Network Security

Gain visibility and control of your network traffic. Prevent threats to your critical network infrastructure

Palo Alto Networks’ Approach to Application Visibility and Application Control

By “fixing the firewall,” Palo Alto Networks’ enterprise firewalls solve a variety of customer problems – while often simplifying enterprise security infrastructures. With the ability to control applications, users, and content at the enterprise firewall, customers realize improvements in security, performance, and cost. With Palo Alto Networks award-winning enterprise firewall technologies, organizations regain the application visibility and application control often sought, but rarely achieved with complex, expensive, traditional security infrastructures, ultimately preventing threats.

Identify and Control Applications:

Regain control over the applications on your network – good, bad, and evasive – with user-based policies.

Application Visibility

Application visibility is critical to understanding network risks and to achieving application control. Application visibility, from Palo Alto Network’s next-generation firewalls gives customers the ability to see streaming audio and video, file sharing, collaboration, and social networks; just a few types of applications that are capable of hopping from port to port, using encryption and non-standard ports all as a means of evading traditional firewalls. The business value these applications provide varies widely, but without application visibility and control, all of them introduce a range of risks including loss of productivity, compliance issues, threat propagation and data leakage.

Application Control

Application control is as critical as identifying the applications. Attempts at regaining application control by bolstering the port-based firewall with intrusion prevention systems (IPS), URL filtering or proxies have been exercises in futility. None of these offerings are capable of seeing all the traffic on the network nor are they designed to act as the most strategic security element on the network – the firewall. Palo Alto Networks’ is restoring the firewalls’ strategic importance as the center of the security infrastructure with a family of next-generation firewalls that identify and control applications, users and content. Visibility and application control over the network is enabled by three unique technologies used in Palo Alto Networks’ next-generation firewall: App-ID, User-ID and Content-ID.


Customers around the world are regaining visibility and application control by deploying the Palo Alto Network’s next-generation firewalls in a wide range of network locations that include the perimeter, the DMZ, internally for network segmentation and in the datacenter.

Prevent Threats:

Stop bad applications. Scan allowed applications for all types of threats. Do it at multi-Gbps speeds.

Threat Prevention

A recent SANS Top 20 Threats list indicated that of the top 20 threats enterprise IT security groups should be concerned about, 80% were application-level threats. Further compounding the issue, threats come in more and more flavors, are multi-vector, and resist traditional definitions (e.g., virus, exploit, or worm).

Threats to an organization can take many forms. They can target an application, or can be carried by an application. The traditional defense mechanisms – firewalls and IPS/IDS – cannot effectively control applications, and can’t recognize the variety of threats targeting the applications anyway – since IPS/IDS only look at threats formally defined as “exploits”.

Next-Generation Firewalls

In order to prevent threats effectively, enterprises need to first reduce the avenues of attack – start controlling which applications run on the enterprise network. Then, enterprises need to scan allowed application traffic for threats more broadly – not limiting themselves to a strict definition of a particular type of threat (e.g., “virus” or “exploit”). Finally, in today’s economic environment, organizations need to do it without increasing complexity and cost.

Palo Alto Networks next generation firewalls deliver a high performance threat prevention solution. With a low-latency, multi-Gbps platform based on our SP3 Architecture, Palo Alto Networks next generation firewalls:

  • Limit traffic to approved applications while avoiding the risks from unnecessary applications
  • Scan “good” applications for a wide variety of threats – exploits, viruses, spyware, even confidential data leaks – with a single pass, stream-based scan
  • Integrate intelligence, policies and reporting between the firewall and threat prevention functions
  • Maintain network performance and throughput while providing IPS and threat prevention
  • Simplify infrastructure with a single policy, high port-count, and high performance

Simplify Security Infrastructure:

Fix the firewall, regain network visibility and control, and save money.

Simplify Security Infrastructure

For enterprise IT security organizations, the continued evolution of applications and threats, coupled with the stagnation of traditional network security technology has resulted in a loss of visibility and control. So organizations cannot safely enable new applications, and they are exposed to rising levels of risk due to increasingly evasive applications and sophisticated threats.


Sprawl Is Not The Answer

Despite efforts to regain visibility and control by adding more security appliances, most organizations remain stymied – unacceptably. IT security staffs have added a variety of devices around the firewall in an attempt to regain control of their networks, including:

  • Intrusion detection systems/intrusion prevention systems (IDS/IPS)
  • Proxies
  • URL filters
  • Data leak prevention (DLP) devices
  • Web antivirus devices
  • IM security devices

Not only do these devices not solve the problem, they increase complexity and cost – which, in today’s economic climate, is simply unacceptable.

It’s Time to Fix the Firewall – And Reduce TCO

Many leading enterprises have found that investing in innovation and reducing network security appliance sprawl can result in the restoration of visibility and control, and substantial reduction in total cost of ownership of security infrastructure.

Palo Alto Networks next-generation firewalls fix the problem – giving organizations visibility and policy control of applications, users, and content in a firewall. By fixing the firewall, many organizations have been able to reduce the number of security devices in their networks substantially, saving both capital expenditures and operations costs. By fixing the firewall, Palo Alto Networks enterprise customers have reduced costs by:

  • Up to 80% for capital expenditures
  • Up to 65% for hard operations costs (support contracts, subscriptions, power/HVAC)
  • “Soft” operations costs are similarly reduced