Firewalls with data leak prevention functionality

Palo Alto Networks’ family of next-generation firewalls has a new content security capability – offered at no additional cost to customers – enabling enterprises to detect critical pieces of personally identifiable information, such as Social Security or credit card numbers, within application traffic. Based on easy to define policies, the firewall can then take automatic action – from alerting to blocking – to prevent inadvertent or intentional disclosure of sensitive data.

Palo Alto Networks’ next-generation firewalls incorporate three key unique identification technologies – App-ID, User-ID, and Content-ID – in a high-performance, low-latency firewall platform. This enables organizations to see and control application content at their perimeter. Enterprises can enforce business policies regarding credit card and Social Security numbers by:

• First, blocking undesirable applications
• Second, scanning allowed applications for confidential information – even SSL-encrypted applications and content
• Third, seeing the specific Active Directory users and groups involved and using them in policy

Palo Alto Networks’ next-generation firewalls are based on a high-performance, purpose-built platform, with specialized hardware and a single pass architecture – which enables fast low-latency scanning of applications and application content. The PA-4000 Series and PA-2000 Series firewalls range from 10Gbps to 500Mbps of throughput.