Palo Alto Networks App-ID

Palo Alto App IDLegacy port-based firewalls are no longer the central control point of the security infrastructure. Because of their reliance on port and protocol as a means of traffic classification, they are ineffective at identifying and controlling applications as most applications are capable of bypassing using a variety of techniques such as tunnelling another application, sneaking across port 80, hopping ports or using SSL.

Palo Alto Networks is restoring the firewall as the strategic centre of the security infrastructure, having developed a traffic classification technology that accurately identifies the applications, irrespective of port, protocol, SSL, or evasive tactic.

App-ID is a patent-pending traffic classification technology that enables administrators to determine exactly which applications are running on the network.

Whilst port-based firewalls use only one mechanism of traffic classification, App-ID goes well beyond any other network security technology available, inspecting all of the traffic passing through the firewall, with one or more identification techniques, including application protocol detection and decryption, application protocol decoding, application signatures, and heuristic analysis. The application identity is then used as the basis of the security policy.

Rather than react to the discovery of a strange application by summarily blocking it, the administrator can now take a more balanced and informed approach by learning more about the application and then safely enabling its usage or blocking it based on the security risks.

App-ID Benefits:

  • Improve network visibility by accurately identifying application traffic irrespective of port and protocol
  • Enhance security by dictating access rights based upon the actual application traffic as opposed to simply the port and protocol
  • Increase malware prevention effectiveness by narrowing down the number of unauthorised applications traversing the network