mechanism App-ID enables comprehensive visibility and fine-grained control Applications adhere to neither port nor protocol associations. Classification by port is ineffective, offers no visibility and poor control. Primary security policy element The actual identity of the application is used in policy: e.g., allow Gmail, block BitTorrent and UltraSurf Allow port 80, block port 5605. Effectively, this policy blocks nothing because ports can no longer enable appropriate levels of control. Application identity visibility The application identity what it does, how it works, and who is using it is the primary policy element Log viewing is an after the fact exercise providing data too late. The data is incomplete, because it only reflects the applications expressly searched for. Application control model Employees are given more application freedom, with IT ensuring safe enablement to improve the company bottom line while protecting the network Coarse-grained model forces IT admins to say No too often. Enterprise directory services integration Able to enable applications is based on users and groups in addition to, or regardless of, IP address Using IP addresses in lieu of users and groups makes positive control of applications nearly impossible. Visibility and control of SSL traffic (inbound and outbound) Incorporates policy-based decryption and inspection of SSL traffic (both inbound and outbound), ensuring total visibility Typically, all SSL traffic is uncontrolled, un- scanned, and invisible to traditional security infrastructure and IT administrators. Product Comparison Cisco Firewall v Palo Alto Networks Next-Generation Firewall
Firewall Market Background Next-generation firewalls combine the capabilities of traditional firewalls with QoS functionality and features including intrusion prevention, SSL and SSH inspection, as well as application awareness.
The superior features of the Next-generation firewall make it suitable for securing enterprise corporate networks.
Palo Alto Networks is widely recognised as the worldwide leader for Next-generation firewalls by industry analysts such as Gartner, IDC and Frost & Sullivan.
Why buy Cisco o Entrenchment in network infrastructure makes it easy for Cisco trained staff to support Cisco security solutions o Seen as a safe bet due to the strength of the Cisco brand
Why buy Palo Alto Networks o Cisco ASA solutions lack much of the functionality required to protect against modern threats o Gartner rates Palo Alto as having superior completeness of vision and ability to execute compared to Cisco in its 2014 Magic Quadrant for Enterprise Network Firewalls o Would you use a security vendor to provide your network infrastructure? Why use a networking vendor for your security?