Palo Alto Networks Content-ID

Palo Alto Content-ID

Enterprise networks are rife with applications that can evade detection, with common methods including dynamically hopping ports, re-using other ports, emulating other applications or tunnelling inside SSL. Such methods are being increasingly taken advantage of by attackers as they seek to transport threats past the firewall.

Content-ID combines a uniform threat signature format, stream-based scanning and a comprehensive URL database with elements of application visibility to detect and block a wide range of threats, control non-work related web surfing, and limit unauthorised file and data transfers.

Vulnerability Prevention (IPS)

Palo Alto Networks’ intrusion prevention features have been independently validated to have stellar IPS accuracy (93.4% catch rate) while simultaneously maintaining datasheet performance metrics.

The solution blocks known and unknown network and application-layer vulnerability exploits, buffer overflows, DoS attacks and port scans from compromising and damaging enterprise information resources.

Stream-based Virus Scanning

Virus and spyware prevention is performed through stream-based scanning, a technique that begins scanning as soon as the first packets of the file are received to minimise performance and latency issues.

Key antivirus capabilities include:

  • Protection against a wide range of malware such as viruses, including HTML and Javascript viruses, spyware downloads, spyware phone home, Trojans, etc
  • Inline stream-based detection and prevention of malware embedded within compressed files and web content
  • Leverages SSL decryption within App-ID to block viruses embedded in SSL traffic

URL Filtering

Content-ID provides an on-box URL filtering database consisting of 20 million URLs across 76 categories that can be tailored to IT departments to enable monitoring and control of employee web surfing activities. URL filtering visibility and policy controls can be tied to specific users through the transparent integration with enterprise directory services (Active Directory, LDAP, eDirectory) with additional insight provided through customisable reporting and logging.

Data Leak Prevention

Data Leak Prevention policies can be implemented to reduce the risk associated with unauthorised file and data transfer. Loss of confidential data such as credit card numbers or SSN can be controlled by detecting data patterns in the application flow and responding according to the policy.