Case StudiesSectrail and Palo Alto
As users connect to dozens or even hundreds of websites, they tend to find themselves reusing passwords. They may even use credentials for corporate applications that they have already used on unsecured sites, increasing the risk of a breach. To protect applications, organisations can use multi-factor authentication (MFA) from SecTrail with Palo Alto Networks next-generation firewalls (NGFWs).
Palo Alto Networks and SecTrail
Today, digital identity, information security, and unauthorised access of users are important conditions. SecTrail OTP has developed a second means of verification to minimise unauthorised access, unauthorised control, malicious data usage, and data loss risks.
The Palo Alto Networks Security Operating Platform prevents successful cyberattacks through intelligent automation. The platform combines network and endpoint security with threat intelligence and accurate analytics to help streamline routine tasks, automate protection, and prevent cyber breaches. Tight integrations across the platform and with ecosystem partners deliver consistent security across clouds, networks, and mobile devices, natively providing the right capabilities at the right place across all stages of an attack lifecycle.
Palo Alto Networks and SecTrail integrate to offer MFA to reduce the risk of unauthorised access through centralised access control. Palo Alto Networks NGFWs prevent credential abuse by enforcing multi-factor authentication (MFA) before allowing users to access specific applications or systems.
Key Benefits of the Integration
SecTrail and Palo Alto Networks provide comprehensive enterprise security, allowing you to:
- Take advantage of a flexible and secure authentication service.
- Work in an easy-to-use interface.
- Enjoy a seamless user experience.
SMS Delivery Process
Here’s how the integration operates in the case of SMS delivery:
- 1 -
The user opens a Palo Alto Networks login page and enters his or her credentials.
- 2 -
SecTrail queries credentials and user attributes on Microsoft Active Directory® via LDAP.
- 3 -
Active Directory responds to user authentication and attributes queries.
- 4 -
SecTrail replies to the Palo Alto Networks NGFW with a “User Authentication Challenge” packet and tells the firewall to redirect the user SMS token control web page.
- 5 -
Concurrently with Step 5, SecTrail generates a token and sends it to the user via SMS gateway.
- 6 -
The token appears on the user’s mobile device.
- 7 -
The user enters the token into the MFA page to which he or she has been redirected.
- 8 -
Palo Alto Networks queries the token the user enters.
- 9 -
SecTrail confirms the token.
- 10 -
Palo Alto Networks grants the user network access via GlobalProtect™ network security for endpoints.
SecTrail - Palo Alto Case Study 1Challenge
Offer secure VPN access.
The Palo Alto Networks and SecTrail integration provides MFA to verify users before Palo Alto Networks grants GlobalProtect Portal and GlobalProtect Gateway access. Prior to submitting username and password, a user will automatically receive a passcode via SMS, email, or the mobile app. After entering this passcode, the user can access protected applications and services. This prevents data theft and abuse of stolen credentials.
SecTrail - Palo Alto Case Study 2Challenge
Protect the management console from unauthorized access.
System administrators access and control firewalls, servers, and other critical infrastructure. Administrator console access must be protected from any unauthorized users. Using SecTrail MFA, administrators can easily secure access to the admin console— both locally and via Palo Alto Networks Panorama™ network security management—to ensure only authorized access to it. This integration is deployed using RADIUS.