Paloalto VM-300

VM-Series on Azure

The VM-Series allows you to embrace a prevention-based approach to protecting your applications and data on Azure. Automation and centralized management features enable you to embed next-generation security in your Azure application workflow so security can keep pace with development.

Complete visibility improves security decisions. Understanding the applications in use on your network, including those that may be encrypted, helps you make informed security policy decisions.

Segmentation and application whitelisting aid data security and compliance.Using application whitelisting to enforce a positive security model reduces your attack surface by allowing specific applications that align to your business needs (e.g., allow SharePoint® documents for all, but limit SharePoint administration access to the IT group). Whitelisting policies also allow you to segment applications that communicate across subnets and between virtual networks (VNets) to stop lateral threat movement and meet compliance requirements.

User-based policies improve security posture. Integration with on-premises user repositories—such as Microsoft Exchange, Active Directory®, and LDAP—lets you grant access to critical applications and data based on user credentials and need. For example, your developer group can have full access to the developer VNet while only IT administrators have RDP/SSH access to the production VNet. When deployed in conjunction with Palo Alto Networks GlobalProtect™ for network security at the endpoint, the VM-Series on Azure can extend your corporate security policies to mobile devices and users regardless of their location.

Applications and data are protected from known and unknown threats. Attacks, like many applications, can use any port, rendering traditional prevention mechanisms ineffective. Enabling Threat Prevention and DNS Security as well as WildFire®, Palo Alto Networks malware prevention service, as segmentation policy elements will protect you against exploits, malware, and previously unknown threats from both inbound and lateral movement perspectives.

Multiple defenses block data exfiltration and unauthorized file transfers. Data exfiltration can be prevented using a combination of application enablement, Threat Prevention, and DNS Security features. File transfers can be controlled by looking inside files, not only at their file extensions, to determine whether transfer actions should be allowed. Command and control, associated data theft, and executable files found in drive-by downloads or secondary payloads can also be blocked. Data filtering features can detect and control the flow of confidential data patterns, such as credit card and Social Security numbers, in addition to custom patterns.