
Innovating At The Speed Of Machines
PAN-OS version 10.0 ushers in the world’s first machine learning-powered next-generation firewall to proactively assist in stopping threats, securing IOT devices and recommending security policies. The new operating system introduces a containerized form factor for the firewall and extends more visibility and security to unmanaged IoT devices without needing to deploy additional sensors, the company said.
The Internet of Things (IoT) market is expected to reach 1.1 trillion devices by 2026, and more than 70 percent of organizations are expecting to run containerized applications by 2023, said Karl Soderlund, senior vice president of worldwide channels. Customer demand is driving almost all partners to look at IoT security and container security, and the company wants to help with training and enablement.
Solution providers will need to qualify and discover these opportunities around IoT and container security, and might find they’re interacting with more of a DevOps buyer rather than a network security buyer, he said. The new offerings provide partners with a good opportunity to deliver managed services and professional services, particularly as it relates to implementation and pre-sales consulting, he said.
From the industry’s first next-gen firewall for Kubernetes to gaining visibility into never-before-seen devices, here are five new products and features in PAN-OS 10 that leverage machine learning to keep customers safer.
5. Clustering and Signature Updates
New high-availability clustering capabilities in PAN-OS 10.0 is a best-of-breed feature intended to maximize availability for customers and simplify management for partners, according to Soderlund. Availability is essential to providing partners and customers with strong and secure defense, Soderlund said.
Meanwhile, Palo Alto Networks is introducing zero-delay signature update protection, resulting in a 99.5 percent reduction in systems infected, according to the company. The company said it was already leading the industry in reducing the reaction time for threats from days to minutes.
4. New Decryption Features
Encryption is getting more complex every day, and Soderlund said partners and customers alike must have the ability to break that down and figure out how to best secure their environments. Decryption has been a major area of focus for Palo Alto Networks as a “table stakes” way of simplifying security for customers, according to Soderlund.
The new decryption capabilities in PAN-OS 10 are based on enhancements and extensions to the 12-year-old decryption technology found in the company’s next-generation firewalls, according to Palo Alto Networks. The new features enable more customers to fully deploy decryption and include support for the new TLS 1.3 standard, the company said.
3. In-Line Malware And Phishing Prevention
PAN-OS 10.0 leverages machine learning to make sure organizations are staying one step ahead of bad actors, according to Soderlund. As attackers use machines to automatically morph attacks, Palo Alto Networks said signatures become less valuable in preventing these attacks.
Network security products previously only used machine learning models for out-of-band detection, but Palo Alto Networks said its next-generation firewall now uses in-line machine learning models to help prevent previously unknown attacks.
The company’s new cloud-based system is used to train and tune machine learning models to detect both known and unknown variants of real-world attacks the company is seeing in the wild that affect customers, As a result, Palo Alto Networks said it has observed up to 95 percent of unknown malware that previously required cloud-based detection now being blocked inline without hurting performance.
2. Discover And Protect Unmanaged IoT Devices
Palo Alto Networks’ acquisition of Zingbox last fall enhanced its visibility into never-before-seen devices to help detect new anomalies and vulnerabilities, Soderlund said. The company’s new IoT security offering is delivered as a subscription off the company’s firewall and recommends security policies to organizations to ensure any identified anomalies or vulnerabilities are addressed, Soderlund said.
Zingbox has been integrated with Palo Alto Networks’ App-ID technology to detect unique IoT devices and provide guidance on how to protect them without requiring additional sensors or equipment, Soderlund said. The offering doesn’t require manual fingerprinting techniques, the counting of IoT devices for licensing or any other product for enforcement, according to Palo Alto Networks.
The offering will allow security teams to start reclaiming unmanaged IoT devices on PA-Series hardware appliances, VM-Series virtualized firewalls as well as the company’s Prisma Access network security service. The tool competes with siloed IoT security products by delivering unmanaged device discovery, protection and enforcement in places where there are no existing firewalls, Palo Alto Networks said.
1. Containerized Version Of Firewall For Kubernetes
Over the next three years, Soderlund said most organizations will be running multiple containerized apps in the production environment. The new CN-Series is a containerized version of the company’s firewall that helps network security teams ensure they’re compliant in container environments, and enables security at DevOps speed by speeding up the integration and provisioning process, he said.
Kubernetes is red hot right now, and Soderlund said Palo Alto Networks wanted a containerized form factor as part of their firewall to ensure both security and compliance. The CN-Series firewalls leverage deep container context to protect inbound, outbound and east-west traffic between container trust zones along with other components of enterprise IT environments, according to Palo Alto Networks.
The CN-Series can be used to protect critical applications against known vulnerabilities as well as both known and unknown malware until patches can be applied to secure the underlying compute resource. Applications are protected with the CN-Series in on-premise data centers like Kubernetes and RedHat OpenShift as well as the Kubernetes service from each of the big public cloud providers, the firm said.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Carbonite
Cloud Storage 360

Application Integration 360

Tenable
Cyber Risk 360

NPD
Industry Trends 360

Channel Chief Showcase

Smart 3rd Party
3rd Party Maintenance 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

CyberPower
CyberPower

Veeam
Veeam

Comcast Business
Comcast Business Learning Center

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Cyber Protection 360

VMware

EPOS
EPOS

Sophos
Sophos Cybersecurity Learning Center

iboss
Cloud SASE Platform 360

Vonage
Vonage

Sherweb
Sherweb

Vertiv
Edge Computing Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

Fujifilm
Fujifilm

BlackBerry
BlackBerry Learning Center

Acer
Remote Workforce 360

Webroot
Webroot Learning Center

Comm100
Collaboration & Communications 360

Partner Program Guide Showcase

Wasabi
Wasabi

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center
