Archive for February, 2018

Announcing PAN-OS 8.1: Streamline SSL Decryption, Accelerate Adoption of Security Best Practices

Friday, February 23rd, 2018

Palo Alto Networks are pleased to announce PAN-OS 8.1, the latest version of the software that powers our next-generation firewalls. This release enables you to easily adopt application-based security, removes barriers to securing encrypted traffic, simplifies management of large networks and helps you quickly identify advanced threats in conjunction with Magnifier for behavioral analytics.

Let’s look at some of these enhancements in detail.

Simplified App-Based Security

App-ID classifies all traffic, including SaaS, traversing your network so you can safely enable desired applications and block unwanted ones. PAN-OS 8.1 makes it easier to adopt and maintain an application-based security policy.

  • Eliminate security risk: The new rule usage tracking tools empower organizations to review and confidently remove obsolete application-based policy rules as well as retire legacy rules – based on when a rule was last hit – to eliminate holes that create security risks.
  • Easily adopt new apps: Adopting new App-IDs, which used to be released weekly, usually requires a policy review. Now, new App-IDs are released on the third Tuesday of every month, giving you time to review the effect of the new App-ID and change policy if needed. New capabilities enable you to easily understand the impact of new and modified App-IDs on your traffic and policy.
  • Safely enable SaaS usage: SaaS applications host sensitive data, and you need to ensure data is stored in secure, compliant SaaS services. To add to existing capabilities, such as application filters, application characteristics and visibility, you can now use new SaaS application characteristics, such as lack of certifications, poor terms of service, history of data breaches and so on, to view and control their usage. In addition, the next-generation firewall can now add HTTP headers to SaaS app requests to granularly allow access to enterprise accounts while preventing access to free and consumer accounts.

Streamlined SSL Decryption

Decryption image 2Most enterprise web traffic is now encrypted, and attackers exploit this to hide threats from security devices. The new Decryption Broker feature removes all barriers to securing encrypted traffic. Our next-generation firewall now decrypts the traffic, applies security and load balances decrypted flows across multiple stacks of security devices for additional enforcement. This eliminates dedicated SSL off-loaders, reducing network complexity and making decryption simple to operate.

Performance Boost for Internet-Edge Security

  • Secure the high-speed internet edge: The Palo Alto Networks PA-3200 Series of next-generation firewalls comprises the PA-3260, PA-3250 and PA-3220. These appliances deliver up to five times the performance, up to seven times the decryption performance and up to 20 times greater decryption session capacity of existing hardware, making them ideal for securing all internet-bound traffic, including encrypted traffic.
  • Secure large data centers and high-performance mobile networks: The Palo Alto Networks PA-5280 is the latest addition to the PA-5200 Series appliances. It prevents threats, safely enables applications, and is suitable for mobile network environments as well as large enterprise datacenters. The PA-5280 offers security at throughput speed of 68 Gbps and session capacity of 64 million.
  • Secure industrial deployments: Palo Alto Networks PA-220R ruggedized appliance brings next-generation capabilities to industrial applications in harsh environments. Read the blog post for more information.

Improved Efficiency and Performance for Management

Panorama 8.1 provides greater efficiency for teams that manage physical and virtual appliances running PAN-OS. Using variables in templates, you can now leverage common configuration across many devices while substituting device-specific values in place of IP addresses, IP ranges, FQDNs and more. With device health monitoring, Panorama provides a deployment-wide view into the health and status of your next-generation firewalls. Trending of critical system resources up to 90 days helps you identify gradual changes in your environment. Proactive monitoring automatically creates alerts when substantial changes occur in the utilization of critical device resources, ensuring you’re the first to know.

In addition, new M-600 and M-200 appliances deliver high-performance management.

Advanced Threat Detection and Prevention

  • Advanced threat detection. Updates to WildFire include dynamic unpacking, which defeats packing techniques attackers use to evade detection.
  • Prevention everywhere. This update has improved detection of malware targeting Linux servers and IoT devices. Plus, you can detect and prevent malware moving freely inside the network with new SMB protocol support and find malware hiding in less common file archive formats, including RAR and 7z (from 7-Zip).
  • Rich data for analytics. Enhanced application logs evolve next-generation firewalls into advanced network sensors for analytics, including Application Framework apps. Magnifier uses this data to allow customers to identify advanced attacks, insider threats and malware with precision.

