Organizations are using a wider array of Internet-based, consumer-oriented applications for cultural reasons, or to improve efficiency, foster customer intimacy, or speed up business processes. Security technologies have retained an outmoded "block or allow" model, lacking the granularity and intelligence to recognize and appropriately control these new applications. According to Gartner, Inc., "Through 2012, enterprises that take a 'block or ignore' stance toward employee use of consumer IT will incur security incident costs two to four times those of enterprises that use 'embrace or contain' strategiesSecurity companies selling products that take simple block-all approaches will need to develop capabilities that support more-granular security controls."1
PAN-OS 3.0 introduces traffic shaping in the firewall, enabling enterprises to ensure that priority is given to business critical functions. Palo Alto Networks' application visibility and fine-grained control capabilities are unique in the industry in offering organizations the widest array of flexible policy responses to applications " including allow, deny, allow for certain users or functions, threat scanning, and now shape. Administrators are able to manage the bandwidth consumed by applications, as well as their priority " all in firewall policy, instead of simply killing applications or having no visibility or control over them. According to the latest Application Usage and Risk Report (April, 2009), in a sample of actual application traffic from more than 900,000 users, more than half of the bandwidth was being consumed by 28 percent of the applications, most of which were consumer oriented.2
"Being a public university, at West Virginia University we cannot block applications used by faculty, staff and students, but we need to make sure the applications are safe," said Stephen Belcher, Assistant Director of Network Operations at West Virginia University. "Palo Alto Networks shines in identifying applications and ensuring they are safe for our environment. Its fine-grained controls are incredible. We are now very excited about Palo Alto Networks' new traffic shaping capabilities. With this new release, we can ensure that our critical applications get the highest priority on our network. We will also be able to simplify our network architecture, saving us money."
Rapidly responding to customer requirements, PAN-OS 3.0 also adds SSL VPN functionality, which employs the easy-to-use secure network extension model but extends the company's full complement of industry-leading visibility and control over users, applications and content. Previously, enterprises have had to choose between an open VPN approach that was simple and cost-effective, or a high-control extranet portal approach that was expensive and complex.
Adding these computing-intensive features while retaining enterprise-grade performance is made possible only through Palo Alto Networks' single pass parallel processing (SP3) architecture " which couples a single-pass packet path with specialized, function-specific hardware processing. The QoS features in PAN-OS 3.0 enable organizations to shape and prioritize traffic based on application with multi-gigabit throughput, due to the single pass software married to hardware accelerated queuing. Similarly, the new SSL VPN capabilities in PAN-OS 3.0 enjoy the benefits of application visibility and control, coupled with specific SSL hardware acceleration.
"Applications aren't threats, but they do carry risk," said Chris King, Palo Alto Networks director of product marketing. "As a firewall, Palo Alto Networks uses a positive security model which offers organizations the flexibility they need to embrace new applications, and yet still manage risk " going beyond the outdated 'find it and kill it' model that many other security technologies are based on."
Pricing and Availability The new functionality in PAN-OS 3.0, including the SSL VPN and QoS functionality, is delivered at no charge to customers with current software maintenance contracts. PAN-OS 3.0 is available for download later this month.
About Palo Alto Networks Palo Alto Networks is the leader in next-generation firewalls, enabling unprecedented visibility and granular policy control of applications and content " by user, not just IP address " at up to 10Gbps with no performance degradation. Based on patent-pending App-ID technology, Palo Alto Networks firewalls accurately identify and control applications " regardless of port, protocol, evasive tactic or SSL encryption " and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, please visit www.paloaltonetworks.com.