Palo Alto Networks Extends Firewall Protection

Palo Alto Networks is looking to bolster protection for enterprise networks, data centers and mobile workers with a spate of new products.

In a series of new releases, Palo Alto Networks has fixed its eyes on extending network security from remote workers to enterprise data centers.

This week, the company upgraded its flagship PAN-OS product and announced the availability of new software called GlobalProtect, as well as the company's new Palo Alto Networks PA-5000 Series appliances. Each is targeted at different challenges tied to network security. The latest edition of PAN-OS will allow enterprises to write custom App-IDs for their internally developed applications, and includes new capabilities to identify previously unknown applications and suspicious traffic that could indicate botnet infections.

"The sheer volume of apps underscores the need to have a team dedicated to doing constant research on identifying and updating our App-IDs," said Mike Haro, director of corporate communications at Palo Alto Networks. "A static list won't suffice...The beauty of our approach is two-fold: customers have the flexibility to easily develop app IDs for securing niche, customized applications and the ability to use the firewall's default-deny model to immediately deny unknown apps from ever running on customers networks. As a result, that which you don't know can no longer hurt you."

The company has also added new botnet detection capabilities to help customers identify suspicious behavior on their network, Haro added. Since the traffic is logged based on users, organizations can quickly respond, he said.

With the PA-5000 Series, the company put an emphasis on performance and a target on enterprise data centers, giving its appliances the ability to handle up to 20G bps of firewall throughput.

With GlobalProtect, the emphasis is on reach. The GlobalProtect agent is placed on the user's PC, and communicates to the GlobalProtect Portal to obtain the correct policy for a particular user. It then establishes a secure connection to the nearet Palo Alto Networks GlobalProtect Gateway and creates a host information profile (HIP) of the user that includes factors such as patch-level and antivirus version.

"GlobalProtect takes all of the benefits our next-generation firewall customers use today within their corporate networks and delivers it transparently to all remote connections," he said. "That includes ensuring consistent policies for users whenever they establish connectivity, including such factors as patch level, disk encryption and antivirus version."

Cisco recently unveiled its SecureX architecture at the RSA Conference last month, pushing the idea of a consolidated view of who is trying to access the network, the type of device is used, its physical location and what services are being requested. As part of the company's announcement, Cisco's Tom Gillis, vice president and general manager of the company's Security Technology business unit, said the Cisco SecureX architecture and the Cisco Adaptive Security Appliance (ASA) will businesses better embrace virtualization, mobility and "collaboration across business boundaries."

"Today's business environment requires proactive, context-aware security that provides deep insight, control and operational efficiency," he said in a statement Feb. 16.

While Palo Alto Networks does not use the term "context-aware," the company does feel its firewalls need to be capable of seeing all the traffic on the network based on applications, users and content - and it must be done at the firewall level, Haro said.

"Palo Alto continues to blaze the way in terms of trying to transform the security gateway business," said Forrester Research analyst John Kindervag. "Right now everybody's sort of stuck with this sort of unwieldy moniker of next-generation firewalls. I don't like the term very [much] because I think it's much more than that. But we certainly see a convergence of traditional firewall technology with IPS technology into what I would say would be multi-function, integrated security gateways that could be used...and have some really interesting ability to uplift the security posture of organizations."