Traditional network firewalls are proving ineffective against information security threats from social network...
applications and peer-to-peer file sharing, says Nir Zuk, the man who wrote Check Point's firewall, one of the most successful firewalls in history.
Zuk, who recently founded Palo Alto Networks after heading NetScreen and then Juniper Networks' security, says traditional firewalls look to see what port traffic routes through to apply its policies. But that approach doesn't work with today's applications because they don't carry port information.
Palo Alto Networks has developed a suite of firewall applications that looks instead at the application, the user and content in order to apply security policies.
This lets companies permit their staff to use social networks such as Facebook and applications such as Skype, knowing that their sensitive corporate data isn't leaking into the public domain.
"It's also effective against spyware, which may be trying to steal corporate data secretly, and file-sharing systems, which also stops malware from proliferating across an enterprise's local and wide area networks," said Zuk.
Tom Millar, CEO of ITC Global Security, a network security management company, says directors have started to accept that managers, not IT, are responsible for information security and stopping data leakage.
The insider threat is most boards' nightmare, he said. "I doubt that any technology will ever stop a really determined attacker, but firms can do a lot with IT to prevent accidental disclosure or theft by outsiders," he said.
ITC has just added Palo Alto Networks to its raft of managed network security offerings, and has customers trialling the technology in both hosted and in-house conditions.