Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Palo Alto Networks brings user-specific application visibility and policy enforcement to next-gen firewall
2 Min Read
NEW YORK -- Palo Alto Networks today announced a major enhancement to the PAN-OS software running on the PA-4000 Series next-generation firewall. The new capabilities make the PA-4000 Series the first enterprise firewall to transparently integrate with Microsoft Active Directory, enabling visibility into application usage by individual user names or groups. As a result, enterprises can centrally define and deploy granular, user-specific policies that greatly tighten information security and compliance, without impeding the business.
In contrast to legacy firewalls that can only define policies based on IP addresses, Active Directory integration further extends the PA-4000 Series to now provide integrated visibility and control of users, applications, and threat activity.
Transparent and Consistent User Identification
Legacy firewalls were designed to define policies based on source and destination IP addresses for controlling access to servers with a small number of fixed IP addresses. However, due to the dynamic IP address assignment as part of the Dynamic Host Configuration Protocol (DHCP), it is not an effective means for controlling users.
By transparently integrating with Microsoft Active Directory, the PA-4000 Series is the first enterprise firewall to enable mapping of user names and groups to security policies without requiring the use of client software or additional authentication steps by the end user. The Palo Alto Networks solution requires no changes to the Active Directory server or to the end user PCs.
This integration manifests itself through the PA-4000 Series Application Command Center (ACC), which provides a real-time display of application traffic flowing across the network – now by user or group name. From this, enterprises can use the ACC’s rules-based editor to create, review and deploy more targeted application usage policies.
“In every company in the world users install and use applications that are not approved by IT, which makes it challenging to establish uniform security and compliance policies,” said Jeff Wilson, Principal Analyst, Network Security, Infonetics Research. “Establishing application visibility and control based actual user identity, not just IP address, is an important feature in next-generation firewalls.”
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
