Palo Alto Firewall

Main article: Firewall

2021: Integration with Nvidia DPU BlueField

On August 31, 2021 the Nvidia company announced about integratsiiDPU BlueField in solutions of Palo Alto Networks. More details here.

2011: Next-generation Firewalls line

The American company Palo Alto Networks (PAN) introduced in October 2011 in the Russian market a line of its devices, which PAN itself calls Next-generation Firewalls (NGFW) network screens.

Unlike traditional screens that protect ports, network protocols, and IP addresses, NGFW screens are designed to protect applications, users, and network content. The advantages of this approach to network security, according to PAN engineers, are that the traditional blocking of traffic at the port, network protocol and IP address level has ceased to be effective, since today the same port can use a variety of applications, IP addresses do not identify users, and network packets - transmitted content.

As a result, using traditional network screens, it is no longer possible to support in-house information security (IS) policies relative to applications. With this in mind, it is easy to imagine the risks associated with application vulnerabilities for any company. Especially if you take into account that according to IB research, the most famous modern network hacks are associated with application vulnerabilities, and the number of applications around the world is steadily and rapidly growing, including Web 2.0 applications (social networks, web mail, instant messaging systems, etc.), which are almost everywhere used for business purposes.

Compensating for the functional disadvantages of traditional network screens by using additional network protection tools such as IPS/IDS, gateway anti-virus, anti-spam systems, proxy servers, URL filters and UTM systems, according to PAN experts, complicates and increases the cost of protection, reduces network performance.

To regain its former protective effectiveness, according to PAN, a modern network screen must be able to recognize applications regardless of the ports they use, network protocols, encryption, special masking techniques; Identify users with any IP addresses Real-time protection against threats in applications Support application access control policies in general and their individual functions Operate 'in line' without compromising network performance at gigabit speeds.

At the same time, the task of the NGFW screen, according to PAN engineers, is not to block applications in the event of security threats in them, but to ensure their overall operation and block only the threats contained in them, and without loss of performance and manageability of the network.

Applications and their separate functions are recognized in NGFW devices by signatures and heuristic methods unique to each of them. NGFW screens support network access at the application level. The list of applications controlled by PAN screens is constantly updated by the company's specialists and today has more than 1300 names. The control of traffic content by devices is carried out in both directions - inside the network and from it. NGFWs can control compressed and encrypted files, anonymous applications, and applications skipped through proxy servers.

NGFW implements three technologies developed in PAN. App-ID technology is designed to recognize applications at the level of individual functions they perform. User-ID technology, through integration with LDAP-based directory services, allows users (both individual and group) of each application in the network to be automatically recognized and correlated with data flows. The Content-ID engine scans the content of network traffic, including for malicious codes.

All PAN NGFW devices have the same functionality and differ only in performance, which today is 20 Gb/s in line. It is stated that NGFW screens can be located in any section of the network. Additional GlobalProtect functionality allows all NGFWs connected to the corporate network to form a network security cloud through collaboration for users, no matter where they are.

To support GlobalProtect functionality, a special software agent must be installed on user devices to determine the location of the device in relation to the network. If the device is remote, then the agent connects it to the nearest NGFW, as soon as it enters the Internet, transmits to the screen information about the state of the device (its type, the relevance of the updates installed on it, data encryption on it, etc.). With the technologies listed above, the screen is able to support the security policies installed to connect endpoints to the enterprise network.

2010: Network Screen Technologies

Palo Alto developers have patented 3 innovative technologies:

• App-ID is a technology that allows you to identify more than 900 applications on the network, regardless of their port and protocol (including web applications running on port 80). The technology can recognize applications even inside the SSL tunnel, decrypting it;
• User-ID is a technology that integrates a next-generation firewall with Active * Directory (as well as LDAP and Novell eDirectory), thereby identifying each user of each application;
• Content-ID is a technology that protects against many threats (viruses, trojans, botnets, spyware), blocks unauthorized file transfer over the network and controls web surfing.

The use of these technologies provides unprecedented control over network traffic and allows you to flexibly configure security policies, making the network transparent and manageable. All of these functions are performed at 10 Gb/s with very low latency. Even in virus scan mode, the device delivers 5 Gb/s speed.