Showing posts with label Firewalls. Show all posts
Showing posts with label Firewalls. Show all posts

Thursday, December 1, 2016

Palo Alto Networks Offers AutoScaling Firewalls on AWS

Palo Alto Networks has integrated its VM-Series virtualized next-generation firewalls with Amazon Web Services (AWS) Auto Scaling and Elastic Load Balancing (ELB). This allows enterprise customers to automatically scale the cyber breach prevention capabilities of the Palo Alto Networks Next-Generation Security Platform as their AWS workload demands fluctuate.

Additionally, Palo Alto Networks joins the AWS Competency Program for Security, which highlights partners who have demonstrated success in building products and solutions on AWS to support customers in multiple areas, including infrastructure security, policy management, identity management, security monitoring, vulnerability management, and data protection.

"Palo Alto Networks Next-Generation Security Platform provides customers with superior cyber breach prevention capabilities, including security for cloud-based applications. Through our close integration with AWS, customers can now grow and scale their cloud environments with even greater ease and automation while enhancing and maintaining their security posture across public cloud and hybrid environments," stated Lee Klarich, executive vice president, Product Management, Palo Alto Networks.

Barracuda Adds Metered Billing for Application Firewall on AWS

Barracuda announced a new metered billing option for its Web Application Firewall on Amazon Web Services (AWS). The metered billing option enables customers to deploy an unlimited number of Web Application Firewalls and only pay for what they consume.

The company said its Web Application Firewall is the first third-party web application security solution available on the AWS Marketplace where customer usage is aggregated and charged as part of an existing AWS bill, regardless of the number of the Barracuda Web Application Firewalls deployed.

Barracuda also announced an API integration between Barracuda's Web Application Firewall and NextGen Firewall solutions, helping customers simplify the way application security is deployed and managed.

"Barracuda and AWS actively embrace the shared responsibility model to ensure our customers are able to maximize their cloud investments," said Nicole Napiltonia, vice president, Alliances at Barracuda. "The current threat landscape has proven the importance of web application security and extending that to the cloud. As a long-time AWS partner, we are excited to be the first ISV to roll out web application firewall metered billing to our customers, giving them more choice and flexibility in how they secure their AWS environment."

Monday, April 25, 2016

Juniper Advances its Software-Defined Secure Networks Framework

Juniper Networks announced several cloud and virtualized service offerings as part of its Software-Defined Secure Networks (SDSN) framework, including a new compact and containerized virtual firewall called Juniper Networks cSRX. This  next-generation firewall is designed for advanced security services for Software Defined Networks. The cSRX, which Juniper describes as the industry's first virtual firewall in a containerized form factor, provides a way to wrap advanced security services around every workload and the ability to scale up to high multi-tenancy. Advanced security services in the cSRX include Content Security, AppSecure, and unified threat management (UTM).

The rollout also includes a multi-core version of the Juniper Networks vSRX virtual firewall that is expected to be capable of reaching 100 Gbps - 10 times greater than the nearest competitor and creates new possibilities for using agile and flexible virtual firewalls. The multi-core vSRX offers full routing, firewall and L4-L7 security features. The vSRX delivers high availability, granular security with segmentation capabilities between zones, organizations, lines of business and applications, as well as rich connectivity features like Network Address Translation (NAT), routing and VPN.
Working closely with Intel, vSRX leverages the Open Source Data Plane Development Kit (DPDK) software architecture

Both products are anticipated to enable the network to better detect and combat threats through increased performance, intelligence, and a higher density of services on the Intel Xeon processor family (x86 platform).

"As the security landscape continues to evolve, it is more important than ever to work together to combat cyber threats. These key additions to our security portfolio will further our Software-Defined Secure Networks vision and greatly benefit our customers. Our products provide the best opportunity to create secure networks through policy, detection and enforcement. We are excited to be releasing the most flexible firewall solutions in the market and continue to showcase our commitment to bringing SDSN to organizations across the globe," Kevin Walker, security CTO, Juniper Networks

Tuesday, April 28, 2015

Dell SonicWALL TZ Analyzes Encrypted SSL Traffic

Dell introduced new SonicWALL TZ Series firewalls with the ability to analyze encrypted SSL traffic, and an integrated wireless controller.