Palo Alto Networks Next-Generation Firewall provides effective protections you can use, automates tasks so you can focus on what matters and enables you to consume innovations quickly. The new capabilities in PAN-OS 8.1 allow you to accelerate the adoption of next-generation security best practices so you can prevent the most advanced threats and safely enable your business.

To learn more, visit the PAN-OS 8.1 security page.

View the original post by Palo Alto Networks.

Striking a Balance Between Education Technology and IT Control

Thursday, February 22nd, 2018

K-12 education has a culture of teacher independence in the classroom meaning that as long as the teachers are covering their curriculum, they have the freedom to use the materials and methods they choose to augment the textbook and curriculum. In today’s technology-focused classrooms, this freedom comes with more risk than ever before. That is why it’s critical school districts balance the need for educational freedom with their responsibility of keeping students and teachers safe while accessing online educational services.

Early Adopters in the Classroom

Sometimes, when teachers deem a website important they will intentionally circumvent IT restrictions or become very vocal about having the right to use digital assets that improve instruction. Going beyond the merits of educational value, many teachers are paid based on performance and will view restrictions on educational content as a threat to their salary.

Technology-minded teachers are typically early adopters of new education technology. These are the people most critical to district-level IT teams, they provide valuable feedback and recommendations for district-wide technology deployments. However, they are also the most likely people to circumvent IT and deploy rogue software if they are unhappy with the approved (and supported) solutions.

Early adopters were the first people who started using freeware and classroom management software such as Dojo, Edmodo, and Google Works, many times without IT knowing. In an ideal world, IT would meet with these teachers ahead of time, deploy test solutions in a controlled environment, work through the kinks and then deploy the software at an enterprise level so every teacher could access the solution safely and efficiently.

While it is with good intentions, when teachers circumvent IT and choose their own software management tools, they tend to overlook many potential issues. Typically, when they deploy their own software, they don’t have the benefit of single sign-on and class rosters. This means that teachers must manage access themselves as students enter and leave throughout the year. Oftentimes, teachers overlook security concerns, potential issues with device operating systems, or even the origins of the software if they see a benefit for the students. While their heart is in the right place, this is why teachers are not given administrative access.

How to Strike a Balance

This is where a balance needs to be found between IT and teachers. Should school districts only allow teachers to use district prescribed software? Or should they allow them to continue testing and using these new solutions?

It is important to recognize the incredibly fast pace of classroom technology adoption over the past 30 years. Think about how fast education technology can become outdated? Just a few years ago classrooms with one shared computer were considered advanced but today many districts have devices for every student.

This pace puts tremendous pressure on school districts to stay current and adopt new solutions quickly. When I was the CIO of Miami Dade County Schools, I wanted to know what teachers were using outside of IT’s management in order to stay ahead of the trends. Grassroots adoption and word of mouth promotion can happen very quickly. Once a teacher promotes curriculum or classroom management software, other teachers will most likely follow. It’s critical that IT administrators do everything they can to work with teachers at a reasonable pace.

Like many large school districts around the country, our IT teams and teachers at Miami-Dade County Schools were constantly challenged by high mobility and turnover of staff and students. This could often lead to professional development and security concerns if we changed software solutions quickly. Situations like this are where allowing teachers to select their own solutions can become important.

One way for school districts to strike a balance is to get teachers more involved in technology decisions. Many successful districts have created committees made up of teachers, information technology, instructional technology, and curriculum experts who are tasked with quickly vetting a solution and deciding if it should be allowed or denied based on pre-established criteria.

The district requirements can be updated regularly and should be formatted into simple yes or no questions, so all committee members can easily evaluate. Keeping the number of evaluation criteria to 10 or less would make the process quick and easy. Once vetted and approved technicians would be able to download the software to teacher and student devices or network security would open the software to the teachers and or students.

To learn more about cybersecurity in K-12 schools read our latest whitepaper: K-12 Cybersecurity Involves More Than Just CIPA Compliance

View the original press release by iboss.

