New PAN-OS Release Simplifies Decryption and Helps Organizations Use Best Practices to Improve Security Posture
Palo Alto Networks®, the next-generation security company, today announced new hardware and updates to its PAN-OS® operating system that further enable organizations to easily implement and automate best practices for application-based controls that strengthen security. With today’s announcement, Palo Alto Networks introduces PAN-OS version 8.1, the PA-3200 Series, the PA-5280, the ruggedized PA-220R and two new models in the M-Series management appliances.
Every organization requires visibility into network traffic in order to prevent successful cyberattacks, but the proliferation of encryption has obstructed the view security teams once had into the data traversing their networks. Gartner predicts that “Through 2019, more than 80 percent of enterprises’ web traffic will be encrypted.”1 Gartner also predicts that “During 2019, more than fifty percent of new malware campaigns will use various forms of encryption and obfuscation to conceal delivery, and to conceal ongoing communications, including data exfiltration.”1
According to Palo Alto Networks, many organizations have not yet addressed the lack of visibility associated with encrypted traffic due to the complexity and performance impact of decryption, leaving those that do not decrypt network traffic without the ability to find and prevent over half of malware campaigns.
The new Palo Alto Networks PAN-OS operating system, version 8.1, reduces the complexity surrounding the implementation of cybersecurity best practices, including those associated with SSL-decryption within multi-vendor environments. New next-generation firewall models improve overall performance and enable customers to decrypt traffic at high speeds. Enhanced application logging adds additional richness to log data to improve the precision of Magnifier’s behavioural analytics with which customers rapidly hunt down and stop advanced threats.
Key benefits of the capabilities announced today include:
- Easier adoption of SSL-decryption in multi-vendor environments: Streamlined SSL decryption provides high-throughput decryption on the next-generation firewall and enables sharing of cleartext traffic with chains of devices for additional enforcement, such as DLP. This further eliminates the need for dedicated SSL offloaders, simplifying deployment, network architecture and operations.
- 20X decryption sessions capacity boost at internet edge: With 20 times more SSL-decryption sessions capacity compared to its predecessor, the new PA-3200 Series appliances deliver high-performance decryption at the internet edge. The new PA-5280 appliance brings higher performance and doubles the session capacity for securing large data centers and mobile network operators, or MNO, infrastructures.
- Efficient adoption of best practices: App-ID™ technology-based security can now be achieved with even simpler workflows and policy review tools, allowing administrators to more effectively and confidently enforce best practices for application controls. Further, administrators can maintain a tight and effective app-based security policy with enhanced rule usage tracking.
- Management at scale: New capabilities simplify the management and operational complexities of large, distributed deployments. The proactive device monitoring feature in Panorama™ management alerts the administrator if device behaviour is deviating from the norm. With little manual effort, the feature can be integrated into an automated workflow to enable operations teams to quickly perform remediation actions. New M-600 and M-200 management appliances deliver high-performance, with log ingestion rates up to two times compared to their predecessors, and double the log storage capacities.
- Advanced threat detection and prevention: Updates to the WildFire® cloud-based threat analysis service enable customers to detect zero-day malware using evasive packing techniques, spot malware targeting Linux servers and IoT devices, and find malicious files hiding in less common file archive formats, such as 7-Zip and RAR.
- Quick detection of targeted attacks: The next-generation firewall evolves to become an advanced network sensor that collects rich data for analytics, which can be easily expanded with content-based updates. As part of the Application Framework, Magnifier uses this data to enable customers to identify advanced attacks, insider threats and malware, with precision.
“The increasing volume of encrypted traffic means that visibility is now more important than ever. Buyers are rolling out tightly integrated security solutions, and are looking for network traffic decryption that’s built into existing cybersecurity infrastructure because it removes complexity, allowing security to function as a business enabler, rather than an inhibitor.”
– Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit
“PAN-OS version 8.1 introduces many new features to help organizations improve their security and manageability in easy-to-implement ways. The new next-generation firewall and management appliances allow for significantly greater throughput, especially for encrypted traffic, and greater scale. The combined capabilities of our next-generation firewalls and PAN-OS version 8.1 are a major step forward in our mission to help organizations prevent successful cyberattacks.”
– Lee Klarich, chief product officer, Palo Alto Networks
PRICING AND AVAILABILITY
PAN-OS 8.1 will be available to all current customers of Palo Alto Networks with valid support contracts in March. The PA-220R, PA-3200 Series, PA-5280, M-200 and M-600 are orderable on February 26, starting from $2,900 up to $200,000.
- Read the Blog: Announcing PAN-OS 8.1: Streamline SSL Decryption, Accelerate Adoption of Security Best Practices
- Palo Alto Networks Next-Generation Firewalls
- PAN-OS 8.1
- Magnifier Behavioral Analytics
- WildFire Cloud-Based Threat Analysis Service
- Palo Alto Networks Next-Generation Security Platform
1 Gartner, “Predicts 2017: Network and Gateway Security,” Lawrence Orans et al, 13 December 2016