Page 1 of 2
Palo Alto Networks has rolled out an extensive product expansion aimed at beefing up security in both virtualized and physical enterprise networks. Described as "the largest rollout" in the history of the company, the announcement includes four new products and more than 60 new features to existing products.
Among the highlights, the Santa Clara, Calif.-based company has rolled out a new virtualized next-generation firewall platform, known as the "VM-Series."
"The VM Series is a virtualized instance of our next-generation firewall," said Chris King, director of product marketing. "Heretofore, we have sold hardware appliances, and now we have taken that same functionality and have instantiated that onto a virtualized machine inside the virtualized environment so that traffic that never leaves the virtual machine can be secured in the same way that traffic between physical machines can."
"The hypervisor is the new attack surface," King continued. "But new problems have come to light. One of them is that some of the network traffic never leaves the physical machine. It is between VM's. Another problem is that as the virtual machines are moving all over the place, how do you make sure that the right security policy is following them? And it's also important to be able to spin up new VM's when necessary. Our announcement is intended to rise to these challenges."
King added that the channel can be instrumental in helping customers to not only integrate these features, but to design an overall approach that bridges the conventional networks and virtualized networks.
"You can now have a next-generation firewall type of network security in both the physical world, and the virtual world, based on the customer's choice," he said. But it's all managed in a unified fashion."
As part of another new announcement, Palo Alto Networks has rolled out a new malware prevention subscription service that is intended to move beyond malware detection and incorporate a malware prevention strategy, as well.
"This is the next step for our WildFire technology, which has been running for about a year," King explained. "The customer will set a policy that says for certain applications if I have not seen the executable content coming across previously, I want to send that up to the WildFire service. It runs in the cloud as a virtualized desktop environment that essentially executes that content and watches what it does. If it does things like change the master boot record or the registry, or does certain other things, we recognize it as malware. It is a sandbox in the cloud. The difference here is that we are pretty unique in that we are a firewall first, so we can more easily to see all the traffic across all the applications within an hour, real-time."