SAN JOSE, Calif., June 25, 2007 – Palo Alto Networks today announced immediate availability of its PA-4000 Series, a next-generation firewall that gives organizations unmatched visibility into, and policy control over, applications flowing in and out of their networks. The PA-4000 Series is based on patent-pending traffic classification technology which enables the accurate identification of hundreds of applications that pass undetected through traditional firewalls. Organizations that deploy this technology can benefit from improved policy compliance, enhanced threat mitigation and lower operational costs.
Palo Alto Networks was founded by security industry visionary Nir Zuk, one of the creators of the stateful inspection technology upon which today’s multibillion dollar firewall industry is based. Zuk previously served as CTO at NetScreen Technologies and as principal engineer at Check Point Software Technologies. He has been joined at Palo Alto Networks by industry veterans from Check Point, NetScreen, McAfee, Blue Coat Systems, Cisco Systems and Juniper Networks. The company also announced today that it has secured $18 million in Series B financing from Globespan Capital Partners, Greylock Partners and Sequoia Capital. This brings total financing to $28 million. (See Release: Palo Alto Networks Raises $18 Million in Series B Financing)
Redefining the Firewall as the Policy Control Point for Application Access and Usage
Corporate end users are installing a new generation of applications – for both personal and business use – that have been designed to avoid network detection by legacy firewalls. Incremental responses to this application visibility and control dilemma – from function-specific security appliances to IDS/IPS “bolt-ons” added to existing firewalls – have proven to be ineffective. These approaches tend to suffer from poor performance, increased management complexity and limited application visibility. In addition, most offer control at a simplistic level of permit/deny only.
A new approach is required – one with an architecture built from the ground up with application identification at its core. Such an approach can identify social networking, Software-as-a-Service, instant messaging, soft phones, webmail, P2P and other emerging applications, including those that are SSL encrypted, without compromising end-user performance.
“Web applications, in particular those encrypted with SSL, are increasingly blinding traditional security inspection safeguards,” said Greg Young, Research Vice President, Gartner. “Current-generation firewalls are only a partial solution because they don’t provide the required granular level of visibility and control to help manage application traffic. In order to become more efficient and effective, firewalls must go beyond port/protocol identification to deliver a service view of traffic and provide deep inspection on all traffic rather than a percentage of it. This is like only reading postcards and ignoring the contents of letters and packages.”
Based on Palo Alto Networks’ patent pending App-ID™ application classification technology, the PA-4000 Series is a next-generation firewall that addresses common security evasion tactics such as port hopping, application emulation and the use of SSL encryption. It accurately identifies both traditional and emerging applications – including those embedded in an SSL session – to facilitate total application access and usage control while enabling broad, real-time threat prevention.
“As a $19 billion energy company that has risen more than 300 spots on the FORTUNE 500 list over the past 6 years, we need to have visibility of, and control over, what's on our network at all times," said Frank Chambers, Director of Information Security Management, Constellation Energy. “Palo Alto's PA-4000 Series helps us be proactive in our security, and allows us to set and enforce application policies to protect our business assets much more effectively.”
The PA-4000 Series offers an ability to detect more than 400 applications and protocols at its initial release. It also includes a rich networking foundation and a familiar GUI-based policy management editor. Deployed as a complement to existing firewalls or as an eventual replacement for them, strengths of the PA-4000 Series include:
- Accuracy: In-line deployment and App-ID classification identifies all application traffic, across all ports, all the time – including SSL-encrypted traffic and emerging Web-centric applications.
- Policy: Unified, graphical visualization of all applications on the network delivers centralized policy definition and enforcement based on detailed user, group and application-level categories. This enables better management of approved applications while providing real-time prevention of malicious threats and application vulnerabilities.
- Performance: A purpose-built, high performance network platform with dedicated processing for all major functions provides total control of good and bad traffic with up to 10 Gbps throughput, ensuring no performance degradation.
"Web 2.0 tools and applications increase productivity by accelerating end-user empowerment and real-time collaboration, but they significantly reduce IT’s ability to manage and control application traffic,” said Dave Stevens, Co-founder and CEO, Palo Alto Networks. “Palo Alto Networks is delivering the next-generation in network security which provides IT with the necessary visibility and control over applications, including those encrypted with SSL. We are enabling the safe use of these emerging productivity enhancing applications.”
Pricing and Availability
The PA-4000 Series currently comprises the PA-4050 and PA-4020 platforms. The PA-4050 supports up to 10 Gbps throughput and lists at US$60,000, and the PA-4020 supports up to 2 Gbps throughput and lists at US$35,000. Both models are available immediately.
About Palo Alto Networks
Palo Alto Networks™ enables visibility and policy control of applications running on enterprise networks. Based on innovative App-ID™ application classification technology, the Palo Alto Networks PA-4000 Series is a next-generation firewall that accurately identifies applications – regardless of port, protocol, evasive tactic or even SSL encryption – at 10Gbps with no performance degradation. Enterprises can now set and enforce application usage policies to meet compliance requirements, improve threat mitigation and lower operational costs. The Palo Alto Networks team includes security and networking industry veterans from Check Point, NetScreen, McAfee, Cisco and Juniper. It is backed by investors Globespan Capital Partner, Greylock Partners and Sequoia Capital. For more information, visit www.paloaltonetworks.com.
###
Palo Alto Networks, the Palo Alto Networks Logo, App-ID, FlashMatch and PAN-OS are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
