Palo Alto Networks released several new capabilities that predict malicious attacks and use automation to stop malicious attacks in progress, in that way optimizing network security.
Palo Alto Next-generation firewall customers that upgrade to the PAN-OS® version 9.0 get access to new security capabilities, over 60 new features and new tools to implement security best practices.
"Nearly 80 percent of all malware uses DNS to establish command-and-control" - Palo Alto Networks Unit 42 research
PA-7000 Series with new network processing cards and new DNS Security service
Today's announcement includes a new DNS Security service, which uses machine learning to stop stealthy attacks aimed at stealing information from legitimate businesses. Among the new capabilities announced today, Palo Alto Networks also unveiled software and hardware enhancements to the leading next-generation firewall platform that will help organizations strengthen security and simplify protection across hybrid cloud environments:
- Predict and prevent: According to Palo Alto Networks Unit 42 researchers, nearly 80 percent of all malware uses DNS to establish command-and-control, making it difficult to spot and stop attacks. The new DNS Security service uses machine learning to proactively block malicious domains and stop attacks in progress.
- Performance: Customers with large data centres, high volumes of encrypted traffic, and a growing ecosystem of IoT devices need performance without compromising security. The PA-7000 Series, enhanced with new network processing cards, offers threat prevention at speeds twice as fast as the nearest competitor, according to Palo Alto Networks in their statement. "It delivers decryption three times faster than before", according to their press release.
- Simplicity: With the new Policy Optimizer security teams can more easily replace legacy rules with intuitive policies that provide better security and easier policy management. Taking the complexity out of managing scores of rules reduces human error, which is a leading cause of data breaches.
- Broader, faster cloud security: Organizations have the need for consistent security across multiple public clouds and virtualized data centres. The VM-Series now provides a broad range of public cloud and virtualized data centre environments by adding support for Oracle Cloud, Alibaba Cloud, Cisco Enterprise Network Compute System (ENCS) and Nutanix. Firewall throughput performance improvements for AWS and Azure of up to 2.5X, combined with autoscaling and transitive architectures, allow customers to automate security for dynamic and large-scale public cloud deployments.
The DNS Security service was made to eliminate the need for security teams to bolt on yet another standalone tool.
5G next-generation firewall: K2-Series for Service Providers
Additionally, Palo Alto Networks announced the general availability of the K2-Series, a 5G-ready next-generation firewall, specifically developed for service providers with 5G and IoT requirements in mind. With the K2-Series, service providers can prevent advanced cyberattacks targeting 4G and 5G mobile networks, IoT devices, and mobile users with unprecedented visibility into network traffic.
Pricing and Availability
PAN-OS version 9.0 will be available to all current customers of Palo Alto Networks with valid support contracts. The new network processing cards for the PA-7000 Series are available for order today, starting from $180,000. The new DNS Security service is available for order today, priced per next-generation firewall hardware or virtual appliance.