Palo Alto Pumps Up Remote Security, Data Center Presence

Palo Alto Networks is launching a trio of new products to give VARs a better position to attack security in the data center and for remote workers, while also adding dozens of new features to its operating system to thwart threats in the network.

"There's been this growing realization on our part that the market for next-generation firewalls has arrived," said Palo Alto's Director of Product Marketing Chris King in an interview with CRN. Citing a Gartner study, King said that come 2014 roughly 60 percent of firewall purchase will be of the next-generation variety, a stat that bodes well not only for Palo Alto, but for the stable of VARs selling its wares. "From a channel perspective, this is a message that is resonating in the market," King added.

With an eye to application control and visibility into the firewall, King said this latest release is pushing Palo Alto and its solution providers into new areas, giving them a new toolset to attack the remote work force and the data center, while adding new software to the mix that lets them tackle all of the "nooks and crannies" of network traffic that traditional network security solutions often fail to reveal.

First up, Palo Alto unveiled GlobalProtect, an annual subscription service that King said essentially keeps all devices connected to the network despite their locations. GlobalProtect decouples policy from the physical infrastructure to make a logical network perimeter.

With GlobalProtect, solution providers deploy a small agent on customer devices that determines the network location, or whether a device is on or off the network. If the device off-network, the agent seeks out the nearest firewall using SSL VPN and redirects traffic to the closest firewalls. The agent also submits a host information profile including patch level, asset type, encryption posture and more to the gateway, and the gateway then enforces security policy using App-ID, User-ID, Content-ID and host information.

"Traffic is routed to the closest gateway and policy is enforced," King said.

For VARs, GlobalProtect introduces a subscription security service and also a chance to upsell as every gateway can participate in the scheme, creating the potential to sell more gateways and firewalls.

Palo Alto also launched its biggest firewall to date with the PA-5000, designed for the data center. Currently, roughly 25 percent of Palo Alto's business comes from the data center. King said adding the new next-generation firewall to Palo Alto's roster will give it a larger, and more natural presence in the data center.

The three firewalls in the PA-5000 series, the 5020, 5040 and 5060 all feature hot swappable fans, power supplies and SSD drives; dedicated high availability and management interfaces; and come in a 2U standard rack mount form factor. The largest, the PA-5060 can handle up to 20 Gbps of firewall throughput, 10 Gbps of threat prevention and 4 Gbps of IPSec VPN; can carry 4 million sessions and features for 10 Gig XFP ports, 8 SFP+ ports and 12 10/100/1000 ports.

"The data center firewall has to be big, fast reliable and resilient," King said, adding that many of Palo Alto's partners are looking to increase their presence in the data center space and the PA-5000 series brings that opportunity to the table.

Lastly, Palo Alto launched the latest version of its operating system, PAN-OS 4.0. The new version adds more than 50 new features over PAN-OS 3.1, which was released in February 2010. The new capabilities range from core networking features to advanced malware control.

Some key additions, King said, include new visibility into enterprise traffic and threats; customizable App-ID, which allows VARs and users to write App-IDs for their internally developed apps; behavioral botnet detection which identifies unique network patterns of a bot-infected device; SSH tunneling control, which allows authorized use of SSH while preventing tunneling and port-forwarding; and country-specific app control that lets an enterprise set polices based on geographic corporate regulations.

Overall, King said, the lineup of new additions to Palo Alto's portfolio gives VARs the opportunity to dig deeper into their clients' security infrastructures and provide them more visibility into what's occurring on their networks.

"They can push core innovation into new corners and places, and each of those places creates a significant opportunity," he said.