Comments for Palo Alto Networks Research Center

Comment on Who’s the best illusionist? by Alfred

Alfred — Fri, 05 Mar 2010 22:01:02 +0000

Thanks for your question Peter. TippingPoint describes DVLabs as a “premier research organization for vulnerability analysis and discovery”. I separated TippingPoint’s Zero Day Initiative from the comparison because I wanted a like-for-like comparison of just the internal research organizations from all of the top IPS companies. There is no other major IPS company that pays for vulnerabilities like TippingPoint, so to compare all other vendors to it wouldn’t be right.

Comment on Is UTM an Enterprise Product? by Matt

Matt — Thu, 04 Mar 2010 16:56:07 +0000

Juniper did poorly in one test – that does not remove them from being a leader in the IPS market. I cannot comment on their results without more knowledge of the test environment, which platforms, the rules of engagement etc. Sorry.
Matt

Comment on Can Stateful Inspection Evolve? by Matt

Matt — Thu, 04 Mar 2010 16:52:28 +0000

Victor – thanks for the support. We continue to make progress great strides in demonstrating how we can help customers identify and control applications more effectively than any other product on the market. Do not let this award sway you.

Matt

Comment on Can Stateful Inspection Evolve? by victorhud

victorhud — Wed, 03 Mar 2010 15:40:13 +0000

Hi:
I reviewed the SC Magazine Awards 2010, and the Enterprise Firewall winner was … CheckPoint? What?.

I dont know how they evaluate the appliances, i believe that the winner must be PA-4000, the xx-ID its a great innovation in Firewall technology.

When will begin the NGFW to replace the stateful inspection firewall only?

When the sc magazines editor read Gartners recommendations

Comment on Who’s the best illusionist? by Peter

Peter — Thu, 25 Feb 2010 07:17:07 +0000

Why do you exclude Zero Day Initiative? Aren´t those vulnerabilities discovered by TippingPoint´s initiative? Can you provide the number of Zero Day Initiative discovered vulnerabilities? Thanks

Comment on Wireshark Plugin for Mariposa Botnet Command and Control by Week 6 in Review – 2010 | Infosec Events

Week 6 in Review – 2010 | Infosec Events — Mon, 15 Feb 2010 06:04:44 +0000

[...] Wireshark Plugin for Mariposa Botnet Command and Control – paloaltonetworks.com Yamata Li has developed a Wireshark plugin that will allow you to view obfuscated pcaps of traffic from a Mariposa infected client. [...]

Comment on Is UTM an Enterprise Product? by someone

someone — Sun, 14 Feb 2010 04:06:30 +0000

I am wondering if you would still consider the Juniper IDP blade a “best of breed IPS” given the NSS Labs results http://nsslabs.com/IPS-2009-Q4 ? Also will you be submitting the Palo Alto appliances to the same test ?

Comment on Beyond Ports and Protocols by NoOneImportant

NoOneImportant — Tue, 22 Sep 2009 16:22:34 +0000

I agree so far the old firewalls and IPS and just not cut out for the job.
To control Web traffic (HTTP/HTTPS) you need a Web proxy like a BlueCoat/Websense.
To control SSH traffic you need a SSH proxy like a McAfee Sidewinder.
To control DNS traffic you need a DNS proxy like a InfoBlox/BlueCat.
To control SMTP traffic you need a Mail Proxy like a ProofPoint/IronMail.
To control IM traffic you need a IM proxy like a Barracuda IM FW.
and the list goes on and on……
or you can buy a Palo Alto….tada.

Comment on Balancing the Risks and Benefits of Evasive Applications by Kanwal Sohal

Kanwal Sohal — Sun, 13 Sep 2009 09:03:37 +0000

The challenge with today’s perception of technology is that we should be able to access content and use applications without the fear of compromise and negative publicity. The reality of the matter is collaborative/user installed applications provide significant efficiency gains which cannot be ignored. The users/corporate desire to be better connected with web based applications is not the challenge here but the opportunity for cybercriminals to widen their malware net or infection platforms across the net. We now must provide safe use of such applications without prejudice. Delivering safe use of such applications is about gaining an understanding of the application pipe – “Do I know what is coming into my network vs. the potential associated threat”.

Comment on McAfee’s Acquisition Reminded Me That Proxies Generally Suck by Matt

Matt — Fri, 24 Jul 2009 20:24:59 +0000

As someone who has actually configured many Sidewinder firewalls, I have to say that you should try to use one before commenting on them.
Yes, application/proxy based firewalls are harder to implement, especially if you are a novice, but Secure/McCrappy makes this pretty straightforward. And yup, there are filters for those protocols you just can’t get to work on a proxy.
The only real issue I have come apon is friggen Skype or FTPS. Skype will work via https, but will still try to hammer it’s way though the firewall on other ports and FTP/FTPS is for the clueless…use SFTP instead.
I can’t say much for other proxy based firewalls, as there really aren’t any.