Products >

Palo Alto Networks

UTM Firewalls • Intrusion Prevention • Web Content Filtering

http://paloaltonetworks.com

Palo Alto Networks delivers a family of next-generation firewalls, providing unprecedented visibility and policy control of all applications on the corporate network – including encrypted SSL applications – regardless of port or protocol. These advanced firewalls include integrated real-time threat prevention and deliver up to 10Gbps of low latency performance.

The Problem – Lack of application visibility

Enterprise networks are being populated by a new generation of end-user applications, both personal and business oriented, that are designed to evade detection by existing firewalls. These new applications have joined enterprise applications that use similar evasion tactics, albeit in a positive manner, to simplify wide-spread access and speed implementation cycles. The end result is that IT departments cannot identify or control the applications that are flowing in and out of the network. This lack of visibility and control negatively impacts business through:

  • Increased liabilities: Regulatory and internal policy compliance, data leakage
  • Increased costs: Increased bandwidth consumption, added IT operational expenses
  • Increased threats: Viruses, spyware, worms and application vulnerabilities Existing firewalls are based on Stateful Inspection, which employs a port and protocol approach to traffic classification. The problem existing firewall vendors face is the fact that much of their core technology (Stateful Inspection) is over a dozen years old and new applications have found a variety of ways to evade or bypass them with relative ease. Attempts to fix the problem by firewall vendors include ‘bolting-on’ Intrusion Prevention (IPS) or Deep Packet Inspection as an additional feature have proven unsuccessful, resulting in significant issues with accuracy, performance and management complexity.
  • Accuracy: inline deployment and App-ID classification enable the identification of all application traffic, across all ports, all the time – including SSL encrypted traffic and emerging applications.
  • Policy: Unified, graphical visualization of all applications on the network fuels centralized definition and enforcement of policy, based on detailed user, group and application-level categorizations. This enables more effective and efficient management of approved applications, while delivering real-time prevention of malicious threats and application vulnerabilities.
  • Performance: a purpose-built, high performance network platform with dedicated processing for all major functions ensures total control of good and bad traffic with no performance degradation.

The Solution – Next Generation Firewall

Starting with a blank slate, the Palo Alto Networks founders took an application-centric approach to traffic classification thereby enabling visibility into-and control over-Internet applications running on enterprise networks. The PA-4000 Series is a next-generation firewall that classifies traffic based on the accurate identification of the application, irrespective of the port, protocol, SSL encryption or evasive tactic used. Key differentiators include.

  • The only firewall to classify traffic based on the accurate identification of the application, not just port/protocol information.
  • The only firewall to identify, control and inspect SSL encrypted traffic and applications.
  • The only firewall to provide graphical visualization of applications on the network with detailed user, group and network-level data categorized by sessions, bytes, ports, threats and time.
  • The only firewall with real-time (line-rate, low latency) protection against viruses, spyware and application vulnerabilities based on a stream-based threat prevention engine.
  • The only firewall that can transparently integrate with Microsoft Active Directory, enabling visibility into application usage by individual user names or groups.
  • The only firewall with line-rate, low-latency performance for all services, even under load.
  • The only firewall to offer a true in-line transparent deployment option for seamless integration into an existing network infrastructure.
    The combination of a powerful networking foundation, rich security features and policy-based management brings flexible deployment options to enterprise customers:
  • As an application visibility tool: connected to the network via a span port, the PA-4000 Series can monitor traffic in real-time, providing the IT department with exactly which applications are traversing the network.
  • In conjunction with an existing firewall: deployed transparently in conjunction with an existing firewall, the PA-4000 Series can provide granular application visibility and control without requiring any changes to the network.
  • As a firewall replacement: full support for traditional firewall applications and protocols, combined with a familiar policy management editor and high performance means that the PA-4000 Series can be used as a replacement for existing firewalls.

Subscribe in a reader