Case Studies

Sectrail and Palo Alto

As users connect to dozens or even hundreds of websites, they tend to find themselves reusing passwords. They may even use credentials for corporate applications that they have already used on unsecured sites, increasing the risk of a breach. To protect applications, organisations can use multi-factor authentication (MFA) from SecTrail with Palo Alto Networks next-generation firewalls (NGFWs).

Case Study 1Case Study 2

Palo Alto Networks and SecTrail

Today, digital identity, information security, and unauthorised access of users are important conditions. SecTrail OTP has developed a second means of verification to minimise unauthorised access, unauthorised control, malicious data usage, and data loss risks.

The Palo Alto Networks Security Operating Platform prevents successful cyberattacks through intelligent automation. The platform combines network and endpoint security with threat intelligence and accurate analytics to help streamline routine tasks, automate protection, and prevent cyber breaches. Tight integrations across the platform and with ecosystem partners deliver consistent security across clouds, networks, and mobile devices, natively providing the right capabilities at the right place across all stages of an attack lifecycle.

Palo Alto Networks and SecTrail integrate to offer MFA to reduce the risk of unauthorised access through centralised access control. Palo Alto Networks NGFWs prevent credential abuse by enforcing multi-factor authentication (MFA) before allowing users to access specific applications or systems.

Key Benefits of the Integration

SecTrail and Palo Alto Networks provide comprehensive enterprise security, allowing you to:

  • Take advantage of a flexible and secure authentication service.
  • Work in an easy-to-use interface.
  • Enjoy a seamless user experience.
how Sectrail and Paloalto works together diagram

SMS Delivery Process

Here’s how the integration operates in the case of SMS delivery:

- 1 -

The user opens a Palo Alto Networks login page and enters his or her credentials.

- 2 -

SecTrail queries credentials and user attributes on  Microsoft Active Directory® via LDAP.

- 3 -

Active Directory responds to user authentication and attributes queries.

- 4 -

SecTrail replies to the Palo Alto Networks NGFW with a “User Authentication Challenge” packet and tells the firewall to redirect the user SMS token control web page.

- 5 -

Concurrently with Step 5, SecTrail generates a token and sends it to the user via SMS gateway.

- 6 -

The token appears on the user’s mobile device.

- 7 -

The user enters the token into the MFA page to which he or she has been redirected.

- 8 -

Palo Alto Networks queries the token the user enters.

- 9 -

SecTrail confirms the token.

- 10 -

Palo Alto Networks grants the user network access via GlobalProtect™ network security for endpoints.

SecTrail - Palo Alto Case Study 1

Challenge

Offer secure VPN access.

Answer

The Palo Alto Networks and SecTrail integration provides MFA to verify users before Palo Alto Networks grants GlobalProtect Portal and GlobalProtect Gateway access. Prior to submitting username and password, a user will automatically receive a passcode via SMS, email, or the mobile app. After entering this passcode, the user can access protected applications and services. This prevents data theft and abuse of stolen credentials.

SecTrail - Palo Alto Case Study 2

Challenge

Protect the management console from unauthorized access.

Answer

System administrators access and control firewalls, servers, and other critical infrastructure. Administrator console access must be protected from any unauthorized users. Using SecTrail MFA, administrators can easily secure access to the admin console— both locally and via Palo Alto Networks Panorama™ network security management—to ensure only authorized access to it. This integration is deployed using RADIUS.

SecTrail - Palo Alto Case Study 3

Challenge

Provide secure access to internal and external applications.

Answer

SecTrail and Palo Alto Networks captive portal integration  prevents credential-based attacks by enforcing MFA before allowing access to internal or external applications and services. Controlling authentication policy at the firewall allows organisations to enforce MFA without needing to update their applications and services.

SecTrail is developed by the MORTEN GROUP