Palo Alto Networks

Founded by security visionary Nir Zuk, Palo Alto Networks offers real innovation in the firewall by enabling unprecedented visibility and control of applications and content – by user, not just IP address – at up to 10Gbps with no performance degradation. Based on patent-pending App-ID™ technology, our next generation firewalls accurately identify applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. www.paloaltonetworks.com Become a Palo Alto Networks Partner!!   Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. It's Time to Fix the Firewall. Request a 30-day onsite evaluation of Palo Alto Networks next generation firewalls today!   Firewall Solutions Overview By "fixing the firewall," Palo Alto Networks next-generation firewalls solve a variety of customer problems – while often simplifying enterprise infrastructures. With the ability to control applications, users, and content at the firewall, customers realize improvements in security, performance, and cost.     High Performance Data Center Firewall The data center has always been the heart and soul of the enterprise, acting as the location that touches all business applications and transactions. At one time, data center applications were restricted to internal networks where ample bandwidth was available, and delays or latency issues had little or no effect on business. Times have changed in several respects. Data center applications must now deal with traffic from internal and external sources and the transaction size has shrunk – due to the HTTP-centric nature of most applications. Unlike ever before, the nature of the business today is online and real-time -- latency, performance degradation or unplanned outages are unacceptable. These traffic characteristics, combined with the need to protect applications against vulnerability exploits, place an unprecedented strain on existing security infrastructure in terms of performance. Simply put, today's port-centric, cobbled-together solution alternatives cannot keep pace. Palo Alto Networks' next generation firewall addresses these issues with the SP3 Architecture which combines single pass software with parallel processing hardware to deliver the perfect mix of raw throughput, transaction processing and vulnerability protection  that today's high performance data centers require. LEARN HOW IT WORKS: Watch a demo to see how Palo Alto Networks restores visibility and control. more... Device Consolidation For enterprise IT security organizations, the continued evolution of applications and threats, coupled with the stagnation of traditional network security technology has resulted in a loss of visibility and control. So organizations cannot safely enable new applications effectively, and they are exposed to rising levels of risk due to increasingly evasive applications and threats. Palo Alto Networks next-generation firewalls fix the problem – giving organizations visibility and policy control of applications, users, and content in a firewall. By fixing the firewall, many organizations have been able to reduce the number of security devices in their networks substantially, saving both capital expenditures and operations costs. more... Simplify PCI Compliance Achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) means that a 3rd party has performed an on-site audit of the policies and procedures that are in place to protect the cardholder data. The scope of the audit includes any and all parts of the network that may touch or carry card holder data. The October 2008 update of the PCI DSS documentation states that companies can reduce the PCI audit scope using network segmentation to isolate the cardholder data in a secure segment. The result can be an acceleration of compliance and a reduction in the cost and complexity of a PCI audit because only the portion of the network holding the cardholder data needs to be audited. WHITE PAPER: How to Dramatically Reduce the Cost and Complexity of PCI Compliance Many technologies can be used to achieve network segmentation, but Palo Alto Networks is the only firewall that enables policy-based control over applications, users and content that can access the cardholder data. more... Data Leak Prevention Numerous examples of data leaks continue to make headlines, and data leak prevention (DLP) technologies are touted as a panacea. Unfortunately, given the scope, size, and distribution of most enterprise datasets, many DLP projects are proving slow to progress. For most organizations, controlling the applications most often used to leak sensitive data and stopping unauthorized transmission of credit card and social security numbers is what they are really worried about. Having that control at trust boundaries is ideal – whether the boundary is between inside and outside or internal users and internal resources in the datacenter – the firewall sees all traffic. Unfortunately, legacy port-blocking firewalls can't do anything about any of this – being ignorant of applications, users and content. Palo Alto Networks next-generation firewalls incorporate three key technologies that enable enterprise customers to incorporate some of the most commonly needed DLP functionality at their network perimeter – easily, and without adding more appliances. App-ID™ , User-ID , and Content-ID , coupled with multi-gigabit next generation firewall platforms based on Palo Alto Networks SP3 Architecture offers immediate relief to the most common data leakage pain (SSN/CC moving over unauthorized applications), allowing enterprises to complete their large scale DLP projects