TƯỜNG LỬA THẾ HỆ MỚI
Your employees are using these applications — legitimately in many cases — to do their jobs. Blocking the applications outright may hurt your bottom-line, but blindly allowing them invites business and security risks.
Using a Palo Alto Networks next-generation firewall, you can strike the right balance between blocking all personal-use applications and allowing all of them. Secure application enablement begins with knowing exactly which applications are being used and by whom. This information allows you to create effective firewall-control policies that extend well beyond the traditional 'allow or deny' approach. The final component of our solution is giving you the ability to securely enable applications without degrading your firewall's performance.
KNOWLEDGE IS POWER: IDENTIFYING APPLICATIONS, USERS & CONTENT
Secure application enablement requires a systematic approach that begins with learning which applications are traversing your network, who is using each application, and the types of threats the applications might carry.
APP-ID: first determines exactly which application is in use, no matter which port or evasive tactic is used.
USER-ID: Ties the application usage to the identity of the employee, not just the IP address, based on information stored in your corporate directory.
- CONTENT-ID: Controls web surfing, protects you against threats, and limits the unauthorized transfer of files and data.
SP3 ARCHITECTURES: Next-Generation Firewalls are based on a unique Single Pass Parallel Processing (SP3) Architecture – which enables high-throughput, low-latency network security, even while incorporating unprecedented features and technology. Palo Alto Networks solves the performance problems that plague today’s security infrastructure with the SP3 architecture, which combines two complementary components is SINGLE PASS SOFTWARE and PARALLEL PROCESSING HARDWARE.
Armed with a better understanding of what is traversing your network, your security team and business groups can determine the business value of certain applications to specific users. Next, you can set up policies that enable application usage while also protecting your network.
SECURE APPLICATION ENABLEMENT: RESTOREING CONTROL TO THE FIREWALL
The firewall is the only place where all traffic passes through, which makes it the ideal location for controlling applications, users and content. With the new, deeper understanding of your network traffic provided by our firewalls, your security team can quickly deploy application enablement policies that extend beyond "allow or deny." Examples include:
- Enable application, or application-function usage, for specific groups of users.
- Scan allowed traffic for a wide range of threats including viruses, vulnerability exploits, Trojans, and other forms of malware.
- Apply QoS to specific applications, users or groups to ensure your business applications are not bandwidth deprived.
- Block all P2P file sharing, external proxies, and circumventors.
- These are just a few of the ways you will benefit from the secure application enablement policy approach of Palo Alto Networks next-generation firewalls.
PURPOSE –BUILT PLATFORM: PREDICTABLE PERFORMANCE WITH SERVICES ENABLE
Identifying and controlling applications, while scanning them for threats, is a computationally intensive process that can crush most server-based platforms. Palo Alto Networks addresses these performance challenges using a unique combination of function-specific processing for:
- Content inspection
The result is a platform that delivers predictable performance at up to 20 Gbps when security services are enabled.