Next-gen firewall is emerging as the centre of enterprise security. Palo Alto, which defined this category on their own terms, is bringing new innovations to market. Karl Driesen, VP EMEA, Palo Alto Networks, talks about the strategy for growth in the region and opportunities for its channel partners.
What kind of opportunities do you see in the Middle East market?
This is a very strategic market for us and we are investing heavily here to grow our business. The recent high-profile security breaches in the region have spurred demand for next-generation security technologies and what we offer is a revolutionary technology that is being appreciated by both customers and partners. The market opportunity is on a multiple billions Dollars level per year, which we serve through a 100% channel model. Most firewalls deployed by end users today are based on 15 years plus technology. We believe the current state of inspection firewalls will become obsolete over the next couple of years and next-generation firewall is the way to go to meet this generation’s network and threat environment.
How do you define NGFWs?
Palo Alto Networks has pioneered the next generation of network security with its platform that allows enterprises resp. customers to secure their network and safely enable the increasingly complex and rapidly growing number of applications running on their networks. The main principles of the Next-Generation Firewall (NGFW) were developed in 2005 and the first product was launched in 2007.
At the core of our platform is its NGFW, which delivers visibility and control over application, users, and content within the firewall using a highly optimized hardware and software architecture. This platform offers enterprises the ability to identify, control, and safely enable applications while inspecting all content for all threats in real time. The Palo Alto Networks NGFW platform can address a broad range of network security requirements, ranging from the data center to the network perimeter to the far edges of the enterprise, which includes branch offices and mobile devices.
There is a common perception that Palo Alto products are more expensive. Is it because you do everything from ground up on high performance hardware, compared to your competitors who have retro-fitted?
To the chagrin of many IT professionals, the industry’s traditional response to new applications and threats has been to add more appliances – each “helping” the firewall with a piece of the network security function. This unsustainable approach has long proven complex and costly, and now appears to be broken – since these firewall helpers either can’t see all of the traffic, rely on the same port- and protocol-based traffic classification that has failed the legacy firewall, or proxy a very limited number of applications (a dozen instead of hundreds or thousands). Given that enterprises had little choice, most have adopted an array of firewall helpers – resulting in a network security infrastructure that is expensive, difficult to manage, and increasingly ineffective at controlling application or the threats that applications might carry – characteristics proving unacceptable to enterprises today.
What is the difference between NGFW and UTM? Are they conceptually the same?
As mentioned above, Palo Alto Networks next-generation firewalls enable policy-based visibility and control over applications, users and content using three unique identification technologies: App-ID, User-ID and Content-ID. Due to the fact that the Palo Alto Networks firewall can perform traditional firewall functions, and is also capable of blocking threats and controlling web usage, logical comparisons to Unified Threat Management (UTM) offerings are made. Our firewall is not a UTM. Palo Alto Networks’ next-generation firewalls FIX the problem that is plaguing network security – the inability to identify and control the applications running on enterprise networks. By giving control back to IT in the firewall, many network security band-aids can be removed. The only value proposition a UTM provides is to collapse the traditional (broken) network security infrastructure into a single box as a cost savings mechanism. All in all, UTM solutions are merely attempting to reduce the cost of deployment without addressing the business and security risks presented by the loss of visibility and control over applications, users and content that IT managers are faced with today.
What is WildFire?
It’s a cloud-based malware-detection and analysis service that can detect targeted attacks within 30 minutes. It’s a subscription-based service that allows our customers to monitor zero-day malware attacks and block them.
Modern attackers have increasingly turned to targeted and new unknown variants of malware in order sneak past traditional security solutions. To meet this challenge, Palo Alto Networks has developed WildFire, which provides the ability to identify malicious behaviors in executable files by running them in a virtual environment and observing their behaviors. This enables Palo Alto Networks to identify malware quickly and accurately, even if the particular sample of malware has never been seen in the wild before.
Once a file is determined to be malicious, WildFire automatically generates signatures for both the infecting malware and the resulting command and control traffic. Signatures are delivered with regular security updates to provide automated in-line protection from these highly advanced threats. Your IT team is provided with a wealth of forensics to see exactly who was targeted, the application used in the delivery and any URLs that played a part in the attack.
How do you plan to address virtualisation security?
Two months back, we have introduced the first virtualised version our next-gen firewall which is a server-based software intended to run on VMware platform. Called VM-series, this new software will allow security managers to set up firewall application-layer controls in virtual machines and overcome the limitation that physical firewall appliances face in virtual environments. Though we are entering the virtualised firewall market, it doesn’t mean we will not stop selling physical application-layer firewalls.
In fact, we have recently updated our physical appliance portfolio by new introducing two NGFWs – the PA 3020 and PA 3050, which respectively deliver 2Gbps and4Gbps of throughput. All of our new products are based on an updated OS, PAN OS 5.0.
How do you plan to tackle competitors and what differentiates your company?
By Innovation. Palo Alto Networks was the first manufacturer bringing NGFW technology to market back in 2007. Two years later, Gartner validated that what we did was setting the pace. Since 2011 we are being considered a technology leader by Gartner per their Magic Quadrant of Enterprise Firewalls. Palo Alto Networks is one of the few companies in this market being dedicated to Network Security and is committed to continue to innovate in a market in which the problems customers have to deal with are very dynamic.
Given the fact that NGFW is a relatively new technology, how do you plan to create awareness among users and also train your channel to sell this technology?
We are in contact with our addressable market on a daily basis. The largest organisations we are in contact with directly, mid size and small companies via our value added resellers. In parallel we have dedicated channel teams and distributors educating our channels on an ongoing basis in line with our NextWave Partner program.
What is your message to the channel community?
Palo Alto Networks is on of the most exciting companies in the tech industry today. We have reinvented firewalls and we have bet everything on it. Our motto is very simple – nothing that travels on your network should be invisible to a next-gen firewall. The era of traditional firewalls is very likely to be over and the NGFW market is a long term revenue opportunity with significant profit for the channel community.