Palo Alto Networks Unleashes Spate of New Products, Services
They center around the company's PAN-OS 8.0 platform.
February 7, 2017
PRESS RELEASE — SANTA CLARA, Calif., Feb. 7, 2017 /PRNewswire/ — Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced advancements to its Next-Generation Security Platform that extend the ability for customer organizations to safely enable applications, including SaaS options, content and users regardless of location; prevent successful cyberattacks; simplify security operations; and securely embrace the cloud.
Security demands have evolved as new requirements and risks have been introduced, especially as organizations expand their IT architecture from traditional networks and data centers to private and public or hybrid cloud deployments. Add SaaS application usage to the mix, and the need to secure all these architectures against ever-increasing, sophisticated threats and adversary techniques being used to gain access to assets and data regardless of where they are located – the network, in the cloud, or in SaaS applications – and organizations have a multitude of complex security and operational challenges to address in order to prevent cyber breaches and achieve the cloud speed and agility promise.
Traditional detect-and-respond approaches, cloud-only security capabilities, and siloed point products offer limited functionality and lack threat context from the network edge or at the user interface. This makes these options ineffective and administratively burdensome; causes holes in an organization’s security posture; and hinders operational agility, especially in cloud deployments.{ad}
The natively engineered Palo Alto Networks Next-Generation Security Platform addresses all these challenges by delivering rich context from multiple points across all IT environments to provide consistent levels of visibility, management and security controls regardless of data location – from the network to the data center and private cloud, in the public cloud, or within SaaS applications.
Building upon existing capabilities in the platform, new advancements included in the Palo Alto Networks platform operating system, PAN-OS® version 8.0, Aperture™ SaaS security service, and new VM-Series virtual firewall models address security needs by extending protections from physical networks to the cloud, further simplifying security operations and infrastructure, and ultimately helping organizations establish an effective and consistent security posture.
Among the more than 70 new features introduced to the Next-Generation Security Platform as part of PAN-OS 8.0, cloud and SaaS feature highlights include:
Expanded security for public and private clouds, including optimized workflow automation features and integration with native cloud services that ensure the same security measures for a customer’s physical environment can be easily applied to Amazon® Web Services, Microsoft® Azure®, or any other cloud. The cloud capabilities enable secure, scalable and resilient cloud-centric architectures with easy orchestration and management for operational agility.
New SaaS application security capabilities, including enhanced visibility and interactive dashboards, new reporting, and automated features like instant quarantine and data sharing limitations. These features increase security, real-time monitoring and compliance enforcement capabilities on cloud-based assets. Additionally, extended application support (Slack and Secure Data Space), language support (German and Japanese) for DLP and machine learning, as well as …
{vpipagebreak}
… new data centers in Europe (Germany) and Asia (Singapore), expand global usage and protection options and address regional data privacy needs.
Increased performance and three new VM-Series virtual firewall models that have been added to the existing virtual firewall family. The VM-Series, which now includes the new VM-50, VM-500 and VM-700, delivers industry-leading performance options ranging from 200 Mbps up to an industry-leading 16 Gbps with threat prevention capabilities fully enabled to deliver predictable performance in cloud deployments and address a variety of use cases from virtualized branch office to data center and service provider deployments.
Additional threat prevention, management and hardware highlights are also available with the introduction of PAN-OS 8.0. See these related press releases:
QUOTES
“Speed and scale continue to be essential components of any advanced cybersecurity strategy that must keep pace with today’s cyber adversaries and take into account new cloud operating models. The latest advancements in PAN-OS 8.0 build on the already powerful capabilities in the Palo Alto Networks Next-Generation Security Platform by delivering the visibility, orchestration, integration, performance and threat prevention we need to establish a consistent security posture across our architecture, balanced with the freedom of choice in our cloud deployment models.”{ad}
– Bo Rising, IT security architect, TDC Hosting
“The features Palo Alto Networks added to the latest version of PAN-OS 8.0 address some of the key challenges our customers face in their digital transformation journey as they implement digital infrastructures and SaaS in multi-cloud environments. While these new technologies offer productivity and business agility, their security remains a top concern for our clients especially in terms of cyber breaches and protecting assets. The Palo Alto Networks Next-Generation Security Platform and the innovations announced today are directly aligned with addressing our customers’ pain points. Presidio is especially excited about the integration offered in PAN-OS 8.0 with vendors like VMware to address software defined data center security concerns.”
