Palo Alto Networks Brings User-Specific Application Visibility and Policy Enforcement to Next-Gen Firewall
Posted on: Monday, 22 October 2007, 09:00 CDT
Palo Alto Networks today announced a major enhancement to the PAN-OS software running on the PA-4000 Series next-generation firewall. The new capabilities make the PA-4000 Series the first enterprise firewall to transparently integrate with Microsoft Active Directory, enabling visibility into application usage by individual user names or groups. As a result, enterprises can centrally define and deploy granular, user-specific policies that greatly tighten information security and compliance, without impeding the business.
In contrast to legacy firewalls that can only define policies based on IP addresses, Active Directory integration further extends the PA-4000 Series to now provide integrated visibility and control of users, applications, and threat activity.
Transparent and Consistent User Identification
Legacy firewalls were designed to define policies based on source and destination IP addresses for controlling access to servers with a small number of fixed IP addresses. However, due to the dynamic IP address assignment as part of the Dynamic Host Configuration Protocol (DHCP), it is not an effective means for controlling users.
By transparently integrating with Microsoft Active Directory, the PA-4000 Series is the first enterprise firewall to enable mapping of user names and groups to security policies without requiring the use of client software or additional authentication steps by the end user. The Palo Alto Networks solution requires no changes to the Active Directory server or to the end user PCs.
This integration manifests itself through the PA-4000 Series Application Command Center (ACC), which provides a real-time display of application traffic flowing across the network -- now by user or group name. From this, enterprises can use the ACC's rules-based editor to create, review and deploy more targeted application usage policies.
"In every company in the world users install and use applications that are not approved by IT, which makes it challenging to establish uniform security and compliance policies," said Jeff Wilson, Principal Analyst, Network Security, Infonetics Research. "Establishing application visibility and control based actual user identity, not just IP address, is an important feature in next-generation firewalls."
"Just as ports no longer accurately identify applications, IP addresses are not sufficient to identify users," said Steve Mullaney, Vice President, Marketing, Palo Alto Networks. "With the latest functionality in PAN-OS, we've enabled optimal security and compliance for today's application landscape by giving IT the tools required for granular visibility and policy control down to the user level."
Members of the media and analyst communities interested in meeting with Palo Alto Networks and/or seeing a product demonstration are encouraged to visit Palo Alto Networks at INTEROP, booth #938.
Pricing and Availability
The new capabilities are available immediately in the PAN-OS software. Existing Palo Alto Networks customers with support contracts may upgrade at no cost to receive the updated functionality.
About Palo Alto Networks
Palo Alto Networks™ enables visibility and policy control of applications running on enterprise networks. Based on innovative App-ID™ application classification technology, the Palo Alto Networks PA-4000 Series next-generation firewall accurately identifies applications -- regardless of port, protocol, evasive tactic or even SSL encryption -- at 10Gbps with no performance degradation. Enterprises can now set and enforce user-based application usage policies to meet compliance requirements, improve threat mitigation and lower operational costs. The Palo Alto Networks team includes security and networking industry veterans from Check Point, NetScreen, McAfee, Cisco and Juniper. It is backed by investors Globespan Capital Partners, Greylock Partners and Sequoia Capital. For more information, visit www.paloaltonetworks.com.
Palo Alto Networks, the Palo Alto Networks Logo, App-ID and PAN-OS are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
Source: Business Wire
Related Articles
- DTE Energy Deploys Palo Alto Networks Next-Generation Firewalls for Improved Security and Productivity
- Shasta County Deploys A10 Networks AX Series to Scale Application Delivery for Government Sector
- Florence County Selects A10 Networks AX Series to Scale Application Delivery for Government Sector
- Raritan Introduces Dominion PX-4000 Series Intelligent Rack PDU for Measuring and Monitoring Energy Use of Blade Servers
- Palo Alto Networks Raises $27 Million in Series C Financing
- Cavium Networks OCTEON Powers Palo Alto Networks' PA-4000 Series, Best of Interop Grand Prize Winner
- Arbor Networks Peakflow SP 4.0 Delivers an Unmatched Combination of Network-Wide Security, Visibility, Traffic Analysis and Mitigation
- Palo Alto Networks Raises $18 Million in Series B Financing
- F5 Networks to Present at Wedbush Morgan Securities' Fifth Annual Institutional Investor Conference and the Bank of America 2007 Smid Cap Conference
- Zeus and AEP Networks Partner to Offer Scalable and Secure Remote Application Access
 |
 |
User Comments (0)
RSS Feeds