palo alto networks “simplify your security”
TRANSCRIPT
![Page 1: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/1.jpg)
Palo Alto Networks
“Simplify your security”
![Page 2: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/2.jpg)
Agenda
2 | ©2013, Palo Alto Networks. Confidential and Proprietary.
1. Komplexität – Risiken und Probleme
2. Wie sieht eine Security-Umgebung heute aus?
3. Wie geht Palo Alto Networks dieses Problem an?
4. Unsere Lösung im Detail
![Page 3: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/3.jpg)
3 | ©2012, Palo Alto Networks. Confidential and Proprietary.
“Complexity is
the Worst Enemy of Security”
- Bruce Schneier
![Page 4: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/4.jpg)
Komplexität – Risiken und Nebenwirkungen…
4 | ©2013, Palo Alto Networks. Confidential and Proprietary.
For starters, the global survey of 2,400 IT security administrators found that more than half of their organizations work with at least seven security vendors. Not coincidentally, in every country surveyed the complexity of managing security operations ranked as the No. 1 information security challenge. In the U.S., complexity (the main challenge for 33% of survey respondents) ranked well ahead of data theft by insiders (21%), compliance (19%), security policy enforcement (15%), and data theft by outsiders (12%). That's right: Security groups aren't spending most of their energy battling malicious insiders, hackers, or the latest malware. Rather, they're combating the complexity of their own security programs. Furthermore, organizations report that they're loathe to cut vendors, fearing that they'll have to settle for higher prices, greater total cost of ownership, and fewer capabilities.
- Ponemon Institute (sponsored by Checkpoint) - Ponemon Institute (sponsored by Checkpoint) - Ponemon Institute (sponsored by Checkpoint)
![Page 5: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/5.jpg)
Komplexität – Risiken und Nebenwirkungen…
5 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Die Komplexität des Betriebs ist die TOP-Herausforderung für die IT-Sicherheit
![Page 6: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/6.jpg)
Komplexität – Risiken und Nebenwirkungen…
6 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Security-Teams verbringen mehr Zeit im Kampf mit der eigenen Infrastruktur – anstatt gegen externe und interne Angriffs-Vektoren
![Page 7: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/7.jpg)
Komplexität – Risiken und Nebenwirkungen…
7 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Think about this for a minute. In our attempts to defend the network and critical assets from cyber threats, we have fallen into the trap of bolting on more and more security layers and policies. The result is that we’ve increased the level of complexity within the environment to the point where we have actually created risk because of human errors, misconfigurations, etc.
- Wired
![Page 8: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/8.jpg)
8 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 9: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/9.jpg)
9 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 10: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/10.jpg)
Wie sieht eine Security-Umgebung heute aus?
Viel hilft viel?
10 | ©2013, Palo Alto Networks. Confidential and Proprietary.
![Page 11: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/11.jpg)
Derzeitig verwendete Ansätze
Enterprise Network
11 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Internet
• Am Anfang war die Firewall…
![Page 12: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/12.jpg)
Derzeitig verwendete Ansätze
Enterprise Network
12 | ©2012, Palo Alto Networks. Confidential and Proprietary.
IPS
Internet
• Ergänzung um ein IPS-System
![Page 13: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/13.jpg)
Derzeitig verwendete Ansätze
Enterprise Network
13 | ©2012, Palo Alto Networks. Confidential and Proprietary.
DLP IPS
Internet
• Ergänzung um ein Data-Loss-Prevention-System
![Page 14: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/14.jpg)
Derzeitig verwendete Ansätze
Enterprise Network
14 | ©2012, Palo Alto Networks. Confidential and Proprietary.
DLP IPS
Internet QoS
• Eventuell noch Quality of Service?
![Page 15: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/15.jpg)
Derzeitig verwendete Ansätze
Enterprise Network
15 | ©2012, Palo Alto Networks. Confidential and Proprietary.
DLP IPS
Internet AV
• Netzwerk-Antivirus
QoS
![Page 16: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/16.jpg)
Derzeitig verwendete Ansätze
Enterprise Network
16 | ©2012, Palo Alto Networks. Confidential and Proprietary.
DLP IPS
Internet AV URL
• URL-Filter – dediziert oder integriert mit Proxy
QoS
![Page 17: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/17.jpg)
Derzeitig verwendete Ansätze
Enterprise Network
17 | ©2012, Palo Alto Networks. Confidential and Proprietary.
DLP IPS
Internet AV URL Proxy
• Proxy
QoS
![Page 18: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/18.jpg)
Derzeitig verwendete Ansätze
Enterprise Network
• “Mehr” nicht unbedingt “mehr gut”…
• Jedes Gerät sieht lediglich einen Traffic-Ausschnitt
• Komplex – teuer – intensive Wartung
• “Legacy”-Architektur
• Keine integrierte Applikations-Kenntnis je Modul
18 | ©2012, Palo Alto Networks. Confidential and Proprietary.