at their leisure. more... Application Visibility and Control Applications that are capable of evading port-based firewalls are pervasive throughout enterprise networks, introducing a wide range of productivity, security and compliance issues. Attempts to regain control by bolstering the firewall with IPS, URL filtering or proxies have achieved little success. The reason is that none of these offerings are capable of seeing all the traffic on the network nor are they designed to act as the firewall, identifying and controlling all manner of applications, irrespective of port, protocol, evasive tactic or SSL encryption. Palo Alto Networks restores the strategic importance of the firewall as the center of the security infrastructure by identifying and controlling applications, users and content with three unique identification technologies. more... Threat Prevention In order to prevent threats effectively, enterprises need to first reduce the avenues of attack – start controlling which applications run on the enterprise network. Then, enterprises need to scan allowed application traffic for threats more broadly – not limiting themselves to a strict definition of a particular type of threat (e.g., "virus" or "exploit"). Finally, in today's economic environment, organizations need to do it without increasing complexity and cost. Palo Alto Networks next generation firewalls deliver a high performance threat prevention solution. With a low-latency, multi-Gbps platform based on our SP3 Architecture , Palo Alto Networks next generation firewalls: Block “bad” or undesirable applications Scan "good" applications for a wide variety of threats – exploits, viruses, spyware, etc. – with a single pass, stream-based scan Simplify infrastructure with a single policy, high port-count, and high performance more... App-ID Now, rather then react to the discovery of a strange application by summarily blocking it, the administrator can take a more balanced and informed approach by learning more about the application and then safely enabling its usage or blocking it based on the security risks. With App-ID, IT can now: Improve network visibility by accurately identifying application traffic irrespective of port and protocol. Enhance security by dictating access rights based upon the actual application traffic as opposed to simply the port and protocol. Increase malware prevention effectiveness by narrowing down the number of unauthorized applications traversing the network. LEARN HOW APP-ID WORKS: Watch this video to learn more about the patent-pending technology for application identification and classification. more... User-ID As enterprises continue to use Internet- and web-centric applications to aid expansion and increase efficiencies, visibility into what users are doing on the network becomes increasingly important. Dynamic IP addressing across both wired and wireless networks, and remote access by employees and non-employees alike have made the use of IP addresses an ineffective mechanism for monitoring and controlling user activity. Unfortunately, today's port-based firewalls rely heavily on IP addresses as a means of identifying and controlling user activity. Palo Alto Networks User-ID technology addresses the lack of visibility into user activity by seamlessly integrating with Active Directory to dynamically link an IP address to user and group information. With visibility into user activity, enterprises can monitor and control applications and content traversing the network based on the user and group information stored within the user repository. User-ID enables IT to: Regain visibility into user activities relative to the applications in use and the content they may generate. Tighten security posture by implementing policies that ties application usage to specific users and groups, as opposed to simply the IP address. more... Content-ID Accurately identifying the applications traversing the network is only part of the challenge IT departments face with today's Internet-centric environment. Inspecting permitted application traffic at performance levels that satisfy high speed network demands becomes the next significant challenge, and one that is addressed by an innovative technology called Content-ID. Content-ID melds a uniform threat signature format, stream-based scanning and a comprehensive URL database with elements of application visibility to limit unauthorized file transfers, detect and block a wide range of threats and control non-work related web surfing. Content-ID takes full advantage of Palo Alto Networks SP3 Architecture to deliver high performance threat prevention without impeding traffic. more... Single Pass Parallel Processing (SP3) Architecture Palo Alto Networks next-generation firewalls are based on a unique Single Pass Parallel Processing (SP3) Architecture – which enables high-throughput, low-latency network security, even while incorporating unprecedented features and technology . Palo Alto Networks solves the performance problems that plague today's security infrastructure with the SP3 architecture, which combines two complementary components: Single Pass software Parallel Processing hardware The results is the perfect mix of raw throughput, transaction processing and network security that today's high performance networks require. The combination of Single Pass software and Parallel Processing hardware is completely unique in network security, and enables Palo Alto Networks next-generation firewalls to restore visibility and control to enterprise networks at very high levels of performance. more...