– Joe Leonard, chief information security officer, Presidio
“Organizations must adapt to meet new security risks as more critical data and applications reside in the cloud. The latest release by Palo Alto Networks uniquely positions their platform to secure applications, data, and users no matter where …
{vpipagebreak}
… they reside. The features introduced today in PAN-OS 8.0 address today’s cybersecurity challenges and moves the industry further towards making cyber breach prevention a reality.”
– Robert Westervelt, research manager and lead of IDC’s data security practice, IDC
“As customers embrace multi-cloud deployment architectures, Palo Alto Networks is pleased to offer the only built-from-the ground up, natively engineered Next-Generation Security Platform enabling them to safely embrace any cloud – public, private, hybrid and SaaS – with consistent visibility, operations, control and cyberthreat prevention.”
– Lee Klarich, executive vice president, Product Management, Palo Alto Networks
AVAILABILITY
PAN-OS 8.0 is now available globally to customers of Palo Alto Networks with a current support contract. New VM-Series firewall models are available now. For more information, visit http://www.paloaltonetworks.com.
To learn more about the Palo Alto Networks Next-Generation Security Platform, visit: https://www.paloaltonetworks.com/products/platforms.html.
PRESS RELEASE — SANTA CLARA, Calif., Feb. 7, 2017 /PRNewswire/ — Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced availability of new purpose-built hardware and virtual next-generation firewall appliances that safely enable applications and redefine security performance for both threat prevention and SSL decryption, enabling customers to safely embrace the cloud and prevent successful cyberattacks across network, endpoint and cloud environments.{ad}
The new models complement enhancements to the Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, also introduced today, which includes more than 70 new features that deliver threat and credential theft prevention, secure cloud enablement, and more.
As organizations look to modernize their physical data centers, embrace hybrid cloud environments, and apply advanced security measures across their infrastructure, they require greater performance to handle the tremendous amount of traffic generated by the growing number of users, applications and devices. The introduction of new SaaS applications running at higher throughputs further increases demand for bandwidth performance to and from the network.
Complicating matters, as more and more traffic is encrypted by SSL, enterprises are left blind to the applications and content their users are accessing, and advanced cyber adversaries are increasingly leveraging SSL encryption to obscure malicious activity, leaving organizations unaware of the hidden dangers lurking on …
{vpipagebreak}
… their networks. Legacy security products are simply unable to perform at rates high enough to decrypt this traffic and restore the visibility required to prevent cyber breaches.
To address these needs and more, six new hardware firewall appliances join the existing hardware family of 16 appliances to safely enable applications and offer threat prevention in large data centers, small branches and remote locations, all managed centrally from Panorama™ network security management. The new and powerful hardware appliances enable advanced security protections applied at speed and scale by delivering predictable performance with deep visibility into and control over all traffic, including encrypted traffic.
The VM-Series virtualized next-generation firewall family also has been optimized and expanded with three new models to support customer organizations expanding cloud and virtualization initiatives – from virtualized branch offices to data center and service provider deployments – that require high throughput and capacity. With the new additions, the VM-Series now represents the industry’s broadest line of virtualized firewall appliances, delivering groundbreaking cloud security performance of up to 16 Gbps with App-ID™ technology visibility and over 10 Gbps with full threat prevention enabled.
Highlights of the new hardware and virtual firewalls include:
New PA-5200 Series: This new series includes three devices: the PA-5260, PA-5250 and PA-5220. This new advanced architecture delivers 72 Gbps App-ID and 30 Gbps Threat Prevention performance, up to 32M sessions, 3.2M SSL-decrypt session capacity and 6.5 Gbps SSL-decrypt throughput on the PA-5260 model. Higher 10G port density and 40G and 100G interface supports diverse deployments. These models deliver security for high throughput environments within a compact form factor, making them ideal for data center consolidation, increased gateway demands, and inspecting encrypted traffic.
