Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Palo Alto Networks Targets Data Centers and Remote Workforce with New Products

Palo Alto Networks, the company best known as being an early innovator in next generation firewalls, today announced a series of product updates and services that clearly appear to be the most important since the company’s initial launch.

Palo Alto Networks, the company best known as being an early innovator in next generation firewalls, today announced a series of product updates and services that clearly appear to be the most important since the company’s initial launch.

With the launch, Palo Alto Networks is making a push to get more of its units inside the walls of data centers, as well as offering new technology designed to protect remote workers. Additionally, the company announced PAN-OS 4.0, the latest version of the core operating system that powers its firewalls, touting over 50 new features and increased visibility into what traffic and threats are passing through enterprise networks.

With the latest release of PAN-OS, enterprises can write custom App-IDs for their internally developed applications as well as new capabilities to identify previously unknown applications and suspicious traffic that could indicate botnet infections. In addition, new SSH Tunneling Control allows for authorized use of SSH while preventing tunneling and port-forwarding. They also added Country-specific Application Control, enabling enterprises to set specific policies based on corporate policies and regulations depending on geographical location.

PA-5000 Series Next Generation Firewalls

For hardware, the Palo Alto Networks PA-5000 Series is comprised of three high performance units, the PA-5020, the PA-5050 and the PA-5060, all of which are targeted at high-speed Internet gateway and datacenter deployments.

I was able to sit with founder and CTO, Nir Zuk at the RSA Conference last month to discuss the new offerings. (Sidenote: Zuk, previously served as CTO at Jupiter Networks for a short time following its acquisition of NetScreen). After diving into the new features, Zuk was quick to criticize other security vendors that market their products with certain performance, but when enabling somewhat basic security features, end up with significantly slowed throughput. Palo Alto Networks claims that with its new hardware, enterprises can sustain 20Gbps of all apps, all ports, all the time next-generation firewall performance across their networks.

In an effort to expand beyond company and data center walls, the company also announced availability of GlobalProtect, a solution that provides enterprises the ability to extend protection over all types of traffic, applications, and threats beyond the physical corporate perimeter. GlobalProtect allows enterprises to extend the same policies, visibility and control of the next-generation firewall to any and all user network connections regardless of their location. It works by installing an agent that resides on the endpoint, which can be delivered to the user automatically via Active Directory, SMS or Microsoft System Configuration Manager or can be downloaded directly from the GlobalProtect Portal. Currently the GlobalProtect Agent only supports Windows operating systems but the company did tell us a Mac OS version is in the works. GlobalProtect can serve as a single sign-on solution for end-users, and integrates with the Windows Login utility to securely store logon information for subsequent logons such as VPN authentication. Used as a transparent SSL VPN, it can also help prevent remote users from being lured into “honeypot” connections or falling into Man-in-the-Middle (MITM) exploits by ensuring that all traffic remains encrypted between the end-user laptop and the Palo Alto Networks gateway.

“For the first time in our industry’s twenty-year history, enterprises en masse are sending their traditional network security devices to pasture,” said Rene Bonvanie, vice president of marketing at Palo Alto Networks. “Enterprises want to embrace an architecture that provides consistent protection and enforcement to their remote workforce, making network security a fundamental part of every connection by design, as opposed to something that is tacked on at the end,” added Bonvanie.

Palo Alto Networks has only been selling a product since August 2008, but the company claims over 3,500 customers and a run rate that exceeded $100 million in annual sales in 2010, which the company plans to at least double in 2011. The company prides itself on having 100% of its design and manufacturing taking place on United States soil.

All products and services covered in today’s announcement are all available immediately. Pricing for the PA-5000 Series, which includes PA-5020, PA-5050 and PA-5060, starts at $40,000. GlobalProtect is licensed on a per firewall basis, rather than per user licensing model.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).