Identify

With knowledge comes power. Identifying the applications in use in your Microsoft® Azure™ deployment, regardless of port, gives you unmatched visibility into your Azure traffic. Armed with this knowledge, you can make more-informed security policy decisions.

Enable

Using the application as the basis for your security policy enables you to leverage the deny-all-else premise that a firewall is based upon for both gateway and segmentation use cases. Allow the applications you want in use, and then deny all others 

Prevent

In order to further protect your Azure deployment, you can enable application-specific threat prevention policies that will block both known and unknown malware – across all applications, irrespective of port.

Our VM-Series for Azure enables you to use our next-generation firewall security and advanced threat prevention to protect your Azure deployments from advanced cyberthreats. The VM-Series for Azure natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core business elements can then be used as integral components of your security policy, helping you to improve your security efficacy through positive control model rules and reduce your incident response time though more complete visibility into applications across all ports.

 


The VM-Series for Azure can be deployed to address a number of different use cases, each of which takes full advantage of our next-generation firewall and advanced threat prevention features. 

 

 

Hybrid Cloud: Securely Move from the Data Center to the Cloud

Get started with Azure by establishing a hybrid cloud that seamlessly integrates your on-premises data center with Azure via a site-to-site IPsec VPN connection. With the VM-Series for Azure, your next-generation firewall policies can include an IPsec VPN tunnel element, thereby allowing you to move applications and data from your network to the cloud in a secure manner.

Segmentation Gateway: Improved Security and Compliance

Cybercriminals have shown they are adept at moving laterally across network level boundaries such as subnets and VNETs to find their target. Connecting workloads of different trust levels with the VM-Series using segmentation policies means you have more control over lateral movement of all types that would not visible with port based security. The VM-Series for Azure also allows you to encrypt the traffic moving across your Azure deployment to prevent snooping and man in the middle attacks.

Internet Gateway: Protect the Network, the Cloud, the Device

As more of your business applications and data are deployed in Azure, you can build upon your hybrid deployment by using the VM-Series to control access to Azure with application whitelisting policies that are based on user while preventing advanced threats.

When combined with GlobalProtect, you can extend your security policies to any user or device, regardless of their location. GlobalProtect establishes a secure connection to protect the user from Internet threats and enforce application-based access control policies. 


 

VMware NSX with Next-Generation Security from Palo Alto Networks

While organizations have gained operational flexibility and lowered data center costs by deploying virtualization solutions, the true promise of a secure, agile, extensible, and flexible private cloud continues to be elusive. One of the key barriers is the ability to deploy security services at the same pace as virtual machine deployments without compromising the level of protection needed. VMware and Palo Alto Networks have partnered to address these challenges.

  • 2
  • 9567

VM-Series for Microsoft Azure Overview

Overview of the VM-Series deployed in a hybrid scenario to securely extend your data center to Microsoft Azure.

  • 0
  • 1123

Building a Secure Hybrid Cloud in Azure

This whitepaper helps guide you through deploying the VM-Series next-generation firewall to protect your applications and data in Microsoft Azure.

  • 0
  • 283

Cloud First, Now What?

This Cloud Security Alliance whitepaper will help cloud initiative decision makers create a repeatable process for moving applications and data to the cloud.

  • 1
  • 209

Securing the Hybrid Data Center with the VM-Series

In this webinar, we cover key security considerations to protect your hybrid data center from cyber criminals with the VM-Series.

  • 0
  • 377

Multinational Defense Agency

Being a high profile government organization, this multinational Defense Agency needed to ensure a secondary layer of defense for its network at the edge, and for both its restricted and secure networks. Serving up to 10,000 users, its current solution was costly and was not from a preferred country of origin. This Case Study available in Japanese and German.

  • 2
  • 580