New PA-800 Series: The new PA-800 series includes two devices: the PA-850 and PA-820. This new architecture delivers 1.9 Gbps App-ID and 780 Mbps Threat Prevention performance on the PA-850. A high-performance management plane leverages multiple CPU cores and 8GB memory. The PA-850 features redundant power for additional hardware resiliency. These models are ideal for medium-sized networks, and branch and remote office environments.
New PA-220 delivers full PAN-OS capabilities in a small desktop footprint with increased port density. The PA-220 features built-in resiliency via dual power adapters and complete high availability support for active/active and active/passive clusters. Passive and silent cooling eliminates noise and increases reliability. The small footprint makes these models ideal for small branch offices and remote locations.
Three new VM-Series virtual firewall models: These new models deliver industry-leading cloud security performance options ranging from 200 Mbps up to an industry-leading 16 Gbps to deliver predictable performance in cloud deployments and address a variety of use cases, from virtualized branch office to data center and service provider deployments.
New VM-50 is optimized to consume minimal resources yet delivers 200 Mbps of App-ID performance for customer scenarios that range from virtual branch office/customer premise equipment (CPE) to high-density, multi-tenancy environments.
Faster VM-100, VM-200, VM-300 and VM-1000-HV have been optimized to deliver 2-4 times their previous performance with 2 Gbps and 4 Gbps of App-ID performance for hybrid cloud, segmentation and internet gateway use cases.
New VM-500 and VM-700 deliver an industry-leading 8 Gbps to 16 Gbps of App-ID performance, respectively, and can be deployed as NFV security components in fully virtualized data center and service provider environments.
Complementing these firewall introductions is the release of …
{vpipagebreak}
… Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, which includes threat and credential theft prevention, cloud security and management advancements. See these related press releases:
Quotes
“Cloud migration is a dynamic, bi-directional, and continuous process – sending workloads back and forth between the multiple clouds and data centers. The advancements announced today by Palo Alto Networks, including their new VM-series firewalls, provide customers a critical solution that is flexible enough to facilitate efficient movement between private networks and public/private clouds as new use cases are implemented.”
– Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit
“Palo Alto Networks understands the growing performance and capacity needs as customer organizations look to expand cloud use cases and implement advanced security capabilities throughout their data centers and distributed organizations. We are pleased to expand the performance range and use case possibilities with our newest hardware and virtual firewall models.”
– Lee Klarich, executive vice president, Product Management, Palo Alto Networks
PRESS RELEASE — SANTA CLARA, Calif., Feb. 7, 2017 /PRNewswire/ — Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced advancements to its Next-Generation Security Platform that extend the ability for customer organizations to safely enable applications, prevent successful cyberattacks, simplify security operations, and safely embrace the cloud.
Cyber adversaries often use commoditized compute power and automated tools and evasion techniques to deploy sophisticated attacks at massive scale and little cost. Security teams can find themselves struggling to address the sophistication, speed and volume of these threats – both known and unknown – using a collection of legacy security point products, manual resources and tools that fail to provide thorough application visibility and control, can’t adequately identify and stop advanced attacks in an automated and timely manner, complicate security workflows, and require too much manual intervention.{ad}
These challenges are compounded as network perimeters become more vulnerable with the rapid adoption of …
{vpipagebreak}
… cloud deployments – public, private, hybrid or SaaS – resulting in applications and data moving across networks and endpoints to and from the cloud with users accessing data dynamically from anywhere and any device. This dramatically expands and complicates the landscape customer organizations must protect against a growing volume and variety of threats.
The natively engineered Palo Alto Networks Next-Generation Security Platform addresses these challenges by safely enabling applications, content and users regardless of location, preventing successful attacks from known and unknown threats, while simplifying security operations and infrastructure, and giving organizations the freedom to safely embrace new cloud infrastructures.
Building upon the existing capabilities of the platform, new advancements included in the Palo Alto Networks PAN-OS® operating system version 8.0 take advantage of added automation, machine learning and threat prevention capabilities, among others.
