Palo Alto Networks is looking to bolster protection for enterprise networks, data centers and mobile workers with a spate of new products.
In a series of new releases, Palo Alto Networks has fixed its
eyes on extending network security from remote workers to
enterprise data centers.
This week, the company upgraded its flagship PAN-OS product and
announced the availability of new software called GlobalProtect, as
well as the company's new Palo Alto Networks PA-5000 Series
appliances. Each is targeted at different challenges tied to network security
The latest edition of PAN-OS will allow enterprises to write custom
App-IDs for their internally developed applications, and includes new
capabilities to identify previously unknown applications and suspicious
traffic that could indicate botnet infections.
"The sheer volume of apps underscores the need to have a team
dedicated to doing constant research on identifying and updating our
App-IDs," said Mike Haro, director of corporate communications at Palo
Alto Networks. "A static list won't suffice...The beauty of our approach
is two-fold: customers have the flexibility to easily develop app
IDs for securing niche, customized applications and the ability to
use the firewall's default-deny model to immediately deny unknown
apps from ever running on customers networks. As a result, that which
you don't know can no longer hurt you."
The company has also added new botnet detection capabilities to help
customers identify suspicious behavior on their network, Haro added.
Since the traffic is logged based on users, organizations can
quickly respond, he said.
With the PA-5000 Series, the company put an emphasis on performance
and a target on enterprise data centers, giving its appliances the
ability to handle up to 20G bps of firewall throughput.
With GlobalProtect, the emphasis is on reach. The GlobalProtect
agent is placed on the user's PC, and communicates to the
GlobalProtect Portal to obtain the correct policy for a particular
user. It then establishes a secure connection to the nearet Palo Alto
Networks GlobalProtect Gateway and creates a host information profile
(HIP) of the user that includes factors such as
patch-level and antivirus version.
"GlobalProtect takes all of the benefits our next-generation
firewall customers use today within their corporate networks and
delivers it transparently to all remote connections," he said. "That
includes ensuring consistent policies for users whenever they establish
connectivity, including such factors as patch level, disk encryption
and antivirus version."
Cisco recently unveiled its SecureX architecture
the RSA Conference last month, pushing the idea of a consolidated view
of who is trying to access the network, the type of device is used, its
physical location and what services are being requested. As part of the
company's announcement, Cisco's Tom Gillis, vice president and general
manager of the company's Security Technology business unit, said the
Cisco SecureX architecture and the Cisco Adaptive Security Appliance
(ASA) will businesses better embrace virtualization, mobility and
"collaboration across business boundaries."
"Today's business environment requires proactive, context-aware
security that provides deep insight, control and operational
efficiency," he said in a statement Feb. 16.
While Palo Alto Networks does not use the term "context-aware," the
company does feel its firewalls need to be capable of seeing all the
traffic on the network based on applications, users and content - and
it must be done at the firewall level, Haro said.
"Palo Alto continues to blaze the way in terms of trying to
transform the security gateway business," said Forrester Research
analyst John Kindervag. "Right now everybody's sort of stuck with this
sort of unwieldy moniker of next-generation firewalls. I don't like the
term very [much] because I think it's much more than that. But we
certainly see a convergence of traditional firewall technology with IPS
technology into what I would say would be multi-function, integrated
security gateways that could be used...and have some really interesting
ability to uplift the security posture of organizations."