There’s a great article on SearchEnterpriseWAN about a Palo Alto Networks customer. IDT spoke to SearchEnterpriseWAN about its experiences using next-generation firewalls from Palo Alto Networks, and discussed some of the benefits and changes their team recognized in managing security across their enterprise. IDT describes many of the usual benefits around application visibility and control that all Palo Alto Networks customers value, but also highlights a key point about simplification of security management. Because next-generation firewalls build policies around application and user/group, instead of port and IP address, they result in much simpler rulesets – it is not uncommon for legacy firewall rulesets to contain thousands of rules. In fact, for its global, 16,000-user enterprise, IDT had a staff of 8 managing legacy firewall rulesets. Because next-generation firewalls can simplify rulesets by an order of magnitude (a typical production next-generation firewall ruleset might be tens of rules or perhaps a few hundred), it’s far easier to understand, rationalize, and audit firewall policy.
One of the key points made by Golan Ben-Oni, senior vice president of network architecture at IDT, was that next-generation firewalls have enabled him and his team to focus on what’s important, and not spend so much time just maintaining firewall rulesets. Furthermore, because of the application visibility and control, and the capacity of Palo Alto Networks firewalls, IDT was able to greatly simplify their infrastructure – reducing both the number and variety of security devices – all while gaining more visibility and control. The most important implication of this point, however, is summed up nicely: “In the course of the first week, I had gotten more done than I had in months and months,” he said. “Once I was able to get the Palo Alto [firewalls] in, I was able to return to my normal job and get some sleep at night.”
In the information security world, the acknowledgment that a product or service has enabled a customer to get more sleep is is the highest goal that a security technology vendor can aspire to. Have a look at the article here.