Security vendor Palo Alto Networks today announced version 8.0 of its PAN-OS operating system, which includes more than 70 new features touching areas such as threat prevention, credential theft prevention, cloud security, and management.
This is the largest announcement Palo Alto has ever put out, says Frank Mong, SVP of product, industry and solutions. (We’re guessing he means in terms of volume.) Here are a few of the highlights we found interesting.
Credential Theft Prevention
This feature of PAN-OS was built to classify and block phishing sites in particular. The security platform actively scans the network for suspicious links and sends them to Palo Alto’s WildFire service, which is able to determine if it is a phishing site. If it’s determined to be phishing, the platform will automatically block the site and update the URL information so users aren’t taken back.
If a user manages to start divulging a username or password to the phishing site, policies in the firewall can alert or drop the traffic, and stop the transaction from occurring.
To prevent hackers from using stolen credentials, PAN-OS provides a multiple-factor authentication framework in the next-generation firewall at the network level. Palo Alto appears to be the first company to have the firewall perform this kind of authentication check, Mong says. The company also integrated this feature with the software of access management vendors like Okta, Ping Identity, and Duo Security.
Palo Alto announced three new virtual firewall models — the VM-50, VM-500, and VM-700 — all different sizes of the same firewall.
The company also added to Aperture, its service for securing software-as-a-service (SaaS) applications, so that it can be integrated with Amazon Web Services (AWS), Microsoft Azure, and other private or public clouds.
Reacting to some intruders’ abilities to evade sandboxes, Palo Alto rebuilt WildFire’s sandbox, using no open source technology. Attackers are sent into a bare metal environment where they can’t tell if they’re in a real network environment or a sandbox, Mong says.
If something gets infected, WildFire is able to look at the IP address and domain of the attacker and extract the payload to determine if it’s benign, reducing false positives.
PAN-OS is now able to provide IT teams and administrators with more analytics using endpoint protection logs in addition to the firewall logs Palo Alto was already using. “This is important because when you combine endpoint logs with firewall logs, you can feed the data into Panorama [Palo Alto’s management platform for controlling its distributed firewalls] and automate a build of rules to govern that firewall,” Mong says.
When a rule is broken, an alert is sent to any application program interface (API)-based tool, telling IT departments what the data revealed.
Finally, Palo Alto released new hardware firewalls. The PA-5200 series aims for high throughput, high port density, and 100-Gb/s support. The PA-800 series is a smaller appliance for branch offices, while the even smaller PA-220 targets remote offices or retail locations.