We have to kill the firewall in order to save it. That's the essential message from startup Palo Alto Networks (PAN). In a previous blog I discussed the irony of PAN getting funded for a product based on old ideas. But that doesn't mean PAN isn't on to something. The company's value proposition has less to do with technological innovation and more to do with reframing the notion of a firewall's primary function.
A typical firewall's primary function is to allow or deny traffic based on the ports and protocols in use. This has to led to some pernicious problems.
Problem 1: Typical firewalls never deny a known set of ports and protocols, leaving gaping holes through which numerous applications pass. Some of these applications carry malicious code.
Problem 2: Some of the applications coming through holes in the firewall are very useful. Many are less useful, and a few can be downright dangerous. A typical firewall can't help you distinguish among or control these applications.
PAN addresses these problems by reframing the primary function of a firewall. In PAN's view, job one is to precisely identify every application that comes in and goes out of the network. This makes all kinds of interesting things possible.Drew is formerly editor of Network Computing and currently director of content and community for Interop. View Full Bio