UTM
Internet
![Page 19: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/19.jpg)
UTM-Architektur – “einer geht noch…”
Port/Protocol-based ID
HTTP Decoder
L2/3 Networking
URL
Port/Protocol-based ID
L2/3 Networking
Firewall
Port/Protocol-based ID
IPS Signatures
L2/3 Networking
IPS
IPS Decoder
Port/Protocol-based ID
AV Signatures
L2/3 Networking
Antiviren
AV Decoder & Proxy
Page 19 | © 2008 Palo Alto Networks. Proprietary and Confidential
![Page 20: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/20.jpg)
Wie geht Palo Alto Networks dieses Problem an?
20 | ©2013, Palo Alto Networks. Confidential and Proprietary.
![Page 21: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/21.jpg)
Firewall Security Plattform – ganzheitliche Lösung
21 | ©2013, Palo Alto Networks. Confidential and Proprietary.
![Page 22: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/22.jpg)
Enterprise Security Plattform
22 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Next-Generation Firewall
Analysiert alle Daten
Blockiert bekannte Threats…
…lässt unbekannte analysieren
Erweiterbar (mobil/virtuell)
![Page 23: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/23.jpg)
Enterprise Security Plattform
23 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Next-Generation Threat Cloud
Potentielle Netzwerk- und Endpunkt-Threats werden gesammelt
Analyse der Daten auf Schadhaftigkeit
Stellt Ergebnisse den Netzwerk- und Endpunkt-Systemen zur Verfügung
![Page 24: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/24.jpg)
Enterprise Security Plattform
24 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Inspiziert alle Prozesse und Dateien
Verhindert bekannte & unbekannte Exploits
Integriert mit Cloud-Analyse zur Malware-Erkennung (unbekannte)
Next-Generation Endpoint
![Page 25: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/25.jpg)
Enterprise Security Plattform
25 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Unbekannte Bekannte &
zero-day-
Funde
![Page 26: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/26.jpg)
Enterprise Security Plattform
26 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Real-time
signatures
![Page 27: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/27.jpg)
Enterprise Security Plattform
27 | ©2013, Palo Alto Networks. Confidential and Proprietary.
Bestätigt Gefahrenfund
Integriertes Reporting
![Page 28: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/28.jpg)
Enterprise Security Plattform
28 | ©2013, Palo Alto Networks. Confidential and Proprietary.
① Schützt vor Angriffen — auch neuartige/unbekannte
② Schützt alle Anwender und Applikatinen — inkl. mobile und virtuelle!
③ Nahtlose Integration von Netzwerk- und Endpunkt-Security - nutzt Stärken beider
④ Ermöglicht schnelle Analyse neuer Threats
![Page 29: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/29.jpg)
Unsere Lösung im Detail
“Let the Firewall do its job!”
29 | ©2013, Palo Alto Networks. Confidential and Proprietary.
![Page 30: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/30.jpg)
Heutige Firewalls – noch zeitgemäß?
30 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 31: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/31.jpg)
Applikationen - Angriffsvektor und Ziel zugleich
31 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 32: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/32.jpg)
Verschlüsselte Applikationen – “Unsichtbare” Gefahren
32 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 33: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/33.jpg)
“Enabling Applications, Users and Content – Safely”
33 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 34: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/34.jpg)
Making the Firewall a Business Enablement Tool
Applikationen: Akkurate Klassifizierung des
Traffics mit App-ID.
Anwender: Einbinden von Usern und Gruppen
mit User-ID und GlobalProtect.
Inhalte: Analyse und Schutz vor
Schadinhalten, bekannter oder unbekannter
Natur mit Content-ID und WildFire.
34 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 35: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/35.jpg)
Wildfire?
35 | ©2013, Palo Alto Networks. Confidential and Proprietary.
![Page 36: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/36.jpg)
Verbreitung von “0-Day Malware”
36 | ©2012, Palo Alto Networks. Confidential and Proprietary.
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
10000
1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930313233343536373839404142434445464748
• Analyse von 50 “0-Day
malware”-Proben
• Mit WildFire
abgefangen in einem
Kundennetz
• Zeigt die Infektionsrate
neuer Malware über
Stunden
Malw
are
-Ang
riffsvers
uch
e
Stunden
![Page 37: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/37.jpg)
Abdeckung der Gefahr durch AV-Signaturen A
be
cku
ngs
rate
in P
roze
nt
Abeckungsrate der Top 5 AV-Hersteller (vendor) nach Tagen
37 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Abdeckungsrate durch AV-Anbieter von neuer Malware (50 Proben)
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Day-0 Day-1 Day-2 Day-3 Day-4 Day-5 Day-6
5 vendors
4 vendors
3 vendors
2 vendors
1 vendor
0 vendors
![Page 38: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/38.jpg)
Verbreitung von “0-Day Malware”
38 | ©2012, Palo Alto Networks. Confidential and Proprietary.
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
10000
1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930313233343536373839404142434445464748
WildFire-Kunden
Stunden
95% der Opfer neuer
Malware werden
innerhalb von 24
Stunden infiziert!
Malw
are
-Ang
riffsvers
uch
e
Erfolgreiche Eindämmung und
Schutz erlaubt
keine Wartezeit!
