BRIEF
Delivering a Secure Enterprise Network with Nile and Palo Alto Networks
The Challenge
Segmenting and securing the enterprise network against intrusions, while also protecting IT assets and sensitive data has created immense complexities for today’s enterprise networking architectures. Data breaches and cyber-attacks are rising at an alarming rate – 2022 experienced 38% more cyber-attacks per week on corporate networks compared to 2021. The more recent cyber-attacks have been using lateral movement to gain deep access to the network through eastwest propagation.
Joint Solution
Network segmentation alongside other security strategies, such as zero trust, must be used to mitigate these attacks. Nile’s enterprise network architecture for wired and wireless connectivity can interoperate with Palo Alto Networks Next-Generation Firewalls (NGFWs) to help simplify and centralize policy enforcement. The joint solution can help secure the network against unauthorized access and malware proliferation. This joint network design drives a zero-trust first experience for the enterprise network.
Joint Solution Components
- Nile Access Service
- Guaranteed network performance backed by SLAs
- Zero trust security inherent within the service
- Complete network lifecycle (Day 0 → Day N) for operational simplicity
- Flexible consumption model
- Palo Alto Networks Next-Generation Firewall (NGFW)
- Advanced security features (e.g., IPS, URL Filtering, AV, DLP) to detect and prevent complex threats
- Identity-based protection with User-ID technology
- Zero-delay signatures, updating internet-connected NGFWs within seconds
- ML-powered visibility across IoT and other connected devices
Joint Solution Benefits
- Simplified security workflow
- All traffic is sent to Palo Alto Networks NGFWs. Security teams only need to define security policies for enforcement on the firewalls vs fragmented policy definition
- Centralized point on for security teams to automate workflow
- Protect against malware proliferation
- Complete Local Area Network (LAN) traffic visibility. Secure enterprise network, sending all traffic to a central policy enforcement point
- Advanced security (e.g., IPS, AV, Sandboxing, DLP) enforced on PAN’s firewalls
- End-to-end enterprise traffic encryption
- Always-on authentication and encryption between each Nile elements with edge-to-edge encryption with Palo Alto Networks NGFWs
- Security operators have high confidence in data originating from sources while reviewing alerts from a Palo Alto Networks NGFWs
- Simplified device authentication
- Zero Trust Access with always-on and unified IEEE 802.1X authentication for wired and wireless on every port for every Nile device
- Improve edge authentication access with PAN’s NGFW to authenticate every device access from external sources
- Enterprise-grade availability and performance
- Guaranteed performance with easily verifiable SLAs within Nile Service Blocks
- Enterprise-grade redundancy and resiliency on PAN NGFWs
Nile and Palo Alto Networks:
Securing the enterprise network together
Nile’s technology seamlessly interoperates with Palo Alto Networks (PAN) NGFWs providing customers with powerful security capabilities like
- Preventing unauthorized access to the network
- Protecting against sophisticated threats
Simplified security workflow
The Nile Access Service provides complete isolation of traffic, transporting all traffic upstream to PAN’s NGFW for inspection and enforcement. This architecture simplifies security workflows for IT teams by enabling the ability to gain granular control on the network such that no traffic is allowed unless allowed on PAN’s NGFWs. By abstracting Layer 2 traffic, IT teams may be able to reduce the number of steps within their security workflow, including any responses to incoming alerts. All data flowing between devices or users is encrypted and isolated by default. Any traffic is sent by default to PAN’s NGFWs for inspection, and only safe and allowed traffic is forwarded. With zero configurations required by IT teams on the Nile Service Block (NSB), the IT team can reduce the different touchpoints and focus on creating strong security policies on PAN’s NGFWs to quickly detect and mitigate threats.
DISPARATE ARCHITECTURE
- Config heavy
- Requires deep technical expertise
- High cost
- No agility
Joint Solution
- Simplified security workflow
- Zero config on NSB
- Centralized policy on PAN’s NGFW
- High-Performance
- Agile Network
Protect against malware proliferation
Leveraging the principles of Zero Trust Isolation, Nile enables secure peer-to-peer (P2P) communication while reducing risk exposure and reducing the risk of malware proliferating throughout the enterprise network. Before, unless organizations had deep technical expertise and resources dedicated to managing ACLs on various network devices, there was no visibility or control within a segment or a VLAN. The traffic within a LAN was mostly invisible to network operators or required implementing costly solutions. This problem is resolved by leveraging the Nile Access Service to automatically send traffic upstream to PAN’s firewalls.
End-to-end encryption
Encryption of data in transit has always been a challenge for organizations. Many often put their focus on encrypting data at Layer 3 and above using popular protocols like TLS and IPsec. This left security gaps that must be filled to ensure the integrity, authenticity, and confidentiality of data traveling within an enterprise network. With the Nile Access Service, enterprises have an authentication architecture that is always on, a ready out-of-the-box (OOB) service with end-toend encryption for data in transit. The result is that data traveling within NSBs are fully secured and once it enters PAN’s NGFWs, operators can have high confidence when reviewing any security alerts that the data transiting between source and destination has not been tampered with in any way.
Edge-to-edge authentication
Following the principles of Zero Trust Access, the Nile Access Service will not trust any device without verifying first. Within every Nile device, a custom certificate can be found in an on-board TPM module to authenticate with one another, ensuring that no rogue devices are connected to the network. Additionally, the process to authenticate wired and wireless devices is simplified, requiring zero configuration from end-users with an always-on approach to ensure authentication is enforced the same way for wired and wireless devices. The joint solution with PAN’s NGFWs can enhance this authentication architecture with edge authentication and ensure that all devices accessing external sources are verified.
High Performance and Availability Design
With Nile, enterprises are guaranteed performance with easily verifiable SLAs. This means customers are guaranteed an alwayson network with end-to-end coverage and voice-grade capacity for all users and devices. Additionally, every NSB is designed with full redundancy and resiliency such that there are at least two or more ways to provide:
- Availability
- Capacity
- Coverage
for every user throughout the sites across all buildings.
PAN’s NGFWs are built with full redundancy for enhanced reliability and increased performance. Organizations looking for a resilient network can use this interoperability between the Nile Access Service and PAN’s NGFWs.
Conclusion
The interoperability between Nile and Palo Alto Networks is critical in providing a simple and secure enterprise network. With the joint solution:
- Security workflows are simplified
- Risks of malware proliferating throughout the network is reduced
- Full visibility is achieved edge-to-edge
- All traffic is encrypted
- Devices are authenticated end-to-end
- The network is designed with full redundancy and resiliency
- The network is secured with a zero trust model
About Palo Alto Networks
Palo Alto Networks is one of the leaders in cybersecurity. They look to innovate to outpace cyberthreats, so organizations can embrace technology with confidence. They provide next-gen cybersecurity to thousands of customers globally, across all sectors. Their cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, they are committed to helping ensure each day is safer than the one before. It is why many partners choose Palo Alto Networks.
About Nile
Ready to get started?
Learn how nile can improve your network infrastructure today.