Palo Alto Update Extends File Visibility, Wildfire Detection


Palo Alto Networks' latest update to its next-generation firewall appliances and Wildfire advanced threat detection service bolsters the effectiveness of security in a highly competitive market, say Palo Alto partners.

In the update, Palo Alto, Santa Clara, Calif., extended file visibility to all common file types, including PDFs, Office documents, Java and Android application packages. Previously, the appliances were configured to detect only malicious executable files. Engineers also added DNS monitoring and sink-holing capabilities, enabling the appliances to detect malware communication and block it from reaching cybercriminal command-and-control servers.

Palo Alto also added support for zero-day exploit detection to identify exploits in common applications and operating systems and provide protection to WildFire subscribers.

[Related: Fortinet Channel Chief To Partners: We're Much More Than Firewall Appliances]

Palo Alto Channel Chief Ron Myers told CRN that the company has a lot of momentum, driven by its 100 percent partner strategy. Myers said about 40 percent of the company's 15,000 customers subscribe to the Wildfire advanced threat detection service, which can be deployed in-line as a stand-alone service in front of competitor firewalls. Palo Alto is now educating partners to bolster Wildfire subscriptions, he said.

"We're segmenting our partner data so we know who is selling Wildfire and we have this long-tail opportunity that when we get the messaging correct, we believe the in-line message will kick off," Myers said. "You can deploy Wildfire behind an existing firewall, whether it is us, Cisco or Fortinet."

In a January presentation to investors, Palo Alto said its revenue increased 49 percent year over year, and partners have told CRN that they are replacing some of their customers' legacy firewalls with Palo Alto appliances.

The company's competitors are taking notice. In August, Check Point unveiled its ThreatCloud Emulation Service that inspects suspicious files in a sandbox. Fortinet, for its part, is testing its FortiSandbox appliance for file behavioral analysis. FireEye, meanwhile, sells an advanced threat detection platform that uses a virtual sandbox to inspect files.

Palo Alto is working on incident response capabilities, and engineers are developing other advanced detection features, according to Myers, who pointed to the company's recent acquisition of Morta Security as key.

Partners can put Palo Alto appliances in transparent mode, placing them in tandem with existing firewalls to help highlight differences, said Daniel Payne, CTO of Evansville, Ind.-based Pinnacle Computer Services, a Palo Alto partner. Payne said Pinnacle would rather rip and replace existing appliances to reduce the risk of running into configuration issues that can weaken detection capabilities.

"It can really get too complicated to have too many network security appliances," Payne said. "Companies coming out with other appliances to add to the architecture are making the network too complex."

PUBLISHED JAN. 16, 2014