New Palo Alto Networks Technology Secures Cloud Connections For Remote Workers

Palo Alto Networks, a firewall security vendor, introduced new technology Wednesday that better secures connections between remote workers and the cloud applications that they want to use. Its GlobalProtect technology provides virtual private network (VPN)-like protection for a user accessing software as a service (SaaS) applications, such as Salesforce.com, or cloud-based collaboration platforms, like Microsoft's SharePoint, as if they were on their own corporate network. GlobalProtect is one of three product announcements, including a series of next-generation firewall (NGFW) appliances and an upgraded PAN-OS operating system.

When remote workers want to securely access their corporate network, they typically do so through a secure socket layer (SSL) VPN, says Chris King, director of product marketing for Palo Alto Networks. But companies don't have VPN control when the remote worker is accessing a cloud-delivered app. GlobalProtect improves security by connecting to the enterprise's nearest NGFW.

A remote worker in Albany, N.Y., for example, could connect to his company's NGFW in Schenectady, said King. "I can connect to that gateway and have security policy be enforced." The new PAS-5000 series of firewall appliances--the 5020, 5050 and 5060--have the capacity to screen network traffic at speeds up to 20Gbps, King says.

Next-generation firewalls provide all of the expected security of traditional firewalls, but also offer integrated intrusion prevention security, full stack visibility that offers protection tailored to specific applications and extra firewall intelligence, he says.

In an October 2009 report, Gartner stated that only 1 percent of Internet connections were protected by NGFWs, but that by 2014, that number would rise to 35 percent and that 60 percent of new firewall purchases that year would be of NGFW technology.Palo Alto Networks is also rolling out PAN-OS version 4.0, which includes 50 new features, King says. The enhanced security in the new firewall lets enterprises analyze more of their network traffic, eliminating "blind spots" where they can't spot security threats, he says.

If the firewall increases the percentage of traffic screened from, say, 90 percent to 97 percent, that leaves only 3 percent that the customer has to analyze on its own. King says that one customer reported to Palo Alto Networks that, in that smaller slice of its network traffic, it spotted evidence of the Mariposa Botnet, which threatened networks in 2008 and 2009.

Prices for new PAS-5000 series of firewall appliances, which are available now, start at $40,000.

See more on this topic by subscribing to Network Computing Pro Reports Research: Virtualization Security (subscription required).