| PaloAlto Technologies |
App-ID
Identifying and controlling applications is very important, but legacy port-based firewalls are not useful because of their dependence upon port and protocol as a method of traffic classification. Most applications are able to bypass by means of a variety of methods such as tunnelling a different application, sneaking across port 80, hopping ports or using SSL. Without visibility and control port-based firewalls are not the central control point of the security infrastructure anymore.
Palo Alto Networks created a traffic classification technology that precisely recognises the applications, no matter of port, protocol, SSL, or evasive tactic, in order to re-establish the firewall as the strategic center of the security infrastructure. App-ID™is the result, a patent-pending traffic classification technology that allows administrators to identify correctly which applications are flowing on their network.
App-ID goes much further the usual port-based firewalls that use only one mechanism of traffic classification, and it inspects all of the traffic flowing throughout the firewall, with one or more identification techniques. These include application protocol detection and decryption, application protocol decoding, application signatures, and heuristic analysis. The application identity is then used as the basis of the security policy.
Administrators can now take a more composed and knowledgeable approach by learning more about the application and then securely allowing its usage or blocking it based on the security threats, rather then respond to the discovery of a strange application by summarily blocking it.
With App-ID, its now possible for IT to:
Enhance network visibility by precisely detecting application traffic no matter of of port and protocol.
Improve security by giving access rights based upon the genuine application traffic rather than simply the port and protocol.
Strengthen malware prevention effectiveness by narrowing down the number of unauthorized applications traversing the network.
User ID
As organisations use of Internet continues to grow and web-centric applications continue to assist growth and enhance efficiencies, the requirement to know what users are doing on the network becomes more and more crucial. Dynamic IP addressing across both wired and wireless networks, and remote access by employees and non-employees alike have made the use of IP addresses an useless mechanism for checking and controlling users actions. Most of today’s port-based firewalls depend greatly upon IP addresses as a means of detecting and controlling user activity.
Palo Alto Networks User-ID technology seamlessly combines with Active Directory to dynamically link an IP address to user and group information and therefore addresses the lack of visibility into user activity. Enterprises can now check and manage applications and content going through the network, based on the user and group information saved within the user repository, with visibility into user activity.
With User-ID, IT is now able to:
Recover visibility into user activities connected to the applications in use and the content they may create.
Increase security posture by incorporating strategies that tie application usage to certain users and groups, rather than to simply the IP address.
User-ID gives an administrator the ultimate visibility into the application activity at not just an IP address level, but also a user level and therefore, addresses a vital need in re-establishing control over the applications flowing through the network. When used in combination with App-ID and Content-ID technologies, User-ID allows IT organizations to obtain unparalleled policy-based visibility and control over users, applications and content.
Content ID
Correctly detecting the applications going through the network is a small section of the IT departments problems with today's Internet-centric environment. Inspecting legitimate application traffic at performance levels that satisfy high speed network requirements is the next big challenge, and one that is solved by a modern technology called Content-ID.
Content-ID contains these main features and benefits:
High Performance Threat Prevention
Security against viruses, spyware, and vulnerability threats is provided through the utilisation of a uniform threat signature format and stream-based scanning. The uniform signature format means that traffic is only analysed once, rather than numerous scans that most other solutions must perform.
Virus and Spyware Prevention
This is executed via the use of stream-based scanning, a method that starts scanning the moment the first packets of the file are received, rather than waiting until the whole file is loaded into memory before the scan can begin. The effect is a remarkable decrease in latency.
Vulnerability Attack Protection (IPS)
Quickly prevents attacks on vulnerable applications and operating systems using application and protocol decoder-based analysis in combination with anomaly and heuristic-based protection. Traffic is normalized to get rid of unaccepted and abnormal packets, while TCP reassembly and IP de-fragmentation is performed to guarantee the highest precision and security regardless of any attack evasion techniques.
URL Filtering
An entirely incorporated, on-box URL filtering database provides policy-based control over employee web surfing, protecting the organisation from a full range of legal, regulatory, productivity and resource threats.
Data Leak Prevention
Reaping the benefits of the in-depth application inspection being performed by App-ID, administrators can apply several different types of strategies that lower the threat associated with unpermitted file and data transfer. The transfer of files can be controlled by looking deep within the payload to detect the file type rather than looking at the file extension and allow or block depending on the the policy. Loss of confidential data such as credit card numbers or SSN can be controlled by detecting data patterns in the application flow and responding according to the policy.
http://www.1st-computer-networks.co.uk/paloalto-technology.php
Article Source: UnArchived Articles
|
|
|
|
