iSecurenet.net

Women's Business Enterprise National Council

Follow iSECURE:

HOME
PRODUCTS
Array Networks F5 FireEye Imperva Kaspersky Lab Palo Alto Networks Procera Networks Q1 Labs Talari Networks Varonis Zenprise
SOLUTIONS
Access Control Application Control Content Control Email Control Endpoint Control File Control Perimeter Control Business Continuity Managed Security Mobile Security Secure Microsoft Exchange Secure Voice Over IP Security Risk Consulting Virtual SIEM Vulnerability & Penetration testing
RESOURCES
Current Security News Threat Post News PaloAlto Application Stats
ABOUT US
About iSECURE News Employment Testimonials
CONTACT
Contact Info Products and Services

Solutions

			Perimeter Control AppID \| UserID \| ContentID \| SP3 Architecture \| Ingress Filtering \| Egress Filtering Palo Alto Networks Next Generation Firewall Most every network has a firewall and anyone who runs a network will acknowledge the need to maintain one. A firewall controls the traffic which enters and leaves the perimeter - it’s the line between "us" and "them". But what is the firewall really doing? Is it protecting servers? Is it protecting users? Is it protecting your network from the actions of your users? Does it provide visibility into how your network is being used, and where the threats may reside? With a Next Generation Firewall from Palo Alto Networks you can answer "yes" to these questions. Palo Alto Networks revolutionary technology brings capabilities to the forefront that don't exist in the common firewall. These technologies include AppID, UserID, ContentID with WildFire, and Single-Pass Parallel Processing (SP3) Architecture. All of these new features work together in a consolidated platform to provide unprecedented visibility and control to the network administrator. Robust IPS and Ingress Filtering protect the datacenter, while powerful Egress Filtering and WildFire Malware Detection protect your organizations user base. Palo Alto Networks is deployed from the small office to the global enterprise. With throughput capacities ranging from the PA-200 rated at 100Mb/s to the PA-5060 rated at 20Gb/s, Palo Alto Networks can scale to any organization’s needs. iSecure has configured and deployed Palo Alto Networks technology into a broad variety of customer environments. We continuously evaluate our manufacturer products, and hold all of our hardware providers to the highest of standards. iSecure has chosen the Palo Alto Networks firewall for use within our own datacenter, and we confidently stand behind our recommendation for its use in your own. return to top AppID AppID - Port based firewalls are no longer effective at controlling the traffic traversing a network. Many applications are capable of using commonly open ports such as port 80, even though they are not typically associated with web browsing. Other applications might tunnel through SSL or use evasive port hopping tactics to bypass a firewall. It is no longer the case that a "Port" is equivalent to an "Application". With AppID technology from Palo Alto Networks, it is now possible to identify these network applications based on their behavior and attributes. Using deep packet inspection Palo Alto Networks goes beyond simple IP header comparison. Decryption, signatures, protocol detection, and heuristics all play a part in the application detection process. With the ability to specifically identify an application, comes an unmatched visibility into how a network is being used. This enhanced visibility provides enhanced control allowing a network administrator to enforce policy based on the actual application in use, as opposed to the much more vague port and protocol. Firewall rules can be written to identify the AppID of a traffic flow then permit the traffic, deny it, or defer the traffic for additional scanning. return to top UserID UserID - A traditional firewall has a concept of source and destination IP address, but no concept of the actual person associated with that IP. Applying UserID to network traffic adds an additional layer of visibility and control that was not available before. Palo Alto Networks integration with Active Directory, eDirectory, and LDAP, offers several methods by which a network flow can be attributed to a username. Once a user is identified, specific policies can be applied based on their username or group membership. The ability to monitor and report upon network activity by personal identity vs. a faceless IP address is invaluable. return to top ContentID ContentID - Layering the ability to perform Malware Detection, Antivirus, IPS, Data Loss Prevention and URL Filtering into the perimeter firewall provides a seamless integration of these technologies into the security infrastructure. This consolidation significantly reduces the investment in training, platform management, and maintenance costs. Another benefit to consolidating security services on a single platform is increased security by reducing the complexity of the security infrastructure and eliminating points at which these controls may be bypassed. WildFire Malware Detection - Palo Alto Networks hosts a cloud-based behavior analysis engine for malware detection. The Palo Alto Networks appliance can upload executable files traversing the network to WildFire for offline analysis and reporting. The WildFire cloud hosts virtual machine sandboxes in which an executable file can be safely run, and its behavior analyzed for 74 different exploit vectors. This analysis and reporting provides intelligence to possible infections and feeds signature generation to prevent further access to the malicious resource. Intrusion Prevention System (IPS) - Palo Alto Networks provides built in vulnerability prevention across the entire platform. The top-rated IPS functionality provided by Palo Alto Networks consistently beats standalone IPS appliances in both performance and block rate. Virus Scanning - Network based virus scanning provides an additional layer of protection beyond host based virus scanning found on the desktop, buy blocking malicious code found in files, email messages, and websites before they reach your PC. URL Filtering - Filter access to websites based on 76+ categories with 180+ million known URLs. Control, monitor, and report on the web browsing activity of your users. URL Filtering policy can be tied in to UserID for complete control within your environment. * Data Leak Prevention (DLP) - Data Leak Prevention provides the network administrator with the ability to trap proprietary and sensitive data before it leaves the network. Palo Alto Networks provides the ability to filter transmission of data based on REGEX, Keyword, or file type. * SSL Decrypt - Palo Alto Networks firewalls have the ability to crack SSL encrypted communications, perform the required analysis, and re-encrypt before passing onward to the recipient. return to top Single-Pass Parallel Processing (SP3) Architecture Single-Pass Parallel Processing (SP3) Architecture - Palo Alto Networks Next Generation Firewalls provide the above functionality while maintaining predictable and low-latency performance. Through the use of dedicated ASIC, Cavium, and FPGA processors, most tasks are accomplished in hardware instead of software. Flow management technologies allow the firewall to perform the entire analysis of a flow with a single pass, as opposed to buffering large portions of a transmission then performing multiple scans in series. This architecture and methodology allows a Palo Alto Networks firewall to operate at its rated throughput, while also utilizing its entire feature set. AppID, UserID, and ContentID can all be utilized within a firewall rule set without the typical slowdowns and latency seen with other Unified Threat Management (UTM) systems. return to top Ingress Filtering and the Datacenter Ingress Filtering - In a datacenter environment, simple port-based filtering has always been enough to control the traffic as it enters your environment and is forwarded to servers. With a Palo Alto Networks firewall, features such as AppID, UserID, and ContentID change the game. AppID - Go beyond allowing port 80 to your web servers, port 53 to your DNS servers, and port 25 to your mail servers. With AppID, you can analyze the inbound traffic for rogue applications. Allow web traffic to your web servers, DNS traffic to your DNS servers, and SMTP traffic to your SMTP servers. UserID - With UserID and the Datacenter, it becomes possible to enforce granular control over administrative access to systems in the DMZ. Instead of allowing full access from Private LANs to potentially sensitive information and services in the Datacenter, a UserID check can be used to permit Webmasters access to the Web Servers, and DBAs access to the SQL servers. ContentID - Top Rated IPS and Anti-Virus functionality protects servers from external attack. In the event of a server compromise, IPS prevents the servers from spreading infections to client machines. Data Leak Prevention scans for and blocks the transmission of sensitive data outside of your secure environment. return to top return to top Egress Filtering and LAN Egress Filtering - It is no longer necessary to be limited by sets of permitted egress ports and a proxy server. With modern Internet applications possessing the ability to use any open port for egress, it become important to subject Internet traffic from the LAN to closer scrutiny. AppID - Detect an application on your network for what it is, not what it appears to be. UserID - Enforce identity-based permissions as users access resources via the network. ContentID - IPS, Virus Scanning, URL Filtering, DLP, and SSL Decryption allow more flexibility when allowing users to access outside data while maintaining safety and security for your organization and IT assets. return to top		Perimeter Control Product White Papers The Application Usage and Risk Report Comparing Palo Alto Networks IPS Comparing Palo Alto Networks with Web Application Firewalls Establishing a Logical Perimeter Global Protect Integrated Threat Prevention Palo Alto Networks In The Data Center: Eliminating Compromise Reducing Costs With Next-generation Firewalls What’s New in PAN-OS 4.1