Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Learn how to Create a More Efficient Virtualized Data Center Novell

Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

Saying "all security with cisco is shot in the foot" is not a very intelligent thing to say. Name me...- y0da

Join the Discussion

Deep packet inspection protects financial group

Layer 7 firewall from Palo Alto reveals traffic patterns that could indicate unauthorized behavior
By Tim Greene , Network World , 05/08/2008
  • Social Web 
  • Email 
  • Feedback 
  • Close

Western & Southern Financial Group had what it considered defense in depth for its IP network but recognized that there were still ways that sensitive data might leave the network undetected, so it looked for more protection. The company, which manages $47 billion in assets, chose to add Palo Alto Networks' next-generation firewall
to its existing traditional firewall, intrusion prevention system, URL filtering and data-loss prevention gear.

The result is that Western & Southern now has better visibility into traffic leaving the network, says Doug Ross, CTO of the Cincinnati, Ohio financial firm.

Palo Alto’s PA-4000 appliances perform deep packet inspection on traffic originating in business networks that is perhaps destined for servers outside the company. The devices identify what applications are running on the network and apply filters based on them.

Click to see: Diagram of Western and Southern Group's network

Diagram of Western and Southern Group's network

Layer 7 firewalls, sometimes called next-generation firewalls, can parse traffic to the point of detecting content, and traditional firewall vendors are adding intrusion prevention to their products to attain this type of support, analysts say.

“A next-generation firewall needs to look within traffic streams and determine whether this is the traffic I expected,” says Rob Whiteley, an analyst with Forrester Research. The key to protection is peering deep into packets to decide what poses a threat and what doesn’t, not merely on what ports it uses, he says.

Palo Alto, for instance, can detect peer-to-peer traffic such as file sharing and Skype, applications that seek random ports and so are more difficult to block with traditional firewalls. Such applications can be simply unwanted or even dangerous - letting sensitive data leave the corporate network -- and Palo Alto gear can at least reveal that they are running, Ross says, allowing network security staff to deal with them.

“Data-loss prevention doesn’t give you insight into what applications are running out there,” he says.

Western & Southern doesn’t trust the Palo Alto gear yet to enforce policies; it is installed in monitoring mode, he says. “We have found significant value in understanding the geographic and application profiles of our network traffic. Long term, we intend to block,” he says.

1 | 2 | 3 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code