Conventional security wisdom holds that because next-generation firewalls focus on the application layer, they are not able to keep pace with brute-force attacks that require high-performance firewalls.
Palo Alto Networks wants to challenge that perception with the unveiling today of the PA-7050, a new high-end member of the Palo Alto firewall lineup capable of supporting core firewall functions at throughputs of up to 120 gigabits-per-second.
Matt Keil, product marketing manager for Palo Alto Networks, says that for a lot of organizations the PA-7050 should eliminate the need to deploy two different classes of firewalls. Given performance concerns, many organizations for years have opted to deploy traditional firewalls while at the same time deploying next-generation firewalls from vendors such as Palo Alto Networks to address specific application-level security issues.
The cost of IT security goes well beyond the acquisition of firewalls. Supporting firewall platforms from multiple vendors not only requires multiple sets of skills, it increases the complexity of the number of firewall rules that need to be managed. Firewalls from a single vendor help reduce the overall security fatigue that many organizations must now routinely combat.
None of that means that IT organizations should abandon a traditional in-depth defense strategy. But it does mean that finding a way to lower the total cost of executing that strategy is something well worth considering.