Identify the components of the Palo Alto Networks Cybersecurity Portfolio.
Palo Alto PCNSA Study Guide v10
Strata
Strata consist of the Palo Alto Next-Generation Firewalls along with the security subscriptions that can be used on them.
Next-Generation Firewalls
VM-Series
The VM-Series firewalls provide all of the capabilities of the Palo Alto NGFW in a virtual format that can be used in any of the following virtualization environments.
- Alibaba Cloud
- Amazon Web Services
- Cisco ACI
- Citrix NetScaler SDX
- Google CloudPlatform
- Kernel-Based Virtual Machine (KVM)
- Microsoft Hyper-V
- Microsoft Azure
- OpenStack
- Oracle Cloud Infrastructure
- VMware ESXi
- VMware NSX
- VMware vCloud Air
CN-Series
The container native series firewall is designed specifically for use in Kubernetes environments.
PA-Series
The PA-Series are the physical firewall appliances.
- PA-220
- PA-800
- PA-3200
- PA-5200
- PA-7000
Security Subscriptions
Threat Prevention (TP): This subscription adds the ability for the firewall to do IPS inspection of traffic to stop exploitation of vulnerabilities, malware protection and blocks command and control traffic.
URL Filtering (UF): Provides URL filtering using the PAN-DB. Helps to reduce infection risk from dangerous sites including phishing pages. Used with SSL/TLS decryption the PAN-DB also allows for granular control of encrypted traffic.
WildFire (WF): Uses sandbox to analyze potential day 0 threats with help from the Palo42 research group. This is similar to Cisco Talos and the threat grid service.
DNS Security Services (DNS): Block known bad domains, predict malicious traffic by ML, and identify dns tunneling.
Internet of things (IoT): IoT security provided by AI/ML analysis of data using Cortex Data Lake. Known as Device-ID on the firewall appliances.
Data Loss Prevention (DLP): Analyze data to prevent intellectual property, PII and other critical information from being misused, lost or stolen.
GlobalProtect (GP): Provides IPSec or TLS VPN connectivity along with allowing remote traffic to be analyzed.
SD-WAN: Use multiple internet and private services for a dynamic WAN that responds to network conditions controlled by Panorama.
Panorama: Centralized management of PaloAlto appliances and software. Some features include license management, log aggregation, User-ID sharing between devices.
Prisma
Prisma provides security services through Palo Alto’s cloud infrastructure.
Prisma Cloud
Prisma Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP). Prisma Cloud uses APIs from cloud providers to get read-only access to traffic, activity and configuration.
- Provides visibility to SecOps and DevOps
- Provides cloud vendor-agnostic capabilities to respond to threats
- Automate remediation and enforcement of cloud best practices
- Prevent alert fatigue through the integration of the entire lifecycle
- Prisma Cloud secures the following infrastructures:
- Alibaba Cloud
- Amazon Web Services
- Docker EE
- Google CloudPlatform
- IBM Cloud
- Kubernetes
- Microsoft Azure
- Rancher
- Red Hat OpenShift
- VMware Tanzu
Prisma Access (SASE)
Delivers a Secure Access Service Edge (SASE) through the Prisma cloud to any worker. This includes services like sd-wan, secure web filtering, CASB, DNS protection and firewalling.
Prisma SaaS (formerly known as Aperture)
Prisma SaaS is a CASB service to protect company’s assets in cloud applications like O365 and Google Workspace.