Virtualized Datacenter

Problem

As a datacenter manager tasked with new virtualization or cloud computing initiatives, you will be forced to address many different challenges, not the least of which is security. Specific security challenges include:

  • How to enable and protect applications traversing the cloud
  • Isolating applications and data; blocking lateral movement of threats
  • Eliminating the security lag as your cloud environment changes

Your virtualization datacenter needs a flexible network security solution that not only safely enables applications and protects against modern threats, but can support the dynamic nature of a virtualized environment

Solution

The VM-Series of virtualized next-generation firewalls eliminate the unacceptable compromises you previously faced when moving into virtualized datacenter or cloud computing. The VM-Series enables you to deploy a virtualized security infrastructure that safely enables the complex and growing number of applications in your datacenter, while keeping pace with the rapid pace of change occurring in your virtualized environment.

You can use our centralized management platform to deploy both virtualized and physical firewalls, which optimizes visibility, reduces operational complexity, and decreases policy configuration gaps. With consistent next-generation security features, available in physical or virtual form factors our firewalls allow you to address any datacenter design - without compromise.

Safely Enable Applications

Palo Alto Networks next-generation firewalls identify, control, and safely enable applications, while also inspecting all content for threats. Identifying and controlling your datacenter traffic – physical or virtual reduces the scope of attacks by:

  • Validating datacenter applications are in use on standard ports
  • Blocking rogue or non-compliant applications
  • Blocking known and unknown threats without degrading performance
  • Systematically managing unknown traffic

Isolation and Segmentation of Mission Critical Applications

Security best-practices dictate that your mission critical applications and data should be isolated in secure segments using Zero Trust (never trust, always verify) principles at each segmentation point. The VM-Series can be deployed throughout your virtualized environment, residing as a gateway within your virtual network or in between the different VMs (applications), exerting control based on application, and user identity. This allows you to control the applications traversing your virtualized environment, while blocking potentially rogue or misconfigured applications and controlling access based on user identity. The exact same segmentation capabilities are available in the physical and virtual form-factors, providing you with a consistently strong security posture. 

Eliminating the VM Change-Security Update Lag

The speed of change in your cloud computing environment often times will outpace security, leaving you with the option of delay or weak security, neither of which is acceptable. To eliminate that security lag, the VM-Series includes automation features such as VM monitoring, dynamic address groups and a REST-based API to proactively monitor VM changes and dynamically feed those context changes into security policies, thereby eliminating the policy lag that may occur when your VMs change.

Centralized management:

Panorama allows you to manage your VM-Series deployments along with your physical security appliances, thereby ensuring policy consistency and cohesiveness. Rich centralized logging and reporting capabilities provide visibility into virtualized applications, users and content. 

Resources

Learn how Palo Alto Networks enables Zero Trust security orchestration for the Software-Defined Data Center.

– Read the Brief