Palo Alto Networks - Web 2.0
Web 2.0 applications are a way of life for numerous firms, but protecting against data loss due to them is challenging. Whether it's blocking or allowing applications such as Facebook, YouTube, LinkedIn, Pandora, Palo Alto Networks gives you true application visibility. Looking beyond the ports, but the applications themselves and allowing granular control by application, user or group and then adding bandwidth provisioning and shaping as well. Maybe Facebook is used by the company for corporate communications, but you want to disallow Facebook games and other apps like Farmville or Mafia Wars.
Legacy port-based firewalls are ineffective at identifying and controlling applications because of their reliance on port and protocol as a means of traffic classification. Most applications are capable of bypassing using a variety of techniques such as tunneling another application, sneaking across port 80, hopping ports or using SSL. The lack of visibility and control means that port-based firewalls are no longer the central control point of the security infrastructure.
In order to restore the firewall as the strategic center of the security infrastructure, Palo Alto Networks developed a traffic classification technology that accurately identifies the applications, irrespective of port, protocol, SSL, or evasive tactic. The result is App-ID™, a patent-pending traffic classification technology that enables administrators to determine exactly which applications are running on their network.
Whereas port-based firewalls use only one mechanism of traffic classification, App-ID goes well beyond any other network security technology available, inspecting all of the traffic passing through the firewall, with one or more of identification techniques – including application protocol detection and decryption, application protocol decoding, application signatures, and heuristic analysis. The application identity is then used as the basis of the security policy.
Now, rather then react to the discovery of a strange application by summarily blocking it, the administrator can take a more balanced and informed approach by learning more about the application and then safely enabling its usage or blocking it based on the security risks. With App-ID, IT can now:
Stop using Security 1.0 solutions for a Web 2.0 world!
Watch video below for example of using Palo Alto Networks to block or do granular security of Facebook.
Legacy port-based firewalls are ineffective at identifying and controlling applications because of their reliance on port and protocol as a means of traffic classification. Most applications are capable of bypassing using a variety of techniques such as tunneling another application, sneaking across port 80, hopping ports or using SSL. The lack of visibility and control means that port-based firewalls are no longer the central control point of the security infrastructure.
In order to restore the firewall as the strategic center of the security infrastructure, Palo Alto Networks developed a traffic classification technology that accurately identifies the applications, irrespective of port, protocol, SSL, or evasive tactic. The result is App-ID™, a patent-pending traffic classification technology that enables administrators to determine exactly which applications are running on their network.
Whereas port-based firewalls use only one mechanism of traffic classification, App-ID goes well beyond any other network security technology available, inspecting all of the traffic passing through the firewall, with one or more of identification techniques – including application protocol detection and decryption, application protocol decoding, application signatures, and heuristic analysis. The application identity is then used as the basis of the security policy.
Now, rather then react to the discovery of a strange application by summarily blocking it, the administrator can take a more balanced and informed approach by learning more about the application and then safely enabling its usage or blocking it based on the security risks. With App-ID, IT can now:
- Improve network visibility by accurately identifying application traffic irrespective of port and protocol.
- Enhance security by dictating access rights based upon the actual application traffic as opposed to simply the port and protocol.
- Increase malware prevention effectiveness by narrowing down the number of unauthorized applications traversing the network.
Stop using Security 1.0 solutions for a Web 2.0 world!
Watch video below for example of using Palo Alto Networks to block or do granular security of Facebook.