What sort of costs can be cut, what sort of expenses can be removed, by adopting this next generation firewall?
By fixing the firewall, customers have been able to rationalise other security expenses, often eliminating many of them. All Palo Alto Networks SP3 architecture allows the firewalls to perform multiple networking and security functions. This enables IT organisations to consolidate key security functions into fewer devices, thus greatly reducing IT costs and complexity.
Past deployments have shown that capital costs (for example, equipment purchase) can be cut by as much as 80 per cent, operating costs (for example, support contracts and power) by 65 per cent and soft costs (rack space, training, help desk calls, and so on) can also be reduced. One example: a multinational manufacturer with 30 locations worldwide was able to cut capital costs by US$140,000 per location, and hard operations costs by US$23,000/year per location.
How does this product specifically address the current security threats and how will enterprises notice the difference?
Applications are the major threat vector, for technical threats as well as data leaks. The first thing organisations need to do is manage what applications run on their networks. The second thing is to scan content and manage threats for the allowed applications. If you do step one, step two is a lot easier.
With users installing and using applications that are not approved by IT departments, how difficult is it to establish uniform security and compliance policies?
Managing network security can be a difficult task. Keeping up with the latest threats, monitoring the next hacking trend and dealing with adds, moves and changes can make for a very busy day. Inconsistent security device management mechanisms, and arcane policies that have little relationship to the business only make the administrators life more difficult. The Palo Alto Networks management tools make security policy management a straightforward process, using visualisation tools, common application names and standard security terminology.
More importantly, the policy definition enables an order of magnitude reduction in the number of policies that must be managed. The increased visibility into network activity generated by App-ID, User-ID and Content-ID can help simplify the task of determining which applications are traversing the network, who is using them, and the potential security risk. This enables an easier conversation with the business, because the administrator has good descriptions of both the benefit and the risk.
With a Palo Alto Networks next-generation firewall in place, customers can deploy positive enforcement model policies to block bad applications, protect the business applications and promote the secure use of end-user applications resulting in a more positive employee environment.
What specific case studies can you provide demonstrating how companies are successfully using these next generation firewalls?
Sign up for CIO Asia eNewsletters.