Palo Alto Networks Rolls Out Major PAN-OS 8.0 Update, New Hardware And Virtual Appliances

Palo Alto Networks is making major updates to its PAN-OS, the company announced Tuesday, adding new features across its entire technology platform.

The new PAN-OS 8.0 launch adds upgrades across cloud security, multi-method threat prevention, management at scale, credential threat prevention and new hardware. All in all, Palo Alto Networks added more than 70 new features across those platform categories with the operating system update.

"This is the biggest launch in the history of the company," Frank Mong, senior vice president of product, industry and solutions marketing, said in an interview with CRN.

[Related: Palo Alto Networks Steps Up Endpoint Security Game With Certification Of Traps As AV Replacement]

Sponsored post

Palo Alto Networks updated its cloud security portfolio with three new VM-Series firewall models: the VM-50, VM-500 and VM-700. The company also made enhancements to its VM-300 and VM-1000 products to make them faster. Palo Alto Networks also extended its capabilities around the public cloud, adding gateway and load balancer integrations for Microsoft Azure, native AWS Cloudwatch support, and more. The VM-Series offerings are available on both the Azure marketplace and the AWS marketplace.

Palo Alto Networks also added cloud security capabilities around software-as-a-service applications, giving customers additional visibility and control with an expansion of Aperture. The company added extended application support for Office 365, Dropbox, and Salesforce, as well as initiating support for Slack and Secure Data Space, added new German and APAC data centers to support German and Japanese languages for DLP and machine learning.

The company also boosted its multi-method threat prevention capabilities, adding a fully custom-built evasion environment for dynamic analysis to counteract sandbox-aware malware; bare metal analysis to detonate malware on real hardware; and aggregated threat intelligence through an integration of MineMeld and AutoFocus. Palo Alto Networks also added particular capabilities around command-and-control, automating inspection, analysis and signature generation through WildFire.

Palo Alto Networks also looked to address the growing problem around credential theft and abuse with the launch of new features to identify and block phishing sites, prevent users from submitting credentials to phishing sites and prevent an attacker from traversing the network using stolen credentials with multi-factor authentication. Mong said the new anti-phishing and multi-factor authentication features are a win for partners because it eases implementations by putting multi-factor authentication at the gateway and comes at no extra cost.

The new PAN-OS 8.0 also updated its management capabilities through Panorama, integrating Traps endpoint security logs into the management console for correlation across firewall, endpoint and third-party threat intelligence feeds. The company also boosted search speed in the management console by 30 times, Mong said.

Finally, Palo Alto Networks announced new hardware appliances to help meet increasing performance needs from data center consolidation, Mong said. The company launched the PA-800 Series for remote offices and branch offices, the PA-5200 Series for data centers with small compact form factors and high SSL traffic, and the PA-220 for remote users. Mong said the new appliances have higher performance, capacity, and decryption performance.

Jeff Lefkowitz, director of engineering at Fivesky, a New York-based Palo Alto Networks partner, said the software updates around client-less VPN connection, Traps integration and NetFlow monitoring for the PA-7000 Series, in particular, are enhancements that stand out in the PAN-OS 8.0 update. He said those updates would all help him better manage and correlate threat data, as well as direct traffic through web access gateways and firewalls for better security.

Lefkowitz also highlighted what Palo Alto Networks was launching around command and control inspection as a key addition for his customers. He said integrating those services together with the WildFire platform is going to be "really attractive" because it will provide more in-depth analysis of malware and network traffic.

Finally, Lefkowitz said the new hardware updates for both on-premises and virtual appliances would be key as customers demand higher-performance solutions to keep pace with increasing amounts of data and traffic.

"It’s a fantastic situation to be able to sell these devices into more customers because customers want to do this type of segmentation to enhance security. They need these devices to perform … The hardware improvements are really going to be nice," Lefkowitz said.

Mong said the launches across the entire portfolio is an essential piece of Palo Alto Networks' strategy, as it looks to build on its security platform across the board. He said a platform that can provide best-of-breed visibility, attack surface reduction and known and unknown threat prevention is critical for success in today's security landscape.

"We believe that you have to have a platform approach to doing [security] well and you have to be the best in every single [category]. That's what we're doing at Palo Alto Networks," Mong said.

Fivesky Managing Member Luanne Tierney said this platform approach is key for partners like Fivesky to position solutions to clients. She said a platform approach allows Fivesky to be more valuable to its clients.

"We're excited to be Palo Alto Networks partner because this makes us a better partner to our customers," Tierney said. "We do like how they are allowing us to position a true platform, a true security solution, instead of having all these disparate pieces."