Among the more than 70 new features introduced to the Next-Generation Security Platform as part of PAN-OS 8.0, threat prevention feature highlights include:
Stopping sandbox evasion techniques with a new 100 percent custom-built hypervisor and bare metal analysis environment for the WildFire™ service, designed to automatically identify and prevent the most evasive threats.
Automated command-and-control signatures using a new and unique payload-based signature generation engine. This new approach delivers researcher-grade, payload-based signatures in a delivery mechanism that is automated end to end for faster time to prevention of adversary phone home attempts.
Automated integration of threat intelligence delivered through the integration of the MineMeld application with the AutoFocus™ service, whereby security operations teams can easily ingest multiple data feeds, accelerate the digestion of all the threat intelligence, create customizable fields, and quickly automate remediation to the next-generation firewall, as well as alert SOC groups via third-party SIEM solutions or asset management products.
Management features that provide administrators fast and accurate insight delivered by Panorama™ network security management and now include ingestion of Traps™ advanced endpoint protection logs, as well as additional firewall logs. This enriches correlation of indicators of compromise and automates actions to update the next-generation firewall with new automated actions to prevent adversary lateral movement and alert IT via third-party IT service management and security response systems, such as ServiceNow, lowering operational burden for security teams.
Additional cloud security, hardware highlights and credential theft advancements are also available with the introduction of PAN-OS 8.0. See these related press releases:
QUOTES
“With attackers adopting more sophisticated tactics and tools, it’s important that our security solutions are able to keep pace without requiring volumes of manual resources or chair swiveling from one product console to another, and that we have timely …
{vpipagebreak}
… prevention mechanisms. The extended threat prevention capabilities introduced today in the Palo Alto Networks Next-Generation Security Platform allow us to better protect against advanced threats at the pace of our adversaries, safely enable application usage for our employees where ever they are, and reduce our management overhead.”
– Eugene Purugganan, systems engineer, Animal Logic
“Cloud and SaaS are revolutionizing IT, but our customers, while eager to implement these technologies in their own network environments, are hesitant to adopt them due to cybersecurity concerns. Both current and prospective customers who currently leverage Palo Alto Networks Next-Generation Security Platform will be excited about how the newest innovations combine strong threat detection and prevention capabilities with automated features to ensure customers can secure their organizations against known and unknown cyberattacks targeting cloud, hybrid cloud and physical network environments.”
– Luanne Tierney, managing member, Fivesky
“Cyber adversaries are constantly finding new ways to evade detection by dynamic analysis environments, many of which share common open-source components. This has allowed advanced attackers to develop techniques to identify various analysis environments and evade detection. Custom analysis environments make it difficult for cyber criminals to predict system responses to these evasions – which should ultimately provide more protection for customers.”{ad}
– Jason Pappalexis, distinguished research director, NSS Labs, Inc.
“Using legacy security products and tools, organizations today face seemingly insurmountable challenges in protecting themselves from a growing volume of sophisticated threats. We are pleased to offer them an entirely different approach with our natively engineered Next-Generation Security Platform that raises the bar for organizations with new advancements in preventing malware sandbox evasion, automation of command-and-control protection, and threat intelligence ingestion that help our customers prevent successful attacks.”
– Lee Klarich, executive vice president, Product Management, Palo Alto Networks
PRESS RELEASE — SANTA CLARA, Calif., Feb. 7, 2017 /PRNewswire/ — Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced advancements to its Next-Generation Security Platform that provide customer organizations with the ability to prevent the theft and abuse of stolen credentials, one of the most common methods cyber adversaries use to successfully compromise and maneuver within an organization to steal valuable assets.
The majority of breaches involve password theft at some stage of the attack lifecycle. According to the 2016 Verizon Data Breach Incident Report (DBIR), nearly two-thirds of the breaches analyzed were, in some part, the result of stolen credentials. Because the vast majority of organizations continue to use simple password-based credentials as the primary means of enabling user access to systems, it is often easier for an attacker to …
{vpipagebreak}
… steal passwords than it is to find and hack a vulnerable system or successfully bypass malware detection and threat prevention technologies.
Traditional approaches to stopping credential phishing are rudimentary, manual, limited, and rely primarily on educating employees and classifying a phishing site before someone encounters it. If the organization’s security products miss a new phishing site, the only recourse is hoping the user doesn’t proceed to enter his or her credentials. Further, password-only-based approaches to authentication remain very common due to the traditional complexities of implementing multi-factor authentication, leaving many applications exposed to simple credential abuse-based access by attackers.
Palo Alto Networks now delivers the industry’s first multi-method, scalable and automated approach designed to prevent credential-based attacks. These capabilities, delivered from the next-generation firewall, prevent the theft and abuse of stolen credentials and complement additional malware and threat prevention and secure application enablement functionality, to extend customer organizations’ ability to prevent cyber breaches.{ad}
Among the more than 70 new features introduced to the Next-Generation Security Platform as part of PAN-OS® security operating system version 8.0, credential theft prevention feature highlights include:
Automatically identify and block phishing sites by sending suspicious links from emails to the WildFire™ service for enhanced machine learning-based analysis. If the site is determined to be phishing, PAN-DB will automatically update the phishing URL category, block the site, and prevent users from accessing it.
Prevent users from submitting credentials to phishing sites; by integrating with User-ID™ technology, the firewall can recognize the movement of enterprise credentials in the traffic. If a user unknowingly attempts to transmit a username and password to an unauthorized site, policies within the firewall can alert or drop the traffic and stop the transmission of corporate credentials.
Prevent the use of stolen credentials by providing a policy-based multi-factor authentication framework natively in the next-generation firewall. This unique capability makes it easy to enforce multi-factor authentication from the firewall to stop cyber adversaries from moving laterally in a network and accessing sensitive resources with the help of stolen credentials or compromised endpoints. This is achieved by working at the network level in conjunction with authentication and identity management frameworks, such as single sign-on and multi-factor authentication, and integrating with a number of next-generation identity access management vendors, including Okta®, Ping Identity® and Duo Security, as well as policy enforcement tools. In addition to simplifying the overall administrative overhead, with this new centralized policy-based approach in PAN-OS 8.0, administrators will now be able to protect internal and custom applications with multi-factor authentication, a step that is often impossible to deploy with today’s existing tools.
Additional threat prevention, management and hardware highlights are also available with …
{vpipagebreak}
… the introduction of PAN-OS 8.0. See these related press releases:
QUOTES
“Palo Alto Networks routinely delivers features, like credential theft protection, that address the common cybersecurity challenges IT teams face on a daily basis. It’s this continued focus on delivering real-world value that keeps the Palo Alto Networks Next-Generation Security Platform relevant with our customers, and we anticipate they will have a positive reaction to the new innovations announced today.”
– Mike McGlynn, vice president, Security Solutions, World Wide Technology, Inc.{ad}
“Credential theft has been a challenge for countless organizations around the world. Palo Alto Networks is bringing to market a unique approach to intercepting the problem at the network level. When this feature is tightly integrated with identity access management solutions, organizations can make significant progress towards ending credential theft.”
– Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit
“We have too often seen headlines that highlight credential theft as one of the primary methods cyber adversaries use to gain access to networks, systems and assets. For years, there has been an absence of an effective and scalable way for organizations to address this challenge. We are pleased to introduce these unique and industry-leading capabilities as part of our Next-Generation Security Platform and to deliver yet another innovation among many designed to help organizations prevent cyber breaches.”
– Lee Klarich, executive vice president, Product Management, Palo Alto Networks
AVAILABILITY
PAN-OS 8.0 is now available globally to customers of Palo Alto Networks with a current support contract.
To learn more about the Palo Alto Networks Next-Generation Security Platform, visit: https://www.paloaltonetworks.com/products/platforms.html.
Find out more about the new features in PAN-OS 8.0 and new devices:
About Palo Alto Networks
Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets. Find out more at www.paloaltonetworks.com.
Read more about:
AgentsAbout the Author
You May Also Like