Palo Alto Networks grooms firewall for the software-defined data center

Company's new VM-Series lets security policies follow virtual machines across the cloud

With its sights sets on the emerging software-defined data center, network security company Palo Alto Networks today unveiled products aimed at helping IT admins better fend off threats to increasingly virtualized, cloud-connected environments. Among the entrants to the company's new lineup are the VM-Series, a new breed of virtualized, application-layer firewalls; a subscription-based malware-prevention service dubbed WildFire; and the M-100, an appliance for management of multiple Palo Alto firewalls from a centralized location.

Palo Alto Network is joining the ranks of companies such as Oracle, Cisco, Microsoft, and VMware that are helping companies move to the software-defined data center, the culmination of server, storage, and network virtualization where resource pools -- regardless of their physical location -- are automatically provisioned to fit the demands of an organization's applications. The model promises an unprecedented level of flexibility and simplicity for companies embracing cloud computing, but the porous nature of the cloud also exposes companies to a greater array of security threats.

Contributing to the problem is the fact that companies are no longer paying close attention as to which apps are running over which ports, so firewalls that rely on traditional stateful-inspection techniques no longer cut the mustard. "Dangerous things are coming across the network. People are using apps over an open port and they shouldn't be," said Brian Tokuyoshi, product marketing manager at Palo Alto Networks. "People are able to slip stuff right out over Port 80."

Palo Alto Networks is seeking to help fill those security gaps with its VM-Series, which employs application-, user-, and content-based firewall technology to secure on-site and cloud-based applications, regardless of port or protocol. In a nutshell, the firewall equips admins with control over which applications may be accessed by which users. You could, for example, authorize some users to use Skype or Facebook or or Yahoo Messenger but not others.

Part of the secret sauce to the VM-Series is Version 5.0 of PAN-OS, the company's firewall platform. One new feature allows organizations to tie existing user and app-based policies to VMs as well as to physical server deployments, both via cloud automation and orchestration tools. What's more, a new feature called dynamic objects allows security policies to follow VMs, even if they migrate midsession between hosts, the company said. According to Tokuyoshi, these capabilities aim to help customers who want to run VM sessions with varying trust levels under the same hypervisor. Currently, the VM-Series only supports the VMware hypervisor.

As part of its announcements, Palo Alto Networks also unveiled a subscription version of its WildFire malware-prevention service. The service -- which the company currently offers for free to its customers -- is designed to detect all manner of malware, including zero-day threats, affecting all types of applications. According to the company, the service is capable of delivering malware signatures to all subscribers within an hour of their detection. It also includes on-box logging and reporting capabilities.

Meanwhile, the newly unveiled M-100 appliance provides centralized control over a network of Palo Alto Networks firewalls. The box also includes distributed log collection capability for large-scale deployments.

This story, "Palo Alto Networks grooms firewall for the software-defined data center," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.