The new TZ firewalls, which are aimed at small businesses and large, multi-site distributed organizations, leverages multi-core security processors for high-performance Unified Threat Management (UTM).

The company cites intrusion prevention speeds of up to 1.1Gbps. Offering 1GbE network interfaces in a compact desktop form-factor appliance, the Dell SonicWALL TZ Series delivers anti-malware protection, intrusion prevention, content and URL filtering, application control, and secure mobile access for laptops, smartphones and tablets. With the SonicWALL Mobile Connect unified client, the new TZs provide secure mobile access to Google Android, Mac OS X, Kindle Fire and laptop users. The integrated, secure wireless controller in the new TZ Series supports the high-speed 802.11ac wireless standard.

Dell said the patented reassembly-free deep packet inspection engine allows the SonicWALL TZ Series to scan every byte of every packet on all ports and protocols with almost zero latency.

Thursday, March 12, 2015

Interoute Launches Check Point Security Gateway Virtual Edition

Interoute has begun offering the Check Point Security Gateway Virtual Edition (VE) via its Interoute CloudStore.

Applications available on the Interoute CloudStore have been tested and approved to run on Interoute Virtual Data Centre (VDC), the global networked cloud infrastructure with locations across Europe, North America and Asia. The company enables customers to provision the VDC as either a private, public or hybrid cloud. This complements the advanced capabilities of Check Point VE gateways and gives companies the ability to provision and control computing and storage infrastructure on demand, using Pay-as-You-Go or committed payment models. Interoute VDC customers and partners can also select the specific zone they want their data to be hosted and stored in, which can help companies needing to comply with stringent data protection regulations.

Check Point VE gateways protect dynamic virtualized environments and external networks, such as private and public clouds, from internal and external threats by securing virtual machines and applications with extensive security using the full range of Check Point’s award-winning Software Blade Architecture. With Check Point VE gateways available on the growing Interoute CloudStore appliance marketplace, organisations can leverage Check Point’s multi-layer security protection on demand in an easy and flexible way.

Wednesday, March 11, 2015

Juniper Brings 1 Tbps Throughput to SRX5000 Firewalls

Juniper Networks announced the availability of Express Path, an optimization capability for its SRX5000 Series Services Gateways.
Specifically, Juniper is introducing new Express Path software for its latest I/O cards (IOCII) that allows organizations to deploy the SRX5000 Series for securing both normal and latency sensitive traffic on a per policy basis within the same line card. The Express Path software and hardware optimization enables the SRX to identify and prioritize specific types of traffic to be fast-pathed to IOCII hardware.  The solution identifies and prioritizes active session flows to receive appropriate security treatment based on the type of traffic. Juniper said it is able to deliver latency as low as 7 microseconds..

The Express Path for the SRX5000 Series Services Gateway can support single, high bandwidth flows of up to 100 Gbps and firewall throughput capacity of up to 1 Tbps.

Juniper is also announcing new application security capabilities with AppSecure 2.0 for its virtual firewall vSRX, formally known as Firefly Perimeter, to deliver enhanced protection for cloud and hybrid data centers.

Tuesday, January 13, 2015

Blueprint: Round-Two for Next Generation Firewalls

by Casey Quillin, Director at Dell'Oro Group

As the enterprise sector turns to the cloud to deliver applications to mobile users across widely dispersed networks, Cisco and Juniper must catch up with smaller competitors. But how much does time-to-market matter?

Risk is omnipresent in the enterprise sector. Business applications must be protected. Data must be protected. Users and their information must be protected. Business intelligence must be protected. Networks, servers, and infrastructures must be protected. While the fact of risk doesn’t change, the technologies that mitigate risk continue to evolve alongside the players and vendors bringing new solutions to market. Nowhere is this evolution more evident than in the realm of network firewalls.

The market opportunity today, and for the next several years, will be split between the slow and steady tortoises of vendors like Cisco and Juniper, and the sleek, speedy hares that include Check Point Software Technologies, Fortinet, and Palo Alto Networks. The enterprise-class firewall market is robust. Sales eclipsed $3 billion in 2013 and are projected to increase to the high single-digits over the next five years to almost $5 billion.

