For the Enterprise Perimeter
Problem: Your network has run amok with applications that cannot be identified, much less controlled by your port-based firewall. Filesharing, social networking, personal email, streaming media are just a few of the different types of applications that can evade your firewall by hopping ports, using SSL, or non-standard ports. These same applications are the ones that your employees are using, in many cases, to accomplish their daily tasks. Summarily blocking these applications may be detrimental to your bottom line, yet blindly allowing them is equally fraught with a range of business and security risks.
Solution: Using a Palo Alto Networks next-generation firewall, your security team can strike an appropriate balance between blocking all personal-use applications and allowing them. Secure application enablement begins with first knowing exactly what applications are being used and by whom. That knowledge is then effectively translated into positive control model firewall policies that extend beyond traditional allow or deny. The third and final solution component is the ability to securely enable applications without degrading firewall performance.
- Learn More
- See Demo
- Next Steps
Knowledge is power: identifying applications, users and content.
Secure application enablement requires a systematic approach that begins with learning which applications are traversing the network; who is using each application and what types of threat the applications may carry.
- App-ID first determines exactly which application is in use, no matter which port, or evasive tactic is being used.
- User-ID ties the application usage to the identity of the employee, not just the IP address, based on information stored in the corporate directory.
- Content-ID is then employed to control web surfing, protect against threats, and limit the unauthorized transfer of files and data.
Armed with a better understanding of what is traversing the network, your security team can, in conjunction with the business groups, determine the business value and agree on appropriate policies that enable the application usage, yet protect your network.
Secure application enablement: restoring control to the firewall.
Firewalls have always been the single location that all traffic passes through, making it the ideal location for controlling applications, users and content. With the new found knowledge of the network traffic, your security team can quickly deploy application enablement policies that extend beyond allow or deny. Examples include:
- Enable application, or application-function usage for specific groups of users.
- Scan allowed traffic for a wide range of threats including viruses, vulnerability exploits, Trojans, and other forms of malware.
- Apply QoS to specific applications, users or groups to ensure business applications are not bandwidth deprived.
- Block all P2P filesharing, external proxies, and circumventors.
These are just a few of the secure application enablement policy examples that our customers are implementing with a Palo Alto Networks next-generation firewall.
Purpose-built platform: predictable performance with services enabled.
Identifying and controlling applications, while scanning them for threats is a computationally intensive process that can crush most server-based platforms. Palo Alto Networks addresses these performance challenges using a unique combination of function specific processing for networking, security, content inspection and management. The result is a platform that delivers predictable performance at up to 20 Gbps when security services are enabled.