at a glance

CHALLENGE:
Reduce costs. Improve protection profile. Protect from attacks across vectors.

SOLUTION:
Sixteen Palo Alto Networks PA-5060 Next-generation security platforms with URL Filtering and IDS/IPS and Panorama 

RESULTS:

  • Reduced devices, and therefore complexity, on network from over 
    80 to eight 
  • Vastly improved threat visibility  to protect the Agency 
  • Swift-time-to-protection: Fully deployed across all four gateways in five months. Impressive delivery with the second largest federal agency. 
  • Reduced costs with Palo Alto Networks per-appliance pricing vs. their previous vendor’s per-user pricing model 

BACKGROUND

As one of the largest, this U.S. Agency serves over 400,000 users with a large external user base, numerous outlying facilities globally and operates on a budget of over $100 billion. 

Originally looking to refresh their URL filtering, they quickly discovered much more security for their dollar, and ultimately scaled with our firewall and IPS/IDS solution.

Unexpected Benefits—More Had Not Meant Better 

While the Agency was pursuing the right solution to protect their web data, they quickly discovered they could replace over 60 of their existing security platforms (URL filtering servers and anti-virus scanning servers), in addition to their load balancers and caching servers -amounting to over 80 individual devices. How many Palo Alto Networks platforms did they need to provide what was replaced? Eight platforms.  

Once they turned up their Palo Alto Networks investment, the Agency quickly discovered many threats previously undiscovered by their original vendors. “Thanks to Palo Alto Networks we are seeing ‘things’ we’ve never seen before….”  Not only had they reduced their product footprint tenfold to perform the same function, they improved their protection profile and reduced their threat footprint.  

In addition, with the simplicity of this deployment, the Agency greatly reduced operational overhead. Fewer devices to manage, fewer moving parts, integrated easy-to-use security features from one GUI, less power, less heat generation and more. A solid, smart investment with ongoing benefits at multiple levels. 

Asked for URL Filtering—Got Next-generation Security

While their initial requirements did not reference next-generation security, they quickly realized that’s exactly what they got. Shortly after deployment, the Agency teams discovered they were not fully leveraging their new tools to their greatest potential having only enabled URL filtering. Every Palo Alto Networks platform includes URL filtering, IPS, threat protection, firewalling and antivirus—all in one box. 

Shortly thereafter, they began moving their firewall functions off of their existing platforms and relied on Palo Alto Networks for both their web protection and overall gateway firewall capabilities. Once the Agency was able to move more security functions over to the new Palo Alto Networks platforms, the net effect was solid security protection, significantly reduced costs, and even better protection than they’d had previously. The security team now reviews the Palo Alto Networks logs on a daily basis. According to the customer, “Palo Alto Networks security logs have become a key component of our security team processes.” All with a seamless deployment that was the best deployment they’d experienced. 

Palo Alto Networks security platforms are unique because they natively bring together all network security functions. Predictable, multi-Gbps performance is delivered via dedicated, function-specific processing for networking, security, content inspection, and management. 

One of the Most Successful Deployments

Palo Alto Networks also gave the Agency fast-time-to-protection. In addition to the lower cost and reduced complexity footprint, the Agency was happy the deployment took only five months. In their words, it “exceeded timeline expectations.” In fact, they felt that it was one of the most successful technology deployments they’d ever experienced. The customer gave the solution and team ratings of “Met or exceeded all expectations” with the added compliment, “Palo Alto Networks TAC [Technical Assistance Center/Support] is one of the best teams in the industry.” With the devices fully deployed across all four gateways in five months, it’s an impressive delivery for the one of the U.S.’s largest federal agencies.

The Deployment Details

The platforms are used in-line for all traffic heading in and out of the Internet. The over 400,000 users are load balanced based on geography across four trusted gateways. Each gateway averages 450,000 sustained sessions with up to 2 Gbps throughput, 5,000-10,000 connections per second, and at a CPU utilization of 35 percent. The Agency also uses Panorama for nightly configuration backups and custom reporting. 

Painting a New Picture of Security

Palo Alto Networks next-generation security platforms deliver robust protection to this large U.S. Agency. Reduced footprint, reduced complexity, tremendous cost savings, and better protection. More protection for less money—not a story IT and security staffs can often tell.

This Case Study available in Japanese and German.


 

Threat Prevention Datasheet

Threat Prevention protects your network against these threats by providing multiple layers of prevention, confronting threats at each phase of the attack.

  • 0
  • 18855

Comparing Palo Alto Networks With Proxy-Based Products

Comparison of Palo Alto Networks next-generation firewall technology with proxies.

  • 1
  • 22624

Integrated URL Filtering Datasheet

URL Filtering with PAN-DB enables safe web access, protecting users from dangerous websites, malware sites, credential-phishing pages and attacks.

  • 1
  • 14005

Single-Pass Architecture

Outlines the benefits of intelligently integrating security functions into your firewall, why past approaches have failed, and how Palo Alto Networks succeeded with our single-pass architecture approach.

  • 5
  • 12373

At a Glance URL Filtering

Learn how the URL Filtering component of Palo Alto Networks Next-Generation Security Platform automatically protects you against phishing and malicious websites.

  • 1
  • 8048

CONTENT-ID Tech Brief

Overview of our technology that delivers real-time threat prevention and content control.

  • 2
  • 5428