There are many layers of security. In this article, we are concerned with firewalls—hardware or software that ensures only approved users and data traffic can enter the business network from the “outside” (usually but not exclusively the public Internet) and mitigates inappropriate use of the internal LAN, including removal of information from the network. Over the past three years, firewalls have evolved from protecting networks at the perimeter to protecting the entire network from both external and internal threats.

The network has expanded from a system which allows users to share common resources, to an application delivery platform. Certainly, many applications continue to serve employees and customers from the data center; however, users may also be served from external service providers or cloud providers. End users may be co-located in the building on the LAN, or at home or in offices halfway around the world. Despite this dispersal, users demand the same experience and level of performance they would receive with local application access.

As application delivery platforms, networks continually face new and evolving security risks, as well as substantial changes in the way security policies are created and enforced.  These changes inspired application-aware security platforms (commonly referred to in the industry as “next generation firewalls”), which use deep-packet inspection to identify application traffic and enable both user- and application-layer policies.  Vendors of all sizes are jumping into the new application-aware next generation firewall space.

The next generation firewalls from Check Point, Fortinet, Palo Alto Networks, and others are a great fit for networks whose perimeters have been eroded due to the cloud, and users who now connect to the corporate network from different locations and with a variety of devices (BYOD). Offering nimble, early-to-market products—and without the risk of cannibalizing existing sales or disrupting publicly announced product roadmaps—these firms grabbed mindshare with their innovative technology and compelling use cases.

Like the hare in Aesop’s fable, these companies had a head start and have continued to innovate. Not unexpectedly, Cisco and Juniper, the slower tortoises, have responded in force. Indeed, they have largely closed the functionality gap. With its acquisition of Sourcefire in 4Q13, Cisco launched its new platform optimized for application delivery and enterprise edge-of-network (named ASA with FirePOWER Services).  Juniper has steadily added application-aware features to its SRX platform and is now fully competitive with the new-generation hares.

But, now, with product functionality fairly evenly matched across all enterprise firewall vendors, how will users choose which products to purchase? Previously, the hares with their first-to-market advantage had the most compelling sales propositions.

It would be premature to conclude that the game’s over. In fact, the race for the next-generation firewall is still in its early stages. As vendors market these products, a bifurcation has evolved between the data center and the network edge. Indeed, protecting the data center is a different matter from protecting the network edge. Each site requires the use of different technologies and for the next few years, we believe vendors will be able to excel at either the data center or the network edge—but unlikely at both.  One firewall cannot be optimized for both data center and network edge without sacrificing performance and simplicity of administration.  The intelligent user will optimize his network by deploying best-in-breed products—one class for the data center and another class for the network edge.

In the data center, the number of applications running and the number of users are limited and known. In addition, only a small number of device types are used and these are always connected with cable. Firewall products for the data center do not need to boast best-in-class support for mobile devices, nor do they need to be optimized to distinguish vast numbers of applications connecting via the Internet.  Data center networks are in the midst of a major transition to Software-Defined Networking (SDN) where the administrator will have a global view of the network across multiple platforms and be able to program the network to act upon real time intelligence such as denial of service and resetting traffic paths.

It is unlikely that a rational user would choose a data center firewall product that will have such a global command of the network from a young, small vendor.  The rational user will choose a vendor with years of experience and vast numbers of trained staff—a vendor with the ability to scale. In this scenario, companies such as Cisco and Juniper will have the advantage because they can integrate next-generation firewall functionalities into their broad product lines.

In contrast, the enterprise campus and network edge are tightly focused on ensuring secure access and use of mobile devices. In these deployment locations, firewalls must be able to distinguish an enormous variety of applications running on the Internet. Once an application is identified, a firewall must be able to implement policy user by user. Firewalls in these locations must also be able to provide secure access and context-based authentication to widely different types of mobile devices. In this realm, a vendor gains advantage based on its speed of innovation and the richness of its database of threats.

