PALO ALTO NETWORKS: Technology Partner Solution Brief Palo Alto Networks® and Plenary Networks Partner to Deliver a Unique User-ID™-focused Product Technology Segment: Authentication and Access Control The Palo Alto Networks Technology Partner Program includes a select group of partners that deliver solutions or products that interoperate with the next-generation firewall. HIGHLIGHTS •Unique two-tiered real-time approach to username and IP address correlation. •Operates across all authentication platforms and DHCP platforms. •Supports multi-forest AD deployments. •Functions seamlessly in wired and wireless 802.1x environments. •Operates in BYOD environments with all NAC solutions. SOLUTION OVERVIEW Plenary Networks has partnered with Palo Alto Networks to deliver a unique User-ID-focused product. Their solution correlates and supplies real-time username and IP address information to Palo Alto Networks next-generation firewalls. This powerful solution extracts username and IP address mappings across any environment and supplies the information to Palo Alto Networks firewalls for User-ID-based reporting and policy enforcement. Palo Alto Networks User-ID enables organizations to enforce security policy based on usernames and directory groups instead of IP addresses. The Palo Alto Networks User-ID feature is comprised of two steps: the initial username to IP address mapping, and the subsequent enumeration of username to group membership. Security policy is then enforced on usernames to secure applications. The Plenary Networks Broker series of software appliances is a vendor-agnostic platform capable of associating usernames to IP addresses in real-time, in any network environment using Palo Alto Networks firewalls. Information from authentication sources are obtained as they happen, as are IP address events. Our two-tiered real-time approach to sourcing usernames and IP addresses is unique. It ensures your Palo Alto Networks security perimeter is always up to date with the latest username and IP address information, bolstering your approach to security enforcement. AUTHENTICATION EVENTS DHCP EVENTS 1a 1b BROKER SERIES 192.168.150.40 2 USERNAME IP ADDRESS TERRY TRAVIS JOEL DALVIR DANIEL MATTHEW PETER 192.168.150.40 192.168.100.170 10.100.50.20 192.168.200.140 10.200.100.30 10.40.100.30 192.168.50.100 Username and IP Address correlation PALO ALTO NETWORKS: Technology Partner Solution Brief The Broker series is capable of the following: • Operating across all authentication and DHCP platforms. • Supporting multi-forest, multi-domain active directory topologies. • Off-loading your PAN firewall of intensive management plane processing. • Functioning seamlessly in 802.1x environments. • Operating in BYOD environments with all NAC solutions. The Broker series employs a raft of intelligent features for availability including data banking, health checking, and stateless operation for integration across load balancer topologies. Broker installation is driven through a graphical user wizard and once operational, reporting mechanisms enable you to identify the total device count and the device types on your network, specific to individual usernames. About Palo Alto Networks Palo Alto Networks is the leading next-generation network security company. Its innovative platform allows enterprises, service providers, and government entities to secure their networks by safely enabling the increasingly complex and rapidly growing number of applications running on their networks and by providing prevention against cyberthreats. The core of Palo Alto Networks is its enterprise security platform which delivers application, user, and content visibility and control integrated within the firewall through its proprietary hardware and software architecture. Palo Alto Networks products and services can address a broad range of network security requirements, from the datacenter to the network perimeter, as well as the distributed enterprise, which includes branch offices and a growing number of mobile devices. Palo Alto Networks products are used by more than 19,000 customers in over 120 countries. For more information, visit www.paloaltonetworks.com. About Plenary Networks Founded in 2012, Plenary Networks are a new generation of network and security engineers that specialize in network programming, API integration and software networking. The company’s unique ability in the programming arena allows them to provide bespoke, supportable solutions and services, which complement the Palo Alto Networks next-generation firewall series. www.plenarynetworks.com 4401 Great America Parkway Santa Clara, CA 95054 Main:+1.408.753.4000 Sales: +1.866.320.4788 Support:+1.866.898.9087 www.paloaltonetworks.com Copyright ©2015, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_TPSB_Plenary_022515