Palo Alto Networks
|Traded as||NYSE: PANW|
|Headquarters||Santa Clara, CA, U.S.|
|Key people||Mark D. McLaughlin
Chairman, President, and CEO
Founder and CTO
Founder and Vice President, Engineering
Palo Alto Networks, Inc. is a network security company based in Santa Clara, California. The company’s core products are firewalls designed to provide visibility and granular control of network activity based on application, user, and content identification.
Palo Alto Networks was founded in 2005 by Nir Zuk. Zuk was the principal developer of the first stateful inspection firewall and the first intrusion prevention system. When asked why he started Palo Alto Networks, Zuk cited his objective of solving a problem enterprises were facing with existing network security solutions: the inability to safely enable employees to use modern applications, which entailed developing a firewall that could identify and provide fine-grained control of applications.
In 2009 Gartner, Inc. released a publication defining the 'next-generation firewall'. As in its definition, Palo Alto Networks firewalls contain application awareness, full stack visibility, extra-firewall intelligence, and upgrade paths in addition to the full capabilities of both traditional firewalls and intrusion prevention systems. Additionally, the company defines its firewall technology by the following abilities:
- Identify applications regardless of port, protocol, evasive tactic or Secure Sockets Layer
- Identify and control users regardless of IP address, location or device
- Protect against known and unknown application-borne threats
- Fine-grained visibility and policy control over application access/functionality
- Multi-gigabit, low latency, in-line deployment
Palo Alto Networks firewalls replace the traditional port-based traffic classification mechanism of stateful inspection with application identification. This largely affects the access control function of the firewall, which is built for increased visibility into, and more granular control over what traffic is or is not allowed on a network. Policy controls can be deployed to deny unwanted applications, and allow specific applications or functions for users or groups, regardless of their location or device, through directory service integration.
As a clarification point, stateful inspection technology is present in Palo Alto Networks firewalls, and policy can be created and enforced by port or protocol. However, it does not serve as the primary traffic classifier. It is the only enterprise firewall currently using application identification as a primary traffic classification mechanism.
Palo Alto Networks firewalls also have threat prevention mechanisms, providing intrusion prevention and antivirus. Additional functionality includes malware prevention (i.e. APTs, botnets, and targeted attacks), URL filtering, SSL decryption, data filtering, quality of service, site-to-site and remote user virtual private networking, and custom reporting.
Palo Alto Networks markets ten platforms, ranging from 50 Mbps – 20 Gbps of firewall throughput. In 2010 the company added GlobalProtect and WildFire. GlobalProtect extends the same firewall policies used at headquarters locations to users in any location. The technology was built to help corporate security perimeters follow its users in the increasing adoption of mobile devices and cloud-based access.
WildFire is a mechanism for identifying and protecting enterprises from unknown malware. It analyzes files for malicious behavior in a virtualized environment and alerts users of its results. If malware is found, WildFire automatically generates and delivers a signature as an update to its subscribers within 60 minutes. WildFire was built for the purpose of protecting enterprises from previously unknown or highly targeted malware.
Recognition from industry analysts and labs for Palo Alto Networks firewalls include:
- The 2011 Gartner Magic Quadrant identified Palo Alto Networks as a leader in the enterprise firewall.
- NetworkWorld granted short list status to Palo Alto Networks’ firewalls in its next-generation firewall review in 2011 and 2012.
- NSS Labs rated Palo Alto Networks firewalls “Recommended” in 3 network security tests:
- IPS Group Test (2011) in which NSS Labs notes it exceeded datasheet performance
- Traditional Firewall Group Test (2011); additionally, evaluated as best cost solution per protected megabit
- Next-Generation Firewall Group Test (2012) also receiving an evaluation as best cost solution per protected megabit
- The Forrester Research Market Overview for Intrusion Prevention Systems in 2011 credited Palo Alto Networks with “[disrupting] the detente between IPS and firewalls” and “pushing the entire vendor community toward further innovation.”
- "PANW: Summary for Palo Alto Networks, Inc. Common- Yahoo! Finance". Yahoo! Finance. Retrieved 29 October 2012.
- "US and UK gov cyber defences = big boys' trough-slurp". The Register. 2010-10-22. Retrieved 29 October 2012.
- "The Entrepreneur Questionnaire: Nir Zuk, Founder and CTO of Palo Alto Networks « Greylock VC". Retrieved 29 October 2012.
- Vance, Ashlee (October 20, 2011). "Building a Firewall for the Facebook Generation". Business Week.
- Pescatore, John; Young, Greg, Defining the Next Generation Firewall, retrieved 2012-12-02
- Next-Generation Firewall Overview, 2011, retrieved 2012-12-02
- "PA-5000 Series Specsheet". Palo Alto Networks. 2012. Retrieved 29 October 2012.
- Mathew J. Schwartz (June 22, 2010). "Palo Alto Introduces Security For Cloud, Mobile Users". Information Week. Retrieved 29 October 2012.
- "Palo Alto Networks Hits The Magic Quadrant For Firewalls". Wall Street Journal. December 16, 2011. Retrieved 23 January 2013.
- "Palo Alto earns short list status". Network World. August 22, 2011. Retrieved 23 January 2013.
- "Palo Alto Networks Earns "Recommended" Rating in NSS Labs Test". Terach. Retrieved 23 January 2013.