Home > Solutions > Palo Alto Networks > Prevent Threats
 
 
 
 
Prevent Threats
Security threats to enterprises continue to evolve. Threat developers have become more sophisticated, both in their motivation and techniques. Applications have become the front line of modern security where threats typically either are an application, ride on or target one.
 
 
Threat Prevention

A recent SANS Top 20 Threats list indicated that of the top 20 threats enterprise IT security groups should be concerned about, 80% were application-level threats. Further compounding the issue, threats come in more and more flavors, are multi-vector, and resist traditional definitions (e.g., virus, exploit, or worm).

Threats to an organization can take many forms. They can target an application, or can be carried by an application. The traditional defense mechanisms - firewalls and IPS/IDS – cannot effectively control applications, and can't recognize the variety of threats targeting the applications anyway – since IPS/IDS only look at threats formally defined as "exploits".
 
Next-Generation Firewalls

In order to prevent threats effectively, enterprises need to first reduce the avenues of attack – start controlling which applications run on the enterprise network. Then, enterprises need to scan allowed application traffic for threats more broadly – not limiting themselves to a strict definition of a particular type of threat (e.g., "virus" or "exploit"). Finally, in today's economic environment, organizations need to do it without increasing complexity and cost.

Palo Alto Networks next generation firewalls deliver a high performance threat prevention solution. With a low-latency, multi-Gbps platform based on our SP3 Architecture, Palo Alto Networks next generation firewalls:

  • Limit traffic to approved applications while avoiding the risks from unnecessary applications

  • Scan "good" applications for a wide variety of threats – exploits, viruses, spyware, even confidential data leaks – with a single pass, stream-based scan

  • Integrate intelligence, policies and reporting between the firewall and threat prevention functions

  • Maintain network performance and throughput while providing IPS and threat prevention

  • Simplify infrastructure with a single policy, high port-count, and high performance
    		•
     
    Specific Solution Examples:
  • Intrusion prevention: See why application control is the first step to improved prevention of vulnerability exploits, and why the firewall is the right place to do intrusion prevention.

  • Data leak prevention: See how you can reduce the unauthorized transfer of corporate data and confidential personal information.
    		•
     
     
     
     
        Copyright © 2011 Bitrate (Pty) Ltd.