A whole new generation of applications populates your enterprise network. Using Web 2.0, service-oriented architecture and other platforms, creators designed these business and personal applications to evade detection by existing firewalls. And for good reasons: to simplify widespread user access and speed implementation cycles. The downside is that your IT departments can’t identify or control the applications that are flowing in and out of the network. The risks are substantial.
IP Addresses ≠ Users
Packets ≠ Content
Until now, organizations have offset those risks using add-on network scanning devices. Latency created by this process called for more devices to accelerate traffic, compress and shape data packets. The strategy introduced new costs and complexity.
Traditional firewalls from Check Point Software, Cisco and Juniper Networks block or allow network traffic based on ports and IP addresses--a process called Stateful Inspection. They can’t distinguish among the many Web applications running through ports 80 and 443. The technology is more than a dozen years old and new applications bypass it with relative ease.
In addition, IP addresses don’t equal users. The server dynamically assigns an address when a user logs onto the network. The result is firewalls deployed with generic policies for all users because there is no way to distinguish individuals.
Palo Alto Networks' revolutionary next-generation firewalls enable enterprises to see and control applications, users and content. They empower enterprises to create granular, business-relevant security policies and safely control new applications as business enablers instead of the block-or-nothing approach offered by traditional port-blocking firewalls. More...
Next-generation Firewall Technology...
Effect of Next-gen Firewall on Network Performance...
Request a Palo Alto Networks Product Evaluation...
