$28 Million For An Old Idea-Part 1 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
7/20/2007
12:37 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

$28 Million For An Old Idea-Part 1

You have to admire the chutzpah of startup Palo Alto Networks. The company has raised $28 million to sell a "next-generation" firewall based on ideas that are 20 years old.

You have to admire the chutzpah of startup Palo Alto Networks. The company has raised $28 million to sell a "next-generation" firewall based on ideas that are 20 years old.Here's how it breaks down. Palo Alto Networks (PAN) says its new firewall can identify more than 400 applications, including Web applications, that traditional firewalls can't. Using the "new" technology, PAN can spot IM, Web mail, P2P, and other traffic. These apps are common vectors for malware and data leakage, can steal bandwidth from business apps, and may disrupt employee productivity.

PAN says its firewalls let administrators create fine-grained policies to deal with these applications, such as allowing Yahoo IM but no others. It also can detect attacks in these traffic streams. By contrast, stateful inspection firewalls are more blunt. If a stateful inspection firewall allows HTTP via port 80, any application that tunnels inside the protocol and uses that port will get into or out of the enterprise, whether security admins like it or not.

PAN's approach is both valid and useful, but here's where the chutzpah comes in. Co-founder Nir Zuk was a principal engineer for Check Point Software and a pioneer of stateful inspection technology. Check Point spent a great deal of effort badmouthing a competing firewall technology, the application proxy. Application proxy firewalls essentially do the same thing that PAN does -- identify a variety of applications, inspect them, and enforce granular policies on them.

However, back in the 1990s Check Point and its stateful inspection brethren (such as Cisco PIX) did such a great job of denigrating the application proxy firewall that today its share of the firewall market looks like a rounding error.

There are major technological differences between PAN and application proxies (and I'll get to those in a subsequent post), but I find it ironic that Zuk's newest venture is based on concepts Check Point tried to marginalize so many years ago.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll