Attacks/Breaches
11/14/2012
05:21 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Palo Alto Networks Rolls Out Virtualized, Other Firewalls

New products are supported by the release of PAN-OS 5.0

SANTA CLARA, Calif., November 13, 2012--Palo Alto Networks&trade (NYSE: PANW), the network security company, today announced several new products that extend its lead in next-generation network security by addressing today's mixed virtualized and physical enterprise networks and, for the first time, enabling enterprises to not only detect but also prevent modern malware.

Today's announcement marks the largest product launch in the history of Palo Alto Networks, which includes first-ever releases of four new products:

The launch of the VM-Series – a virtualized next-generation firewall platform that brings next-generation network security into the virtualized data center environment

The launch of the WildFire modern malware prevention subscription which sets the bar for the market which until now has only been focused on detection

The launch of the PA-3000 Series – a new, midrange next-generation firewall hardware platform

The launch of the M-100 appliance – a dedicated high-performance management appliance

All of these newly unveiled products are supported by the release of PAN-OS 5.0, which also introduces 60 new features focusing on solving unique network securityproblems in cloud environments, scaling and simplifying network security management in large enterprise environments, enhanced IPv6 capabilities and increased control for managing the growing amount of SSL traffic in the enterprise.

"Enterprises are struggling with major changes in the infrastructures they must secure, and what they must protect those infrastructures from," said Lee Klarich, vice president of product management, Palo Alto Networks. "With this release, we enable next-generation firewalls to help organizations with securing traditional and private cloud infrastructures from a growing array of threats, including unique, modern malware."

Next-Generation Security in the Virtualized Data Center and Cloud

The new Palo Alto Networks VM-Series is a key component in a comprehensive approach to network security in the virtualized data center. Using application-, user-, and content-based next-generation firewall technology, it offers intra-host safe enablement of data center applications regardless of port or protocol. PAN-OS 5.0 adds significant management capabilities to the virtualized data center solution, such as allowing enterprises to tie user and app-based policies to virtual machine or serverdeployments via cloud automation or orchestration tools. Furthermore, a newfeature, dynamic objects, allows security policies to follow virtual machines even when live-migration technologies move those VMs between hosts. PAN-OS 5.0 and the VM-Series enable IT to efficiently secure the infrastructure, both physical and virtual with a common policy and management approach.

Safe enablement of applications in the virtualized data center, combined with the ability to secure intra-host traffic, integration with migration technologies and orchestration and automation tools, all under one policy and management approach gives Palo Alto Networks customers a comprehensive and flexible solution tosecuring their virtualized data centers and private cloud infrastructures.

"We are pleased to be working with Palo Alto Networks to deliver on the vision of the software-defined data center," said Hatem Naguib, vice president, Networking and Security, VMware. "Palo Alto Networks Next-Generation Firewall VM-series integrated with VMware vSphere® helps our shared customers accelerate their adoption of virtualization while addressing their security and compliance needs."

New Threat Prevention Updates

Today, Palo Alto Networks begins offering a subscription service for WildFire, thecompany's cloud-based modern malware prevention service. The new service gives subscribers one-hour response times for the delivery of modern malware signatures, and integrated, on-box logging and reporting. The enhanced response time will ensure that the damage caused by "zero-day" malware and targeted attacks are mitigated for Palo Alto Networks customers.

The analysis and notification portion of WildFire will continue to be offered as a free service to all Palo Alto Networks customers. WildFire uses the inherent advantages of Palo Alto Networks Next-Generation Firewalls to find modern, never-before-seen malware across all applications, not just web and email. To date, WildFire has discovered more than 70,000 new malware files that had not been identified by existing anti-malware solutions.

"The modern malware landscape is very challenging for legacy threat prevention solutions," said Nir Zuk, founder and chief technology officer, Palo Alto Networks. "Data collected by WildFire shows that new malware spreads fast, uses evasive techniques to hide from traditional security solutions and is oftenused in the early stages of a persistent attack. Providing industry-leadingresponse times, combined with our control over applications, users, and content, is an innovative approach that gives our customers a much more comprehensive level of protection from targeted attacks."

New Midrange Next-GenerationFirewall

The new PA-3000 Series Next-Generation Firewall expands the options for enterprise customers looking for a mid-range next-generation firewall that has the same level of application-, user-, and content-based control as existing data center and remote office solutions from Palo Alto Networks. The PA-3000 Series is comprised of the PA-3020 and PA-3050 Next-Generation Firewalls, and delivers full next-generation firewall capabilities at up to 4 Gbps of App-ID throughput.

New High-Performance Management Appliance

On the management front, the new M-100 management appliance offers an easy to deploy, high-performance, dedicated appliance for the Palo Alto Networks Panorama management system, which offers global, centralized control over a network of Palo Alto Networks Next-Generation Firewalls. The M-100 also introduces distributed log collection capability for large-scale enterprise deployments.

"So-called 'advanced attackers' are only as advanced as they need to be. If you leave the front door open, they don't need to sneak in through the ventilation ducts," said Mike Rothman, analyst and president, Securosis. "You need to take a different and more creative view of defensive tactics, whileensuring you execute flawlessly -- because even the slightest opening provides opportunity for attackers."

Availability

Palo Alto Networks VM-Series, PA-3000 Series, M-100, and WildFire subscription are all available for order immediately. PAN-OS 5.0 is a free upgrade for customers on maintenance. For more information on pricing for Palo Alto Networks VM-Series, PA-3000 Series, M-100 and WildFire, contact your local reseller or visit http://www.paloaltonetworks.com/.

About Palo Alto Networks Next-Generation Security Solution

Palo Alto Networks has pioneered the next generation of network security with its innovative platform that allows you to secure your network and safely enable the increasingly complex and rapidly growing number of applications running on your networks. At the core of this platform is its Next-Generation Firewall(NGFW), which delivers visibility and control over application, users, and content within the firewall using a highly optimized hardware and software architecture.

This platform offers you the ability to identify, control, and safely enable applications while inspecting all content for all threats in real time. ThePalo Alto Networks NGFW platform can address a broad range of your network security requirements, ranging from the data center to the network perimeter to the far edges of the enterprise, which includes branch offices and mobile devices. To find out more about the company's product portfolio, please visit http://www.paloaltonetworks.com/products/overview/.

About Palo Alto Networks

Palo Alto Networks&trade is the network security company. Its innovative platform allows enterprises, service providers, and government entities to secure their networks and safely enable the increasingly complex and rapidly growing number of applications running on their networks. The core of the Palo Alto Networks platform is its Next-Generation Firewall, which delivers application, user, and content visibility and control integrated within the firewall through its proprietary hardware and software architecture. Palo Alto Networks products and services can address a broad range of network security requirements, from the data center to the network perimeter, as well as the distributed enterprise, which includes branch offices and a growing number of mobile devices. Palo Alto Networks products are used by more than9,000 customers in over 100 countries. For more information, visit http://www.paloaltonetworks.com.

Palo Alto Networks, "The Network Security Company," the Palo Alto Networks Logo, App-ID, GlobalProtect, and WildFire are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong totheir respective owners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web