- 10 open source companies to watch
- Mythbuster busts his own tale
- $208 million petascale computer gets green light
- Sony recalls 73,000 Vaio laptops
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Palo Alto Networks is a start-up with a big goal: replacing traditional network-layer perimeter firewalls altogether.
The company expects most customers will first install its PA-4000 series, next-generation firewalls to supplement their existing firewalls. Then, as users come to trust Palo Alto over time, they will swap out their old firewalls.
PA-4000 devices perform deep packet inspection on traffic originating in business networks that is perhaps destined for servers outside the company. The devices identify what applications are running on the network and apply filters based on them.
|
|||||||||||||||||||
Traditional firewalls from Check Point Software, Cisco and Juniper Networks identify applications by the protocols and ports they use, so they cannot distinguish among the many Web applications running through ports 80 and 443, says Rob Whiteley, an analyst with Forrester Research. The Palo Alto gear can distinguish particular applications within Web traffic and filter them.
PA-4000 appliances, for example, can distinguish between Yahoo Mail and corporate e-mail and allow both but block attachments from the Yahoo Mail, Palo Alto says.
Traditional firewall vendors lash together their firewalls and intrusion-prevention systems (IPS) in single devices to offer features similar to those in PA-4000s, says Greg Young, a research vice president with Gartner. These products are not truly integrated, however, he says. Rather, the firewalls and IPSs within these devices pass traffic back and forth and perform their separate functions.
Palo Alto gear can proxy SSL traffic, terminating and decrypting sessions so the content can be inspected and filtered. Traditional firewalls and IPSs that don’t decrypt SSL have no way of screening the content. “IPSs and firewalls are blind to SSL,” says Young. “And SSL traffic is increasing.”

Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...

Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...

We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (4)
Yeah, I like this - new wayBy Anon on July 7, 2008, 4:46 pmYeah, I like this - new way to do things. Just like Tipping Point: let's switch off security once the box is loaded this way we can push really tons of data through...
Reply | Read entire comment
B.S. ???By Anonymous on March 13, 2008, 9:59 amThe same was said about Tippingpoint. There is always a new way to do things. It just needs to be found. Most of these vendors are support IPv6 in FW and do or will...
Reply | Read entire comment
I call BS too.By Anonymous on June 22, 2007, 1:05 pmDeep packet inspection like Packet Motion and other startup companies try to do will wane. And as IPv6 comes on line, looking into packets will become harder and...
Reply | Read entire comment
Nothing new in Palo Alto firewallBy Anonymous on June 22, 2007, 12:31 pmI call B.S.! Most current "legacy" firewalls can easily do what these guys do, and outbound SSL cannot be inspected unless this device is performing a man-in-the-middle...
Reply | Read entire comment
View all comments