Traditional network firewalls are proving ineffective against
information security threats from social network applications and
peer-to-peer file sharing, says Nir Zuk, the man who wrote Check
Point's firewall, one of the most successful firewalls in
history.
Zuk, who recently founded
Palo Alto Networks
after heading NetScreen and then Juniper Networks' security, says
traditional firewalls look to see what port traffic routes through
to apply its policies. But that approach doesn't work with today's
applications because they don't carry port information.
Palo Alto Networks has developed a suite of firewall
applications that looks instead at the application, the user and
content in order to apply security policies.
This lets companies permit their staff to use social networks
such as Facebook and applications such as Skype, knowing that their
sensitive corporate data isn't leaking into the public domain.
"It's also effective against spyware, which may be trying to
steal corporate data secretly, and file-sharing systems, which also
stops malware from proliferating across an enterprise's local and
wide area networks," said Zuk.
Tom Millar, CEO of ITC
Global Security, a network security management company, says
directors have started to accept that managers, not IT, are
responsible for information security and stopping data leakage.
The insider threat is most boards' nightmare, he said. "I doubt
that any technology will ever stop a really determined attacker,
but firms can do a lot with IT to prevent accidental disclosure or
theft by outsiders," he said.
ITC has just added Palo Alto Networks to its raft of managed
network security offerings, and has customers trialling the
technology in both hosted and in-house conditions.