Retis: Advance level

PaloAlto

Firewalling platform based on application recognition, identification of user’s virtual profile using communication services and possibility to apply filters not even on base level of TCP/IP stack (doors and IP), but even on applications and on their behavior. Palo Alto network products are third generation Firewall able to analyze all traffic correlated to applications and users that generate it and to define ad hoc rules inherent those parameters. Will be possible to enable only some applications and only for use of precise users coming to define even the available bandwidth for those services/applications critical for core business. Those systems can control and block (for single user) applications like skype or peer to peer connections able to use dissimulation or encryption mechanism who can’t be blocked today by a single firewall, but need an extra proxy server or maybe an IPS with performance degradation and with alignment difficulty in different appliances management. Palo Alto Networks is able to cover functionality as Firewall, Proxy, Antivirus, URL filtering and so on with a unique solution ensuring Gigabit performances. Besides the system can be used first of all to understand which kind of traffic travel on the net in order to apply rules that allow real infrastructure control, ensuring an integral visibility on applications use and on users that ask for services.

img 1

.

Furthermore, Palo alto Firewalls differ from other market leader with the following features:

• Application identification: Most applications apply evasion techniques that aim to look for an escape route, even if perimetric systems limit it. Accordingly, the one way to group applications is to perform a deep analysis so that those applications can be recognized in behavioral families. This families are surveyed from Palo Alto in more than 800 applications, so is possible to create permissions like maximizing tighten on applicative controls, or block definitely applications if are noxious for the net.

img 2

.

• Application Control: On every application is possible to perform detailed controls like antivirus, antimalware or vulnerability.
• Single Pass Parallel Processing Architecture: Flows scan in a single step executing parallel processes.
  

img 3

.

• User Identity Assignation: Beyond an Active Directory communication system, Palo Alto is able to assign identity to domain users, in order to create singles control and security policy straightly on users and groups, instead on single IP addresses or networks. Is also available an embedded captive portal system to bind an identity to clients that do not belong to corporate domain (typically guest users).

img 4

.

• SSL Traffic Decryption: Lot of applications are used beyond an encrypted SSL channel in order to maximize anonymity. Means that traditional systems haven’t chance to render traffic originated, being so far unreadable. Palo Alto Firewalls decrypt and inspect traffic content and encrypt traffic after inspection.
• Not Supported http Protocol Applications Rebuild: The system can perform analysis on traffic in transit in order to rebuild an applicative profile for any application on http protocol, making identification and rule definition even for application not supported yet.
• Census and Analysis of Network Traffic: The solution exploiting traffic census ability, discriminating traffic both for application and users in order to furnish, after a tight period, a complete traffic scene about application generating traffic, bandwidth consumption, users that use various applications and so on. In this way can be determined eventual criticality on bandwidth employ that deteriorates network performances, employ usage of unpermitted applications and so on. In this regard Palo Alto will introduce QoS functionality giving the possibility to define special resources for applications/users bandwidth.
• Multi-Gigabit Throughput : In order to guarantee this elevated inspection fees, the system had to ensure high load capacity. Palo Alto Firewall is able to guarantee a control up to 5Gbps with the top level model.
• Real-time, detailed Reporting: Administrator can generate reports in order to understand what’s happening on the net, can display fast drill-down reports, or probe real-time log directly from the appliance.
• Easy Deployment: Thanks to the wide system flexibility, can be deployed in many way on environment, like Bridge Layer 2, monitoring (using a TAP or a Spanport from a switch) or the more traditional NAT/Route mode. All this modality can exist in the same appliance, with no obligation to use the Virtual Domain functionality.