Nine security controls to look for in cloud contracts

General Add comments

LAS VEGAS — Palo Alto Networks founder and CTO Nir Zuk took to the stage to deliver the closing keynote address at the company's first-ever user conference here by trumpeting his company's success in firewall innovation and what he described as his competitors' weak attempts to follow.

Zuk, an engineer who once worked at Check Point and Juniper, has more than once enjoyed delivering feisty jabs at his former employers which, along with others such as Sourcefire and Cisco, have come to develop application-aware firewalls that compete with Palo Alto's next-generation firewalls (NGFW). But yesterday in his keynote address, Zuk pulled out all the stops and lambasted his competitors, whom he ridiculed as being on "death row" in terms of their ability to compete against Palo Alto.

"They do what all inmates do, file appeals," Zuk said. He said competitors' products with NGFW application-layer controls can only be considered "lipstick on a pig," a statement illustrated on the movie-size screen behind him on stage by a pig with bright red lips.

Israeli-born Zuk then turned to his native language, Hebrew, to dismiss them all with a biblical expression, saying their fate in the NGFW market can be summed up as "Let me die with the Philistines," the cry of Samson as he pulled the temple down around him. He added: "It sounds better in Hebrew."

But that was just for starters. Zuk continued his rant against Check Point, claiming this rival is offering 85% discounts to customers to take their firewall products, basically saying they "give away products for free" because of Palo Alto's success. Check Point "truly believes they do what Palo Alto does," he said, dismissing Check Point as weak in the area where Palo Alto has focused, application-aware firewalls.

Zuk then turned his attention to a new class of competitors, firms that offer specialized anti-malware services and products, including Damballa, Sourcefire and FireEye. He ran through a list of perceived shortcomings in how they might detect malware and provide prevention, an exercise clearly intended to promote Palo Alto's own WildFire anti-malware service associated with its NGFW.

Palo Alto's growing focus on making its NGFW the place in the enterprise network to manage security in a range of ways was highlighted by Zuk's brief remarks that, as far as the future goes, there's thought being given to how mobile device malware detection could be done well on the network rather than via scans on the device itself. But he left it at that, saying there are a few technology areas that Palo Alto does not see getting into: Web application firewalls or full-featured data-loss prevention.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

In this situation, a contract would outline that if there is a security breach that the provider would be responsible for losses of the customer.

Effectiveness: Theoretically high

How common? Never

Hacking insurance

Insurance by a third party, or by the vendor could help displace costs resulting from a security or data loss issue.

Effectiveness: Potentially helpful, but like the downtime credits, does not necessarily create incentive for provider to avoid a breach

How common? Rare, but growing

Negotiate security clauses

These allow customers to negotiate higher levels of security for certain programs or data.

Effectiveness: Potentially high

How common? Mostly for large customers only

Network World staff writer Brandon Butler covers cloud computing and social collaboration. He can be reached at and found on Twitter at @BButlerNWW.


Leave a Reply


Get Your VPN NOW!

©2011 TUVPN.COM. All rights reserved.