Palo Alto Networks® Next-generation Firewall Overview

Fundamental shifts in application usage, user behavior, and network infrastructure create a threat landscape that exposes weaknesses in traditional port-based network security. Your users want access to an increasing number of applications operating across a wide range of device types often with little regard for the business or security risks. Meanwhile, datacenter expansion, network segmentation, virtualization, and mobility initiatives are forcing you to rethink how to enable access to applications and data, while protecting your network from a new, more sophisticated class of advanced threats that evade traditional security mechanisms.

Historically, you were left with two basic choices—either block everything in the interest of network security, or enable everything in the interest of your business. These choices left little room for compromise. The Palo Alto Networks enterprise security platform provides you with a way to safely enable the applications your users need by allowing access while preventing cybersecurity threats.

Our next-generation firewall is the core of the enterprise security platform, designed from the ground up to address the most sophisticated threats. The next-generation firewall inspects all traffic—inclusive of applications, threats, and content—and ties it to the user, regardless of location or device type. The application, content, and user—the elements that run your business—become integral components of your enterprise security policy. The result is the ability to align security with your key business initiatives.

  • Safely enable applications, users, and content by classifying all traffic, determining the business use case, and assigning policies to allow and protect access to relevant applications.
  • Prevent threats by eliminating unwanted applications to reduce your threat footprint and apply targeted security polices to block known vulnerability exploits, viruses, spyware, botnets, and unknown malware (APTs).
  • Protect your datacenters through the validation of applications, isolation of data, control over rogue applications, and high-speed threat prevention.
  • Secure public and private cloud computing environments with increased visibility and control; deploy, enforce and maintain security policies at the same pace as your virtual machines.
  • Embrace safe mobile computing by extending the enterprise security platform to users and devices no matter where they are located.

The enterprise security platform helps your organization address a spectrum of security requirements based upon a common principle. Using a balanced combination of network security with global threat intelligence and endpoint protection, your organization can support business initiatives while improving your overall security posture, and reducing security incident response time incident response time.


Using Security to Empower Your Business

Our enterprise security platform allows you to empower your business with policies that revolve around applications, users, and content. It uses a positive control model, a design unique to our platform, that permits you to enable specific applications or functions, and block all else (implicitly or explicitly). The next-generation firewall performs a full stack, single pass inspection of all traffic across all ports, thus providing complete context of the application, associated content, and user identity as the basis for your security policy decisions.

Establishing the context of the specific applications in use, the content or threat they may carry, and the associated user or device helps you streamline policy management, improve your security posture, and accelerate incident investigation.

Complete Context Means Tighter Security Policies

Security best practices dictate that the decisions you make regarding policies, your ability to report on network activity, and your forensics capacity depend on context. The context of the application in use, the website visited, the associated payload, and the user are all valuable data points in your effort to protect your network. When you know exactly which applications are traversing your Internet gateway, operating within your datacenter or cloud environment, or being used by remote users, you can apply specific policies to those applications, complete with coordinated threat protection. The knowledge of who the user is, not just their IP address, adds another contextual element that empowers you to be more granular in your policy assignment.

  • Classify all traffic, across all ports, all the time. Today, applications and their associated content can easily bypass a port-based firewall using a variety of techniques. Our enterprise security platform natively applies multiple classification mechanisms to the traffic stream to identify applications, threats and malware. All traffic is classified regardless of port, encryption (SSL or SSH), or evasive techniques employed. Unidentified applications – typically a small percentage of traffic, yet high in potential risk – are automatically categorized for systematic management.
  • Reduce the threat footprint; prevent cyber attacks. Once traffic is fully classified, you can reduce the network threat footprint by allowing specific applications and denying all others. Coordinated cyber attack prevention can then be applied to block known malware sites and prevent vulnerability exploits, viruses, spyware, and malicious DNS queries. Any custom or unknown malware is analyzed and identified by executing the files, and directly observing their malicious behavior in a virtualized sandbox environment. When new malware is discovered, a signature for the infecting file and related malware traffic is automatically generated and delivered to you.
  • Map application traffic and associated threats to users and devices. To improve your security posture and reduce incident response times, it’s critical to map application usage to user and device type—and be able to apply that context to your security policies. Integration with a wide range of enterprise user repositories provides the identity of the Microsoft Windows, Mac OS X, Linux, Android, or iOS user and device accessing the application. The combined visibility and control over both users and devices means you can safely enable the use of any application traversing your network, no matter where the user is or the type of device they are using.

Application Visibility: View application activity in a clear, easy-to-read format. Add and remove filters to learn more about the application,its functions and who is using them.