Scribd Logo
Upload

Welcome to Scribd!

  • GP MDM 100

    Uploaded by

    W510
    2 views39 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    2 views39 pages

    GP MDM 100

    Uploaded by

    W510

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 39

    Mobile Security - SKO

    CONFIDENTIAL
    Agenda
     Mobile Security Requirements
     What is Aspen – GlobalProtect MDM
     MDM integration with GlobalProtect
     Demo

     GlobalProtect MDM Features


     Demo

     Wildfire integration with GlobalProtect MDM


     Demo

     MDM Setup
     GlobalProtect Portal
     GlobalProtect Gateway
     GlobalProtect MDM
     Demo

     MDM Landscape
     MDM Selling Tips
     GPaaS Concept Preview
     Q&A
    • Solution Requirements • Technologies • Roadmap

    Device State
    Personal or corporate MDM available end of year
    Managed or unmanaged Extend MDM to include app store
    Encryption
    MDM APIs and other needed features next
    Passcode year
    Jailbroken

    Device Security APK malware detection now (5.0)


    Detect and block malware Mobile threat
    prevention & GP available now
    Prevent vulnerability exploits traffic Mobile App-IDs ongoing
    classification
    APK WildFire by end of year
    Data Security
    Control data flow in/out of apps
    Ensure data security within apps

    Leverage iOS 7 APIs for app and


    App and data data control – target next year
    Simplify
    control
    Connect device to corp network Android solution for app and data
    control – target next year
    Provide auto-config for user

    • Primary technology
    • Secondary technology

    • Page 3 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    GlobalProtect MDM GP-100 appliance

     Licensed by number of managed mobile devices


     Perpetual license for 500, 2,000, 10,000, 25,000, or 100,000 mobile devices

     1 RU appliance

     Supports iOS 5.1/Android 4.0.3 and later

     Cold standby if needed

    • Page 4 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    Mobile HIP integration
    • GlobalProtect Gateway
    • GlobalProtect MDM
    ③Device State

    Use device state to Use device state to


    enforce security Policy enforce device policy

    ①Tunnel

    ②Device State

    ① Mobile devices establish tunnel to gateway via GlobalProtect app

    ② Mobile devices will send HIP data to GlobalProtect MDM so that it can enforce device policy based on
    the state of the device

    ③ GlobalProtect gateways will receive HIP data from MDM so that firewall can enforce security policies
    based on the state of the device
     MDM technology partners can implement our protocol to send HIP Data to GlobalProtect gateways

    • Page 5 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    Gateway – Mobile HIP Object for use in Security Policy

    • Page 6 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    Gateway- Mobile Device HIP Demo
    Mobile Device HIP Object Creation
    View Mobile Device HIP report
    GlobalProtect MDM features
     Manage configuration
     Passcode
     Restrictions: device functionality, applications, iCloud, security and privacy, etc.
     Settings: email accounts, Wi-Fi, VPN, certificates, APN, etc.

     Obtain device state


     Passcode is set, is rooted/jailbroken, has malware, has whitelisted/blacklisted
    apps, etc.

     Enforce device policy


     Adjust restrictions and settings based on device state

     Perform key operations


     Wipe, lock, unlock, message

     Report on deployed devices


     Dashboard and reports to show mix of devices, states and compliance

    • Page 8 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    MDM Features Demo
    Dashboard - Widgets
    Monitor – MDM Logs, HIP Match Logs, Reports, Custom Reports
    Devices – Filters, Actions, Import
    Policy – iOS and Android Configurations, HIP Objects, Policies
    Dashboard - Widgets

    • Page 10 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    Monitor – MDM Logs, HIP Match Logs, Reports, Custom Reports

    • Page 11 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    Devices – Filters, Actions, Import

    • Page 12 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    Policy – iOS and Android Configurations, HIP Objects, Policies

    • Page 13 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    Wildfire Integration with GlobalProtect MDM
     Malware signatures from Wildfire – daily content update on MDM

     GlobalProtect App send the list of installed apps to MDM

     MDM will detect if the apps contain Malware

     Gateway via HIP report learns about devices that contain Malware

     MDM and Gateway can react to presence of Android malware and enforce
    policy.

    • Page 14 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    Wildfire Integration Demo
    Setup – Dynamic Updates
    Devices – Filter on Devices with Malware, Actions
    Policy – HIP Object for Malware from HIP Report View
    Setup – Dynamic Updates

    • Page 16 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    System Setup
    Configure Portal , Gateway, MDM
    • Page 18 | © 2013 Palo Alto Networks. Proprietary and Confidential.
    • Page 19 | © 2013 Palo Alto Networks. Proprietary and Confidential.
    GlobalProtect Portal Setup

    • Page 20 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    GlobalProtect MDM Setup on Gateway

