Aardman Animations, from Bristol, England, has a reputation as a world leader in model animation. Their award-winning work leads the field producing a unique brand of independent film, like Wallace & Gromit, alongside work for broadcast and advertising spots.
In the video below, Howard Arnault-Ham, Head of IT for Aardman Animations, talks about the switch from a traditional firewall to a Palo Alto Networks next-generation firewall, a surprisingly easy switch that provided his team with visibility into potential threats on its network.
With an open approach to IT, and in the nature of his business, Aardman is host to many freelancers and contractors that plug into their network. They needed a way to safely enable applications for them while having control over the network. With the Palo Alto Networks next-generation firewall, Howard and his team were able to gain visibility into network traffic based on applications, users and content, all the while allowing them freedom of use.
Now, hear about the experience directly from Howard:
Securing the deployment of mobile devices is often discussed in the context of employees using their personal smartphone or tablet for basic work-related activities such as email and collaborative tasks. The primary purpose is flexibility, productivity and the ability to remain connected while traveling, working from home or working after hours.
In some industries, the use of mobile devices goes much deeper and intersects with core business processes. In healthcare, clinicians use tablets to capture, review and update patient information on the bedside or at home, read vital data and make critical decisions. In banking and online retail, mobile payment is being deployed as a way to lower costs and gain market share. As the use of wireless and mobile technologies becomes more pervasive, the scope of the security needs must expand from protecting pointed interactions to covering a myriad of use cases that impact hundreds of mobile applications, and the enterprise data they access.
Today we released the WF-500, which is the latest addition to our WildFire solution dedicated to detecting and blocking unknown malware and targeted cyber attacks. As many of you know, one of the core design principles of WildFire is the marriage of any and all of your next-generation firewalls with a cloud-based malware analysis environment where new or unknown files can be executed and observed in order to determine if they harbor malicious behaviors. The WF-500 provides the option for customers to deploy a private version of the WildFire analysis environment on your private network. For reference, you can read all about WildFire and the WF-500 here.
It’s important to note that when we say “cloud” we aren’t just euphemistically referring to the Internet, or the marketing use of “The Cloud” that will swoop in to magically solve all IT problems. We are talking about actual cloud-computing, and there are important reasons why this architecture is required for addressing the challenges of modern malware and threats. First and foremost, the active analysis of unknown files demands massive amounts of compute. Each file needs its own fully virtualized environment including OS, browsers and Internet connectivity. And to protect against real attacks, we must be performing this type of analysis on all unknown files from all of our network ingress points. So in short, we have a technical requirement to support many distributed points of presence, with each requiring massive computing resources. This is a job that screams cloud computing, and this is what we have built with WildFire.
In a WildFire deployment, all firewalls can be linked with a WildFire cloud (either the public WildFire cloud available to all customers, or a private WildFire cloud using one or more WF-500s deployed on your network). The analysis is identical whether performed in the public or a private cloud, and in both cases all firewalls leverage a shared set of computing resources. In both cases, the single cloud provides support for the many firewalls.
This is far more efficient than the other commonly seen strategy where malware analysis devices are deployed as yet another security helper device, with a sandbox tied to each firewall. This is not only inefficient, it creates choke-points where the ability to protect against threats is limited by the number of files the sandbox can handle. Unlike everything else in the network stack where solutions are sized in terms of throughput, a helper sandbox must be sized in terms of how many files could hit that ingress point.
Of course, once malware is detected we will want to do something about it, and this is where WildFire can close the loop. WildFire is linked to the next-generation firewall, which not only has true, in-line enforcement capabilities, it also has native stream-based antimalware, native IPS for controlling malware command-and-control, native URL filtering to block sites associated with the newly found malware, and native DNS-based signatures to identify the unique DNS patterns of malware. This provides enforcement points across the malware lifecycle in a device that is built for high-speed enforcement.
So just as a reminder, if you are not using WildFire today, you can always use the basic features of the WildFire public cloud for free – just enable it on your firewall. If you are interested in taking a look at the WF-500 option in your network, just let us know and we will get you set up.