InformationWeek
Business Innovation Powered By Technology
Powered by InformationWeek Business Technology Network
Topics:
Startup City
$28 Million For An Old Idea—Part 1
Here's how it breaks down. Palo Alto Networks (PAN) says its new firewall can identify more than 400 applications, including Web applications, that traditional firewalls can't. Using the "new" technology, PAN can spot IM, Web mail, P2P, and other traffic. These apps are common vectors for malware and data leakage, can steal bandwidth from business apps, and may disrupt employee productivity. PAN says its firewalls let administrators create fine-grained policies to deal with these applications, such as allowing Yahoo IM but no others. It also can detect attacks in these traffic streams. By contrast, stateful inspection firewalls are more blunt. If a stateful inspection firewall allows HTTP via port 80, any application that tunnels inside the protocol and uses that port will get into or out of the enterprise, whether security admins like it or not. PAN's approach is both valid and useful, but here's where the chutzpah comes in. Co-founder Nir Zuk was a principal engineer for Check Point Software and a pioneer of stateful inspection technology. Check Point spent a great deal of effort badmouthing a competing firewall technology, the application proxy. Application proxy firewalls essentially do the same thing that PAN does -- identify a variety of applications, inspect them, and enforce granular policies on them. However, back in the 1990s Check Point and its stateful inspection brethren (such as Cisco PIX) did such a great job of denigrating the application proxy firewall that today its share of the firewall market looks like a rounding error. There are major technological differences between PAN and application proxies (and I'll get to those in a subsequent post), but I find it ironic that Zuk's newest venture is based on concepts Check Point tried to marginalize so many years ago. « Google Has $4.6 Billion Ready For FCC Auction | Main | Can Google, The FCC, And AT&T Turn Wireless Carriers Into Dumb Pipes? » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
| |||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
| |
|||||||||||||||||||||||||||||||||||||||||
|
|
|
|
||||||||||||
|
||||||||||||||
|
|
|
|
||||||||||||
| | | ||||||||||||
|
|
|
|
||||||||||||
|
||||||||||||||
|
|
|
|
||||||||||||
| | | ||||||||||||
| | | ||||||||||||
