Palo Alto Value Proposition
Based on patent-pending App-ID™, User-ID™, Content-ID™ and Single-Pass Parallel Processing™ (SP3) Architecture technology, Palo Alto Networks firewalls accurately identify and control applications regardless of port, protocol, evasive tactic or SSL encryption and scan content providing a finer-grained control over end-user Internet usage than has previously been available in any firewall.
Now, rather than react to the discovery of a strange application by summarily blocking it, the administrator can take a more balanced and informed approach by learning more about the application and then safely enabling its usage or blocking it based on the security risks.
- Improves network visibility by accurately identifying application traffic irrespective of port and protocol.
- Enhances security by dictating access rights based upon the actual application traffic as opposed to simply the port and protocol
- Increases malware prevention effectiveness by narrowing down the number of unauthorized applications traversing the network.
As enterprises continue to use Internet- and web-centric applications to aid expansion and increase efficiencies, visibility into what users are doing on the network becomes increasingly important. Dynamic IP addressing across both wired and wireless networks and remote access by employees and non-employees alike have made the use of IP addresses an ineffective mechanism for monitoring and controlling user activity. Palo Alto Networks User-ID technology addresses the lack of visibility into user activity by seamlessly integrating with Active Directory to dynamically link an IP address to user and group information. With visibility into user activity, enterprises can monitor and control applications and content traversing the network based on the user and group information stored within the user repository.
- Regain visibility into user activities relative to the applications in use and the content they may generate.
- Tighten security posture by implementing policies that ties application usage to specific users and groups, as opposed to simply the IP address.
Accurately identifying the applications traversing the network is only part of the challenge IT departments face with today's Internet-centric environment. Inspecting permitted application traffic at performance levels that satisfy high speed network demands becomes the next significant challenge, and one that is addressed by an innovative technology called Content-ID. Content-ID melds a uniform threat signature format, stream-based scanning and a comprehensive URL database with elements of application visibility to limit unauthorized file transfers, detect and block a wide range of threats and control non-work related web surfing. Content-ID takes full advantage of Palo Alto Networks SP3 Architecture to deliver high performance threat prevention without impeding traffic.
Single Pass Parallel Processing (SP3) Architecture
Palo Alto Networks next-generation firewalls are based on a unique Single Pass Parallel Processing (SP3) Architecture. The combination of Palo Alto Single Pass software and Parallel Processing hardware features.
- Increased Network Performance: routing, flow lookup, stats counting, NAT, and similar functions are performed on network-specific hardware
- Security Acceleration: User-ID, App-ID, and policy all occur on a multi-core security engine with hardware acceleration for encryption, decryption, and decompression.
- Dedicated Processing: Content-ID content analysis uses dedicated, specialized content scanning engine
- Advanced Management Processing: On the controlplane, a dedicated management processor (with dedicated disk and RAM) drives the configuration management, logging, and reporting without touching data processing hardware.