Let’s look deeper into vendors’ positions. As shown in Figure 1, since 2011 Cisco has maintained a 30% to 32% revenue share in the Enterprise Class Firewall market. Its next closest competitor, Palo Alto Networks, has grown to about 10%, while Fortinet, Huawei, and Juniper are tied in third place.

Cisco’s strength stems from sales to the data center, which have been a strategic focus and growth engine for the company. We estimate that sales to the data center of Cisco’s Ethernet switch and server businesses represent 20% of the company’s overall revenue. There are massive changes taking place in the data center with virtualization and SDN. Change brings opportunity to new entrants. Cisco’s challenge will be to rapidly innovate at the enterprise edge, while protecting its data center business.

Palo Alto Networks has built its reputation as best-in-breed based on its strength at rapid innovation at the enterprise network edge. In February 2014, the company launched its high-end platform, PA-7050, targeting large enterprise and carrier data centers. In order to grow its data center business, Palo Alto’s challenge will be to convince users it has the scale to fulfill the technical and service level demands of supporting data center class deployments.

Fortinet’s pioneering Unified Threat Management (UTM) product carved a powerful brand with its “single pane of glass” approach to managing network security. The company also spearheaded application-aware, enterprise-class firewalls targeting the network edge. Its FortiGate products with custom ASICs earned a reputation for high performance and ease of management at reasonable prices. Fortinet’s stronghold is at the enterprise network edge, a position the company is strengthening with its expansion into Wireless LAN access points.

Of notable mention is Fortinet’s doubling of market share over the past two years. Although the company offers high-end platforms targeting large enterprise and carrier data centers, we envision the same challenges that Palo Alto faces: securing user interest to test and deploy products and scaling to support the data center’s rapidly changing demands.

The foundation of both Huawei and Juniper’s strength is data center deployment, primarily from carrier purchases of the Eudemon8000E-X series and the SRX, respectively. We believe that Juniper’s sales were also bolstered by large enterprises, albeit to a lesser degree. Looking forward, we expect this trend to continue although both firms have deployed competitive, application-aware firewall products for the enterprise edge. Juniper’s challenge will be to shore up its share loss—and quickly—as time is not on its side. The longer it takes the company to get back on track, the greater the difficulty it will face. Huawei’s challenge will be to sell to large enterprises outside of China and to sustain rapid innovation at both the enterprise edge and the data center.

The bottom line is that customers need next-generation solutions that are more powerful than packet-oriented firewalls and unified threat management. These products must penetrate deep into applications without sacrificing performance. Firewalls must be capable of protecting today’s diversified networks—clouds, virtualization, mobile users, and BYOD. At present, the innovators in this area are the smaller players, whose offerings are more compelling to enterprises that understand the risks inherent in the evolving application delivery market. While small companies have the current advantage, the big players are ready to strike back.

Round two of the next-generation firewall race is about to begin. Things are going to get really, really interesting.

About the Author

Casey Quillin joined Dell’Oro Group in 2011. He is responsible for the Data Center Appliance and Storage Area Network market research programs. While at the firm, Mr. Quillin has significantly expanded Data Center Appliance research, including the build-out of Network Security Appliances. Mr. Quillin has over 20 years of experience as an executive manager and entrepreneur in the technology sector. Prior to joining Dell’Oro Group, he held positions with several startups, including Vice President of Engineering at Snapfish, the world’s largest online photo-sharing site, later acquired by HP. He was also CTO of Oasys Networks, an application service provider in the financial services market; Co-founder and CEO of Logic by Design, an interactive media agency; and Managing Partner of Cornice Networks, a network integration and IT consulting firm in San Francisco.

About Dell'Oro Group

As the trusted source for market information about the networking and telecommunications industries, Dell’Oro Group provides in-depth, objective research and analysis that enables component manufacturers, equipment vendors, and investment firms to make fact-based, strategic decisions. For more information, contact Dell’Oro Group at +1.650.622.9400 or visit

Wednesday, June 19, 2013

F5 Networks Delivers Service Provider Firewall for 3G/4G

F5 Networks introduced a full-proxy network firewall for Service Providers that can be deployed as a hardware- or software-based solution.

