This tech brief provides an overview of our patented App-ID classification technology that determines the exact identity of applications, irrespective of port, protocol, TLS/SSL/SSH encryption, or any other evasive tactic the application may use. It applies multiple classification mechanisms—including application signatures, application protocol decoding, and heuristics—to your network traffic stream to accurately identify applications. When an application is identified, a policy check lets you determine how to treat it. For example, you can block; allow and scan for threats; inspect for unauthorized file transfer and data patterns. Moving from port-based legacy firewall rules to App-ID-based ones dramatically reduces the opportunity for attack. Policy Optimizer, a built-in feature within PAN-OS, makes it easy to move from legacy rules to App-ID-based controls and strengthen your security.
This techbrief is also available in: