Printer Friendly Version

Try telling your IT manager that you're going to put another security device in his datacenter; he'll probably give you a murderous stare.

That pretty much sums up what some companies are proposing for enterprises, banking on concerns and vulnerabilities over a rising mass of Internet applications, including peer-to-peer software, Web mail and video conferencing that bypass traditional firewalls.

Startup Palo Alto Networks is one such vendor. And it's not blinking on this offering. The company plans to come out of stealth mode Monday with new firewall devices intended to first complement and ultimately replace traditional firewalls from Cisco Systems, Check Point and other incumbents. The company is eyeing a $4 billion security industry grappling with emerging Web threats.

Palo Alto CEO Dave Stevens said the 2 gigabit-per-second PA-4020 and the 10 gigabit-per-second PA-4050 use the company's App-ID classification technology to identify more than 400 applications -- friends or foes -- that typically pass undetected though traditional firewalls.

More From Intranet Journal

10 Open Source Apps for Enterprise Users RSS Options for the Desktop and Beyond Report: CMS Vendors Thriving, Despite Consolidation If you want to comment on these or any other articles you see on Intranet Journal, we'd like to hear from you in our IT Management Forum. Thanks for reading. - Tom Dunlap, Managing Editor. FREE IT Management Newsletters bITa Planet CIO Update Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Grid Computing Planet HTML E-Security Planet Text E-Security Planet HTML DRM Watch HTML

The problem is that newer applications and threats use HTTP (define), or they evade detection through hopping ports, emulating other applications or SSL (define) encryption. Traditional firewalls fail to identify applications because they assume fixed and unique ports per application as designed through stateful inspection.

Those instant messaging, P2P file-sharing, CRM applications like Salesforce.com or a WebEx Web conferencing applications we love so much? They all run over one port, so businesses no longer can control applications based on port number. Moreover, older firewalls just can't see encrypted traffic.

"Application developers have written applications that deliberately don't behave well on the network in an attempt to bypass existing security infrastructure," Stevens said.

In short, legacy firewalls lack a granular level of visibility and control to help manage more than 90 percent of the applications zipping through pipes.

This makes it difficult to enforce application usage policies and can lead to information leaks through via uncontrolled applications. Stevens said this is one of the reasons why some enterprises have taken to buying an appliance to guard every application.

"If the firewall doesn't see it, you go buy yourself an appliance to control instant messaging," Stevens said.

The App-ID software on Palo Alto's PA-4000 machines detects all application traffic across all ports, including SSL encrypted traffic and software-as-a-service, instant messaging, Web mail, P2P and other software types. Moreover, the software can view the application's profile to track usage, source, destination and risk level.

The PA-4000 machines are either deployed in-line behind existing security infrastructure where customers can have total visibility and execute policy control on the application or hang off a span port, which also offers total visibility though no policy control). Available now, the PA-4050 costs $60,000, while the PA-4020 lists at $35,000.

To date, Palo Alto has netted $28 million in venture capital funding from Globespan Capital Partners, Greylock Partners and Sequoia Capital. App-ID was created thanks to the security predigree of CTO Nir Zuk, who helped create the stateful inspection technology behind the first firewalls.

Zuk founded One-Secure, which was acquired by NetScreen Technologies. Juniper then bagged NetScreen in 2004 to better compete with Cisco in the firewall market. Other Palo Alto executives hail from McAfee, Cisco and Peribit.

This article was first published on InternetNews.com. To read the full article, click here.

The report further tracks collaboration vendor performance and application adoption. In that regard, enterprise customers are investigating both commercial and open source solutions, with 26 percent either considering or already using open source applications.

However, a much greater 55 percent said they planned to select such established companies as Microsoft and IBM as their strategic collaboration vendor.

Nemertes said its interview results indicate that some IT executives will consider open source, but many do not think it is enterprise ready and also have concerns about support costs. IT executives surveyed said the ongoing maintenance of open-source applications would be higher than for commercial off-the-shelf products.

Others concerns raised by some of the IT execs include scalability, security, reliability and feature sets which they said outweighed potential capital cost savings on open source.

"There's a clash of cultures," Irwin Lazar, principal analyst & program director at Nemertes, told internetnews.com. "You have a lot of open source companies saying 'Here's the future of computing, here's the source code, anyone can do whatever they want.' It sounds great to the user, but from a large company perspective, there are real world compliance and security issues. In most cases they need a company or some entity backing the software before they will adopt it."

Andrew Aitken, founder and managing partner of open source consultancy Olliance Group, said there's no question open source is being rapidly adopted in the enterprise and is confident the support issues will be addressed.

"Enterprise customers don't require open source solutions to be one hundred percent competitive on features with proprietary software, but they do expect the service level agreements to be as good," Aitken told internetnews.com. He noted a lot of the big enterprise consulting firms are building up open source practices to help address the support issue.

In addition to the big Linux vendors like Red Hat, Lazar noted there are plenty of niche application areas where open source has found a home in the enterprise, such as the Asterisk PBX. He also noted large enterprise suppliers like IBM are increasingly supporting and adding open source software to its list of offerings.

This article first appeared on internetnews.com.

Printer Friendly Version