Your network is full of applications you cannot identify nor control with your port-based firewall. Filesharing, social networking, personal email, and streaming media are just a few of applications that can evade your firewall by hopping ports, using SSL, or non-standard ports. Your employees are using these applications - legitimately in many cases - to do their jobs. Blocking the applications outright may hurt your bottom-line, but blindly allowing them invites business and security risks.
Using a Palo Alto Networks next-generation firewall, you can strike the right balance between blocking all personal-use applications and allowing all of them. Secure application enablement begins with knowing exactly which applications are being used and by whom. This information allows you to create effective firewall control policies that extend well beyond the traditional 'allow or deny' approach. The final component of our solution is giving you the ability to securely enable applications without degrading your firewall's performance.
Knowledge is power: identifying applications, users and content.
Secure application enablement requires a systematic approach that begins with learning which applications are traversing your network, who is using each application, and the types of threats the applications might carry.
- App-ID first determines exactly which application is in use, no matter which port or evasive tactic is used.
- User-ID ties the application usage to the identity of the employee, not just the IP address, based on information stored in your corporate directory.
- Content-ID controls web surfing, protects you against threats, and limits the unauthorized transfer of files and data.
Armed with a better understanding of what is traversing your network, your security team and business groups can determine the business value of certain applications to specific users. Next, you can set up policies that enable application usage while also protecting your network.
Secure application enablement: restoring control to the firewall.
The firewall is the only place where all traffic passes through, which makes it the ideal location for controlling applications, users, and content. With the new, deeper understanding of your network traffic provided by our firewalls, your security team can quickly deploy application enablement policies that extend beyond 'allow or deny.' Examples include:
- Enable application, or application-function usage, for specific groups of users.
- Scan allowed traffic for a wide range of threats including viruses, vulnerability exploits, Trojans, and other forms of malware.
- Apply QoS to specific applications, users or groups to ensure your business applications are not bandwidth deprived.
- Block all P2P filesharing, external proxies, and circumventors.
These are just a few of the ways you will benefit from the secure application enablement policy approach of Palo Alto Networks next-generation firewalls.
Purpose-built platform: predictable performance with services enabled.
Identifying and controlling applications, while scanning them for threats, is a computationally intensive process that can crush most server-based platforms. Palo Alto Networks addresses these performance challenges using a unique combination of function-specific processing for:
- Content inspection
The result is a platform that delivers predictable performance at up to 20 Gbps when security services are enabled.