Organizations of all sizes are turning to managed security service providers to secure their assets. As competition increases, MSSPs are seeking ways to create agile and differentiated services while keeping a lid on security costs and protecting customer networks. Considering the complexity of disparate security technologies and the growing threat landscape, this is no small feat.
Palo Alto Networks can help. As the fastest-growing network security vendor in the world, Palo Alto Networks helps accelerate the transition to managed security services, such as application security monitoring and control, cloud security, managed mobile, advanced threat protection, and threat intelligence and analytics. The Palo Alto Networks Security Operating Platform helps providers deliver profitable standard and premium security services in internet gateway, cloud and data center environments while proactively preventing cyberattacks.
The Palo Alto Networks Security Operating Platform comprises our natively integrated:
By taking advantage of the Palo Alto Networks Security Operating Platform, MSSPs can:
Different industries have different security requirements, depending on their size, infrastructure, the applications they use, their regulatory and reporting requirements, and the types of data and assets they must secure. Using the Security Operating Platform, you can profitably serve organizations from small to large, distributed or centralized, whether they are heavily regulated or not. The platform offers industry-specific threat intelligence and safe enablement of applications. Beyond application visibility, the platform can create, manage and enforce policies that control which users can access which applications and what they can do with certain types of sensitive data. Its logs, alerts and reports meet reporting and auditing needs for PCI, HIPAA, NERC and other compliance mandates.
A range of platform sizes serves different CPE environments while virtual systems support cloud-based services and advanced endpoint protection repels zero-day attacks. Cloud security service provider licensing extends the flexibility of the Palo Alto Networks VM-Series virtualized next-generation firewalls, enabling providers to offer on-demand, utility billing models for security as a service.
Some organizations think of network security as insurance, and may start with the minimum coverage and the smallest bill. The Security Operating Platform increases incident visibility and removes barriers to upgrading, paving the way for incremental security services and long-term customer relationships.
The platform can classify network traffic – including encrypted traffic – by application, user and content instead of port and protocol. With the click of a mouse, you can offer customers the visibility into exactly which applications are traversing their network. This visibility can help inform new policy decisions about threat response, web and data filtering, which applications customers want on their network, and which users should have access to them. Our App-ID™ technology recognizes thousands of applications, including popular ones used in government, healthcare, finance, media and entertainment, industrial control systems, retail, and manufacturing.
Unlike typical UTM offerings that degrade in performance as they increase security function, the platform's unique single-pass architecture ensures predictable throughput and latency as new security functions are enabled. MSSPs can also make use of Palo Alto Networks to safely enable SaaS and prevent threats from spreading through sanctioned SaaS applications.
The capabilities and configurability of the Security Operating Platform allow MSSPs to build tiers of service offerings that streamline customer acquisition and meet varying business needs. The platform also offers opportunities for value-added and profitable consulting services. A Security Lifecycle Review, for example, is an assessment tool that offers customers and prospects a detailed view of which applications and risks are running in their environments. With information garnered from the SLR, MSSPs can upsell customers to higher-value bundles.
Upgrading existing customers to new security offerings is simple. With security capabilities enabled through software license keys, there are no truck rolls, hardware installation or network configuration changes required. Customers can start with a simple firewall and move to preventing known threats, or they can benefit from full threat prevention against known and unknown threats. Fast software provisioning increases customer satisfaction and your revenue.
Early detection and remediation are no longer sufficient to protect your customer's valuable assets, and many SOC analysts are struggling to keep up with day-to-day security threats. The Security Operating Platform automatically protects against intrusions, known threats, command-and-control activities, and the 50,000plus newly discovered pieces of unknown malware found every day. Palo Alto Networks cloud-based threat intelligence includes WildFire® cloud-based threat analysis service, which cuts the global window of zero-day attack opportunity down to just five minutes. Machine learning algorithms and the largest global community of shared threat intelligence detect unknown threats across thousands of applications. Once WildFire detects malware in a customer environment anywhere in the world, it automatically creates signatures and DNS protections, and then distributes them to all subscribers.
Uncontrolled web surfing and clicking risky email links may result in credential theft, threat propagation or data loss. The Security Operating Platform also continuously protects against constantly changing malicious websites. Our global URL Filtering database integrates with WildFire, automatically updating your local URL database with newly discovered malware or phishing sites in as few as five minutes.
With the barrage of threats created every day, it's difficult to separate truly dangerous or targeted threats from more commodity attacks. Palo Alto Networks AutoFocus™ contextual threat intelligence service organizes and presents the largest collection of unknown malware data in the world. It brings valuable context – including where and how each threat has been seen as well as which industries have been targeted – that helps SOC team members determine how to respond. As part of the Security Operating Platform, AutoFocus accelerates the analysis of and response to key threats, and ensures your SOC delivers excellent information and value to customers.
Partnering with a new security vendor requires a large investment to integrate systems with operational and billing support systems, train staff, and deploy equipment in SOCs. The Security Operating Platform minimizes this burden by consolidating security functions as well as extending a single operating system and API suite across all environments, from the smallest CPE to the largest virtual machine. With one training and integration effort, providers can gain access to standard firewall, application firewall, IPS/IDS, antivirus, DNS protection, URL protection, malware detection, remote and site-to-site VPN, data center segmentation, and advanced threat protection capabilities.
Once the platform is part of your security offering, the savings continue. With multiple sizes for both physical CPE and virtual platforms, the platform supports multiple deployment options and use cases. MSSPs can use the platform as an internet gateway, for network segmentation or to protect data center traffic. Administrators can manage all security capabilities from one visually appealing and informative portal, reducing their workloads while gaining a comprehensive view of traffic, applications, users and threats.
As attackers grow more sophisticated and the attack volume increases, port-based firewalls, UTMs, web security and other point security technologies stacked on top of one another become more expensive and less effective – and it becomes more difficult to get a comprehensive view of vulnerabilities and threats. By integrating modern and automated threat prevention security approaches, the Security Operating Platform provides comprehensive visibility and flexibility that increases demand and removes barriers for new, differentiated security offerings. Proactive, automated responses to threats allow your customers' networks to remain protected against the continually changing threat landscape and your SOC to focus on high-value activity. The platform approach also decreases deployment, service activation and management costs, resulting in savings you can pass on to your customers.