Palo Alto Networks today announced that its family of next-generation firewalls is the first and only to deliver data leak prevention (DLP) functionality in a network firewall. This new content security capability – offered at no additional cost to customers – enables enterprises to detect critical pieces of personally identifiable information, such as Social Security or credit card numbers, within application traffic. Based on easy to define policies, the firewall can then take automatic action – from alerting to blocking – to prevent inadvertent or intentional disclosure of sensitive data.
Public breaches involving databases of credit card numbers and Social Security numbers continue to make headlines – most recently with the loss of personal identifying information of nearly 24,000 U.S. soldiers via a peer-to-peer (P2P) application. Web 2.0 and other user-driven applications exacerbate an already difficult situation for IT in trying to control all the potential conduits for data leakage. In fact, regarding P2P alone, Palo Alto’s most recent Application Usage and Risk Report found 18 P2P file sharing variants in 92 percent of organizations – double the number found just six months prior.
"Like many organizations, we are increasingly concerned about safeguarding the personal information in our care," said Carol Campbell Beggs, Vice President of Technology for Sonesta Hotels. "By seeing and managing which applications are on our networks, and scanning those applications for confidential data or malicious content, we can ensure our data is managed appropriately. The fact that we can now do this in a firewall means that we can prevent issues, instead of potentially not finding out about a problem until months later."
While comprehensive data leak prevention projects are underway for some enterprises, the cost, scope, and duration are often too much for many organizations to undertake and the risk of loss is not abating. The network perimeter, and specifically the firewall, is the ideal place to enforce some data leak prevention controls as it acts as the trust boundary for all application traffic flowing out of enterprise networks. By focusing on these critical data elements, Palo Alto Networks is offering enterprises a simple, cost effective and extremely powerful solution to address an important element of data leakage risk.
"It’s time for the firewall to be the primary security device once again," said Steve Mullaney, Vice President of Marketing, Palo Alto Networks. "Legacy firewalls see all application traffic, but only in terms of ports, protocols and IP addresses – which provide little to no visibility in today’s Web-driven world. Next-generation firewalls from Palo Alto Networks give enterprises granular control over applications, users and content – and by consolidating key security functions back into the firewall, much more bang for the enterprise buck."
Palo Alto Networks’ next-generation firewalls incorporate three key unique identification technologies – App-ID, User-ID, and Content-ID – in a high-performance, low-latency firewall platform. This enables organizations to see and control application content at their perimeter. Enterprises can enforce business policies regarding credit card and Social Security numbers by:
- First, blocking undesirable applications
- Second, scanning allowed applications for confidential information – even SSL-encrypted applications and content
- Third, seeing the specific Active Directory users and groups involved and using them in policy
Palo Alto Networks’ next-generation firewalls are based on a high-performance, purpose-built platform, with specialized hardware and a single pass architecture – which enables fast low-latency scanning of applications and application content. The PA-4000 Series and PA-2000 Series firewalls range from 10Gbps to 500Mbps of throughput.
About Palo Alto Networks
Palo Alto Networks™ is the leader in next-generation firewalls, enabling unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 10Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, visit www.paloaltonetworks.com.
###
Palo Alto Networks, the Palo Alto Networks Logo, App-ID, FlashMatch and PAN-OS are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