Ruckus Introduces IOT Suite to Enable Secure IOT Access Networks

Thursday, February 22nd, 2018

Suite Consolidates Disparate IoT Networks to Deliver Secure IoT Deployments to Enterprises and Organisations, Speeding Time-to-ROI and Reducing Deployment Costs

Ruckus Networks, an ARRIS company, today announced the Ruckus IoT Suite, which enables organisations to readily construct a secure IoT access network that consolidates multiple physical-layer IoT networks into a single network. The Ruckus IoT Suite further speeds time-to-return-on-investment (ROI) and reduces deployment cost by allowing for the use of common infrastructure between the wireless local area network (WLAN) and the IoT access network.

According to market research firm IDC, IoT edge infrastructure is emerging as a key growth domain and an enterprise priority to support the burgeoning IoT applications space. Within the IoT edge infrastructure market— expected to reach nearly $3.4B by 2021— network equipment is the fastest-growing segment, with compound annual growth (CAGR) in excess of 30%, driven by the need for application continuity and high performance coupled with reliable and secure connectivity.

“Secure IoT network deployments in the enterprise have not yet taken off due to a fragmented market with point solutions serving one-off applications or use cases,” said Rohit Mehra, vice president, network infrastructure, IDC. “A multi-standard IoT access network that leverages existing hardware, software and security capabilities at the edge is a must for most organisations to deploy IoT. The Ruckus IoT Suite addresses these specifics and is a good first step to enabling broader multi-mode IoT network rollouts.”

“Organisations are looking to the IoT to help improve operational efficiencies, increase revenue and enhance the customer experience, but their ability to do so is constrained by today’s siloed IoT networks,” said Dan Rabinovitsj, president, Ruckus Networks. “Ruckus is addressing the market by providing the critical ‘glue’ between the world of sensors, cameras and things with the world of big data and analytics. Not only have we addressed the fragmentation at the PHY layer, we have created an open API to both public and private clouds which permits easy and secure integration with a variety of partners.”

Building a Consolidated IoT Access Network

An IoT access network must consolidate multiple access technologies while delivering the provisioning, management and security capabilities found in modern IP-based networks. Such a network must facilitate inter-endpoint communication and provide integration with analytics software and services. The Ruckus IoT Suite consists of:

  • Ruckus IoT-ready access points (APs)—APs that accommodate Ruckus IoT modules to establish multi-standards wireless access for Wi-Fi and non-Wi-Fi IoT endpoints; and translate non-Internet protocol (IP) endpoint communications into IP.
  • Ruckus IoT Modules—Radio or radio-and-sensor devices that connect to a Ruckus IoT-ready AP to enable endpoint connectivity based on standards such as Bluetooth Low Energy (BLE), Zigbee and LoRa protocols.
  • Ruckus SmartZone™ Controller—A WLAN controller that provides a single management interface for both the WLAN and the IoT access network.
  • Ruckus IoT Controller—A virtual controller, deployed in tandem with a Ruckus SmartZone OS-based controller, that performs connectivity, device and security management functions for non-Wi-Fi devices; facilitates endpoint co-ordination, and provides APIs for northbound integration with analytics software and IoT cloud services.

Securing the IoT Access Network and IoT Endpoints

Security concerns top the list of factors that contribute to IoT solution deployment delays. The Ruckus IoT Suite addresses such concerns through a multi-layered approach, including digital certificates, traffic isolation, physical security and encryption.

Enabling the IoT Solution Ecosystem

Enterprises and organisations implementing IoT must reduce payback period and increase ROI in order to justify deployments. By establishing inter-IoT solution policies with industry-leading operational technology and customer technology, solution providers’ organisations can more quickly realise IoT investment gains. Using a Ruckus IoT access network and solutions from Ruckus IoT ecosystem partners offer benefits to hotels, schools and universities, and smart cities by improving end user experiences.

The Ruckus IoT Suite will be generally available in the second quarter of 2018. To learn more, visit Ruckus Networks.

Ecosystem Partner Quotes

“As the world’s leading lock manufacturer for enabling smart, connected locks for hoteliers, which seamlessly allow guests to unlock a room with a quick swipe of a keycard or mobile device, we deliver network-based locks with online capabilities that maximise operations, guest services and security,” said Cris Davidson, vice president of key accounts, ASSA ABLOY Hospitality. “The company is able to continue its mission of providing enhanced security solutions to the hospitality industry by partnering with like-minded businesses that strive to continuously enhance and streamline the technologies for increasing hotel security. We are excited to team with Ruckus Networks to enable this secure, online connectivity for our door locks over the new Ruckus IoT Suite.”

