Palo Alto Networks launched what it calls the “world’s first” machine-learning powered next generation firewall, plus a containerized version of the firewall, and a new IoT security service.

The new firewall embeds machine learning (ML) in the core of the firewall to stop threats, secure IoT devices, and recommend security policies essentially in real-time.

“Thirteen years ago we unveiled the first NG firewall,” said Anand Oswal, SVP and GM at Palo Alto Networks. At the time, it took about 24 hours to deliver detection signatures, and Palo Alto Networks has since whittled that down to about five minutes, he said. “And with this release, we felt that it’s important for this to be real time.”

This is important because hackers use machine learning and automation, too. “In the last year or so if you look at the attackers, the adversaries are now constantly and automatically mounting attacks. Attackers themselves are using machine learning and mutating malware in different formats that usually require signature updates,” Oswal said.

As hackers use machines to automatically generate and morph attacks, signatures become less useful in preventing these. So to prevent malware and phishing attacks, Palo Alto Networks developed in-line machine learning models and zero-delay signature updates. Oswal said this reduces the threat-reaction time to about five seconds and results in a 99.5% reduction in systems infected.

The updated firewall also secures IoT devices, and this feature taps into the company’s new IoT security subscription service.

Last fall, Palo Alto Networks acquired IoT security startup Zingbox for $75 million. Zingbox developed three-tier machine learning platform to identify unmanaged devices in the network. Since the acquisition, Palo Alto Networks infused this technology with its own App-ID, which automatically discovers new IoT devices, assess risk, and then develops policies to secure devices. This new IoT security service can be paired with all of Palo Alto Networks’ other cloud-delivered security subscriptions, and it doesn’t require any additional sensors or infrastructure.

A machine-learning based security policy engine is a key differentiator for Palo Alto Networks’ IoT security, Oswal said.

“The mainstream solutions in the market for IoT security just don’t cut it,” he said. “And the reason is because really they’re limited to device identification of only known asset types and manual rule-based policy engines that frankly don’t scale. Our IoT solution is completely machine learning-based so you don’t need to see a device to detect the device. Second, you can have automated policy remediation. And third, it’s very easy to activate on the existing infrastructure you already have.”

In addition to offering the latest version of the next-generation firewall as a physical device, software, or cloud-based product, Palo Alto Networks also offers a containerized version designed specifically for Kubernetes environments.

“As the enterprise adopt containers, the number of potential threats to applications running on Kubernetes will continue to grow,” he said. “And that’s why we are introducing the world’s first containerized NG firewall.”

The containerized version uses the next-generation firewall’s full Layer-7 network security and threat protection capabilities to protect the allowed connections from threats, exploits, malware, and data exfiltration, he added.