The war is over and, in case you missed it, IT lost. The once ferocious attempts to guard the corporate perimeters against unapproved devices and applications is sputtering to an end because, frankly, all but myopic IT diehards recognize this is battle that's already over.
Palo Alto Networks, the three-year-old networking security vendor, has moved to two-tier distribution, signing with Westcon and Computerlinks. And Westcon has a new many to handle its security division, former Avnet executive Andrew Warren.
Network security upstart Palo Alto Networks has signed distribution agreements with Westcon Group and Computerlinks, marking the first time Palo Alto's security products will be sold through two-tier distribution in North America.
Palo Alto Networks has a concise message for channel partners: The security company was cash-flow positive in its most recent quarter, and is looking to double its business in the year ahead. To assist with that effort, Palo Alto Networks has recruited roughly 150 channel partners and is now working with two distributors: Westcon Group and Computerlinks.
Gartner’s recent forecast analysis for Software-as-a-Service observes that Web-based office suites such as Google Apps (including Google Docs) will coexist with traditional office suites as business users will find them appropriate for real-time collaboration or as secondary online tools for taking notes. Google claims that over 3000 businesses sign-up for its Google Apps daily. Moreover, Google Docs is also very popular among employees for personal use. Nevertheless, users have discovered security issues with it, and many businesses have concerns related to data leak prevention and storing data in the cloud.
We have added a new video that introduces the key security concerns swirling around BitTorrent and specifically how to manage the risks that this incredibly popular application brings to your networks. We will cover how BitTorrent has evolved to avoid detection by traditional firewalls and IPS, how hackers are using BitTorrent to control malware, and why in some geographies BitTorrent can account for more than half of all combined enterprise and consumer internet traffic. View the video As always, we love to hear your feedback, so take a look and …
As you probably know, last year Gartner recommended that enterprises migrate from stand-alone IPS to next-generation firewalls for performing IPS functions. While this advice made intuitive sense based on the tight relationship between apps and threats, there was nevertheless a lack of empirical evidence to confirm that a next-generation firewall could actually stand up to the challenge of being a true IPS – until now.
Overview All Palo Alto Networks firewalls have two implicit Security Rules: Deny cross-zone traffic Allow same-zone traffic The default rules are applied unless there is a defined rule that allows traffic to pass between two zones. Traffic that hit the default rules are not logged. Some users have found that
Summary Microsoft released a security advisory on Aug 23 that discusses a remote attack vector that allows an attacker to remotely take control of user’s machine. The security advisory was in response to a report released by a security researcher the previous week that described how more than 40 Windows applications could be compromised due to the way Windows applications load DLLs. Palo Alto Network’s Next-Generation Firewalls can help thwart/mitigate such attacks by using App-ID and Content-ID technology (details below).
In this blog, I talk about how our next-generation firewalls protect against botnets such as Torpig. There are 3 parts to a botnet attack: 1. User visits a website which starts a chain reaction for torpig-infection There are 2 ways in which this can happen:
Traditionally, firewalls have been designed to be cornerstone of network security. But, in reality legacy firewalls are no longer an effective security solution to manage the risks and rewards of today’s Internet applications in the enterprise.
The 2010 Verizon Data Breach Report was released recently and like previous iterations, it was well worth the time to read it. For those who have not seen it, this report looks analyzes corporate level data breaches to show us what happened, how it happened and makes recommendations on how to stop them in the future. I also saw a shorter yet equally interesting article on Last Watchdog that discussed the challenges the banking industry has in keeping our personal banking accounts safe.
As the Antenna-gate controversy raged and finally subsided, the team here was busy enhancing our App-ID technology to identify Apple’s new video calling feature – FaceTime. It is essentially the audio-video chat functionality of Apple’s iChat for desktops, but tied to the iPhone4 device. From our analysis of the network traffic of FaceTime, we discovered that it uses SIP, the industry standard protocol for VoIP telephony, STUN for NAT traversal, and XMPP over SSL for authentication with Apple. Since it relies on Wi-Fi connectivity, corporate networks will have to carry …
Definitions: Session timeout: Period of time (seconds) required for the application to time out due to inactivity. TCP Timeout (seconds): Timeout for terminating a TCP application flow (1-604800 seconds). UDP Timeout (seconds): Timeout for terminating a UDP application flow (1-604800 seconds). There are application-specific timeout values defined in App Content
This document shows how to manage content updates by frequency, day and time, and type of update. To view new content, go to Device > Dynamic Updates. From there, the following functions may be performed: Click Check Now to view the latest threat and application updates available from Palo
Palo Alto Networks firewalls can be deployed in the networks as Layer 2 device offering all the security features. This configuration note walks through the details of configuring a site-to-site IPSec tunnel with the firewall deployed in layer 2 modes. This document covers the configuration on the Layer 2 firewall.
We have just recently added the latest in our ongoing series of videos where we put the spotlight on a particular application and dig deeper into specifically how companies are using the application, the risks that it introduces to an enterprise and how to mitigate them. This week Twitter goes on the hot seat and you may surprised what you learn. For instance, we will cover that the “teenage” perception of Twitter is largely unfounded and why Twitter is a new favorite technology for businesses. We’ll also cover a brief …
Details Using the network shown in the example, BGP will be configured to use one link as the primary and another link as backup for inbound and outbound internet traffic. The user has full control over how traffic exits the network, but can only influence how traffic enters the
Spoiler (Highlight to read) For PAN-OS 5.0 and later. This document shows how to configure BGP to advertise only appropriate routes. Prerequisites: Initial BGP configuration. Instructions can be found at this link: How to configure BGP ISPs typically aggressively filter announcements from their customers, but
This document gives step-by-step instructions for configuring and testing full-mesh, multi-homed eBGP using Palo Alto Networks devices in both an Active/Passive and Active/Active scenario. The configuration examples were performed on devices running PAN-OS 4.0. For a similiar tech note on OSPF, look here: How to Configure OSPF owner: tlozano