“The IoT enables cities and businesses to operate more efficiently, deliver innovative services and enable new business models,” said Von Cameron, vice president, Americas, Actility. “Our collaboration with Ruckus Networks, bringing together our ThingPark IoT connectivity platform and their new IoT Suite, provides an easy-to-use platform that allows organisations of all sizes to connect smart, cost-effective devices with a LoRaWAN network. We are excited to collaborate with Ruckus and enable an innovative and cost-effective new deployment model, which will accelerate deployments for the large and fast-growing customer ecosystem developing around Actility LoRaWAN solutions.”

“Our collaboration allows IoT users to experience a seamless integration between IBM’s IoT and analytics platform and edge devices supported by Ruckus’ IoT suite,” said Bernard Kufluk, Watson IoT platform product manager, IBM. “Users can now capture data from various edge devices, running on the Ruckus IoT network. Data can then be analysed at the edge using IBM Watson’s IoT Edge Analytics, which is integrated with the Ruckus IoT Suite and in the cloud. We look forward to continuing this strong collaboration.”

“Our collaboration with Ruckus Networks enables our users to locate their items more rapidly, regardless of their location,” said Ravi Adusumilli, vice president of business development, Tile. “Our portfolio of Tile devices works flawlessly with the Ruckus IoT Suite to deliver a unique experience for our customers around the globe. Customers will now be able to track their things anywhere.”

“We are collaborating with Ruckus Networks to develop new innovative applications in key vertical markets for the Internet of Things,” said Philipp von Gilsa, CEO, “Our next-generation (sensor enriched) products promise to reduce the overall costs for asset tracking and location-based services without the need for costly radio networks and power-hungry GPS tracking solutions. We look forward to bringing these new innovations to market with Ruckus.”

“TrackR helps businesses locate assets tagged with TrackR devices anywhere in a building by leveraging the Ruckus IoT Suite,” said Christian Johan Smith, president & co-founder, TrackR. “Ruckus ecosystem partners can leverage TrackR in the Ruckus IoT environment to improve operational efficiency and engage customers like never before. Partnering with Ruckus Networks will provide our customers with a stronger, more robust Crowd Locate network, so finding things outside the home will be even faster and easier.”

To view the original Press Release by Ruckus Wireless. Click here.

Palo Alto Networks Adds to Its Next-Generation Firewall Lineup With New Hardware That Speeds Decryption and Improves Performance

Thursday, February 22nd, 2018

New PAN-OS Release Simplifies Decryption and Helps Organizations Use Best Practices to Improve Security Posture

Palo Alto Networks®, the next-generation security company, today announced new hardware and updates to its PAN-OS® operating system that further enable organizations to easily implement and automate best practices for application-based controls that strengthen security. With today’s announcement, Palo Alto Networks introduces PAN-OS version 8.1, the PA-3200 Series, the PA-5280, the ruggedized PA-220R and two new models in the M-Series management appliances.

Every organization requires visibility into network traffic in order to prevent successful cyberattacks, but the proliferation of encryption has obstructed the view security teams once had into the data traversing their networks. Gartner predicts that “Through 2019, more than 80 percent of enterprises’ web traffic will be encrypted.”1 Gartner also predicts that “During 2019, more than fifty percent of new malware campaigns will use various forms of encryption and obfuscation to conceal delivery, and to conceal ongoing communications, including data exfiltration.”1

According to Palo Alto Networks, many organizations have not yet addressed the lack of visibility associated with encrypted traffic due to the complexity and performance impact of decryption, leaving those that do not decrypt network traffic without the ability to find and prevent over half of malware campaigns.

The new Palo Alto Networks PAN-OS operating system, version 8.1, reduces the complexity surrounding the implementation of cybersecurity best practices, including those associated with SSL-decryption within multi-vendor environments. New next-generation firewall models improve overall performance and enable customers to decrypt traffic at high speeds. Enhanced application logging adds additional richness to log data to improve the precision of Magnifier’s behavioural analytics with which customers rapidly hunt down and stop advanced threats.

Key benefits of the capabilities announced today include:

  • Easier adoption of SSL-decryption in multi-vendor environments: Streamlined SSL decryption provides high-throughput decryption on the next-generation firewall and enables sharing of cleartext traffic with chains of devices for additional enforcement, such as DLP. This further eliminates the need for dedicated SSL offloaders, simplifying deployment, network architecture and operations.
  • 20X decryption sessions capacity boost at internet edge: With 20 times more SSL-decryption sessions capacity compared to its predecessor, the new PA-3200 Series appliances deliver high-performance decryption at the internet edge. The new PA-5280 appliance brings higher performance and doubles the session capacity for securing large data centers and mobile network operators, or MNO, infrastructures.
  • Efficient adoption of best practices: App-ID™ technology-based security can now be achieved with even simpler workflows and policy review tools, allowing administrators to more effectively and confidently enforce best practices for application controls. Further, administrators can maintain a tight and effective app-based security policy with enhanced rule usage tracking.
  • Management at scale: New capabilities simplify the management and operational complexities of large, distributed deployments. The proactive device monitoring feature in Panorama™ management alerts the administrator if device behaviour is deviating from the norm. With little manual effort, the feature can be integrated into an automated workflow to enable operations teams to quickly perform remediation actions. New M-600 and M-200 management appliances deliver high-performance, with log ingestion rates up to two times compared to their predecessors, and double the log storage capacities.
  • Advanced threat detection and prevention: Updates to the WildFire® cloud-based threat analysis service enable customers to detect zero-day malware using evasive packing techniques, spot malware targeting Linux servers and IoT devices, and find malicious files hiding in less common file archive formats, such as 7-Zip and RAR.
  • Quick detection of targeted attacks: The next-generation firewall evolves to become an advanced network sensor that collects rich data for analytics, which can be easily expanded with content-based updates. As part of the Application Framework, Magnifier uses this data to enable customers to identify advanced attacks, insider threats and malware, with precision.

“The increasing volume of encrypted traffic means that visibility is now more important than ever. Buyers are rolling out tightly integrated security solutions, and are looking for network traffic decryption that’s built into existing cybersecurity infrastructure because it removes complexity, allowing security to function as a business enabler, rather than an inhibitor.”
– Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit

“PAN-OS version 8.1 introduces many new features to help organizations improve their security and manageability in easy-to-implement ways. The new next-generation firewall and management appliances allow for significantly greater throughput, especially for encrypted traffic, and greater scale. The combined capabilities of our next-generation firewalls and PAN-OS version 8.1 are a major step forward in our mission to help organizations prevent successful cyberattacks.”
– Lee Klarich, chief product officer, Palo Alto Networks


PAN-OS 8.1 will be available to all current customers of Palo Alto Networks with valid support contracts in March. The PA-220R, PA-3200 Series, PA-5280, M-200 and M-600 are orderable on February 26, starting from $2,900 up to $200,000.


1 Gartner, “Predicts 2017: Network and Gateway Security,” Lawrence Orans et al, 13 December 2016

View the original press release by Palo Alto Networks.

How Cloud-based Cybersecurity Prevents Attacks

Wednesday, February 7th, 2018

Microsoft saw a 300% increase in cyber attacks globally over a recent 12 month period, according to a news report published in early October 2017. According to the article from ITPro, London, attacks have increased in sophistication, too, especially those that nation-states have launched.

The frequency, finesse, and viral circulation of these attacks have, according to the article, overwhelmed human interventions. As a result, Microsoft suggests a cloud-based approach to securing the enterprise.

The power and reach of the cloud make it a staunch ally in the war against cyber attacks. By using the scalability and expanse of the cloud and its ability to secure the enterprise from outside itself, you can safeguard your organization against attacks from the ubiquitous and far-reaching web/internet. Seven signs say the cloud is a great solution.

