As good as Palo Alto Networks next-generation firewalls are, their value ended when you left the location it was protecting. When you’re in a hotel or a Starbucks, you had to rely on your laptop’s host based protection capabilities. And from your organization’s perspective, it lost the Palo Alto Networks policy controls. When you are remote, you can visit any website you want.
In order to remedy this limitation, Palo Alto announced GlobalProtect today. Here is Palo Alto’s description:
Unlike traditional approaches to endpoint security, Palo Alto Networks GlobalProtect ties application-, user-, and content-based policies to roaming users through a persistent thin client that can be pre-installed or installed on demand. Similar to a VPN, remote traffic is sent over a secure tunnel. However, unlike typical VPN deployments, which direct traffic to a few geographically centralized gateways, the GlobalProtect client automatically connects to the nearest corporately-managed Palo Alto Networks next-generation firewall deployed at a hub, branch, or in a private cloud. This results in faster throughput, easier management, and better protection.
For the first time, organizations will be able to maintain their policies regardless of a user’s location. John Pescatore of Gartner says it this way:
The Next Generation Firewall will follow the same pattern – extending to NGFW as a service (or what we used to call ‘In the Cloud Firewalling’ before the cloud term got ripped away from the Internet carriers) to inject the same firewall policy between the users and the Internet and in between the cloud-based services we consume that used to be inside the data center.
I look forward to trying GlobalProtect.