Home > Products > Palo Alto Networks > Protect the network from threats, control web surfing and limit file/data transfer.
 
 
 
 
Protect the network from threats, control web surfing and limit file/data transfer.
 
 
 
Content-ID combines a real-time threat prevention engine with a comprehensive URL database and elements of application identification to limit unauthorized data and file transfers, detect and block a wide range of threats and control non-work related web surfing. The application visibility and control delivered by App-ID, combined with the content inspection enabled by Content-ID means that IT departments can regain control over application traffic and the related content.
 
NSS-rated IPS

The NSS-rated IPS blocks known and unknown vulnerability exploits, buffer overflows, DoS attacks and port scans from compromising and damaging enterprise information resources. IPS mechanisms include:

  • Protocol decoder-based analysis statefully decodes the protocol and then intelligently applies signatures to detect vulnerability exploits.
  • Protocol anomaly-based protection detects non-RFC compliant protocol usage such as the use of overlong URI or overlong FTP login.
  • Stateful pattern matching detects attacks across more than one packet, taking into account elements such as the arrival order and sequence.
  • Statistical anomaly detection prevents rate-based DoS flooding attacks.
  • Heuristic-based analysis detects anomalous packet and traffic patterns such as port scans and host sweeps.
  • Custom vulnerability or spyware phone home signatures that can be used in the either the anti-spyware or vulnerability protection profiles.
  • Other attack protection capabilities such as blocking invalid or malformed packets, IP defragmentation and TCP reassembly are utilized for protection against evasion and obfuscation methods employed by attackers.

Traffic is normalized to eliminate invalid and malformed packets, while TCP reassembly and IP de-fragmentation is performed to ensure the utmost accuracy and protection despite any attack evasion techniques.
 
URL Filtering
Complementing the threat prevention and application control capabilities is a fully integrated, URL filtering database consisting of 20 million URLs across 76 categories that enables IT departments to monitor and control employee web surfing activities. The on-box URL database can be augmented to suit the traffic patterns of the local user community with a custom, 1 million URL database. URLs that are not categorized by the local URL database can be pulled into cache from a hosted, 180 million URL database. In addition to database customization, administrators can create custom URL categories to further tailor the URL controls to suit their specific needs. URL filtering visibility and policy controls can be tied to specific users through the transparent integration with enterprise directory services (Active Directory, LDAP, eDirectory) with additional insight provided through customizable reporting and logging.
 
File and Data Filtering

Data filtering features enable administrators to implement policies that will reduce the risks associated with the transfer of unauthorized files and data.

  • File blocking by type: Control the flow of a wide range of file types by looking deep within the payload to identify the file type (as opposed to looking only at the file extension).
  • Data filtering: Control the transfer of sensitive data patterns such as credit card and social security numbers in application content or attachments.
  • File transfer function control: Control the file transfer functionality within an individual application, allowing application use yet preventing undesired inbound or outbound file transfer.
 
Learn More
 
 
 
 
    Copyright © 2011 Bitrate (Pty) Ltd.