Seven benefits of cloud-based cybersecurity

  1. Scale. The cloud can quickly scale up to handle the prevalence and density of attacks wherever these infest your organization, regardless of the load, and without taxing your hardware and resources. The cloud is natively-equipped to carry and balance the load despite the glut of attacks.
  2. Visibility. The old adage, “Physician, heal yourself” presents an informing parallel to companies’ cybersecurity problems, pointing to the cloud as the answer. As a medical doctor should look to another physician, who can treat them with a complete view of their health, and without the biases that come with being too close to the problem, in the same way, companies should defer to the cloud as the “surgeon” for their cyber ills. The cloud can act as a distributed web gateway that examines traffic from well beyond the organization and any of its assets, and from every angle. Where a company has limited visibility into its vulnerabilities and compromises, the view from the cloud comes without any blindsides.
  3. The as-a-Service model. Rather than invest in on-site ownership, tuning, maintenance, upkeep, and interpretation of cybersecurity tools such as IDS/IPS, behaviour-based sandboxing and network anomaly detection, you can pay for cyber protection as a service in the cloud. This model enables you to share the costs with others who use the service, get up and running with best in class tools, and see ROI as swiftly as the decline in successful attacks, breaches lost data, and damaged reputations.
  4. Defense against DDoS attacks. The cloud has the resources to fight DDoS attacks by inspecting and tagging attack traffic, cleaning/scrubbing it, and rerouting it to your organization with only a few milliseconds in delays.
  5. Release from Ransomware attacks. The cloud can observe malicious behaviours such as rapid simultaneous changes in large numbers of files that are typical of ransomware attacks and drop the associated connection instantaneously.
  6. Threat intelligence. The cloud can pull threat intelligence from across many customers around the world and analyze it to orchestrate updates such as to firewall rules and malicious behaviours that trigger sandboxing, for example.
  7. Filters everything. The cloud can filter the web and all content for all protocols at all ports in real-time. The cloud can offer stream-based defenses and fine-grain filtering by user and category.

Not the half of it

There is so much more that a cloud-based cybersecurity solution can do. It can redirect traffic, provide location-aware security and data routing for compliance, enable storage and backups, and institute advanced protection for outbound and inbound traffic. And that is still not the half of it.

David D. Geer ( writes about cybersecurity and technology for national and international publication. David’s work appears in various trade magazines from IDG in the U.S. and around the world in several languages. ScientificAmerican, The Economist Technology Quarterly, and many magazines and companies have used David’s content. David’s Google Scholar Page is at

View the original press release by iboss.

Palo Alto Networks Announcing New Cloud Security Capabilities

Wednesday, February 7th, 2018

By Anuj Sawani at Palo Alto Networks.

At Palo Alto Networks we have committed to helping organizations accelerate their move to the cloud. And today, we’re taking another big step forward.

With the expansion of our comprehensive cloud security offering, we can now deliver consistent, automated protections across all three major public cloud environments, which prevent data loss and business disruption and meet a number of needs our customers have asked for. This expansion includes the ability to integrate into the cloud app development lifecycle, making cloud security frictionless for the development and security teams.

Let’s talk about why this is so important.

Rethinking Security for the Public Cloud

For many organizations, the public cloud has become the sole route to market for new application deployment, which, in turn, is reducing their data centre footprint. Along with that, developers now increasingly leverage easy-to-consume PaaS components, in addition to on-demand IaaS components, to harness the true efficiency of the cloud.

This trend is causing all of us to rethink security for our cloud apps and realize that what’s available the market today is insufficient: clunky approaches, pieced together from multiple vendors, resulting in a fragmented security environment where IT teams must manually correlate data to implement actionable security protections.

This level of human intervention increases the likelihood of human error, leaving organizations exposed to threats and data breaches. What’s more, security tools that are not built for the cloud significantly limit the agility of your development teams.

3 Key Capabilities

Ideally, cloud security should speed application development and business growth while preventing data loss and business downtime. This requires three key capabilities to be successful: advanced application and data breach prevention, consistent protection across locations and clouds, and “frictionless” deployment and management.

Our cloud security approach addresses all three capabilities, and we achieve this with inline, API and host protection technologies working together to eliminate the wide range of cloud risks.

