Firewall tailored to monitor Web 2.0 activity

Palo Alto Networks claims its App-ID technology identifies potentially insecure activity and lets administrators block either an entire application or certain features, such as peer-to-peer. Find out what analysts are saying about its reporting capability

Firewall and application control vendor Palo Alto Networks announced last week a few first-to-market features for its PA-4000 Series firewalls that allow organizations to identify and control applications and user behavior.

"Within enterprise IT, security and network professionals are lost about what applications are on the network," said Chris King, Palo Alto's director of product marketing. "Enterprise users do whatever they want. They actively circumvent controls, whether it's by tunnel or proxy--they get around the firewall."

Users are getting around browser-stopping ports by using Web mail and instant messaging.

"We're no longer able to control applications with network ports," King said.

Infractions can come from a variety of bandwidth-guzzlers, he said, including video, peer-to-peer and audio streaming. But, King said, the Web 2.0 applications can make it difficult to discern which are being used for legitimate collaboration.

"It's not to say that we're a better Big Brother," said King, "People want to bring in more applications, but we want to do it safely."

Educating users about Web 2.0 security issues is a "significant uphill battle," said James Quin, senior research analyst with the Canada-based Info-Tech Research Group.

"The content filtering market is huge right now, as enterprise shoppers have to deal with the big, amorphous mass of Web 2.0," Quin said. "So many new (Web 2.0) ventures are put up quickly for the security perspective to come into it."

According to Dave Senf, a research analyst with IDC, IT managers need to be wary of any sudden filtering moves.

"In a Web 2.0 world, it's important for organizations to get a better handle on what applications are running in and through their environment," Senf said. "But they need to be mindful of the impact of switching off employee access to this or that applications. Yes, it is an employer's right to say that only these five or ten or what-have-you applications can be run by employees. But there is the right and the wrong way to go about disabling what employees have become used to--you need to think about morale."

Version 2.0 of PAN-OS enhances visibility and control, said King, through App-ID technology, which can better identify and classify applications, and describe their business value.

Improvements include more dynamic application filters, according to King, who said, "You can turn on and off applications and groups, but also expose more of the attributes, such as blocking just the P2P with malware, or all high-risk media.

The product's reporting capabilities have also been enhanced. Administrators can generate a reader-friendly one-page summary of the results, or visual traffic report, for execs with little expertise who still want to track network activity. Portability has also been jacked up, with the results capable of being ported out to PDFs or e-mail.

Even this might not get the message to management, according to Senf. He said, "Many firms do not properly use or even consult log files. In fact, many managers in this country can't take the time to act on reports from IT. This is not because they are lazy, but because they don't yet see the value in it. Looking back to IDC data from 2003 we can see that this needle hasn't moved much in a positive direction: management in Canadian firms is not taking enough time to review security reports from IT. And a lot has happened in the last five years that should have pushed that along more." Deeper user support is also there, said King. "We already have support with Active Directory, but now it's even more enhanced," he said.

These factors--and the firewall/content filter combo--make the product unique in an already crowded market, said Quin. "Although I don't know how many people are looking for (such a mixed solution)," he said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Briony Smith

ComputerWorld Canada
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?