面的service-route。

而这一步也通常被人忽略，有些人按照官方文档昨晚配置后就是看不到现象，郁闷至极，而这一步很可能就是问题的原因。

步骤三：配置User-ID在这一步中，要注意User Name的格式，严格按照域名\用户名的格式来填写。

步骤四：在zone上开启User-ID测试：需求二：可以基于User-ID做policy步骤一：配置service-route这里的配置和上面的service-route的配置的道理是一样的，也是关键的一步！步骤二：配置server profiles步骤三：配置group mapping如果看不到以上效果，试试重启Windows服务器。

效果：。

Paloalto网络安全解决方案北京信诺瑞得信息技术有限公司目录1概述32方案设计42.1拓扑结构 (4)3方案说明43.1设备功能简介 (4)3.2下一代防火墙技术优势 (5)3.2.1识别技术53.2.2整合式威胁防范93.2.3控制应用，阻止威胁93.2.4SP3架构：单次完整扫描103.2.5网络与应用漏洞攻击防范:101概述随着网络的建设，网络规模的扩大，鉴于计算机网络的开放性和连通性，为计算机网络的安全带来极大的隐患，并因为互联网开放环境以及不完善的网络应用协议导致了各种网络安全的漏洞。

计算机网络的安全设备和网络安全解决方案由此应运而生，并对应各种网络的攻击行为，发展出了各种安全设备和各种综合的网络安全方案。

零散的网络安全设备的堆砌，对于提高网络的安全性及其有限，因此，如何有效的利用但前的网络设备，合理组合搭配，成为网络安全方案成功的关键。

但是，任何方案在开放的网络环境中实施，均无法保证网络系统的绝对安全，只能通过一系列的合理化手段和强制方法，提高网络的相对安全性，将网络受到的危险性攻击行为所造成的损失降到最低。

网络安全问题同样包含多个方面，如：设备的安全、链路的冗余、网络层的安全、应用层的安全、用户的认证、数据的安全、VPN应用、病毒防护等等。

在本方案中，我们提出的解决方案主要侧重在于：HA(高可用性)、IPSecVPN但是paloalto同时也能解决网络层安全、访问控制的实现、病毒的防护、间谍软件的防护、入侵的防护、URL的过滤、，以提高网络的安全防御能力，并有效的控制用户上网行为和应用的使用等安全问题。

2方案设计2.1拓扑结构3方案说明总公司与分公司之间用IPSecVPN连接总公司采用两台paloalto4050组成HA(Active-Active)，提高网络可用性和稳定性3.1设备功能简介Paloalto设备可采用Active-Active和Active-Standby两种模式运行，在本方案中采用Active-Active模式，以便可以最大的发挥设别的性能。

