Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

$28 Million for an Old Idea?Part 2

We have to kill the firewall in order to save it. That's the essential message from startup Palo Alto Networks (PAN).
In a previous blog I discussed the irony of PAN getting funded for a product based on old ideas. But that doesn't mean PAN isn't on to something. The company's value proposition has less to do with technological innovation and more to do with reframing the notion of a firewall's primary function.

A typical firewall's primary function is to allow or deny traffic based on the ports and protocols in use. This has to led to some pernicious problems.

Problem 1: Typical firewalls never deny a known set of ports and protocols, leaving gaping holes through which numerous applications pass. Some of these applications carry malicious code.

Problem 2: Some of the applications coming through holes in the firewall are very useful. Many are less useful, and a few can be downright dangerous. A typical firewall can't help you distinguish among or control these applications.

PAN addresses these problems by reframing the primary function of a firewall. In PAN's view, job one is to precisely identify every application that comes in and goes out of the network. This makes all kinds of interesting things possible.

  • 1