Network Security & PAN-OS

Our next-generation firewall is a platform. It simplifies security by delivering tightly integrated innovations to replace disconnected point
products. Physical, virtual and delivered-from-the-cloud deployment options protect your data and apps wherever they reside.

RECENT INDUSTRY INSIGHTS

(2/19) “Through 2023, 99% of firewall breaches will be
caused by firewall misconfigurations, not firewall flaws.”
- Gartner, Technology Insight for Network Security Policy
Management
** Cannot distribute actual report, only talk about **
(9/18) Most corporations I work with spend most of their (5/17) Cybersecurity Ventures predicts there will be 3.5
“firewall money” buying configuration software that will million cybersecurity job openings by 2021
help them better manage the configuration mess they
have on their hands. Things are so bad they aren’t even
trying to make them appropriately secure. They are just
trying to slow down the unauthorized changes.
Click to See Article Here Click to See Article Here

PROSPECT CHALLENGES AND PITCHES

Titles and
Challenge Faced
Responsibilities
Limited Visibility and Control
Legacy tools give you visibility and control over
IP addresses, ports and protocols rather than
content, apps and users. Attackers capitalize on
this by misusing open ports for sneaking in
malware. This is made worse with the rise in
encrypted traffic, and the need to protect cloud,
branches, and mobile workers with consistent
security.
Probing Question
• Are your firewall rules based on IPs and
Ports? Is it complicated to align your
business needs using those parameters?
• If I could show you a way of aligning your
rules contextually, based on how your
business runs, would you be interested?
• How’s the management experience when
securing cloud, branch and mobile workers?
Is it seamless and with feature parity?
Pitch and
Customer Benefit
We classify all traffic, including encrypted, based
on content, application, and user enabling you
to gain deep visibility into your traffic and stop
threats. This allows creation of easily
understood, precise security policies to safely
enable applications and close dangerous policy
gaps. Physical, virtual and delivered-from-the-
cloud deployment options protect your data and
apps wherever they reside, with centralized
management.

Lack of Simplicity
Point products like IPS, proxies and sandboxes
Network Operations are used together to protect organizations.
Configure, manage, and operate Without integration, automation and
consistency, teams must chase across different
firewalls
management consoles, feature gaps, and UIs
leading to misconfigurations and security holes.
• What’s the process to ensure all your
security tools work together to stop threats
and don’t conflict?
• What happens when you need to
troubleshoot a ticket or investigate a threat
across devices?
We offer tightly integrated innovations and
services on our next-generation firewall to
replace disconnected tools and simplify security.
(WildFire, URL Filtering, DNS Security, Threat
Protection, Multi-Factor Authentication). In
addition, we help you adopt best practices that
reduce opportunities for attack.

• There’s a lot of talk about how attacks have

Lack of Automation become more sophisticated, how have you
Attacks are increasing in volume as well as seen an impact on your team from this? We use machine learning and automated
sophistication. Protection requires manual effort enforcement actions to help you stop the most
• Are you having trouble hiring enough
across multiple security tools. Organizations are sophisticated attacks. This not only saves you
cybersecurity employees?
not able to hire enough cybersecurity time by automating manual tasks, but also
(Tip, check their open reqs on company site)
professionals to keep up. This gap is improves your speed of response and security
compounded by legacy tools’ lack of automation • How are your security tools using effectiveness.
and dependence on manual tasks. automation to reduce manual and
repetitive
© 2019 Palo Alto Networks, Inc | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo tasks?
Alto Networks only. 1
Competitive Responses
Pitch and
Current Approach Challenges to Approach Probing Question
Customer Benefit
Significant performance degradation when Our performance testing keeps our security
Fortinet – FortiGate security features are turned on. • Could we do a bake-off between our NGFW turned on. Fortinet’s datasheets reflect their
• Click here for deeper Battlecard and their FortiGate running the security tests in performance optimized “Flow Mode,”
• Buyers Beware – What is the true cost Fortinet’s Security Fabric Handbook features you’d want to see whose with major security features turned off. Their
of ownership of a NGFW? recommends 10+ “helper” products to performance and security really is better? datasheets cite their stats are “depending on
implement their Security Fabric system configuration.”

Cisco – Firepower Threat Defense (FTD)
• Click here for deeper Battlecard
Uses open source ClamAV to detect known
malware that’s available to everyone, including
attackers to test against.
Cisco Threat Grid can’t do sandbox analysis on
Linux, Android, and macOS binaries, or have a
bare metal analysis capability like WildFire
• Do you operate more than Windows in your
environment? How are you handling that
analysis?
• How do you feel about a legacy, open-source,
hash-based lookup tool as a primary check
against attacks?
Our NGFWs continually lead the market in
security and performance based on 3rd party
testing.
Our WildFire malware analysis and prevention
service works across our platform, and protects
mixed environment organizations.

Threat Extraction for SMTP requires their firewall
to act as an MTA which puts undue pressure on
mail or firewall administrators to inspect any
potential mail delivery issues. It can also only
Checkpoint R80 sanitize Microsoft Office and PDF files.
• Click here for deeper Battlecard
Check Point security gateways are not equipped
with hardware-accelerated SSL inspection
capabilities, which results in up to 100% CPU
utilization increase if enabled.
• Have you run into mail delivery issues from
the firewall having to act as a mail gateway?
Does your firewall team have the cycles to
review these issues? Are you able to keep up
with the customer browser extensions to
monitor HTTP traffic?
• Have you had to turn off security features (like
decryption) to hit the performance your
organization needs?
WildFire accurately analyzes an extensive range
of files and formats and uses bare-metal analysis
against the most evasive threats that Threat
Extraction can’t offer. Integration of Traps
provides additional protection against true zero-
day threats.
Our single pass architecture allows accurate
sizing and enables customers to maintain
security while hitting performance targets.

LINKS TO KEY ASSETS AND SALES TOOLS

Recording
NGFW NGFW DEMO
Decrypting
Overview Feature How to Run
SSL for Traffic
Deck Comparison a BPA
Inspection

COMMON OBJECTION HANDLING AND FAQ

Objection
It’s too hard to transfer our old rules into new ones.
We really can’t afford a Palo Alto Networks appliance.
How are you different from what I’m already running?
© 2019 Palo Alto Networks, Inc | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only.
Reframing Question
Can you help me understand the “hard” part? We may have a
tool that many of our customers have used for just that issue.
How do you calculate cost? Are you just thinking about the
cost of the box or do you also factor in long-term
management, ease of use, and automation benefits?
How many different devices are you running on your
network? What if you could reduce that number, the manual
labor going between each system, and your attack surface?
Response
The main purpose of our Expedition tool is to help reduce the
time and effort to migrate legacy configurations into our PAN-
OS.
Our machine learning and automated response integrated
across our platform reduce so many headaches and manual
tasks that most still chose us.
We offer tightly integrated innovations and services on our
next-generation firewall to replace disconnected tools and
simplify security. Our rules are based on content, application,
and user, not IPs and ports that enables you to more intuitively
run and protect your business 2