PA-400 SeriesThe world’s first ML-Powered N ext-Generation Firewall (N GFW) enables you to prevent unknown threats, see and secure everything— i ncluding the Internet of Things (IoT)—and reduce errors with automatic policy recommendations.The controlling element of the PA-400 Series is PAN-OS®, the same software that runs all Palo Alto Networks NGFWs. PAN-OS natively classifies all traffic, inclusive of applica-tions, threats, and content, and then ties that traffic to the user regardless of location or device type. The application, content, and user—in other words, the elements that run your business—then serve as the basis of your security pol-icies, resulting in improved security posture and reduced i ncident response times.Key Security and Connectivity FeaturesML-Powered Next-Generation Firewall• Embeds machine learning (ML) in the core of the firewall to provide inline signatureless attack prevention for file-based attacks while identifying and immediately stopping never-before-seen phishing attempts.• Leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW.• Uses behavioral analysis to detect IoT devices and make policy recommendations as part of a cloud-delivered and natively integrated service on the NGFW.• Automates policy recommendations that save time and r educe the chance of human error.Identifies and categorizes all applications, on all ports, all the time, with full Layer 7 inspection • Identifies the applications traversing your network i rrespective of port, protocol, evasive techniques, or e ncryption (TLS/SSL).• Uses the application, not the port, as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect, and apply traffic-shaping.• Offers the ability to create custom App-ID™ tags for pro-prietary applications or request App-ID development for new applications from Palo Alto Networks.• Identifies all payload data within an application (e.g., files and data patterns) to block malicious files and thwart exfil-tration attempts.• Creates standard and customized application usage r eports, including software-as-a-service (SaaS) reports that p rovide insight into all sanctioned and unsanctioned SaaS traffic on your network.• Enables safe migration of legacy Layer 4 rule sets to A pp-ID-based rules with built-in Policy Optimizer, giving you a rule set that is more secure and easier to manage. Enforces security for users at any location, on any device, while adapting policy based on user activity• Enables visibility, security policies, reporting, and forensics based on users and groups—not just IP addresses.• Easily integrates with a wide range of repositories to lever-age user information: wireless LAN controllers, VPNs, d irectory servers, SIEMs, proxies, and more.• Allows you to define Dynamic User Groups (DUGs) on the firewall to take time-bound security actions without wait-ing for changes to be applied to user directories.• Applies consistent policies irrespective of users’ locations (office, home, travel, etc.) and devices (iOS and Android®mobile devices, macOS®, Windows®, Linux desktops, lap-tops; Citrix and Microsoft VDI and Terminal Servers).• Prevents corporate credentials from leaking to third-party websites and prevents reuse of stolen credentials by e nabling multi-factor authentication (MFA) at the network layer for any application without any application changes.• Provides dynamic security actions based on user behavior to restrict suspicious or malicious users.Prevents malicious activity concealed ine ncryp ted traffic• Inspects and applies policy to TLS/SSL-encrypted traffic, both inbound and outbound, including for traffic that uses TLS 1.3 and HTTP/2.• Offers rich visibility into TLS traffic, such as amount of encrypted traffic, TLS/SSL versions, cipher suites, and more, without decrypting.• Enables control over use of legacy TLS protocols, insecure ciphers, and misconfigured certificates to mitigate risks.• Facilitates easy deployment of decryption and lets you use built-in logs to troubleshoot issues, such as applications with pinned certificates.• Lets you enable or disable decryption flexibly based on URL category, source and destination zone, address, user, user group, device, and port, for privacy and compliance purposes.• Allows you to create a copy of decrypted traffic from the firewall (i.e., decryption mirroring) and send it to traffic collection tools for forensics, historical purposes, or data loss prevention (DLP).Offers centralized management and visibility • Benefits from centralized management, configuration, and visibility for multiple distributed Palo Alto Networks NGFWs (irrespective of location or scale) through Panorama™ net-work security management, in one unified user interface.• Streamlines configuration sharing through Panorama with templates and device groups, and scales log collection as logging needs increase.• Enables users, through the Application Command Center (ACC), to obtain deep visibility and comprehensive insights into network traffic and threats.Detect and prevent advanced threats with cloud-delivered security servicesToday, cyberattacks have increased in volume and sophisti-cation, scaling to 45,000 variants within 30 minutes, using multiple threat vectors or advanced techniques to deliver malicious payloads within your enterprise. Traditional s iloed security solutions cause challenges for organizations tryingNote: Results were measured on PAN-OS 10.1* PA-410 Performance data will be added in the future.† Firewall throughput is measured with App-ID and logging enabled, utilizing 64 KB HTTP/appmix transactions.‡ Threat Prevention throughput is measured with App-ID, IPS, antivirus, anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions.§ IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.|| New sessions per second is measured with application-override, utilizing 1 byte HTTP transactions.to protect their users, devices and applications. They intro -duce security gaps and increase management overhead for security teams, and hinder business productivity with incon -sistent access and visibility. Seamlessly integrated with the industry-leading Next-Generation Firewall platform, our Cloud-Delivered Security Services use the network effect of 80,000 customers to instantly coordinate intelligence and provide protections for all threats across all threat vectors. Eliminate coverage gaps across all enterprise locations and take advantage of best-in-class security delivered consis-tently in a platform, so you can be safe from even the most advanced and evasive threats.• Threat Prevention —goes beyond a traditional intrusion prevention system (IPS) to prevent all known threats across all traffic in a single pass without sacrificing performance.• Advanced URL Filtering —provides best-in-class web protection while maximizing operational efficiency with the industry’s first real-time web protection engine and i ndustry-leading phishing protection.• WildFire ®—ensures files are safe with automatic detection and prevention of unknown malware powered by industry- leading cloud-based analysis and crowdsourced intelligence from more than 42,000 customers.• DNS Security —harnesses the power of ML to detect as well as prevent threats over DNS in real time and empowerss ecurity personnel with the intelligence and context to craft policies and respond to threats quickly and effectively.• IoT Security —provides the industry’s most comprehensive IoT security solution, delivering ML-powered visibility, pre -vention, and enforcement in a single platform.• Enterprise DLP —offers the industry’s first cloud-deliv -ered enterprise DLP that consistently protects sensitive data across networks, clouds, and users.• SaaS Security —delivers integrated SaaS security that lets you see and secure new SaaS applications, protect data, and prevent zero-day threats at the lowest total cost of owner -ship (TCO).Enables SD-WAN functionality• Allows you to easily adopt SD-WAN by simply enabling it on your existing firewalls.• Enables you to safely implement SD-WAN, which is natively integrated with our industry-leading security.• Delivers an exceptional end user experience by minimizing latency, jitter, and packet loss.Delivers a unique approach to packet processing with Single-Pass Architecture• Performs networking, policy lookup, application and de -coding, and signature matching—for all threats and con-tent—in a single pass. This significantly reduces the amount of processing overhead required to perform multi -ple functions in one security device.• Avoids introducing latency by scanning traffic for all signa -tures in a single pass, using stream-based, uniform signa -ture matching.• Enables consistent and predictable performance when security subscriptions are enabled. (In Table 1, “Threat Prevention throughput” is measured with multiple sub -scriptions enabled.)3000 Tannery WaySanta Clara, CA 95054Main: +1.408.753.4000Sales: +1.866.320.4788Support: +1.866.898.9087© 2021 Palo Alto Networks, Inc. Palo Alto Networks is a registeredtrademark of Palo Alto Networks. A list of our trademarks can be found at https:///company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.strata_ds_pa-400-series_052721To learn more about the features and associated capacities of the PA-400 Series, please visit /net -work-security/next-generation-firewall/pa-400.。