Competitive Landscape

Key Firewall Players and Their Helpers

Check Point, Cisco, Juniper, Fortinet

Blue Coat, Secure Computing, Microsoft

Tipping Point, Juniper IDP, McAfee, Sourcefire / SNORT

Websense, Secure Computing, Blue Coat

Page 2 |

2008 Palo Alto Networks. Proprietary and Confidential.

Key Qualification Criteria

Strengthen our competitive advantage by gaining agreement that:
- Firewalls lack any functionality related to network security - Adding IPS, proxies or other firewall helpers cannot deliver a complete solution and will only massively expand cost and management complexity - Application visibility and control solutions must:
Look for all applications on all ports Look beyond most widely used applications Decrypt SSL traffic! Identify applications by their content, not port numbers Provide easy-to-use visibility tools and control options

- The solution:
Palo Alto Networks next-generation firewalls enable policy-based visibility and control over applications, users and content We can easily co-exist with current FW, replacing it once our value has been well established

Page 3 |

2008 Palo Alto Networks. Proprietary and Confidential.

Positioning Palo Alto Networks To Win

The best defense is a good offense. No one can do what we do. Why We Are Different
- Applications, Users and Content: Identification and control of more than 700 applications of all types, who is using them, and the content they carry
No one can do what we do here Visibility, (apps, users and content) is pervasive throughout the product ACC, Policy, Logging, Reporting

- Policy: unified, graphical definition and enforcement of policies that control applications, users and content traversing the network
No FW or IPS can create and enforce user based policies Simple to use: many require multiple policy tables and data entry points

- Performance: purpose-built platform with function specific processing for networking, security, threat prevention, and management maximizes performance with services enabled
Single Intel ships can run fast, but will struggle with CPU intensive security processing (SSG, Cisco, CP)

Page 4 |

2008 Palo Alto Networks. Proprietary and Confidential.

Competing Against Firewalls

Key Firewall players
- Juniper, Check Point, Cisco, bevy of smaller players

Weaknesses
- Firewalls use port-based classification and cannot identify the applications, users or content - Bolt-on IPS does not address solution because they only see the traffic the firewall - Bolt-on additions have multiple policy tables to control traffic making management complex - Firewall hardware and software architectures are optimized for port-based classification--add-on functions (IPS, AI, DPI) tend to introduce significant performance issues - Cannot decrypt any encrypted traffic

Watch out for.

- Roadmap promises, heavy handed marketing, account control

Key Palo Alto Networks advantages

- Identification and control of more than 750 applications of all types, who is using them, and the content they carry - Policy management: simple & effective enforcement of network use policy - Performance: all functions, all applications, all traffic w/o performance impact - Appropriate blend of positive and negative enforcement models- enabling safe usage of good productivity tools

Page 5 |

2008 Palo Alto Networks. Proprietary and Confidential.

Competing Against IPS

Key IPS players
Tipping Point, Juniper IDP, McAfee, Sourcefire / SNORT

Weaknesses
Only negative enforcement model- cannot restrict applications to certain people while blocking it from others, cannot allow good portions of applications. Competitors claim to be able to block P2P, but these and others successfully port hop or evade IPS Cannot decrypt any encrypted traffic- this is at least 30% of all traffic and will grow to over 50% in two years! Rely on port and protocol as initial traffic classification rendering it impotent at wide-spread application visibility and control Very limited network AV, limited scope and lifespan of company in standalone space- ie must become firewalls to survive

Watch out for.

Happiness with existing vendor, lots and lots of custom signatures

Key Palo Alto Networks advantages

Identification and control of more than 750 applications of all types, who is using them, and the content they carry Policy management: simple & effective enforcement of network use policy Performance: all functions, all applications, all traffic w/o performance impact Appropriate blend of positive and negative enforcement models- enabling safe usage of good productivity tools

Page 6 |

2008 Palo Alto Networks. Proprietary and Confidential.

Competing Against Proxies

Key Proxy players
Blue Coat, Secure Computing, Microsoft

Weaknesses
Proxies support a very small number of applications, limiting their scope of visibility and control, break everything else requiring huge port holes for applications to function Updates to existing applications are slow to be supported and tend to break applications typically a 6 month process to write a wrapper for an app- forcing chronic bypass Policy is limited to the relevant port/application support, missing huge chunks of traffic Management always a nightmare for any sized deployment Cost is typically staggering, still requires firewalls, IPSs, SSL decrypt (only for standard SSL ports) is another box Suffer from performance and scalability issues (100s of Mbps vs Gbps)

Watch out for

Proxy supporters we are not a proxy, many feel they are an ideal security solution May be a corporate requirement play nice and emphasize our complementary nature Be aware of the type of proxy deployment - transparent proxy (Explicit proxy = Red Flag)

Key Palo Alto Networks advantages

Identification and control of more than 750 applications of all types, who is using them, and the content they carry Policy management: simple & effective enforcement of network use policy Performance: all functions, all applications, all traffic w/o performance impact Appropriate blend of positive and negative enforcement models- enabling safe usage of good productivity tools

Page 7 |

2008 Palo Alto Networks. Proprietary and Confidential.

Competing Against URL Filtering

Key URL Filtering players
WebSense, Secure Computing, Blue Coat

Weaknesses
URL filtering classifies URLs nothing more unable to provide control apps or incredibly simple bypass mechanisms, applications, etc. Web content is dynamic URL database is one dimensional ignoring content, applications, web 2.0 and user generated content. It must be accompanied by other components, introducing huge policy management gaps User-based licensing tends to be an expensive, annually recurring cost

Watch out for

Web traffic and reporting and analysis comparisons Non-AD infrastructures

Key Palo Alto Networks advantages

Identification and control of more than 750 applications of all types, who is using them, and the content they carry Policy management: simple & effective enforcement of network use policy Performance: all functions, all applications, all traffic w/o performance impact Appropriate blend of positive and negative enforcement models- enabling safe usage of good productivity tools

Page 8 |

2008 Palo Alto Networks. Proprietary and Confidential.

Key Palo Alto Networks Advantages

Regardless of who we are competing against
- Firewalls, Firewall helpers, Firewall + IPS, UTM devices and Proxies all suffer from staggering issues with application breadth, accuracy, policy management complexity, massive TCO implications- and all of these stink at what they are intended to do. - The Palo Alto Networks key advantages are:
Application: identification and control of more than 750 applications, across all ports, all the time including SSL encrypted traffic and those that are designed to be evasive Policy: unified, graphical control over applications, threat prevention, and URL filtering fuels centralized definition and enforcement of policy based on users and/or group Performance: purpose-built platform with function specific processing for networking, security, threat prevention, and management ensures visibility and control over applications, content and users with no performance degradation

Page 9 |

2008 Palo Alto Networks. Proprietary and Confidential.

Thank You