Palo Alto is truly among the very top-rated names in cyber-security. They enjoy an almost mythical reputation among IT wonks, and their track record of innovation is a huge reason for this. The Palo Alto PA-460 certainly doesn’t drop the baton in this respect.
The Palo Alto PA-460 is part of the new 400 series of Next Generation firewalls. The others are the PA-410, PA-440, and the PA-450. It is the first Next-Gen firewall family powered by machine learning. In order to understand why this is a big deal, we need a decent working definition of ML, so here goes:
“Machine Learning is the science of getting computers to learn and act like humans do, and improve their learning over time in autonomous fashion, by feeding them data and information in the form of observations and real-world interactions.” This isn’t our definition, but it’s a pretty good one.
Why it’s a big deal
In short, ML is the science of getting computers to get smarter over time, on their own, like humans do. It is not exactly the same as Artificial Intelligence, but for our purposes, it’s close. There’s an old axiom about computers; they don’t do what you want them to; they do what you tell them to.
So it’s not hard to see why you might want a firewall that can think, spot patterns, and act without being specifically programmed. In other words, it does what you want, without having to be told. ML is simply a device harnessing data, observations, and interactions in order to correctly generalize to new settings.
Like Palo Alto says, “Don’t just react. Think ahead.” Reactive security can’t keep up with current threats — or prepare you for tomorrow’s. The PA-460 changes the game by making network security intelligent and proactive. Rather than relying on signatures to identify threats, the PA-400 series analyzes behaviors and responds appropriately. And quickly.
The controlling element of the PA-400 Series is PAN-OS. It’s the same software that runs all Palo Alto firewalls. PAN-OS natively classifies all traffic, inclusive of applications, threats, and content. It then ties that traffic to the user regardless of location or device type. The application, content, and user (the elements that run your business) then serve as the basis of your security policies. This results in improved security posture and reduced response times.
The PA-460 is loaded with capabilities, as you would expect from anything that wears the Palo Alto logo. It identifies and categorizes all applications, on all ports, all the time, with full Layer 7 inspection. And, it identifies the applications traversing your network irrespective of port, protocol, evasive techniques, or encryption (TLS/SSL).
Stability and level of security are second to none in the industry.
And adding SD WAN on the same edge device makes an all-in-one, security-edge-intelligent routing solution possible. Plus, you don’t have to sacrifice performance or a secure environment to have it.
Another cool, valuable feature is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.
The PA-460 benefits from centralized management, configuration, and visibility for multiple firewalls. Of course, this is irrespective of location or scale.
Defeating advanced threats with cloud-delivered security services
It goes without saying, cyberattacks are increasing in volume and sophistication. They’ve scaled to 45,000 variants within 30 minutes, using multiple threat vectors or advanced techniques to deliver their malicious payloads. Traditional siloed security solutions cause challenges in trying to protect users, devices and applications. They introduce security gaps and increase management overhead for security teams. Plus, they hinder business productivity with inconsistent access and visibility.
But Palo Alto’s Cloud-Delivered Security Services use the network effect of 80,000 customers to instantly coordinate intelligence and provide protections for all threats across all threat vectors. And it’s seamlessly integrated with the PA Next-Generation Firewall platform. You’ll eliminate coverage gaps across all enterprise locations and take advantage of consistently incredible security delivered in a platform. As a result, you can be safe from even the most advanced and evasive threats.
Performance of the PA-460
The PA-460 performs networking, policy lookup, application / de-coding, and signature matching in a single pass. And that’s for all threats and content. This greatly reduces the amount of processing overhead required to perform multiple functions in one firewall. It avoids introducing latency by scanning traffic for all signatures in a single pass. It does this using stream-based, uniform signature matching.
The Palo Alto PA-460 pushes up to 5.2 Gbps total firewall Throughput, and 2.4 Gbps of Threat Prevention Throughput. It also hits 3.1 Gbps of IPsec VPN Throughput, and manages 74,000 new sessions per second.
It’s a nine-time leader in the Gartner Magic Quadrant for Network Firewalls, which is amazing. Plus, Palo Alto got the highest Security Effectiveness score in the 2019 NSS Labs NGFW Test Report, with 100% of evasions blocked. Wow. Oh, and it has a silent, fanless design, if that sort of thing is important to you.
Palo Alto PA-460 highlights
|Total Firewall Throughput: 5.2 Gbps|
|IPSec VPN Throughput: 3.1 Gbps|
|Threat Prevention Throughput: .2.4 Gbps|
|Single-pass traffic scanning reduces latency|