Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform
Cyber adversaries often use commoditized compute power and automated tools and evasion techniques to deploy sophisticated attacks at massive scale and little cost. Security teams can find themselves struggling to address the sophistication, speed and volume of these threats – both known and unknown – using a collection of legacy security point products, manual resources and tools that fail to provide thorough application visibility and control, can’t adequately identify and stop advanced attacks in an automated and timely manner, complicate security workflows, and require too much manual intervention.
These challenges are compounded as network perimeters become more vulnerable with the rapid adoption of cloud deployments – public, private, hybrid or SaaS – resulting in applications and data moving across networks and endpoints to and from the cloud with users accessing data dynamically from anywhere and any device. This dramatically expands and complicates the landscape customer organizations must protect against a growing volume and variety of threats.
The natively engineered Palo Alto Networks Next-Generation Security Platform addresses these challenges by safely enabling applications, content and users regardless of location, preventing successful attacks from known and unknown threats, while simplifying security operations and infrastructure, and giving organizations the freedom to safely embrace new cloud infrastructures.
Building upon the existing capabilities of the platform, new advancements included in the Palo Alto Networks PAN-OS® operating system version 8.0 take advantage of added automation, machine learning and threat prevention capabilities, among others.
Among the more than 70 new features introduced to the Next-Generation Security Platform as part of PAN-OS 8.0, threat prevention feature highlights include:
- Stopping sandbox evasion techniques with a new 100 percent custom-built hypervisor and bare metal analysis environment for the WildFire™ service, designed to automatically identify and prevent the most evasive threats.
- Automated command-and-control signatures using a new and unique payload-based signature generation engine. This new approach delivers researcher-grade, payload-based signatures in a delivery mechanism that is automated end to end for faster time to prevention of adversary phone home attempts.
- Automated integration of threat intelligence delivered through the integration of the MineMeld application with the AutoFocus™ service, whereby security operations teams can easily ingest multiple data feeds, accelerate the digestion of all the threat intelligence, create customizable fields, and quickly automate remediation to the next-generation firewall, as well as alert SOC groups via third-party SIEM solutions or asset management products.
- Management features that provide administrators fast and accurate insight delivered by Panorama™ network security management and now include ingestion of Traps™ advanced endpoint protection logs, as well as additional firewall logs. This enriches correlation of indicators of compromise and automates actions to update the next-generation firewall with new automated actions to prevent adversary lateral movement and alert IT via third-party IT service management and security response systems, such as ServiceNow, lowering operational burden for security teams.
Additional cloud security, hardware highlights and credential theft advancements are also available with the introduction of PAN-OS 8.0. See these related press releases:
- Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
- Palo Alto Networks Delivers Industry-first Capabilities to Prevent Credential Theft and Abuse
- Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances
- “With attackers adopting more sophisticated tactics and tools, it’s important that our security solutions are able to keep pace without requiring volumes of manual resources or chair swiveling from one product console to another, and that we have timely prevention mechanisms. The extended threat prevention capabilities introduced today in the Palo Alto Networks Next-Generation Security Platform allow us to better protect against advanced threats at the pace of our adversaries, safely enable application usage for our employees where ever they are, and reduce our management overhead.”
– Eugene Purugganan, systems engineer, Animal Logic
- “Cloud and SaaS are revolutionizing IT, but our customers, while eager to implement these technologies in their own network environments, are hesitant to adopt them due to cybersecurity concerns. Both current and prospective customers who currently leverage Palo Alto Networks Next-Generation Security Platform will be excited about how the newest innovations combine strong threat detection and prevention capabilities with automated features to ensure customers can secure their organizations against known and unknown cyberattacks targeting cloud, hybrid cloud and physical network environments.”
– Luanne Tierney, managing member, Fivesky
- “Cyber adversaries are constantly finding new ways to evade detection by dynamic analysis environments, many of which share common open-source components. This has allowed advanced attackers to develop techniques to identify various analysis environments and evade detection. Custom analysis environments make it difficult for cyber criminals to predict system responses to these evasions – which should ultimately provide more protection for customers.”
– Jason Pappalexis, distinguished research director, NSS Labs, Inc.
- “Using legacy security products and tools, organizations today face seemingly insurmountable challenges in protecting themselves from a growing volume of sophisticated threats. We are pleased to offer them an entirely different approach with our natively engineered Next-Generation Security Platform that raises the bar for organizations with new advancements in preventing malware sandbox evasion, automation of command-and-control protection, and threat intelligence ingestion that help our customers prevent successful attacks.”
– Lee Klarich, executive vice president, Product Management, Palo Alto Networks
- PAN-OS 8.0 is now available globally to customers of Palo Alto Networks with a current support contract.
To learn more about the Palo Alto Networks Next-Generation Security Platform, visit:https://www.paloaltonetworks.com/products/platforms.html.