Palo Alto identifies five areas of innovation within a wide-ranging series of announcements, although the most exciting appear to be around the expansion of threat protection capabilities, including credential theft protection.
Security vendor Palo Alto Networks has made a broad series of announcements in which it launched a new version of its PAN-OS operating system, added new threat prevention capabilities to its platform, and introduced new hardware and virtual firewalls.
The company is emphasizing that they are not only making a lot of news, but that it is extremely important in terms of the level of innovation involved.
“This is the largest launch we have ever done as a company,” said Frank Mong, head of product, solution and industry marketing for Palo Alto Networks. “There are five key areas where we have innovated. Those five things are: cloud security; multi-method threat prevention; management; credential theft prevention; and hardware.”
Cloud security enhancements start with the expansion and enhancement of Palo Alto’s virtual firewalls for cloud environments.
“We introduced the VM-50, a new small model, which is targeted at branch offices and retail outlets where they don’t want to put hardware,” Mong said. It delivers 200 Mbps of App-ID performance while consuming minimal resources
“We have made our existing VM models much faster than before,” Mong said. These VM-100, VM-200, VM-300 and VM-1000-HV models now all deliver between two and four times their previous performance.
Two high-end models, the VM-500 and VM-700, with 8 Gbps and 16 Gbps of App-ID performance, respectively, were also introduced.
“These new models are the fastest in the industry,” Mong stated.
“On the public cloud side, we have done a lot of work on both Azure and AWS,” he indicated. “With Azure we have added in load balancing and gateway capabilities. With AWS, we have integrated with CloudWatch for more analytics.”
Palo Alto’s Panorama network security management has also been enhanced for VMware NSX.
“We have focused in driving this so that they don’t have to go into the NSX console any more,” Mong said. “Panorama will push into the NSX workflow without the user having to go to NSX itself. These are great cloud capabilities because they automate things as much as possible.”
Cloud security around SaaS has also been expanded.
“What’s out there in cloud proxies doesn’t scale very well, and most enterprises have hundreds of SaaS apps so it takes a long time to do — and then can be evaded,” Mong said. More capabilities around SaaS app reports have been added in the PAN-OS operating system version 8.0, extending the reporting system from the 7.1 version, so both customers and partners can do much better assessments.
“For all sanctioned apps, we have expanded Aperture [which provides complete visibility across all user, folder and file activity] so that it now quarantines, limits sharing, notifies with tags, and now has logs that meet compliance and audit requirements,” Mong stated. While Aperture was previously only available in the Americas, it is now available globally, and support has been added for the Slack app, and for Secure Data Space, a German EFSS solution.
The expansion of multi-method threat protection capabilities was the second area Mong highlighted as innovative, noting a new 100 per cent custom-built hypervisor and bare metal analysis environment for Palo Alto’s WildFire cloud-based threat analysis service.
“We have supplemented Wildfire so threats won’t be able to evade within it,” he stated. “Most sandboxes use open source hypervisors and adversaries create malware that know how to evade them. We have built a custom hypervisor with zero open source code, and created an heuristic engine that moves it to a bare metal analysis environment. It’s all hardware. This is a new frontier. Malware will detonate because it can’t evade a VM environment in hardware. This is a fantastic innovation, and partners will love this.”
Threat intelligence has also been enhanced by integrating Palo Alto’s AutoFocus threat intelligence service with MineMeld.
“MineMeld is an open source project we launched to connect all threat intelligence into one area,” Mong said. “By building MineMeld into AutoFocus, it allows AutoFocus to automatically correlate and update all the feeds. It makes threat intelligence highly actionable in an automated way.”
Another key innovation is the ability to automatically identify and block phishing sites stealing credentials by sending suspicious links from emails to the WildFire service for enhanced machine learning-based analysis.
“Phishing attacks skip the traditional attack lifecycle by stealing credentials and going straight to the data, which they can access since they have name and password,” Mong said. “In Wildfire, we know what a phishing link looks like and can block the link. If it somehow gets through, we will know if the user is trying to send his user name and log in to a phishing website, and we can stop him. And if that somehow gets through, and the adversary has credentials, we have built-in ability to block that credential from working, through multi-factor authentication challenges. We can now become that multi-factor authentication challenge to stop stolen credentials, because the adversary has to pass through the firewall to get to the data. We’ve just solved a big problem in credentials, with three stages.”
The management enhancements involve both enhanced capabilities in the new PAN-OS 8.0, and integrating Traps endpoint protection logs into the management console.
“We have rebuilt our entire Panorama log-in capability, so we can now ingest multiple sources of logs including Traps advanced endpoint protection logs – with more to come in the future,” Mong said. “This greatly speeds things up, so we can now ingest in milliseconds, rather than in seconds, or even minutes.”
Mong said that having Traps logs in Panorama provides a richness of context from the endpoint to Panorama.
“If a Traps endpoint sees a zero-day exploit, it will tell the firewall at the network to block it anywhere in the environment,” he stated. “This is just awesome for partners helping improve the automation of security.”
Mong said the final element of innovation is in hardware, where six new hardware appliances – all entirely additive to Palo Alto’s lineup – join the 16 hardware appliances previously available.
“Even with cloud, customers still need hardware because existing data centres are being consolidated, increasing performance requirements,” he stated.
The new PA-5200 Series has three models – the PA-5260, PA-5250 and PA-5220. Aimed at meeting high performance requirements, this new architecture delivers 72 Gbps App-ID and 30 Gbps Threat Prevention performance, up to 32M sessions, 3.2M SSL-decrypt session capacity and 6.5 Gbps SSL-decrypt throughput on the PA-5260 model.
The new PA-800 series has two devices: the PA-850 and PA-820. This new architecture delivers 1.9 Gbps App-ID and 780 Mbps Threat Prevention performance on the PA-850. These models are designed primarily as branch and remote office solutions.
Finally, the PA-220 delivers full PAN-OS capabilities in a small desktop footprint with increased port density. Its very small footprint is well suited for small retail outlets.
The new hardware models are all available now.