Technology Spotlight: A Closer Look At Palo Alto Networks

Sayers partners with proven technology vendors who are leaders in their markets. Those vendors continue to evolve their offerings to protect organizations from cybersecurity threats and meet the unique infrastructure needs of today’s enterprises. To help you stay on top of those changes, we offer the following technology update on our long-time partner, Palo Alto Networks.

Three Security Platforms For Network, Cloud, And The Modern SOC

Many enterprises have acquired a collection of disjointed cybersecurity point products from various vendors. Individually those may be best-in-class products, but managing all of them proves challenging. Palo Alto Networks has addressed this by leaning heavily into a platform approach to enterprise security.

In a whitepaper titled “Realizing Cybersecurity Value,” Palo Alto Networks advocates a platform approach to cybersecurity:

“The new, better way forward centers on having a strategically designed portfolio of solutions built on a common platform that breeds integration, enterprise-wide visibility, and easy scalability as new threats emerge.”

The company has taken a platform-of-platforms approach spanning three overarching categories:

Network security. The company’s Strata platform delivers network security across hardware, software, and a secure access service edge (SASE). This includes:

• Next-generation hardware and software firewalls
• Intrusion detection
• URL filtering
• Sandbox detection
• DNS security
• IoT security
• Data loss prevention (DLP)
• Cloud access security broker (CASB)
• Posture and health management
• Remote access for users
• Secure web gateway (SWG)
• SD-WAN
• Prisma SASE, which consolidates Zero Trust Network Access 2.0, Cloud SWG, Next-Gen CASB, firewall-as-a-service, SD-WAN, and autonomous digital experience management (ADEM) into a single integrated service

Cloud security. Palo Alto Networks designed Prisma Cloud to secure everything that runs in the cloud, offering:

• Cloud security posture management 
• Cloud workload protection
• Identity and access management
• Code security
• Web application / API security

Security operations. The company’s Cortex platform takes a new approach to the security operations center with fully integrated data, analytics, and automation as part of a modern SOC platform. Capabilities include:

• Security information and event management
• Endpoint + endpoint detection and response
• Network traffic analysis / User and entity behavior analytics
• Security orchestration, automation, and response (SOAR)
• Attack surface management

Palo Alto Networks enhances their three platforms with automation, artificial intelligence, and machine learning. The company’s Unit 42 threat research and services group provides threat intelligence, cyber risk management, and advisory services across all three platforms.

Ken Wisniewski, Senior Security Architect at Sayers, says:

“Palo Alto Networks offers three platforms covering three very complex and sophisticated areas of cybersecurity. These are not the only areas in cybersecurity, but in these areas, Palo Alto Networks is investing heavily and is a leader.” 

Strata: What’s New In Network Security

In the network security space, Palo Alto Networks has released PAN-OS 11.1 along with several improvements:

1. Inline AI-Powered Security Can Monitor And Control Network Traffic In Real-Time

The company’s inline AI-powered security defends the initial attack target using a suite of cloud-delivered, AI-powered security services such as Advanced Threat Prevention, Advanced Wildfire, and Advanced URL filtering. 

Expect to pay more for those advanced subscriptions compared to the company’s traditional offerings because of the sophisticated capabilities of inline AI, such as detecting real-time phishing attacks.

According to Palo Alto Networks, their cloud-delivered security services provide faster and more accurate threat detection, with 11.3 billion threats blocked inline per day – 2.3 million of which were never-before-seen threats.

2. Manage Your Network Security Infrastructure With Strata Cloud Manager

Palo Alto Networks launched Strata Cloud Manager as the industry’s first AI-powered zero trust management and operations solution. An alternative to the company’s Panorama central management offering, Strata Cloud Manager serves as a single unified management interface for managing the Palo Alto Networks network security platform.

With this SaaS offering, you can strengthen your security posture in real time with AI insights, and prevent network disruptions by identifying and remediating capacity bottlenecks. 

