VM-Series Virtualized Next-Generation Firewall
Virtualization is fueling an upheaval in today’s data centers, resulting in architectures that are oftentimes a mix of private and public cloud computing environments. The benefits of cloud computing are well-known; so too are the security challenges, exemplified by recent high-profile security incidents.
Just as an attack or compromise within your physical data center is a significant incident, the impact of a compromise in your virtualized environment is amplified because your workloads, some of which use varied trust levels, and the associated data are centralized, without any security barriers in between to keep them segmented. If your virtual environment is compromised, the attacker has access to your entire virtualized environment.
Securing the Private Cloud
Defined as an environment in which you are responsible for the management of all aspects of the virtualization, hardware, compute, networking, security, etc., a private cloud is often considered to be an extension of your existing data center.
The VM-Series allows you to protect your private cloud infrastructure using application enablement policies while simultaneously preventing known and unknown threats. The VM-Series supports the following private cloud environments: VMware ESXi and NSX, Citrix Netscaler SDX, KVM/OpenStack (Centos/RHEL, Ubuntu).
Securing the Public Cloud
Defined as a ready-made compute, networking, and storage environment, the public cloud brings ubiquitous access to users, rapid scalability to address workload “bursts,” and infrastructure consistency. In a public cloud, ensuring your applications and data are kept safe from attackers is your responsibility, and that is where the VM-Series can help.
The VM-Series protects your public cloud infrastructure using application enablement policies while simultaneously preventing known and unknown threats. The VM-Series supports the following public cloud environments: VMware vCloud Air™ and Amazon Web Services (AWS)
Next-Generation Security for the Public Cloud Regardless of where your applications and data are located, they are an attacker’s target, and protecting them in the cloud introduces the same security challenges you face in your on-premises data center. To that end, your public cloud security solution should be consistent with what is deployed in your data center so that, no matter where the applications and data reside, security is consistent and assured.
The VM-Series analyzes all the traffic traversing your cloud deployment to immediately determine three critical elements that drive your security policy: the application identity, regardless of port; the content, malicious or otherwise; and the user identity. Determining the application, content and user simultaneously enables you to improve your security posture by directly mapping your security policies to key business initiatives. This also provides greater visibility along with more rapid incident response and improved forensics. A consistent security posture is ensured through centralized management that can control your physical and virtualized firewalls while additional management features enable policy automation and integration to fully support your cloud-first initiatives.
The VM-Series enables you to deploy a hybrid architecture while maintaining the same security posture established on your physical network with Palo Alto Networks appliance-based firewalls. The VM-Series can act as a perimeter gateway protecting against inbound threats, as a segmentation gateway that controls workload-to-workload communications, and as a mobile security solution. IP FABRICS can assist with any Policy customization required to get the utmost Private and Virtual instances.The VM-Series is supported in the following public cloud environments: Amazon® Web Services, Microsoft Azure, and VMware vCloud Air.