Paradigm Shift: The World’s First ML-Powered NGFW with PAN-OS 10.0

Jun 17, 2020
4 minutes
... views

Over the last 10 years, the network security industry has focused on reducing the time it takes to react to new attacks. The time required to create a signature and update all network security systems with it has been reduced from weeks to days to hours, and in our case, even to minutes. However, cybercriminals don't stay still. Attacks are continuously and automatically morphing and evading signature based detection techniques.

New IoT devices are being added to your network and their numbers are increasing rapidly without notice. Waiting for fingerprints to be created in order to identify and secure each new IoT device is yet another reactive technique that creates an unacceptable gap in your security.

To add to this complexity, enterprise networks are widening – with hybrid clouds, IoT devices and a remote workforce – and increasing the attack surface. It simply isn't possible for security administrators to keep security policy changes up to date fast enough using manual methods.

Reactive security can’t keep up. A paradigm shift in cybersecurity is needed. Network security needs to become proactive. The world needs a new type of Next-Generation Firewall (NGFW) that:

  • Helps stop new threats by embedding machine learning (ML) in the core of the firewall to provide real-time signatureless attack prevention.
  • Identifies new IoT devices with ML and behavior-based identification, removing the dependence on fingerprints.
  • Uses cloud-based CPU- and data-intensive ML processing to detect the most sophisticated attacks in near real time.
  • Leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW to stop attacks and reconfigure policies.
  • Continuously collects telemetry to enable cloud-based CPU and data intensive ML processes, which then recommends policy changes to optimize security utilization and outcomes.

 

Introducing the World’s First ML-Powered NGFW

Today, Palo Alto Networks disrupts the industry once again by introducing the world’s first ML-Powered Next-Generation Firewall. This is a paradigm shift in network security that enables you to stay ahead of unknown threats, see everything, including IoT, and reduce errors with automatic policy recommendations.

 

How Machine Learning Delivers Stronger Cybersecurity 

Prevent:

ML-Based Inline Malware and Phishing Prevention

Trying to reduce the time it takes to create and distribute new signatures to combat attacks that use machines and automatically morph is unproductive. In a completely new approach, our ML-Powered NGFW uses machine learning models to identify variants of known attacks as well as many unknown cyberthreats so you are able to prevent up to 95% of zero-day malware inline. 

Zero-Delay Signature Updates

With this release, we’re introducing near-real-time protection with zero-delay signature updates.

 

Detect:

ML-Based Integrated IoT Security 

To keep your network fully protected, every new IoT device added needs to be manually monitored, and your network security must be updated with that device’s fingerprint. During the time it takes to identify devices and make updates to the network, your organization is at risk. The new IoT Security subscription for the NGFW provides complete device visibility, behavioral anomaly detection and native enforcement to secure IoT devices without the need for additional sensors or infrastructure.

 

Improve:

ML-Based Security Policy

As it collects a wide variety of telemetry information from the network, the ML-Powered NGFW will recommend appropriate security policies. With PAN-OS 10.0 and IoT Security, customers will be able to view and adopt the IoT Security policy recommendations for safe device behavior. This will save time, reduce the chance of human error and help secure IoT devices.

 

Additional Innovations in PAN-OS 10.0

In addition, PAN-OS 10.0 introduces the CN-Series, the industry’s first ML-powered, next-generation firewall built specifically for Kubernetes environments to provide security and compliance for your Kubernetes container environment.

Every single security service has been enhanced, including Snort support in Threat Prevention, new DNS Security categories with deep visibility, and more.

I continually hear from our customers that they love our forward-looking approach in anticipating their cybersecurity needs. The 70+ innovative new capabilities in this release, including easier decryption, high availability clustering and a new high-performance hardware card redefine the standard for network security so you don’t just keep up but stay ahead.

Welcome to the era of intelligent security – protecting your enterprise from the threats of tomorrow. Learn more about PAN-OS 10.0.  

 

Intelligent Network Security: LinkedIn Live Broadcast.

AJ Shipley, vice president of product, and Paul Calatayud, Americas CSO, appeared on LinkedIn Live to answer questions about the industry’s first ML-Powered NGFW. Watch the event on-demand.


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.