According to the report, “In 2009, Gartner saw market pressures accelerate the demand for next-generation firewall platforms that provide the capability to detect and block sophisticated attacks, as well as enforce granular security policy at the application (versus port and protocol) level.” 2
Furthermore, Gartner stated, “The rapid growth of business applications moving from the internal data center to external software as a service (and someday cloud services), along with the impact of what Gartner calls ‘the consumerization of IT,’ has rapidly changed the definition of a ‘trust boundary’ and the types of security controls that are required at that boundary.” 3
IIn its analysis, Gartner evaluated Palo Alto Networks’ next-generation firewall (NGFW), based on “ability to execute” and “completeness of vision.”
With Palo Alto Networks technology, enterprises can accurately identify applications, scan content to stop threats, and prevent data leakage – all with a single network device. By reducing the number of security devices in their networks, companies can save both capital expenditures and operational costs.
“We believe Gartner’s report confirms that Palo Alto Networks is emerging as a key architect in the future of network security,” said René Bonvanie, vice president of worldwide marketing at Palo Alto Networks. “Increasingly, Enterprise 2.0 applications are key contributors to how businesses achieve higher productivity. Unfortunately, they also introduce threats. Our firewall empowers IT professionals to protect their business systems from modern security threats by safely enabling Enterprise 2.0 applications.”
Gartner’s recommendations from the “Defining the Next-Generation Firewall” 4 report published in October 2009 include:
• If you have not yet deployed network intrusion prevention, require NGFW capabilities of all vendors at your next firewall refresh point.
• If you have deployed both network firewalls and network intrusion prevention, synchronize the refresh cycle for both technologies and migrate to NGFW capabilities.
• If you use managed perimeter security services, look to move up to managed NGFW services at the next contract renewal.
Palo Alto Networks Next-Generation Firewall: How it Works
Palo Alto Networks has fixed the problems associated with traditional firewalls by combining three identification technologies that provide visibility and control over applications, users and content.
• App-ID identifies exactly which applications are running on the network, as well as the associated risks, so administrators can deploy comprehensive application usage control policies for inbound and outbound traffic.
• User-ID integrates with enterprise directory services (e.g. Microsoft Active Directory and other LDAP directories) to link network activity to users and groups – not just IP addresses – for application visibility, policy creation, logging and reporting.
• Content-ID combines a real-time threat prevention engine with a comprehensive URL database to detect and block a wide range of threats, limit unauthorized transfer of files and data, and control non-work related Web surfing.
As a result, IT managers can accurately determine what is running on their network and make informed policy decisions that improve their overall security posture.
Information on the more than 950 applications that are identified by Palo Alto Networks can be found in Applipedia, part of the company’s Application and Threat Research Center. Visit the online resource to find the latest news, commentary, and discoveries on applications and threats at paloaltonetworks.com/researchcenter/.
About the Magic Quadrant
The Magic Quadrant is copyrighted March 15, 2010, by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
About Palo Alto Networks
Palo Alto Networks™ (paloaltonetworks.com) is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 10Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation.
1 Gartner “Magic Quadrant for Enterprise Network Firewalls” by Greg Young and John Pescatore, March 15, 2010.
2 Gartner “Magic Quadrant for Enterprise Network Firewalls” by Greg Young and John Pescatore, March 15, 2010, page 1.
3Gartner “Magic Quadrant for Enterprise Network Firewalls” by Greg Young and John Pescatore, March 15, 2010, page 1.
4 Gartner “Defining the Next-Generation Firewall” by John Pescatore and Greg Young, October 12, 2009, page 1.
Palo Alto Networks, “The Network Security Company,” the Palo Alto Networks Logo and App-ID are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.