New products aim to control rogue applications that avoid firewalls

Palo Alto Networks Inc. was sporting the slogan "Fix the Firewall" at its first Infosecurity Europe exhibition in London, and showing off its range of firewall appliances that attempt to control applications that avoid firewall detection.

Many companies struggle to control what applications run on their networks, leaving them open to malware infection and the leakage of confidential information.

Instant messaging and open communications applications such as Skype, deliberately channel-hop to avoid detection by traditional firewalls, and allow users to send out attachments without being noticed.

Now a new arrival in the U.K. is promising to provide systems administrators with a clear picture of all applications, even those that try to avoid firewalls.

For more Infosecurity Europe 2009 news

Get the latest news and interviews from the conference floor. Check out our live coverage of Infosecurity Europe 2009.
California-based Palo Alto Networks Inc. was sporting the slogan "Fix the Firewall" at its first Infosecurity Europe exhibition in London, and showing off its range of firewall appliances. Head of marketing Franklyn Jones said the products analyse traffic on the fly and match applications against a library of more than 800 signatures, regardless of the port they are using.

By corresponding users to Active Directory, the system is also able to report on and track the application users, rather than just providing an IP address.

Jones said the systems grade applications on a scale of 1 to 5 according to their apparent risk – channel-hopping to evade detection would be one risk factor, for instance. It is then up to the systems administrators to decide to block or allow use of the applications, or just to allow certain users to access the application.

Don't miss need-to-know info!
Security pros can't afford to be the last to know. Sign up for email updates from and you'll never be behind the curve!
The system could also be used to regulate usage of social networking sites or webmail. "We can decrypt Gmail encryption tunnels, and so we could apply granular control, for instance, to allow Gmail, but block attachments going out," said Jones.

The company appointed Vadition Ltd., a Web 2.0 and social networking value-added reseller, as its U.K. distributor, and has won its first U.K. sale at Wellington College in Berkshire.

Palo Alto comes with an impressive pedigree. It was founded in 2005 by CTO Nir Zuk, a former principal engineer at Check Point Software Technologies Ltd. where he helped develop stateful inspection in firewalls. He went on to co-found OneSecure Inc., a pioneer in intrusion prevention, and was CTO at NetScreen Technologies Inc., which was acquired by Juniper Networks Inc, a California-based vendor of network security products, in 2004.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.