Firewall tailored to monitor Web 2.0 activity

Palo Alto Networks claims its App-ID technology identifies potentially insecure activity and lets administrators block either an entire application or certain features, such as peer-to-peer. Find out what analysts are saying about its reporting capability

Firewall and application control vendor Palo Alto Networks announced last week a few first-to-market features for its PA-4000 Series firewalls that allow organizations to identify and control applications and user behavior.

"Within enterprise IT, security and network professionals are lost about what applications are on the network," said Chris King, Palo Alto's director of product marketing. "Enterprise users do whatever they want. They actively circumvent controls, whether it's by tunnel or proxy--they get around the firewall."

Users are getting around browser-stopping ports by using Web mail and instant messaging.

"We're no longer able to control applications with network ports," King said.

Infractions can come from a variety of bandwidth-guzzlers, he said, including video, peer-to-peer and audio streaming. But, King said, the Web 2.0 applications can make it difficult to discern which are being used for legitimate collaboration.

"It's not to say that we're a better Big Brother," said King, "People want to bring in more applications, but we want to do it safely."

Educating users about Web 2.0 security issues is a "significant uphill battle," said James Quin, senior research analyst with the Canada-based Info-Tech Research Group.

"The content filtering market is huge right now, as enterprise shoppers have to deal with the big, amorphous mass of Web 2.0," Quin said. "So many new (Web 2.0) ventures are put up quickly for the security perspective to come into it."

According to Dave Senf, a research analyst with IDC, IT managers need to be wary of any sudden filtering moves.

"In a Web 2.0 world, it's important for organizations to get a better handle on what applications are running in and through their environment," Senf said. "But they need to be mindful of the impact of switching off employee access to this or that applications. Yes, it is an employer's right to say that only these five or ten or what-have-you applications can be run by employees. But there is the right and the wrong way to go about disabling what employees have become used to--you need to think about morale."

Version 2.0 of PAN-OS enhances visibility and control, said King, through App-ID technology, which can better identify and classify applications, and describe their business value.

Improvements include more dynamic application filters, according to King, who said, "You can turn on and off applications and groups, but also expose more of the attributes, such as blocking just the P2P with malware, or all high-risk media.

The product's reporting capabilities have also been enhanced. Administrators can generate a reader-friendly one-page summary of the results, or visual traffic report, for execs with little expertise who still want to track network activity. Portability has also been jacked up, with the results capable of being ported out to PDFs or e-mail.

Even this might not get the message to management, according to Senf. He said, "Many firms do not properly use or even consult log files. In fact, many managers in this country can't take the time to act on reports from IT. This is not because they are lazy, but because they don't yet see the value in it. Looking back to IDC data from 2003 we can see that this needle hasn't moved much in a positive direction: management in Canadian firms is not taking enough time to review security reports from IT. And a lot has happened in the last five years that should have pushed that along more." Deeper user support is also there, said King. "We already have support with Active Directory, but now it's even more enhanced," he said.

These factors--and the firewall/content filter combo--make the product unique in an already crowded market, said Quin. "Although I don't know how many people are looking for (such a mixed solution)," he said.

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Briony Smith

ComputerWorld Canada

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?