Deepening Application Control with Firewalls

Palo Alto Networks is upgrading its firewall software to enhance application filtering.

Palo Alto Networks is looking to distance itself from competing firewall vendors with new software that enhances application control and classification.

The company's PAN-OS 2.0 software, announced April 28, leverages and expands on the vendor's App-ID technology to increase the user's ability to dynamically classify and block applications. Enterprises can now filter applications according to a number of criteria to create policies, including risk level; categories such as collaboration and media applications; behaviors like file transferring and port hopping; and technology, such as whether the application is browser-based or peer-to-peer.

Click Here to Watch the Latest eWEEK Newsbreak Video.

"It's got this iTunes-like interface that enables you to select multiple kinds of characteristics to find the applications you are looking for," said Chris King, director of marketing at Palo Alto Networks. "You can say, 'I want to deny all the peer-to-peer that's prone to malware' ... or maybe, 'I want to allow all collaboration applications that don't tunnel under applications.' So there are all these variables in addition to the name of the app and the class of application."

The company has also added a new user-behavior summary as well as expanded Active Directory support and new Captive Portal features to improve visibility and control of applications regardless of client platform, officials at Palo Alto Networks said.

The company competes with a number of firewall vendors, such as Check Point Software and Juniper Networks. Traditional firewalls, King explained, lack the level of application visibility and control his company is looking to offer.

Check out here eWEEK's list of security predictions that bombed.

"A lot of the firewall technology was developed in the mid '90s, [when] port did equal protocol, and it did equal application," King said. "But we're now in a situation where everybody's either using Port 80 or Port 443, or they are hopping around, and so port has ceased to become anything meaningful. ... So I think what we're doing with this release is we're continuing to push our differentiation by making a lot of our information about the applications that we provide visibility into and control of more usable by the customer."

PAN-OS 2.0 is slated to be available in mid-May. The company will unveil the technology at the Interop Las Vegas 2008 conference.