Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/17/2010
08:29 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Palo Alto Networks Resolves New Facebook Social Plug-ins Privacy Concerns

App-ID allows IT security teams to protect their Facebook users against undesired data sharing

SUNNYVALE, Calif., May 5 /PRNewswire/ -- Palo Alto Networks(TM), the network security company, today announced it has released new functionality that enables enterprises to control Facebook Social Plug-ins, empowering users to continue to embrace Facebook while mitigating any privacy concerns. Facebook users in enterprises are susceptible to having their confidential data shared with third parties because of recent changes at Facebook, which cause behavioral data from its users to be made available unless a user explicitly opts out.

The new default Facebook privacy settings are designed to share private and corporate information with advertisers and other third parties. In enterprises, this policy has major implications, as there is no central way for IT security teams to protect their users from the unknown and - in almost all cases - unwanted privacy impact, which involves the sharing of behavioral and website information with Facebook and its advertising customers.

Palo Alto Networks' new App-ID(TM) allows IT security teams to protect their Facebook users against the undesired data sharing while transparently preserving Facebook functionality and not breaking the functionality of other websites that rely on the Facebook Social Plug-ins.

"This is another example of the safe enablement that customers of Palo Alto Networks can uniquely take advantage of; reaping the benefit of social applications, yet mitigating the risks," said Rene Bonvanie, vice president of worldwide marketing at Palo Alto Networks. "For example, an organization might want to enable customer service representatives to use Facebook, the chat function and the messages function, but disable Facebook Applications and Social Plug-ins to mitigate productivity and privacy concerns."

The Palo Alto Networks Application and Threat Research Team actively researches applications. Taking input from the market, application developers and customers, the team aggressively maintains App-ID and the nearly 1,000 applications it identifies, adding three to five applications weekly. Palo Alto Networks' App-ID technology enables a more sophisticated identification than a simple signature, putting decryption, decoders, heuristic analysis, and a rich signature analysis at the team's disposal. Augmented with detailed information about the application's use, behavior, and risks, customers can make informed policy decisions regarding applications.

Next Generation Firewall: How it Works for Facebook

Palo Alto Networks combines three identification technologies to provide visibility and control over Facebook-related functionality, users and content:

-- App-ID identifies exactly which Facebook functionality is running on the network, as well as the associated risks, so administrators can deploy comprehensive application usage control policies for inbound and outbound traffic. -- User-ID integrates with Microsoft Active Directory and LDAP directories to link Facebook use to users and groups - not just IP addresses - for visibility, policy creation, logging and reporting. -- Content-ID combines a real-time threat prevention engine with a comprehensive URL database to detect and block a wide range of threats, limit unauthorized transfer of files and data, enabling customers to scan permitted Facebook traffic for threats and confidential data.

Information on nearly 1,000 applications that are identified by Palo Alto Networks can be found in Applipedia, part of the company's Application and Threat Research Center. Visit the online resource to find the latest news, commentary, and discoveries on applications and threats at http://www.paloaltonetworks.com/researchcenter/.

About Palo Alto Networks

Palo Alto Networks(TM) is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content - by user, not just IP address - at up to 10Gbps with no performance degradation. Based on patent-pending App-ID(TM) technology, Palo Alto Networks firewalls accurately identify and control applications - regardless of port, protocol, evasive tactic or SSL encryption - and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, please visit http://www.paloaltonetworks.com.

Palo Alto Networks, "The Network Security Company," the Palo Alto Networks Logo and App-ID are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26077
PUBLISHED: 2021-05-10
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring...
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.