 |
"The days when
port = protocol = application are behind us. An increasing
percentage of enterprise network traffic is being funneled
through a few well-known ports, more port-hopping or dynamic
application content, such as Web 2.0. In many cases, traffic
is being encrypted." "Most enterprise firewalls are not fully featured NGFW but, rather, early versions. This slowness to market has opened the door to competition, such as that from startups." Greg Young, Research Vice President |
 |
"In every company in the world users install and use applications that are not approved by IT, which makes it challenging to establish uniform security and compliance policies. Establishing application visibility and control based on actual user identity, not just IP address, is an important feature in next-generation firewalls." Jeff Wilson, Research Vice President |
 |
"This week, we've seen some genuine innovation – and perhaps more importantly, some new approaches to solving some very old problems…. Just when you thought firewalls had dead-ended, for example, startup Palo Alto Networks launched a new firewall, the PA-4000, which can identify – and restrict – more than 500 types of application traffic. Instead of just two settings for Port 80 ("off" or "on") this firewall enables enterprises to allow, block, or truncate the use of all sorts of applications, including those running over SSL." |
 |
"Enterprises are frustrated with their traditional perimeter firewalls, because firewall ports increasingly are opened up to allow business traffic, particularly over Port 80. The PA-4000 line is offered as a transitional technology that works behind traditional, port-based firewalls to monitor applications and apply security rules to them." |
|
"[The PA-4000 Series] makes all kinds of interesting things possible…. First, it provides visibility into and control of the applications on your network. If you don't want users fooling around with P2P apps, you shut them down at the gateway. If you only want them to use a corporate-approved IM system, Palo Alto's firewall allows that one and no others." |
 |
"The one lone voice in the wilderness these days that seems to be questioning much of the conventional wisdom of the security industry these days is Nir Zuk, who is the founder and chief technology officer for Palo Alto Networks, a startup company that is dedicated to overhauling the firewall has we know it….After 10 years of watching security infrastructure costs spiral out of control, it’s nice to see somebody talking about not only an improved firewall design but also a more efficient approach to the whole security model." |
|
"First it was ports, then protocols, and now, applications: A new generation of firewalls is slowly emerging with more sophisticated inspection and blocking features at higher speeds. These new devices will not only do intrusion prevention, but also filter by application type. The protocol inspection method used by traditional firewalls is no longer enough, as more and more applications use Port 80, or HTTP." |
 |
"The App-ID software on Palo Alto's PA-4000 machines detects all application traffic across all ports, including SSL encrypted traffic and software-as-a-service, instant messaging, Web mail, P2P and other software types. Moreover, the software can view the application's profile to track usage, source, destination and risk level." |
 |
"With a cast of characters that represents much of the intellectual capital surrounding firewalls, it’s a pretty fair bet that its efforts to clean up the security perimeter nightmare is going to attract some big-time attention." |
