Given today’s application and threat landscape, enterprises need to adopt a new model for security. Each application has benefits; whether they are the automation of a business process, a productivity enhancement, or simply help make the workplace more pleasant for employees. But each application also carries risk – tunneling other applications, consuming bandwidth, carrying threats, transferring files, or impacting productivity.

Applications aren’t threats. Enterprises will have different perspectives on which applications are beneficial and appropriate to have on the network, and need a variety of responses (allow, deny, limit, scan, and shape) to mitigate the risk each allowed application carries. For example, many organizations want to enable reasonable personal use of applications, but ensure that more critical applications get priority on the network and the bandwidth they need.  Many network infrastructure components have the capacity to perform QoS, but lack the intelligence to do so meaningfully – i.e., they do it by port.

There are dedicated traffic shaping products that have good application knowledge, but they lack the performance to keep up with the requirements for high speed queue management – and perhaps more importantly, are completely disconnected from the other types of policy enforcement (e.g., scan, limit, allow, deny) – making a clear policy picture difficult, if not impossible.

Next-Generation Firewalls from Palo Alto Networks

With its next-generation enterprise firewalls, Palo Alto Networks delivers the required application visibility, the application intelligence to make policy decisions, the fine-grained controls to enforce those policies, and the high performance – empowering IT organizations to safely enable applications for their users