Palo Alto Networks, the company best known as being an early innovator in next generation firewalls, today announced a series of product updates and services that clearly appear to be the most important since the company’s initial launch.
With the launch, Palo Alto Networks is making a push to get more of its units inside the walls of data centers, as well as offering new technology designed to protect remote workers. Additionally, the company announced PAN-OS 4.0, the latest version of the core operating system that powers its firewalls, touting over 50 new features and increased visibility into what traffic and threats are passing through enterprise networks.
With the latest release of PAN-OS, enterprises can write custom App-IDs for their internally developed applications as well as new capabilities to identify previously unknown applications and suspicious traffic that could indicate botnet infections. In addition, new SSH Tunneling Control allows for authorized use of SSH while preventing tunneling and port-forwarding. They also added Country-specific Application Control, enabling enterprises to set specific policies based on corporate policies and regulations depending on geographical location.
For hardware, the Palo Alto Networks PA-5000 Series is comprised of three high performance units, the PA-5020, the PA-5050 and the PA-5060, all of which are targeted at high-speed Internet gateway and datacenter deployments.
I was able to sit with founder and CTO, Nir Zuk at the RSA Conference last month to discuss the new offerings. (Sidenote: Zuk, previously served as CTO at Jupiter Networks for a short time following its acquisition of NetScreen). After diving into the new features, Zuk was quick to criticize other security vendors that market their products with certain performance, but when enabling somewhat basic security features, end up with significantly slowed throughput. Palo Alto Networks claims that with its new hardware, enterprises can sustain 20Gbps of all apps, all ports, all the time next-generation firewall performance across their networks.
In an effort to expand beyond company and data center walls, the company also announced availability of GlobalProtect, a solution that provides enterprises the ability to extend protection over all types of traffic, applications, and threats beyond the physical corporate perimeter. GlobalProtect allows enterprises to extend the same policies, visibility and control of the next-generation firewall to any and all user network connections regardless of their location. It works by installing an agent that resides on the endpoint, which can be delivered to the user automatically via Active Directory, SMS or Microsoft System Configuration Manager or can be downloaded directly from the GlobalProtect Portal. Currently the GlobalProtect Agent only supports Windows operating systems but the company did tell us a Mac OS version is in the works. GlobalProtect can serve as a single sign-on solution for end-users, and integrates with the Windows Login utility to securely store logon information for subsequent logons such as VPN authentication. Used as a transparent SSL VPN, it can also help prevent remote users from being lured into “honeypot” connections or falling into Man-in-the-Middle (MITM) exploits by ensuring that all traffic remains encrypted between the end-user laptop and the Palo Alto Networks gateway.
“For the first time in our industry’s twenty-year history, enterprises en masse are sending their traditional network security devices to pasture,” said Rene Bonvanie, vice president of marketing at Palo Alto Networks. “Enterprises want to embrace an architecture that provides consistent protection and enforcement to their remote workforce, making network security a fundamental part of every connection by design, as opposed to something that is tacked on at the end,” added Bonvanie.
Palo Alto Networks has only been selling a product since August 2008, but the company claims over 3,500 customers and a run rate that exceeded $100 million in annual sales in 2010, which the company plans to at least double in 2011. The company prides itself on having 100% of its design and manufacturing taking place on United States soil.
All products and services covered in today’s announcement are all available immediately. Pricing for the PA-5000 Series, which includes PA-5020, PA-5050 and PA-5060, starts at $40,000. GlobalProtect is licensed on a per firewall basis, rather than per user licensing model.