By Thomas Claburn
 Nir Zuk, Palo Alto Networks’ CTO, is a huge advocate of firewalls. And perhaps that’s as it should be, since 14 years ago at Check Point Software Technologies, he helped develop the stateful inspection technology used in most firewalls today.
He went on to co-found Palo Alto Networks three years ago with the mission of reinventing the firewall. The company says it now has about 150 business customers and another 150 testing its firewall.
Firewalls used to be able to identify network traffic and the application that created it by its port number and protocol. But today, applications can use different ports, or enter the corporate network via Web ports, which are typically left open. “Stateful inspection just doesn’t work anymore,” Zuk contends. As a result, a typical company’s network has hundreds of applications hidden from the firewall, he says, and organizations have very little control over what their employees are doing and the risks those activities expose their companies to.
Palo Alto claims it can accurately identify the applications on a network using signatures—that is, the firewall identifies unique characteristics of individual applications rather than relying on ports and protocols.
In addition to improving visibility, Palo Alto also gives IT better control, Zuk says. For example, banks often block WebEx’s conferencing software, because it allows desktop sharing, a feature their IT organizations consider risky. But that means forgoing other useful WebEx functions. Palo Alto Networks’ PA-series firewall lets IT administrators block the desktop-sharing feature, while maintaining access to other useful applications. This, Zuk says, can help IT security units transform themselves from being known as “Dr. No” within their companies to providing the flexibility to meet business needs.
l Paul Maritz l George Socha l Manjit Singh l Jeff Teper l Sam Ruby l Barack Obama l Kirill Sheynkman l Marc Benioff l Avi Kivity l HD Moore l
|