Called Global Protect, the software agent sets up an SSL session over the Internet to the nearest corporate Palo Alto security gateway, which enforces the security policies that have been set up for that particular user and device.
The company calls this protection a logical perimeter that extends to all corporate laptops rather than a physical perimeter that is defined by a firewall in a particular location.
Palo Alto is also announcing the availability of a new three-member family of its security gateways called the PA-5000 series, which represents the company's highest throughput devices specifically designed for data centers. The box provides 20Gbps firewall protection and 10Gbps of threat protection, the company says.
The devices can be deployed facing inward to segment network traffic, a feature that can be used to help comply with payment card industry (PCI) standards by segmenting traffic so extra protections such as encryption don't have to be applied to all traffic, the company says.
The three PA-5000s can be deployed in high-availability pairs, tied together in an active-active configuration.
Along with the new devices comes a new version of the device operating system, PAN OS 4.0, which allows businesses to write scripts that let the gateways identify internally developed applications as well as flag previously unknown applications.
The new version also features behavioral botnet protection that picks up on anomalous traffic and issues alerts.
PAN OS 4.0 also includes SSH tunneling control, which enables administrators to allow SSH traffic, but disallow tunneling anything over it - something that could represent malicious traffic being smuggled into the network.
Pricing for the PA-5000 series starts at $40,000. Global Protect is an extra 20 per cent of the cost of the price of a gateway per year for unlimited users.
Read more about wide area network in Network World's Wide Area Network section.