While the application and threat landscape has been evolving, firewalls have changed very little over the last 15 years, according to enterprise network firm Palo Alto Networks.
The firm, soon to launch a new product in Singapore, has warned that supplementing firewalls with proxies, prevention systems, URL filtering and other costly and complex devices is "ineffective in today's application and threat landscape".
In a recent a study of 900,000 users, Palo Alto found that 100 per cent of the organisations surveyed had firewalls and 87 per cent also had one or more firewall helpers (for example, a proxy, an IPS, URL filtering)--yet they were unable to exercise control over the application traffic traversing the network.
Security Achilles heels
Other worrying findings were that:
• Applications are built for accessibility--57 per cent can bypass security infrastructure (for example, Microsoft SharePoint, Apple Update, and so on);
• Proxies, such as Hopster, and remote desk applications, such as LogMeIn, circumvent security controls to be found with 81 per cent and 95 per cent of users respectively, and;
• 92 per cent of users have P2P file sharing and 76 per cent have browser-based file sharing such as YouSendIt.
Palo Alto Networks said it will soon be launching the new PAN OS 3.0, which features a fully integrated SSL VPN capability. The firm said these new capabilities included the benefits of application visibility and control, characteristic of its next generation firewall technology.
It said it has already received very encouraging response from the market with more than 200 customers and 1,000 installations worldwide.
The next generation firewall
"We are set to take the security market by storm with our next-generation firewalls," said Alan Leong, Palo Alto Networks VP, Asia Pacific. "We believe there is huge potential for our innovative technology in the enterprise market here. In Singapore, we are pleased to partner Transition Systems which will help us reach out to the Southeast Asian markets."
The Silicon Valley-based company launched in the Asia Pacific in February 2009 with appointed distributors in Singapore, Hong Kong and Australia. It said its products are recommended for medium and large enterprises and can be deployed across various industries including manufacturing, financial services, healthcare, education, retail, government and high-tech sectors.
This story, "Firewall Flaws and How to Fix Them" was originally published by CIO.