Cyber threats proceed to develop in quantity and complexity, with menace actors growing new methods to evade detection, together with extremely evasive malware. To assist organizations overcome these evolving threats, Palo Alto Networks, the worldwide chief in cybersecurity, right now introduced PAN-OS 11.0 Nova, the most recent model of its industry-leading PAN-OS software program, launching over 50 product updates and improvements. These embody the brand new cloud-delivered Superior WildFire safety service, which offers unprecedented safety towards evasive malware, and the Superior Menace Prevention (ATP) service, which now protects towards zero-day injection assaults.
“We now have seen a big improve in distinctive malware samples over the previous 12 months, together with an rising degree of malware sophistication. A brand new method is required to detect this superior malware,” mentioned Anand Oswal, Senior Vice President, Community Safety, Palo Alto Networks. “PAN-OS 11.0 Nova is a leap ahead in community safety. Stops 26% extra zero-day malware than conventional sandboxes; detects 60% extra injection assaults; simplifies the safety structure; and helps organizations undertake cybersecurity greatest practices. The underside line is that Nova helps maintain organizations one step forward of attackers.”
Safety towards Zero Day threats
Superior WildFire: Fashionable malware is very evasive and sandbox conscious. To unravel this drawback, sandboxes should repeatedly evolve to counter analysis-resistant evasion methods. The brand new Superior WildFire service builds on the customized hypervisor to introduce radical new capabilities, reminiscent of clever runtime reminiscence evaluation mixed with unobtrusive statement and computerized unpacking to remain hidden from malware and defeat superior evasions. These new capabilities allow Superior WildFire to cease zero-day malware extra evasively than conventional sandboxes.
Superior Menace Prevention (ATP): The improved ATP service reimagines the intrusion prevention system (IPS) with industry-leading inline capabilities to cease zero-day injection assaults. Injection assaults – some of the essential assaults on OWASP”Prime 10 Net Utility Safety Dangers” record — making an attempt to push malicious code right into a computing system by exploiting incorrect vulnerabilities in software program. Such malicious code executes distant instructions that result in knowledge loss or full system compromise.
To guard towards such injection assaults, ATP deep studying fashions had been constructed on high-fidelity telemetry knowledge on tens of hundreds of vulnerabilities exploited over the previous decade. Inside checks have proven that the improved ATP service detects 60% extra zero-day injection assaults that conventional options miss.
Nova not solely lays the muse for contemporary community safety by repeatedly defending towards zero-day threats, but additionally raises the bar for a way organizations can proactively enhance cyber hygiene and simplify safety architectures. Along with Superior WildFire and Superior Menace Prevention, notable improvements within the Nova launch embody:
Simplified and constant safety
Net proxy assist: For patrons who have to run specific proxies on their community resulting from community structure or compliance necessities, Nova introduces natively built-in proxy capabilities for Palo Alto Networks NGFW that assist safe internet and non-web visitors. Palo Alto Networks NGFW and Prisma Entry now assist internet proxies, enabling prospects to implement constant community safety throughout campus places, department workplaces, and cell customers, all centrally managed.
Subsequent Era CASB Integration: Palo Alto Networks Subsequent-Era Cloud Entry Safety Dealer (CASB), natively built-in with Nova and Prisma SASE, now contains new SaaS Safety Posture Administration (SSPM) to assist discover and remove harmful misconfigurations in additional than 60 enterprise SaaS functions . Subsequent-generation CASB now additionally helps near-real-time knowledge safety in trendy collaboration functions and detection of suspicious person habits, which helps shield delicate knowledge in trendy SaaS functions from compromised accounts and insider threats.
Stronger Cyber Posture
AIOps: Palo Alto Networks AIOps helps cut back misconfigurations that may result in safety breaches. AIOps, launched earlier this 12 months, now processes 29 billion metrics every month throughout 50,000 firewalls and proactively shares 24,000 misconfigurations and different points with prospects for decision every month. With Nova, AIOps is much more proactive. AIOps now protects towards greatest observe violations and permits safety coverage inefficiencies to be remedied earlier than modifications are made, serving to organizations strengthen their defenses towards cyber assaults.
Along with all PAN-OS software program updates, a brand new set of fourth technology ML powered NGFWs brings these new capabilities to department workplaces, campus places and knowledge facilities at as much as 5x increased efficiency in comparison with the earlier technology. The brand new {hardware} firewalls additionally convey the flexibleness of fiber and Energy over Ethernet (PoE) to small department workplaces.
PA-445 and PA-415 for small branches: The PA-445 and PA-415 convey the flexibleness of fiber ports and PoE to distributed enterprises and small and medium enterprises. PoE powers downstream gadgets reminiscent of entry factors, IP cameras, and IP telephones with out the necessity for added electrical circuitry. The PA-445 and PA-415 additionally convey improved sturdiness with twin energy provides and fanless cooling.
PA-1400 collection for giant branches: The brand new PA-1400 collection affords as much as 5 occasions the efficiency and as much as 7 occasions the session capability of the earlier technology. The PA-1400 collection is good for shielding massive department places and small enterprise campuses with assist for PoE fiber ports.
PA-5440 for giant campus places and knowledge facilities: Introducing the very best performing 2RU fastened kind issue, the PA-5440. This platform affords twice the efficiency of the earlier technology PA-5260 and is good for shielding massive campus places and knowledge facilities.
“Attackers proceed to develop new methods to evade conventional defenses, whereas safety groups battle to defend organizations with level options which might be complicated to deploy and function,” mentioned John Grady, ESG Senior Analyst. “Palo Alto Networks PAN-OS 11.0 Nova addresses these essential challenges by stopping zero-day threats in actual time, simplifying safety architectures and enhancing cyber hygiene.”
Availability
PAN-OS 11.0 and most safety providers shall be out there in November. New ML-Powered NGFW platforms shall be out there in December and SSPM shall be out there on NGFW platforms in January. Most safety providers, together with Superior WildFire, shall be appropriate with earlier variations of PAN-OS.
