Virtualization Security

As organizations move towards pooled computing resources supporting applications of different trust levels, virtualized firewalls are critical to inspect intra-host communications and protect against threats. More importantly, the security solution must support the dynamic nature of virtual machines. The Palo Alto Networks VM-Series, is a next-generation firewall in a virtualized form factor featuring the PAN-OS^TM operating system with the following unique virtualization security features.

Dynamic Address Objects to Track Virtual Machines

The dynamic address objects feature provides the ability to tie security policies to virtual machine instantiation and movement. As virtual machines are instantiated or moved, safe application enablement policies can then be enforced without requiring any manual policy changes. Virtual applications are protected from unapproved access, and protected from known and unknown threats, as well as possible data loss. This ensures that applications can be delivered quickly to meet business demands without impacting regulatory compliance mandates

Orchestration Software Integration

Virtualization and cloud computing technologies have accelerated the speed of virtual machine deployments from days to minutes. However, the configuration of security policies is still manual and can involve multiple change approval processes, thus slowing down the dynamic and automated nature of application delivery. Palo Alto Networks offers a powerful XML management API that enables external cloud orchestration software to connect over an encrypted link to manage and configure Palo Alto Networks firewalls. The complete and fully-documented REST-based API allows configuration parameters to be seen, set and modified programmatically to ensure that security becomes a part of the data center workload flow.

Threat Protection and Hypervisor Security

The Palo Alto Networks next-generation firewalls protect against the new threat landscape with a complete, integrated threat protection solution. Content-ID provides IPS, anti-malware, URL filtering and content blocking to control known threats. WildFire provides automated sandbox analysis of suspicious files to reveal unknown and targeted malware and the Behavioral Botnet Report identifies unique patterns of botnet infections in a network. In addition, the ability to address remotely exploitable hypervisor vulnerabilities is part of our vulnerability protection framework.