More and more enterprise traffic is being obscured by SSL, including some of the applications and sites that introduce the most risk for your business. This paper lays out a basic approach that you can use to strike an appropriate balance between security and performance by selectively decrypting and inspecting SSL traffic based on policy.
CAME Group (CAME) provides automation systems for residential and industrial entrances, parking lots, and access control points. With 50 branches in 40 countries all networked with its corporate headquarters in Italy, CAME was uniquely challenged to provide a network architecture that ensured both secure network access and secure endpoints. Targeted attacks by malware, such as CryptoLocker, were frequently infiltrating servers and PCs, disrupting productivity and creating unpredictable remediation costs. Traditional antivirus software was ineffective in stopping such attacks.
By deploying the Palo Alto Networks Next-Generation Security Platform with Next-Generation Firewalls, Threat Intelligence Cloud services, and Advanced Endpoint Protection, CAME successfully prevents cyberthreats from infiltrating endpoint devices and its network. Through consolidation, CAME is saving $2.5 million over three years, with an additional $250,000 in savings by eliminating remediation costs on endpoint devices. Moreover, the company now has uniform security policies enterprise-wide, with increased visibility and control over network traffic for improved bandwidth and application performance.
In this paper we will explore the adoption of IPv6, outline security considerations and concerns, and cover the support of IPv6 on the Palo Alto Networks next-generation firewall. Regardless of where you appear on the spectrum for IPv6 adoption, making the switch to the next-generation platform provides tremendous benefit by enabling organizations to implement security services, control errant and unmonitored usage of IPv6, provide a path to consistently secure traffic, and ease migration.