Our new release includes the following:

  • Consistent protections across locations and clouds: For the first time, our Next-Generation Security Platform will extend cloud workload protections to the Google Cloud Platform, in addition to enhancing our existing capabilities for AWS and Azure environments.
  • Cloud-resident management with Panorama: Panorama now supports all major cloud environments. This provides flexibility for customers to deploy security management within their cloud architecture. They have multiple options including Panorama on-premise with distributed Log Collectors for a hybrid approach, or Panorama within their cloud environment for a cloud-only approach.
  • Better integrations for frictionless workflows in multi-cloud environments: Adding enhanced auto-scaling for AWS along with support for Azure Security Center and Google Cloud Deployment Manager simplifies security deployments and enables scaling based on changing cloud demands. Integrations with tools such as Terraform and Ansible automate workflows and policy management across clouds.
  • Continuous security with Aperture for all three major cloud environments: Aperture now helps to prevent data loss and enables compliance for public clouds. It achieves this by enabling discovery of cloud resources, providing advanced data classification, monitoring for risky or suspicious administrator behaviour, and adding more protection against security misconfigurations and malware propagation.
  • Prevention of zero-day attacks: Traps advanced endpoint protection can now prevent zero-day attacks for Linux workloads across all three major cloud environments, in addition to its existing support of Windows workloads.

That’s just the start of new capabilities for cloud and SaaS security we’re pleased to be able to offer. To learn more about these new features and our advanced approach, visit our cloud security page.


Updates to VM-Series virtualized next-generation firewalls, Aperture security service, Panorama and Traps are targeted for general availability in March 2018.

For more:

Watch: Palo Alto Networks Chief Product Officer Lee Klarich highlights our new features
Download: Securing Your Business in a Multi-Cloud World
Read: Today’s official press release
Experience: The Epic Cloud Security Event

View the original press release by Palo Alto Networks.

MOBOTIX Launches “Cactus Concept“ as Initiative to Set Focus on Cyber Security in Video Surveillance

Wednesday, February 7th, 2018

Industry-leading security measures, independent testing and raised user awareness vital to protecting security systems.

MOBOTIX has announced a raised focus on cybersecurity by implementing the “MOBOTIX Cactus Concept“. The concept aims to deliver a comprehensive approach to protecting MOBOTIX products against the threat of cyber-attacks along with education and tools to help customers and partners build and maintain secure video surveillance and access control environments.

The objective of the Cactus Concept is to implement a multimedia cyber security campaign in order to raise awareness among potential and existing MOBOTIX customers of the importance of data security in network-based video security systems and how organizations can protect themselves through cost-efficient and intelligent solutions. End-to-end encryption with no blind spots is required, from the image source via the data cables and the data storage through to the video management system on the user’s computer. Like a cactus, whose every limb is covered in thorns, all of the modules (camera, storage, cables, VMS) in the MOBOTIX system have digital thorns that protect them from unauthorized access.

“Modern video surveillance and access control technologies help protect people, places and property across the world but they are increasingly targeted by criminals aiming to infiltrate, take-over or disable these vital systems,” says Thomas Lausten, Chief Executive Officer of MOBOTIX. “With the internet of things trend adding billions of IP connected devices each year, our industry must lead the way in creating secure platforms that can reduce the risk posed by these damaging attacks.”

As an industry leader within digital video surveillance, MOBOTIX believes in its “Cactus Concept“ that protects every element of the design, manufacture and operation of each device along with end-to-end encryption across the entire usage and management cycle.

To ensure the highest levels of security, MOBOTIX uses the services of SySS, a highly regarded and independent third party security testing company that examines the security of both software and hardware elements. SySS customers include Basler Versicherungen, Bundeswehr, CreditPlus Bank AG, Daimler, Deutsche Bank, Deutsche Flugsicherung, Festo, Hewlett-Packard, Innenministerium/LKA Niedersachsen, SAP, Schaeffler, Schufa, T-Systems and Union Investment.

Sebastian Schreiber, SySS CEO said: “MOBOTIX has a contract with us to provide further penetration testing of its technical elements. The initial platform testing on a current camera model revealed very positive results and we will continue security testing as an ongoing process.”

“Cybersecurity has been and will continue to be a core focus for MOBOTIX,” adds Lausten, “and we look forward to working with our peers in the industry, customers and government agencies to protect the very technologies and systems that help make society safer for all.”

For more information, please visit

View the original press release by MOBOTIX.