Here are some of the capabilities available only in next generation firewalls from Palo Alto Networks.
• The only firewall to classify traffic based on the accurate identification of the application, regardless of port, protocol, or evasive tactic;
• The only firewall to identify, control and inspect SSL encrypted traffic and applications;
• The only firewall with real-time (line-rate, low latency) content scanning to protect against viruses, spyware, data leakage and application vulnerabilities based on a stream-based threat prevention engine;
• The only firewall that can scan content for social security and credit card numbers, to help prevent leakage of sensitive data and support PCI compliance;
• The only firewall to provide graphical visualisation of applications on the network with detailed user, group and network-level data categorised by sessions, bytes, ports, threats and time;
• The only firewall with line-rate, low-latency performance for all services, even under load.
How would you summarise the key differences and benefits that this new product provides for enterprises and what pain points does it ease?
PAN-OS 3.0 introduces a couple of new features, which add to the next-generation firewall capabilities mentioned above.
First, PAN-OS 3.0 introduces QoS/traffic shaping as a policy responseadding priority and bandwidth management to an array of policy responses to applicationswhich include allow, deny, allow for certain users, allow certain application functions, allow but scan for threats or confidential data transmission, and now, shape. This flexibility in policy response enables organisations to embrace new applications and realise their benefits, but still manage the risks associated with those applications.
Second, PAN-OS 3.0 introduces an SSL VPN remote access capability. Traditional SSL VPN customers previously had to choose between two different architectureseasy to use, no control (secure network extension architecture) or high control, difficult to deploy (portal/extranet architecture). With our SSL VPN, customers can have the best of both worlds. It is a secure network extension architecture, so its easy to use, but uses our next-generation firewall technologies, so enterprises have control over what applications and content users can transact over the SSL VPN, by user.
How do these 'next generation firewalls enable enterprises specifically to embrace Web 2.0?
Web 2.0 applications (that is, instant messaging, Facebook, Skype, P2P file sharing, SSL based applications) are the primary vector for threats in todays world. Eighty per cent of the SANS Top 20 Threats are application-level threats. That said, organisations need to be able to use many of these applications. Because they enable a business process, they enable employees to be more productive, or the organisation to have the right work environment. Our next generation firewall uses a more flexible, finer grained response to applications (mentioned previously) beyond just block/allow, enabling organisations to embrace applications while managing risk.
Sign up for CIO Asia eNewsletters.