Palo Alto Networks is announcing at Interop Las Vegas a new version of its next-generation firewall that makes it possible to create tighter security policies based on information about specific applications.
Palo Alto's PAN-OS 2.0 software expands the company's App ID technology so it can respond to more specific criteria when it blocks traffic. For example, the software previously could identify and block all peer-to-peer traffic. Now it can identify and block only that peer-to-peer traffic known to have vulnerabilities.
A new Application Taxonomy Dashboard imposes policies based on how applications behave -- for example, port hopping and tunneling -- and by type of application, for example, peer-to-peer and instant messaging.
In addition, the new software supports customer reports suitable for business executives that highlight the types of applications running on the network, the highest-risk users and the like. These reports can be sent easily via e-mail, PDF or removable media.
PAN-OS 2.0 makes it possible to authenticate users connecting to the network with Macintosh or Linux machines who could not be authenticated before via Active Directory. They can now be authenticated via Active Directory using their user ID, and assigned firewall restrictions based on their Active Directory profile.
The new version has a global map that displays the destinations and sources of traffic in and out of the network to help IT staff spot activity that may indicate malware sending and receiving data or individuals stealing sensitive corporate information.