    • Page 21 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    MDM Setup Demo
    Quick Start Guide – Setup GP-100
    Device Check-in Settings
    Device Enrollment Settings
    Device Policy
    HA – Device State Backup
    • Page 23 | © 2013 Palo Alto Networks. Proprietary and Confidential.
    • Page 24 | © 2013 Palo Alto Networks. Proprietary and Confidential.
    • Page 25 | © 2013 Palo Alto Networks. Proprietary and Confidential.
    • Page 26 | © 2013 Palo Alto Networks. Proprietary and Confidential.
    Mobile Security Landscape
    GlobalProtect MDM vs. Leading MDM Vendors
    Features GlobalProtect MDM Leading MDM Vendors
    Common Features Device management Set Passcode, VPN, Wi-fi, certs,
    email, web clips, Disable Camera etc
    Same

    Reporting and dashboards Yes Yes

    Features Other MDM has Mobile OS Support iOS, Android iOS, Android(+ Samsung Safe),
    Windows Phone, Blackberry
    slightly more Options
    Device Actions Lock, Wipe, Message Same + some Selective Wipe

    Deployment Option On-Premise appliance On-Premise, Cloud/Hosted

    Features we don’t End-user self service portal No (target next year) Yes
    support but other MDMs
    Enterprise app store & App No (target next year) Yes
    do Management
    Data Protection/DLP on devices No (target next year) Various approaches – App/Document
    Containers, App Wrapping, Email
    Control etc.
    Roaming management & reporting No Yes

    Features we do better Max # devices supported 100,000 Don’t Know; Cloud may scale but on-
    premise most likely not
    than other MDMs
    Management Features Role based Admin, logging, Syslog, Yes but potentially not fully baked
    Directory Integration, SNMP etc.
    Malware detection Yes No , some soft claims

    Automated device policy based on Yes limited


    device state
    Integration with VPN/Firewall for Yes Active Sync Connectors to block
    Granular security policy based on email access
    device state
    GlobalProtect MDM Selling Thoughts
     Who is the MDM Buyer ?
     We might have to talk to different groups within an organization
     Security group may influence but may not be the decision maker
     Organizations are still figuring out their BYOD Policies

     Mobile Security approach - Debate of MDM v/s Container - Should the whole device be
    secured and managed or provide limited access via select secure app/s ?
     Container approach assumes
     Business data will be not created outside of those select app/s
     User will not demand to use apps of their choice and enjoy the full native experience of their device
     iOS 7 MDM enhancements provides data and app security that would have previously required a
    container approach

     Already invested in another MDM ?


     Unlike firewall selling MDM may not be a switching pitch but about new deployments and adoption
     Many cases you will see status as in POC, evaluating, small deployments etc. in such cases
    introduce GlobalProtect MDM
     If already purchased and deployed in production – we are making protocol available to our
    technology partners for device state integration with GlobalProtect gateways

     Mobile Security is not equal to MDM


     MDM is a critical component and enabler of Mobile Security but recollect mobile security
    requirements slide

    • Page 29 | © 2013 Palo Alto Networks. Proprietary and Confidential.


    GlobalProtect as a Service
    Conceptual Preview
    GlobalProtect: Consistent Security Everywhere

    malware exploits

    botnets

    • Headquarters • Branch Office

    • VPN connection to a next generation firewall that is performing the security work
    • Automatic, always-on protected connectivity for users both inside and outside
    • Unified policy control, visibility, compliance & reporting

    • 31 | ©2012, Palo Alto Networks. Confidential and Proprietary.


    Barriers to Achieving Consistent Security Everywhere
     Many organizations have user populations that are more physically distributed
    than their network infrastructures

     Where no offices exist:


     Users experience poor performance connecting to distant gateways

     Where physical offices do exist:


     Infrastructure and bandwidth are typically expensive
     Trained IT personnel are not always available onsite Internet
     Time to deploy increases due to more complicated logistics

    Remote User
    GlobalProtect as a Service (GPaaS) Concept
     Gateways pre-deployed in key hubs around the world
     Initial planned locations include: US (California and
    Virginia), EMEA, Singapore, Japan, Brazil, and Australia

     Full infrastructure as a service offering

     Infrastructure installed and continuously managed by


    Palo Alto Networks

     Gateways managed by customers as an extension of


    their network Gateway offerings
    based on location and
     SLAs for gateway availability capacity
    Small: Up to 25
     Monthly service inclusive of infrastructure, bandwidth, concurrent tunnels
    and Palo Alto Networks licensing Medium: Up to 200
    concurrent tunnels
     Optional Professional Services support for initial gateway
    activation and setup Large: Up to 500
    concurrent tunnels
     Strong recommendation for customer to manage
    gateways via Panorama
    Three Primary Use Cases
    Consistent Security for Remote Users Going to the Internet

    • Unprotected Internet
    Secured Internet Access
    Access

    Remote User
    Remote User
    Remote User

    Remote User
    Better Performance with Distributed Gateways

    Internet

    Internet Traffic
    fic
    Internet Traf

    PN Traffic
    Corporate V Remote
    GlobalProtect
    User

    Corporate HQ

    Remote
    GlobalProtect
    User
    Offload Traffic to Improve Performance and Reduce Branch Office Bandwidth
    Expense

    Internet

    Internet Traffic
    fi c
    Traf
    VPN Branch Office
    te
    p o ra Remote
    Cor GlobalProtect
    User

    Corporate HQ
    Q&A

    You might also like