• • PA-4000 Series Firewall
  • Management Tools
  • Technology
  • How To Buy
• • Press Releases
  • In The News
  • People Are Talking
  • Events
• • About Us
  • Management Team
  • Board of Directors
  • Investors
  • Careers
  • Contact Us

application research center

Palo Alto Networks enables unprecedented visibility and control over applications running on enterprise networks.

About Us

Palo Alto Networks enables visibility into—and policy-based control over—applications running on enterprise networks.

 

The problem

Enterprise networks are being populated by a new generation of end-user applications, both personal and business oriented, that are designed to evade detection by existing firewalls. These new applications have joined enterprise applications that use similar evasion tactics, albeit in a positive manner, to simplify wide-spread access and speed implementation cycles. The end result is that IT departments cannot identify or control the applications that are flowing in and out of the network. This lack of visibility and control negatively impacts business through:

• Increased liabilities: Regulatory and internal policy compliance, data leakage
• Increased costs: Increased bandwidth consumption, added IT operational expenses
• Increased threats: Viruses, spyware, worms and application vulnerabilities

 

Our solution

Palo Alto Networks has created a next-generation firewall that takes an application-centric approach to traffic classification to enable unmatched application visibility and policy control. Based upon an innovative traffic classification technology called App-ID, the PA-4000 Series accurately identifies and controls applications regardless of port, protocol, SSL encryption or evasive tactic used.

 

Why existing solutions are ineffective

Existing firewalls are based on Stateful Inspection, which employs a port and protocol approach to traffic classification. The problem existing firewall vendors face is the fact that much of their core technology (Stateful Inspection) is over a dozen years old and new applications have found a variety of ways to evade or bypass them with relative ease. Attempts to fix the problem by firewall vendors include 'bolting-on' Intrusion Prevention (IPS) or Deep Packet Inspection as an additional feature have proven unsuccessful, resulting in significant issues with accuracy, performance and management complexity.

• Accuracy: inline deployment and App-ID classification enable the identification of all application traffic, across all ports, all the time - including SSL encrypted traffic and emerging applications.
• Policy: Unified, graphical visualization of all applications on the network fuels centralized definition and enforcement of policy, based on detailed user, group and application-level categorizations. This enables more effective and efficient management of approved applications, while delivering real-time prevention of malicious threats and application vulnerabilities.
• Performance: a purpose-built, high performance network platform with dedicated processing for all major functions ensures total control of good and bad traffic with no performance degradation.

 

How we are different

Starting with a blank slate, the Palo Alto Networks founders took an application-centric approach to traffic classification thereby enabling visibility into-and control over-Internet applications running on enterprise networks. The PA-4000 Series is a next-generation firewall that classifies traffic based on the accurate identification of the application, irrespective of the port, protocol, SSL encryption or evasive tactic used. Key differentiators include.

• The only firewall to classify traffic based on the accurate identification of the application, not just port/protocol information.
• The only firewall to identify, control and inspect SSL encrypted traffic and applications.
• The only firewall to provide graphical visualization of applications on the network with detailed user, group and network-level data categorized by sessions, bytes, ports, threats and time.
• The only firewall with real-time (line-rate, low latency) protection against viruses, spyware and application vulnerabilities based on a stream-based threat prevention engine.
• The only firewall with line-rate, low-latency performance for all services, even under load.
• The only firewall to offer a true in-line transparent deployment option for seamless integration into an existing network infrastructure.

 

Deployment options

The combination of a powerful networking foundation, rich security features and policy-based management brings flexible deployment options to enterprise customers:

• As an application visibility tool: connected to the network via a span port, the PA-4000 Series can monitor traffic in real-time, providing the IT department with exactly which applications are traversing the network.
• In conjunction with an existing firewall: deployed transparently in conjunction with an existing firewall, the PA-4000 Series can provide granular application visibility and control without requiring any changes to the network.
• As a firewall replacement: full support for traditional firewall applications and protocols, combined with a familiar policy management editor and high performance means that the PA-4000 Series can be used as a replacement for existing firewalls.

Learn more about the Palo Alto Networks PA-4000 Series and its underlying technology.

Copyright ©2007 Palo Alto Networks. All rights Reserved.  |  Privacy  |  Site Map   |  Contact Us  |  Terms of Use