nobeastsofierce - Fotolia

Palo Alto Networks enters cloud security gateway market

Palo Alto Networks has launched its own CASB offering called Aperture, which aims to provide SaaS security controls for enterprises.

The thriving cloud security gateway market just got more crowded this week with the launch of Aperture, Palo Alto...

Networks' new security as a service offering.

Aperture, like other cloud security gateway or cloud access security broker (CASB) offerings, is designed to secure third-party cloud applications and services such as Google Drive, Salesforce, and Dropbox through granular policy controls, advanced threat protection, and content inspect and user analytics. The security as a service is based on technology from CirroSecure, a SaaS security provider that Palo Alto Networks acquired in May of this year. Aperture will support Palo Alto Networks' next-generation firewall (NGFW) products and is integrated with WildFire, the company's cloud-based malware prevention service.

Samantha Madrid, head of network security product marketing at Palo Alto Networks, said Aperture is an ideal complement to the company's NGFW products because many enterprises currently lack a way to monitor and analyze usage of web applications and SaaS offerings once they've been approved by the NGFW.

"We started out as a firewall company, and we still are a firewall company," Madrid said. "Next-generation firewalls have always had the ability to authorize or sanction applications. But once you approve an application, you have no visibility into how that application is being used or who is using it. Aperture gives IT departments that needed level of visibility and governance for cloud applications."

In addition to usage monitoring and security policy controls, Aperture's software as a service also offers what Palo Alto Networks calls "retroactive analysis" of cloud applications, which allows enterprises to set up enforcement and monitoring dating back to the creation of the SaaS account. Madrid said Aperture's retroactive analysis feature is unique since most cloud security gateway or CASB offerings only provide forward-looking enforcement and analysis for cloud applications.

Currently, Aperture works with a "handful" of major SaaS offerings, Madrid said, but the company is working with other top cloud application vendors to add them to the mix.

Rick Holland, principal analyst for security and risk management at Forrester Research Inc. in Cambridge, Mass., said Aperture will make Palo Alto Networks a competitive force in the cloud security gateway/CASB space, which has grown rapidly this year behind several acquisitions and venture capital investments.

"The need to discover and apply security policy to SaaS applications is significant.  I am continually surprised by the lack of awareness and control Forrester clients have into their SaaS applications," Holland said. "The M&A market is responding to this need. We have seen Microsoft acquire Adallom, Bluecoat acquire Perspecsys, and then, of course, Palo Alto Networks acquire CirroSecure. The acquisition was a good one for Palo Alto Networks and provides another reason for prospects to select them."

Next Steps

Find out why neglected cloud app security has emerged as a major enterprise concern this year

Learn about the six criteria for purchasing a next-generation firewall


Dig Deeper on Cloud Computing Software as a Service (SaaS) Security