SAN JOSE, Calif., October 22, 2007–Palo Alto Networks today announced a major enhancement to the PAN-OS software running on the PA-4000 Series next-generation firewall. The new capabilities make the PA-4000 Series the first enterprise firewall to transparently integrate with Microsoft Active Directory, enabling visibility into application usage by individual user names or groups. As a result, enterprises can centrally define and deploy granular, user-specific policies that greatly tighten information security and compliance, without impeding the business.
In contrast to legacy firewalls that can only define policies based on IP addresses, Active Directory integration further extends the PA-4000 Series to now provide integrated visibility and control of users, applications, and threat activity.
Transparent and Consistent User Identification
Legacy firewalls were designed to define policies based on source and destination IP addresses for controlling access to servers with a small number of fixed IP addresses. However, due to the dynamic IP address assignment as part of the Dynamic Host Configuration Protocol (DHCP), it is not an effective means for controlling users.
By transparently integrating with Microsoft Active Directory, the PA-4000 Series is the first enterprise firewall to enable mapping of user names and groups to security policies without requiring the use of client software or additional authentication steps by the end user. The Palo Alto Networks solution requires no changes to the Active Directory server or to the end user PCs.
This integration manifests itself through the PA-4000 Series Application Command Center (ACC), which provides a real-time display of application traffic flowing across the network – now by user or group name. From this, enterprises can use the ACC’s rules-based editor to create, review and deploy more targeted application usage policies.
“In every company in the world users install and use applications that are not approved by IT, which makes it challenging to establish uniform security and compliance policies,” said Jeff Wilson, Principal Analyst, Network Security, Infonetics Research. ”Establishing application visibility and control based actual user identity, not just IP address, is an important feature in next-generation firewalls.”
“Just as ports no longer accurately identify applications, IP addresses are not sufficient to identify users,” said Steve Mullaney, Vice President, Marketing, Palo Alto Networks. “With the latest functionality in PAN-OS, we’ve enabled optimal security and compliance for today’s application landscape by giving IT the tools required for granular visibility and policy control down to the user level.”
Pricing and Availability
The new capabilities are available immediately in the PAN-OS software. Existing Palo Alto Networks customers with support contracts may upgrade at no cost to receive the updated functionality.
About Palo Alto Networks
Palo Alto Networks™ enables visibility and policy control of applications running on enterprise networks. Based on innovative App-ID™ application classification technology, the Palo Alto Networks PA-4000 Series next-generation firewall accurately identifies applications – regardless of port, protocol, evasive tactic or even SSL encryption – at 10Gbps with no performance degradation. Enterprises can now set and enforce user-based application usage policies to meet compliance requirements, improve threat mitigation and lower operational costs. The Palo Alto Networks team includes security and networking industry veterans from Check Point, NetScreen, McAfee, Cisco and Juniper. It is backed by investors Globespan Capital Partners, Greylock Partners and Sequoia Capital. For more information, visit www.paloaltonetworks.com.
###
Palo Alto Networks, the Palo Alto Networks Logo, App-ID, FlashMatch and PAN-OS are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
