Network Security & PAN-OS

Our next-generation firewall is a platform. It simplifies security by delivering tightly integrated innovations to replace disconnected point
products. Physical, virtual and delivered-from-the-cloud deployment options protect your data and apps wherever they reside.

RECENT INDUSTRY INSIGHTS

(2/19) “Through 2023, 99% of firewall breaches will be (9/18) Most corporations I work with spend most of their (5/17) Cybersecurity Ventures predicts there will be 3.5
caused by firewall misconfigurations, not firewall flaws.” “firewall money” buying configuration software that will million cybersecurity job openings by 2021
help them better manage the configuration mess they
- Gartner, Technology Insight for Network Security Policy have on their hands. Things are so bad they aren’t even
Management trying to make them appropriately secure. They are just
trying to slow down the unauthorized changes.
** Cannot distribute actual report, only talk about ** Click to See Article Here Click to See Article Here

PROSPECT CHALLENGES AND PITCHES

Titles and Pitch and
Challenge Faced Probing Question
Responsibilities Customer Benefit
• Are your firewall rules based on IPs and We classify all traffic, including encrypted, based
Limited Visibility and Control Ports? Is it complicated to align your on content, application, and user enabling you
Legacy tools give you visibility and control over business needs using those parameters? to gain deep visibility into your traffic and stop
IP addresses, ports and protocols rather than
threats. This allows creation of easily
content, apps and users. Attackers capitalize on • If I could show you a way of aligning your
understood, precise security policies to safely
this by misusing open ports for sneaking in rules contextually, based on how your
enable applications and close dangerous policy
malware. This is made worse with the rise in business runs, would you be interested?
gaps. Physical, virtual and delivered-from-the-
encrypted traffic, and the need to protect cloud,
• How’s the management experience when cloud deployment options protect your data and
branches, and mobile workers with consistent
securing cloud, branch and mobile workers? apps wherever they reside, with centralized
security.
Is it seamless and with feature parity? management.

Lack of Simplicity • What’s the process to ensure all your We offer tightly integrated innovations and
Point products like IPS, proxies and sandboxes security tools work together to stop threats services on our next-generation firewall to
Network Operations are used together to protect organizations. replace disconnected tools and simplify security.
and don’t conflict?
Configure, manage, and operate Without integration, automation and (WildFire, URL Filtering, DNS Security, Threat
consistency, teams must chase across different • What happens when you need to Protection, Multi-Factor Authentication). In
firewalls troubleshoot a ticket or investigate a threat
management consoles, feature gaps, and UIs addition, we help you adopt best practices that
leading to misconfigurations and security holes. across devices? reduce opportunities for attack.

• There’s a lot of talk about how attacks have

Lack of Automation become more sophisticated, how have you
Attacks are increasing in volume as well as seen an impact on your team from this? We use machine learning and automated
sophistication. Protection requires manual effort enforcement actions to help you stop the most
• Are you having trouble hiring enough
across multiple security tools. Organizations are sophisticated attacks. This not only saves you
cybersecurity employees?
not able to hire enough cybersecurity time by automating manual tasks, but also
(Tip, check their open reqs on company site)
professionals to keep up. This gap is improves your speed of response and security
compounded by legacy tools’ lack of automation • How are your security tools using effectiveness.
and dependence on manual tasks. automation to reduce manual and
repetitive
© 2019 Palo Alto Networks, Inc | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo tasks?
Alto Networks only. 1
Competitive Responses
Pitch and
Current Approach Challenges to Approach Probing Question
Customer Benefit
Significant performance degradation when Our performance testing keeps our security
Fortinet – FortiGate security features are turned on. • Could we do a bake-off between our NGFW turned on. Fortinet’s datasheets reflect their
• Click here for deeper Battlecard and their FortiGate running the security tests in performance optimized “Flow Mode,”
• Buyers Beware – What is the true cost Fortinet’s Security Fabric Handbook features you’d want to see whose with major security features turned off. Their
of ownership of a NGFW? recommends 10+ “helper” products to performance and security really is better? datasheets cite their stats are “depending on
implement their Security Fabric system configuration.”

Uses open source ClamAV to detect known • Do you operate more than Windows in your Our NGFWs continually lead the market in
malware that’s available to everyone, including environment? How are you handling that security and performance based on 3rd party
attackers to test against. analysis? testing.
Cisco – Firepower Threat Defense (FTD)
• Click here for deeper Battlecard Cisco Threat Grid can’t do sandbox analysis on • How do you feel about a legacy, open-source, Our WildFire malware analysis and prevention
Linux, Android, and macOS binaries, or have a hash-based lookup tool as a primary check service works across our platform, and protects
bare metal analysis capability like WildFire against attacks? mixed environment organizations.

Threat Extraction for SMTP requires their firewall • Have you run into mail delivery issues from WildFire accurately analyzes an extensive range
to act as an MTA which puts undue pressure on the firewall having to act as a mail gateway? of files and formats and uses bare-metal analysis
mail or firewall administrators to inspect any Does your firewall team have the cycles to against the most evasive threats that Threat
potential mail delivery issues. It can also only review these issues? Are you able to keep up Extraction can’t offer. Integration of Traps
Checkpoint R80 sanitize Microsoft Office and PDF files. with the customer browser extensions to provides additional protection against true zero-
• Click here for deeper Battlecard monitor HTTP traffic? day threats.
Check Point security gateways are not equipped
with hardware-accelerated SSL inspection • Have you had to turn off security features (like Our single pass architecture allows accurate
capabilities, which results in up to 100% CPU decryption) to hit the performance your sizing and enables customers to maintain
utilization increase if enabled. organization needs? security while hitting performance targets.

LINKS TO KEY ASSETS AND SALES TOOLS

Recording
NGFW NGFW DEMO
Decrypting
Overview Feature How to Run
SSL for Traffic
Deck Comparison a BPA
Inspection

COMMON OBJECTION HANDLING AND FAQ

Objection Reframing Question Response
The main purpose of our Expedition tool is to help reduce the
Can you help me understand the “hard” part? We may have a
It’s too hard to transfer our old rules into new ones. time and effort to migrate legacy configurations into our PAN-
tool that many of our customers have used for just that issue.
OS.
How do you calculate cost? Are you just thinking about the Our machine learning and automated response integrated
We really can’t afford a Palo Alto Networks appliance. cost of the box or do you also factor in long-term across our platform reduce so many headaches and manual
management, ease of use, and automation benefits? tasks that most still chose us.
How many different devices are you running on your We offer tightly integrated innovations and services on our
How are you different from what I’m already running? network? What if you could reduce that number, the manual next-generation firewall to replace disconnected tools and
labor going between each system, and your attack surface? simplify security. Our rules are based on content, application,
and user, not IPs and ports that enables you to more intuitively
© 2019 Palo Alto Networks, Inc | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. run and protect your business 2