Internet Protection Overview
A Next Generation Firewall (NGFW) is critical component to providing an effective cyber security deterrent. It further enhances the level of protection provided to your compute devices protecting you, your family or Business at the network perimeter.
Fundamental shifts in the application and threat landscape, user behavior, and network infrastructure have steadily eroded the security that traditional traditional firewalls once provided. People are accessing all types of applications using a range of device types, often times to get their job done. Meanwhile, datacenter expansion, virtualization, mobility, and cloud-based initiatives are forcing you to re-think how to enable application access yet protect your network.
Traditional responses include an attempt to lock down all application traffic through an ever growing list of point technologies in addition to the firewall, which may hinder your business; or allowing all applications, which is equally unacceptable due to increased business and security risks. The challenge that you face is that your traditional firewall technology, even with bolt-on application blocking, does not provide an alternative to either approach. In order to strike a balance between allowing everything and denying everything, you need to safely enable applications by using business-relevant elements such as the application identity, who is using the application, and the type of content as key firewall security policy criteria.
The EXOsecure Digital Spartan Service provides advanced protection by utilizing Next Generation Firewalls (NGFWs) from Palo Alto Networks. Global Protect and NGFWs work together to protect You, your family, business or organization and delivers consistent security to all applications. All users, whether at your business location, on the road or at home, connect to the Digital Spartan Service to safely use the internet and cloud applications by consistently inspecting all traffic for threats.
How is the Next Generation Firewall from Palo Alto Networks different from the traditional firewall and why does it matter?
• Identify applications, not ports. Classify traffic, as soon as it hits the firewall, to determine the application identity, irrespective of protocol, encryption, or evasive tactic. Then use that identity as the basis for all security policies.
• Tie application usage to user identity, not IP address, regardless of location or device. Employ user and group information from enterprise directories and other user stores to deploy consistent enablement policies for all your users, regardless of location or device.
• Protest against all threats—both known and unknown. Prevent known vulnerability exploits, malware, spyware, malicious URLs while analyzing traffic for, and automatically delivering protection against highly targeted and previously unknown malware.
• Simplify policy management. Safely enable applications and reduce administrative efforts with easy-to-use graphical tools, a unified policy editor, templates, and device groups.
Safe application enablement with Palo Alto Networks™ next-generation firewalls helps you address business and security risks associated with the rapidly growing number of applications traversing your network. By enabling applications for users or groups of users, both local, mobile, and remote, and protecting the traffic against known and unknown threats, you can improve your security posture while growing your business.
Classifying all applications, across all ports, all the time.
Integrating users and devices, not just IP addresses into policies.
Protect against all threats, both known and unknown.
Accurate traffic classification is the heart of any firewall, with the result becoming the basis of the security policy. Today, applications can easily bypass a port-based firewall; hopping ports, using SSL and SSH, sneaking across port 80, or using non-standard ports. App-ID™ addresses the traffic classification visibility limitations that plague traditional firewalls by applying multiple classification mechanisms to the traffic stream, as soon as the firewall sees it, to determine the exact identity of application traversing your network, regardless of port, encryption (SSL or SSH) or evasive technique employed. The knowledge of exactly which applications are traversing your network, not just the port and protocol, becomes the basis for all your security policy decisions. Unidentified applications, typically a small percentage of traffic, yet high in potential risk, are automatically categorized for systematic management— which can include policy control and inspection, threat forensics, creation of a custom App-ID, or a packet capture for Palo Alto Networks App-ID development.
Creating and managing security policies based on the application and the identity of the user, regardless of device or location, is a more effective means of protecting your network than relying solely on port and IP address. Integration with a wide range of enterprise user repositories provides the identity of the Microsoft Windows, Mac OS X, Linux, Android, or iOS user accessing the application. Users who are traveling or working remotely are seamlessly protected with the same, consistent policies that are in use on the local, or corporate network. The combined visibility and control over a user’s application activity means you can safely enable the use of Oracle, BitTorrent, or Gmail, or any other application traversing your network, no matter where or how the user is accessing it.
To protect today’s modern network,
you must address a blend of known exploits, malware and spyware as well as completely
unknown and targeted threats. This process begins by reducing the network attack surface by
allowing specific applications and denying all others, either implicitly through a deny-all-else
strategy or through explicit policies. Coordinated threat prevention can then be applied to
all allowed traffic, blocking known malware sites, vulnerability exploits, viruses, spyware and
malicious DNS queries in a single pass. Custom or otherwise unknown malware is actively
analyzed and identified by executing the unknown files and directly observing more than 100
malicious behaviors in a virtualized sandbox environment. When new malware is discovered,
a signature for the infecting file and related malware traffic is automatically generated and
delivered to you. All threat prevention analysis uses full application and protocol context,
ensuring that threats are always caught even if they attempt to hide from security in tunnels,
compressed content or on non-standard ports.