The S/Gi firewall, which is offered with F5’s BIG-IP Advanced Firewall Manager, serves an important function within a mobile service provider’s network infrastructure. Sitting at the Gi interface of a 3G network and the SGi interface of a 4G network, F5’s new offering is situated on the perimeter between a service provider’s mobile network and the Internet.

F5 Networks said this placement is ideal to protect both subscribers and networks from targeted attacks—such as DDoS threats—from a variety of sources (Internet-to-mobile, Internet-to-infrastructure, mobile-to-mobile, etc.). The firewall is fully extensible and can respond to threats in real-time with F5’s programmable iRules technology.

Key performance specs include: up to 8 million connections per second, up to 576 million concurrent connections, up to 640 Gbps firewall throughput.

In addition, F5’s new BIG-IQ™ Security offering streamlines firewall policy management for multiple devices for enterprise and service provider deployments.

"As service and cloud providers update their infrastructures to better serve customers, advantages in flexibility and efficiency can have the unintended consequence of opening up new security vectors to emerging threats,” said Mark Vondemkamp, VP of Security Product Management and Marketing at F5.

Monday, August 27, 2012

Juniper Scales its Virtual Gateway Security

Juniper Networks is expanding the capabilities of its vGW Virtual Gateway solution to support hybrid private/public cloud security as well as Service Provider business models in cloud security.

Juniper's vGW Virtual Gateway is a hypervisor-based security solution for monitoring and protecting virtualized network environments. It delivers stateful firewall, integrated intrusion detection (IDS), and virtualization-specific antivirus (AV) protection for ensuring VM host capacity and performance.

These latest upgrades to vGW secure both IPv4 and IPv6. Juniper has also added new Cloud API and software developer’s kits (SDKs) to help Service Providers automate security configuration in virtual environments. New vGW management enhancements facilitate security for large-scale multi-tenant cloud deployments by offering more granular and customizable security segmentation.

Sunday, July 22, 2012

Palo Alto Networks Rises 26.5% in IPO

On the first day of trading, shares in Palo Alto Networks (NYSE: PANW) rose 26.5% to close at $53.13.

This gives the company a market cap of $1.09 billion.

President and CEO Mark D. McLaughlin, joined by members of Palo Alto Networks’ leadership team, celebrated the company’s first day of trading by visiting the NYSE trading floor for the stock opening and ringing The Opening Bell.

Thursday, July 19, 2012

Palo Alto Networks Prices its IPO at $42

Palo Alto Networks announced the initial public offering of 6,200,000 shares of its common stock at a price to the public of $42.00 per share.

Goldman, Sachs & Co., and Citigroup Global Markets, Inc. are acting as lead joint book-running managers for the offering, and Credit Suisse, Barclays, UBS Securities LLC, and Raymond James & Associates, Inc. are acting as book-running managers for the offering.

The company's will trade on NYSE: PANW. 

Monday, January 16, 2012

Sensory Networks introduces DPI Software for Low-end Device Market

Sensory Networks has extended and optimized its "HyperScan" pattern matching and deep packet inspection (DPI) acceleration software to provide high-speed content inspection on a range of low-cost, low-power processors used in networking and security products. The HyperScan pattern matching software has now been optimized for Intel Atom, Broadcom MIPS and ARM architectures. The DPI technology can now be extended to SMB and SOHO products that include Wi-Fi routers, Firewalls, IPS/IDS, UTM appliances and other network access devices.

“We now have several customer engagements where HyperScan is being used for DPI in low-end and ultra low-end devices, said Sab Gosal, CEO for Sensory Networks. “The low-end market segment has become so cost sensitive that equivalent hardware solutions simply cannot meet the price/performance requirements.�?

"HyperScan scales well to this class of device, delivering 400-500Mbps of scanning throughput per core, for a range of IPS and Anti-Virus use-cases, using a 1.6GHz Intel® Atom™ 230 processor", said Geoff Langdale, CTO of Sensory Networks. "Content inspection throughput improvements on resource challenged machines are only one part of our advantage. We have also aggressively reduced compiled byte code size and provided the ability to serialize and cross-compile pattern databases across different architectures. This ensures that it is practical to use our DPI technology for devices with very low provisioning of memory, storage and CPU cycles".