Safely Enable Mobile Devices
Whether your users check email from home, or update corporate documents from the airport, most of them work outside of your office at times. Workforce mobility improves productivity and flexibility, but it also introduces significant network security risks. Every time a user works on their laptop outside your building, they bypass your corporate firewall and the associated policies designed to protect them and your network. GlobalProtect extends the same next-generation firewall-based policies that are enforced within your office to all of your users, regardless of their location.
Modern enterprises are no longer bound by the physical constraints of the office, as network users and applications have become more flexible and distributed. End-users view physical boundaries as an outdated anachronism, and simply expect to be able to connect and work from any location using a mixture of laptops, smartphones and tablets. This has created a challenge for IT security teams who must protect all users even when they are not at their office desk. In these situations, IT teams are often forced to settle for security compromises that fall well short of the standard of security set by the next-generation firewall.
GlobalProtect bridges the divide between remote users and the enterprise security policy. First and foremost, GlobalProtect not only provides VPN access to corporate network but also extends enterprise security policy to all users regardless of their location. GlobalProtect frees enterprises from having to deploy different stacks of non-deterministic and inconsistent security solutions like proxy and VPN for their remote users. GlobalProtect connects users to the next-generation firewall to deliver full visibility, control and threat prevention to all enterprise traffic. Additionally, support for Windows, Mac OS X, Linux, iOS and Android devices ensures broad coverage of today's most popular computing platforms. This approach allows IT teams to reverse the steady erosion of enterprise security policy, and easily extend policy everywhere it needs to go.
Second, GlobalProtect enables new policy controls based on the configuration of the end-point itself, such as the operating system patch level, validating that the antivirus solution is up to date or that disk encryption is enabled. These controls are fully integrated into the next-generation firewall, enabling new policies such as restricting access to sensitive or risky applications if the user's system is not properly configured or up to date. When added to the next-generation controls based on application, user and content, this provides security teams with even more flexibility to design the ideal security policy for the enterprise.
As a complete solution, GlobalProtect provides consistent visibility, enforcement and protection regardless of an end-user's location or mode of connectivity. This approach breaks the reliance on the outdated notion of a physical perimeter, and enables the enterprise to migrate to a logical perimeter. This approach re-establishes the corporate security policy as the rule of law for all network connections and brings a unified and consistent approach to policy enforcement, threat prevention and security reporting.
The GlobalProtect Solution
GlobalProtect extends security policy to all users, no matter where they are located.
Applications and Users On the Move
Modern enterprises and their networks are no longer centralized fortresses of data, with users and applications tucked safely behind a well-managed perimeter. Instead, work increasingly takes place outside the traditional office, and businesses need to enable users to remain productive regardless of their location, and a myriad of mobile devices and connectivity options deliver on this need. Similarly, enterprise applications and data are being increasingly abstracted from their traditional in-house infrastructure and are migrating off-site either to the cloud or remote hosting centers.
As these assets have moved beyond the traditional perimeter, they have also moved beyond the protection of the corporate firewalls, application control, IPS and filtering solutions that make up the bedrock of corporate security policy. This leads to wide variability in terms of security quality and consistently undermines the enterprise security policy.
For users in the field, the risks posed by evasive applications, social networking, and modern threats remain high, but the protections drop off precipitously when the user is outside the network perimeter. In terms of policy, security teams must maintain parallel policies for the corporate network and mobile users, each with very different capabilities, rules and reporting. Correlating information between these products just adds to the already large operational burden. The end-result is that the security policy, the quality of protection and the overall risk are essentially left to chance based on how and where the user chooses to connect.
The GlobalProtect Solution
GlobalProtect provides a comprehensive security solution for mobile devices built upon the technologies of the Palo Alto Networks enterprise security platform and tailored to address mobile requirements. It delivers unprecedented levels of integration to deliver a unique solution that combines technology, global intelligence and policy enforcement over mobile apps and threats. These principles allow businesses to provide a safe environment for applications and data while still permitting users to enjoy the native user experience of their preferred device.
GlobalProtect safely enables mobile devices based on three categories of security requirements:
Manage the Device
GlobalProtect enables organization to manage mobile device configuration, provision apps and oversee device usage throughout the organization with GlobalProtect Mobile Security Manager.
Protect the Device
GlobalProtect establishes an IPsec/SSL VPN tunnel to protect the device. The tunnel terminates on a Palo Alto Networks next-generation firewall, which delivers consistent enforcement of security policy and threat preventions to users regardless of where they are located. The next-generation firewall inspects the traffic for threats to protect the mobile device from malicious content.
Control the data
GlobalProtect uses apps, users, content and device state as policy criteria for determining the network resources that users can access. Unmanaged or non-compliant devices can be blocked from accessing sensitive resources. The solution also controls business data on mobile devices while respecting the user’s privacy for personal data.
How globalprotect works
Delivers mobile threat prevention and policy enforcement based on apps, users, content, device and device state. Extends a VPN tunnel to mobile devices with GlobalProtect App. Integrates with WildFire for preventing new malware.
Enables device management, provides device state information, and establishes secure connectivity. Connects to the GlobalProtect Gateway to access applications and data in accordance to policy. Exchanges device configuration and device state with the GlobalProtect Mobile Security Manager.
GlobalProtect Mobile Security Manager:
Provides device management to configure the device. Uses WildFire malware signatures to identify devices with infected apps. Shares information about the device and device state with GlobalProtect Gateway for enforcing security policies. Hosts an enterprise app store for managing business apps. Isolates business data by controlling lateral data movement between business and personal apps.
GlobalProtect Mobile Security Manager
- Android 4.0.3 and later (Google Play)
- Apple iOS 6.0 and later (App Store)
- Microsoft Windows XP, Vista, 7, 8, and 8.1
- Apple Mac OS X 10.6 and later
- Linux (using vpnc)
Download the Palo Alto Networks GlobalProtect Datasheet (PDF).