Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Palo Alto Networks Pushes Major Refresh of Network Security Portfolio

Palo Alto Networks is focusing on the virtualized data center to help IT administrators fight off threats targeting virtual environments.

Palo Alto Networks is focusing on the virtualized data center to help IT administrators fight off threats targeting virtual environments.

Network security firm Palo Alto Networks announced its “largest ever” refresh of its network security portfolio on Tuesday, introducing new virtual and physical appliances, a new anti-malware subscription service, and the latest version of its operating system. The new Palo Alto Networks VM-Series, which will be integrated with VMware’s vSphere virtualization operating system, will allow IT administrators to see what kind of data is flowing between virtual machines, Chris King, director of product marketing at Palo Alto Networks, told SecurityWeek. The VM-Series is currently available only for the VMware hypervisor.

Palo Alto Networks LogoMost physical firewall appliances can’t see what is happening within the virtual machines on a physical host as their visibility is limited to the traffic coming from outside and reaching the physical host, King said. VM-Series, on the other hand, as a virtual appliance, has the ability to see that traffic and to offer IT administrators with application-, user-, and content-based firewall capabilities, King said.

“We are now able to offer a full feature next generation firewall in a virtual machine data center,” King said.

The new virtual and physical appliances are based on the new PAN-OS 5.0 operating system, King said. PAN OS 5 added management capabilities to the virtual firewall, making it easier for enterprises to tie user- and app-based policies to virtual machines or server deployments, King said. Existing customers can upgrade their Palo Alto Networks products to the new operating system for free, King said.

Palo Alto Networks M-100 Management ApplianceIT administrators have to deal with the challenge of managing virtual machines even when they migrate within the virtual environment and get new IP addresses. With the new VM-Series, IT administrators will be able to tie policy to the applications and not the IP address, so even as the machines move around, the policies are still in effect, King said.

The new PAN OS 5.0 offers the dynamic objects technology to give security policies flexibility. The new feature also is useful for customers who are running virtual machines with varying trust levels n the same physical host, King said. While there are some virtual environments where administrators are able to keep the trust levels homogenous, in most cases, they vary, King said. This is particularly the case in multi-tenant, multi-trust environment, King said.

One virtual machine with a low-trust level may be a threat to other virtual machines with high-trust levels, so it was important to make sure the appropriate security policies were applied and maintained at all times.

Starting at $2,700, the VM-Series will come in three forms. The VM-100 is the most basic, supporting 50,000 sessions, 250 rules, 10 security zones, 2,500 address objects, 25 IPsec tunnels, and 25 SSL VPN tunnels. The VM-200 supports 100,000 sessions, 2,000 rules, 20 security zones, 4,00 address objects, 500 IPsec tunnels, and 200 SSL VPN tunnels. Finally, the VM-300 supports 250,000 sessions, 5,000 rules, 40 security zones, 10,000 address objects, 2,000 IPsec tunnels, and 500 SSL VPN tunnels.

The network security firm also updated its threat prevention offerings with a subscription service to its WildFire cloud-based malware prevention service, King said. WildFire currently detects malware affecting a broad range of applications, including zero-day threats. The new service is now capable of delivering malware signatures to all subscribers within an hour of the malware being detected, King said. Customers also get on-box logging and reporting capabilities with the WildFire service.

Palo Alto Networks PA-3000 FirewallPalo Alto also launched the PA-3000 Series next-generation firewall for enterprise customers starting at $14,000. The PA-3020 and PA-3050 deliver up to 4 Gbps App-ID throughput, the company said. The new appliances are part of the company’s new mid-range platform, ranging from 2 Gbps to 4 G bps, to give enterprises more options, King said.

The M-100 appliance is a dedicated Palo Alto Networks Panorama management system to offer distributed log collection capabilities and centralized control over all the Palo Alto firewalls deployed on the network.

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).