SAN JOSE, Calif. -- Palo Alto Networks today announced immediate availability of its PA-4000 Series, a next-generation firewall that gives organizations unmatched visibility into, and policy control over, applications flowing in and out of their networks. The PA-4000 Series is based on patent-pending traffic classification technology which enables the accurate identification of hundreds of applications that pass undetected though traditional firewalls. Organizations that deploy this technology can benefit from improved policy compliance, enhanced threat mitigation and lower operational costs.
Palo Alto Networks was founded by security industry visionary Nir Zuk, one of the creators of the stateful inspection technology upon which todays multibillion dollar firewall industry is based. Zuk previously served as CTO at NetScreen Technologies and as principal engineer at Check Point Software Technologies. He has been joined at Palo Alto Networks by industry veterans from Check Point, NetScreen, McAfee, Blue Coat Systems, Cisco Systems and Juniper Networks. The company also announced today that it has secured $18 million in Series B financing from Globespan Capital Partners, Greylock Partners and Sequoia Capital. This brings total financing to $28 million. (See Release: Palo Alto Networks Raises $18 Million in Series B Financing)
Redefining the Firewall as the Policy Control Point for Application Access and Usage
Corporate end users are installing a new generation of applications for both personal and business use that have been designed to avoid network detection by legacy firewalls. Incremental responses to this application visibility and control dilemma from function-specific security appliances to IDS/IPS bolt-ons added to existing firewalls have proven to be ineffective. These approaches tend to suffer from poor performance, increased management complexity and limited application visibility. In addition, most offer control at a simplistic level of permit/deny only.
A new approach is required one with an architecture built from the ground up with application identification at its core. Such an approach can identify social networking, Software-as-a-Service, instant messaging, soft phones, webmail, P2P and other emerging applications, including those that are SSL encrypted, without compromising end-user performance.
Web applications, in particular those encrypted with SSL, are increasingly blinding traditional security inspection safeguards, said Greg Young, Research Vice President, Gartner. Current-generation firewalls are only a partial solution because they dont provide the required granular level of visibility and control to help manage application traffic. In order to become more efficient and effective, firewalls must go beyond port/protocol identification to deliver a service view of traffic and provide deep inspection on all traffic rather than a percentage of it. This is like only reading postcards and ignoring the contents of letters and packages.