3. Machine Learning-Powered Next-Gen Firewalls Offer Increased Performance

Palo Alto Networks’ newest ML-powered next-generation firewalls offer more performance and protection for any location, from the largest data centers to remote branches. 

The new NGFW models use inline deep learning to analyze live traffic and prevent initial infections from known and never-before-seen threats. New models include:

• PA-7500 Series for enterprise-scale organizations and service providers 
• PA-5445 with 50% higher session capacity and 2.5 times the threat performance compared to the previous generation PA-5260
• PA-450R, a ruggedized model for harsh industrial environments 
• PA-455 and PA-415-5G, which stop threats in real time for enterprise branch and small offices

4. New Security Offerings For IoT/OT And Generative AI Apps

Palo Alto Networks calls their new PAN-OS 11.1 Cosmos software release the future of AI-powered network security. The release includes security improvements for IoT / OT, such as native NGFW device discovery that reduces system tuning time. The release also offers integrated device inventory and behavior baseline in a single dashboard.

As more organizations use massive amounts of data for GenAI applications, Palo Alto Networks brings data security for GenAI apps as part of the company’s Next-Generation CASB offering. The solution sees and secures all applications automatically, including GenAI app usage across the enterprise. For more control, web and security policies alert or block sensitive organizational data from reaching ChatGPT chat or API.

5. Prisma Access And Prisma SD-WAN Combine In Prisma SASE

Palo Alto Networks offers Prisma SASE as the combination of their Prisma Access and Prisma SD-WAN solutions. Prisma SASE continues to evolve and expand, with options such as ADEM to monitor the experience of network users regardless of their location. The company’s acquisition of Talon brings security capabilities into the enterprise browser, a new addition to Prisma SASE.  

Also part of Prisma SASE is the company’s ZTNA 2.0 security offering, which includes DLP, URL filtering, threat prevention, and DNS security for hybrid work and direct-to-app access. 

Prisma Cloud: End-To-End Cloud Security

Prisma Cloud focuses on three main areas to secure everything that runs in the cloud:

• Risk prevention to secure the source. The solution reduces risks and misconfigurations from entering production by bringing those security controls earlier into an organization’s development lifecycle (a “shift left” approach). 
• Visibility and control to secure the infrastructure. Prisma Cloud establishes continuous visibility and control over misconfigurations, privileges, data, and vulnerabilities across your cloud environment.
• Protection to secure the runtime. This includes real-time protection from breaches for cloud workloads, containers, web applications, and APIs.

Wisniewski says:

“With Prisma Cloud, Palo Alto Networks is one of the few to cover that entire gamut in the cloud security space. Most of their competitors cover one or two of those three pillars. Although it’s rare to see organizations that have truly deployed all of this broad feature set across their estate, the options are there for them.”

Palo Alto Networks licenses Prisma Cloud in a credit consumption model, so you can choose which features and functionality you want for your organization. 

Cortex XSIAM: Automation Throughout The Modern SOC

Today’s security operations center suffers from excess: too many alerts, too many tools to manually investigate and respond, and too many data silos that make it difficult to detect attacks. Beyond that, automation tends to be bolted on at the end of the stack to scale it, instead of being integrated throughout. 

Seeing security operations in need of an evolution, Palo Alto Networks introduced Cortex XSIAM, which centralizes data and SOC capabilities into one AI-driven SOC platform. According to Wisniewski:

“Cortex XSIAM takes in feeds from Palo Alto Networks tools and technologies but also from other sources, and aims to add as much AI and automation to that process as possible. It also has behavioral analytics, attack surface management, threat intel management, and SOAR capabilities, with AI and automation added throughout.”

You can choose from the Cortex integrated products, or easily migrate to Cortex XSIAM as a unified SecOps platform incorporating: 

• Cortex XDR to prevent, detect, and investigate attacks across the enterprise
• Cortex XSOAR to automate response and improve with every incident
• Cortex Xpanse to discover and protect your entire internet attack surface.

Questions? Contact us at Sayers today to discover personalized IT and security solutions designed to meet the needs of your business.

Interested in more Sayers blogs? Subscribe below!