Palo Alto

PaloAlto Firewalls

The controlling element of PaloAlto Firewalls is PAN-OS®, the same software that runs all Palo Alto Networks NextGeneration Firewalls. PAN-OS natively classifies all traffic, inclusive of applications, threats, and content, and then ties that traffic to the user regardless of location or device type. The application, content, and user—in other words, the elements that run your business—then serve as the basis of your security policies, resulting in improved security posture and reduced incident response time.

Key Security and Connectivity Features

Extends native protection across all attack vectors with cloud-delivered security subscriptions

Threat Prevention—inspects all traffic to automatically block known vulnerabilities, malware, vulnerability exploits, spyware, command and control (C2), and custom intrusion prevention system (IPS) signatures.
WildFire® malware prevention—unifies inline machine learning protection with robust cloud-based analysis to instantly prevent new threats in real time as well as discover and remediate evasive threats faster than ever.
URL Filtering—prevents access to malicious sites and protects users against web-based threats, including credential phishing attacks.
DNS Security—detects and blocks known and unknown threats over DNS (including data exfiltration via DNS tunneling), prevents attackers from bypassing security measures, and eliminates the need for independent tools or changes to DNS routing.
IoT Security—discovers all unmanaged devices in your network quickly and accurately with ML, without the need to deploy additional sensors. Identifies risks and vulnerabilities, prevents known and unknown threats, provides risk-based policy recommendations, and automates enforcement.

ML-Powered Next-Generation Firewall

Embeds machine learning (ML) in the core of the firewall to provide inline signature less attack prevention for file based attacks while identifying and immediately stopping never-before-seen phishing attempts.
Leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW.
Uses behavioral analysis to detect internet of things (IoT) devices and make policy recommendations; cloud delivered and natively integrated service on the NGFW.
Automates policy recommendations that save time and reduce the chance of human error.

Identifies and categorizes all applications, on all ports, all the time, with full Layer 7 inspection

Identifies the applications traversing your network irrespective of port, protocol, evasive techniques, or encryption (TLS/SSL)
Uses the application, not the port, as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect, and apply traffic-shaping.
Offers the ability to create custom App-IDs for proprietary applications or request App-ID development for new applications from Palo Alto Networks.
Identifies all payload data within the application, such as files and data patterns, to block malicious files and thwart data exfiltration attempts.
Creates standard and customized application usage reports, including software-as-a-service (SaaS) reports that provide insight into all SaaS traffic—sanctioned and unsanctioned—on your network.
Enables safe migration of legacy Layer 4 rule sets to App-ID-based rules with built-in Policy Optimizer, giving you a rule set that is more secure and easier to manage.