One of our top goals for the Ignite Conference is to facilitate conversation among our industry’s most progressive network security practitioners about the diversity of successful implementations of next-generation security. We will be looking for stories about how Palo Alto Networks supported network security teams to safely enable the use of applications.
One such story that stands out is from IT Manager Jeroen Buren of DDB Amsterdam, a subsidiary of international media and advertising agency DDB Worldwide. Buren explains DDB Amsterdam’s network usage:
"Social media usage is very heavy in our organization and our employees routinely send extremely large files back and forth via email and FTP. One hundred percent of our users are on the Internet a lot, as nearly all of them produce creative works."
Our firewalls sparked Buren’s interest when he discovered they identify and filter traffic by user instead of just by computer IP address. “That triggered us to look more closely at Palo Alto Networks,” Buren added:
"It all worked very smoothly. After 4-5 weeks, we started setting up external VPN connections, and implemented user-based filtering. The ability to see and monitor activity based on user, not just IP, combined with its performance, were the big selling points. After a few weeks of testing, we were convinced."
Since rolling out Palo Alto Networks for his primary firewalls and for VPN, Buren concluded:
"Palo Alto Networks enables us to give users all the functionality they need and still have the security we need. When a specific user needs to use an application or FTP big files, I can instantly and transparently empower the user without exposing ourselves."
Buren also explained how applications like MS Messenger are popular among staff, but dangerous for their file exchange functionality. “With Palo Alto Networks, we can give users access to the application but deny them the ability to use its file exchange options.”
In sum, Buren captures a dominant paradigm in network security today and one that we fully expect to be talking about next week at Ignite. As he put it, “functionality and security are like two opposites; if you give the user all the functionality they want, you’ll lose security.”