at a glance

CHALLENGE:
Reduce costs. Improve protection profile. Protect from attacks across vectors.

SOLUTION:
Sixteen Palo Alto Networks PA-5060 Next-generation security platforms with URL Filtering and IDS/IPS and Panorama 

RESULTS:

  • Reduced devices, and therefore complexity, on network from over 
    80 to eight 
  • Vastly improved threat visibility  to protect the Agency 
  • Swift-time-to-protection: Fully deployed across all four gateways in five months. Impressive delivery with the second largest federal agency. 
  • Reduced costs with Palo Alto Networks per-appliance pricing vs. their previous vendor’s per-user pricing model 

BACKGROUND

As one of the largest, this U.S. Agency serves over 400,000 users with a large external user base, numerous outlying facilities globally and operates on a budget of over $100 billion. 

Originally looking to refresh their URL filtering, they quickly discovered much more security for their dollar, and ultimately scaled with our firewall and IPS/IDS solution.

Unexpected Benefits—More Had Not Meant Better 

While the Agency was pursuing the right solution to protect their web data, they quickly discovered they could replace over 60 of their existing security platforms (URL filtering servers and anti-virus scanning servers), in addition to their load balancers and caching servers -amounting to over 80 individual devices. How many Palo Alto Networks platforms did they need to provide what was replaced? Eight platforms.  

Once they turned up their Palo Alto Networks investment, the Agency quickly discovered many threats previously undiscovered by their original vendors. “Thanks to Palo Alto Networks we are seeing ‘things’ we’ve never seen before….”  Not only had they reduced their product footprint tenfold to perform the same function, they improved their protection profile and reduced their threat footprint.  

In addition, with the simplicity of this deployment, the Agency greatly reduced operational overhead. Fewer devices to manage, fewer moving parts, integrated easy-to-use security features from one GUI, less power, less heat generation and more. A solid, smart investment with ongoing benefits at multiple levels. 

Asked for URL Filtering—Got Next-generation Security

While their initial requirements did not reference next-generation security, they quickly realized that’s exactly what they got. Shortly after deployment, the Agency teams discovered they were not fully leveraging their new tools to their greatest potential having only enabled URL filtering. Every Palo Alto Networks platform includes URL filtering, IPS, threat protection, firewalling and antivirus—all in one box. 

Shortly thereafter, they began moving their firewall functions off of their existing platforms and relied on Palo Alto Networks for both their web protection and overall gateway firewall capabilities. Once the Agency was able to move more security functions over to the new Palo Alto Networks platforms, the net effect was solid security protection, significantly reduced costs, and even better protection than they’d had previously. The security team now reviews the Palo Alto Networks logs on a daily basis. According to the customer, “Palo Alto Networks security logs have become a key component of our security team processes.” All with a seamless deployment that was the best deployment they’d experienced. 

Palo Alto Networks security platforms are unique because they natively bring together all network security functions. Predictable, multi-Gbps performance is delivered via dedicated, function-specific processing for networking, security, content inspection, and management. 

One of the Most Successful Deployments

Palo Alto Networks also gave the Agency fast-time-to-protection. In addition to the lower cost and reduced complexity footprint, the Agency was happy the deployment took only five months. In their words, it “exceeded timeline expectations.” In fact, they felt that it was one of the most successful technology deployments they’d ever experienced. The customer gave the solution and team ratings of “Met or exceeded all expectations” with the added compliment, “Palo Alto Networks TAC [Technical Assistance Center/Support] is one of the best teams in the industry.” With the devices fully deployed across all four gateways in five months, it’s an impressive delivery for the one of the U.S.’s largest federal agencies.

The Deployment Details

The platforms are used in-line for all traffic heading in and out of the Internet. The over 400,000 users are load balanced based on geography across four trusted gateways. Each gateway averages 450,000 sustained sessions with up to 2 Gbps throughput, 5,000-10,000 connections per second, and at a CPU utilization of 35 percent. The Agency also uses Panorama for nightly configuration backups and custom reporting. 

Painting a New Picture of Security

Palo Alto Networks next-generation security platforms deliver robust protection to this large U.S. Agency. Reduced footprint, reduced complexity, tremendous cost savings, and better protection. More protection for less money—not a story IT and security staffs can often tell.

This Case Study available in Japanese and German.


 

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.

  • 62
  • 180644

PA-5200 Series Datasheet

Key features, performance capacities and specifications for our PA-5200 Series.

  • 5
  • 49937

PA-800 Series Datasheet

Palo Alto Networks PA-800 Series next-generation firewall appliances are designed to secure enterprise branch offices and midsized businesses.

  • 8
  • 52104

PA-220 Datasheet

Palo Alto Networks PA-220 brings next-generation firewall capabilities to distributed enterprise branch offices and retail locations.

  • 11
  • 46321

PA-3000 Series Specsheet

Key features, performance capacities and specifications of the Palo Alto Networks PA-3000 Series.

  • 16
  • 83901

Firewall Feature Overview Datasheet

This datasheet provides a comprehensive overview of the critical PAN-OS features that power all next-generation firewalls from Palo Alto Networks.

  • 13
  • 70646