![Page 39: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/39.jpg)
WildFire-Architektur
39 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 40: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/40.jpg)
WildFire-Architektur
• 10 Gbps Durchsatz für
Threat Prevention
• Jeglicher Traffic, alle Ports
• Web, Email, FTP, SMB,
etc
40 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 41: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/41.jpg)
WildFire-Architektur
• Malware kann sich “frei
entfalten” in unserer
Sandbox.
• Updates an den Sandbox-
Systemen ohne Einfluß auf
Kunden/Anwender
41 | ©2012, Palo Alto Networks. Confidential and Proprietary.
![Page 42: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/42.jpg)
WildFire-Architektur
42 | ©2012, Palo Alto Networks. Confidential and Proprietary.
• Signaturen werden erstellt
und getestet basierend auf
dem Binary selber.
• Stream-basierte
Analyselogik für echtes
Inline-Scanning
![Page 43: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/43.jpg)
Welche Dateien werden analysiert?
Simultane Analyse auf verschiedenen Plattformen
43 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Mobile Malware
Android APK
![Page 44: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/44.jpg)
Die Hardware
44 | ©2013, Palo Alto Networks. Confidential and Proprietary.
![Page 45: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/45.jpg)
PAN-OS Core Firewall Features
Strong networking foundation Dynamic routing (BGP, OSPF, RIPv2)
Tap mode – connect to SPAN port
Virtual wire (“Layer 1”) for true
transparent in-line deployment
L2/L3 switching foundation
Policy-based forwarding
VPN
Site-to-site IPSec VPN
Remote Access (SSL) VPN
QoS traffic shaping Max/guaranteed and priority
By user, app, interface, zone, & more
Real-time bandwidth monitor
Zone-based architecture All interfaces assigned to security
zones for policy enforcement
High Availability
Active/active, active/passive
Configuration and session
synchronization
Path, link, and HA monitoring
Virtual Systems Establish multiple virtual firewalls in a
single device (PA-7050, PA-5000, PA-
4000, PA-3000, and PA-2000 Series)
Simple, flexible management CLI, Web, Panorama, SNMP, Syslog
Visibility and control of applications, users and content complement core firewall features
PA-500
PA-200
PA-2000 Series PA-2050, PA-2020
PA-3000 Series PA-3050, PA-3020
PA-4000 Series PA-4060, PA-4050 PA-4020
PA-5000 Series PA-5060, PA-5050 PA-5020
VM-Series VM-300, VM-200, VM-100
PA-7050
45 | ©, 2014 Palo Alto Networks. Confidential and Proprietary.
![Page 46: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/46.jpg)
Single Pass Platform Architecture
46 | ©2013, Palo Alto Networks. Confidential and Proprietary.
![Page 47: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/47.jpg)
• Application, user and content visibility without inline deployment
• IPS with app visibility & control
• Consolidation of IPS & URL filtering
• Firewall replacement with app visibility & control
• Firewall + IPS
• Firewall + IPS + URL filtering
Firewall Replacement
Tap Mode
Transparent In-Line
© 2012 Palo Alto Networks. Proprietary and Confidential.
Flexibel einsetzbar
• VM-Series introduces the ability for secure segmentation to be done within the host
Within The Host
![Page 48: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/48.jpg)
NGFW as a VM, versus as a Service
VM-Series as a Guest VM
• Virtual Networking configured to pass traffic through Firewall
• Requires vSwitch and Port Group Configuration
• Connects as L3, L2, V-wire, or Tap
Page 48 | © 2012 Palo Alto Networks. Proprietary and Confidential.
VM-Series NSX Edition as a Service
• NGFW is an NSX Service • Resides below the vSwitch and above vNIC • NSX steers traffic to and from VM before
Networking
![Page 49: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/49.jpg)
VM-Series support for Citrix NetScaler SDX
• Citrix NetScaler SDX is an open service-delivery
platform that consolidates ADC (application
delivery controller) and best-in-class network and
security services
• VM-Series is now supported on Citrix SDX 11500
and 17550 Series
• Key use cases:
• Multi-tenant cloud deployments to meet
individual needs of business unit, application
owners, service provider customers
• Integrated solution for Citrix
XenApp/XenDesktop deployments
VM-100, VM-200, VM-300 deployed as guest VMs
49 | ©2014, Palo Alto Networks. Confidential and Proprietary.
![Page 50: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/50.jpg)
Sicherheit durch Vereinfachung
50 | ©2012, Palo Alto Networks. Confidential and Proprietary.
IPS
QoS
DLP
AV
URL
APT/zero-day
Proxy
Alle Funktionen vereint
Zentrales Logging
Einheitliche Policies
Drastisch reduzierter
administrativer Aufwand
Performance
![Page 51: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/51.jpg)
“Simplicity is power” (Citrix)
51 | ©2012, Palo Alto Networks. Confidential and Proprietary.
[…] half of the survey respondents […] stated
that complex policies ultimately led
to a security breach, system outage or both.
![Page 52: Palo Alto Networks “Simplify your security”](https://reader031.vdocuments.net/reader031/viewer/2022020912/6202329c9b933e3f1167bc03/html5/thumbnails/52.jpg)