Palo Alto Networks Next Generation Firewall helps enterprises keep up with the rapidly changing application and threat landscape, while offering maximum visibility and protection.
Fundamental shifts in the application and threat landscape, user behavior, and network infrastructure have made the security that traditional port-based firewalls less reliable. In addition, the variable of mobility in large IT organizations now requires network access from a variety of types of devices. This is not to mention data center expansion, virtualization, and cloud-based initiatives that are constantly changing. With a Palo Alto Networks Next-Generation Firewall, enterprises will be better equipped to deal with these issues, providing a safer and secure IT environment.
Today’s applications can easily bypass a port-based firewall, therefore the traditional port-based approaches are no longer sufficient. Palo Alto Networks App-ID helps address these vulnerabilities by applying multiple classification mechanisms to incoming traffic, independent of the port or encryption type.
This shifts the focus away from blocking ports to having exact knowledge of which applications are traversing your network. With Palo Alto Networks App-ID, organizations can now make security policy decisions based on applications, which is a much more secure approach. If unidentified applications enter your network, they can be automatically categorized for systematic management and further inspection if necessary.
One of the key benefits of a Palo Alto Networks security implementation is that it fits either hardware or virtualized form factors. Palo Alto Networks Panorama gives organizations the ability to have a centralized management system to gain visibility into traffic patterns, deploy policies, generate reports, and deliver content updates from a central location.
Creating and managing security policies based on the application and the identity of the user, regardless of device or location, is a more effective means of protecting your network than relying solely on ports and IP addresses. Palo Alto Networks integrates with a wide variety of enterprise user repositories and can help you identify users on Windows, Mac, Linux, Android, or iOS devices.
Users who are traveling or working remotely are seamless protected with the same, consistent policies that are in use on the local, or corporate network. The combined visibility and control over a user’s application activity means you can safely enable the use of Oracle, BitTorrent, or Gmail, or any other application traversing your network, no matter where or how the user is accessing it.
To protect today’s modern network, known exploits, malware, and spyware, in addition to unknown and targeted threats, must all be addressed properly. The application-based paradigm of the Palo Alto Networks Next-Generation Firewall allows organizations to reduce these network attacks by creating specific application-based policies that have the capability to deny all non-approved applications.
Custom or unknown malware can be actively analyzed by executing the unknown files in a virtualized sandbox environment. The Palo Alto Networks Next-Generation Firewall then cross-references these files against a list of over 100 malicious behaviors. If the files are indeed malicious, a signature for the infected files is automatically generated and delivered to you. This comprehensive threat analysis method also uses full application and protocol context, make sure that threats are always caught, even if they attempt to hide from security in tunnels, compressed content, or non-standard ports.
