Introducing the Ruggedized PA-220R Next-Generation Firewall

Del Rodillas

Category: Firewall, SCADA & ICS

With our PAN-OS 8.1 release, we proudly announce the immediate orderability of our new ruggedized next-generation firewall, the PA-220R. This is a big moment for Palo Alto Networks and especially our OT customers.

Our PA-220R beta program was quickly oversubscribed upon its opening. Within this small group of users, we saw the diverse range of harsh-environment use cases ranging from utilities substations, oil and gas production sites and pipelines, factory floors, railway systems, defense infrastructure, and even amusement parks.

For these early-engagement customers and many of our expected users of the PA-220R, the situation is that they have industrial assets in harsh environments that have been modernized or are being modernized as part of their OT digital transformation initiatives (sometimes called “Industry 4.0,” “IT-OT Integration” or “Smart OT”). In many of these initiatives, the automation piece is cutting-edge, but the provisions for cybersecurity are lagging, leaving these organizations exposed. This can’t continue given the rising threat landscape for ICS/SCADA and the simultaneously tightening regulatory landscape, where even the most remote sites may be subject to cybersecurity laws.

As additional motivation for the security upgrade, some harsh-environment remote sites have grown in complexity and require local segmentation to improve visibility and control over local traffic. There are also use cases which require direct site-to-site connectivity instead of requiring users to go up through SCADA first in order to get to other sites. With the PA-220R, these users now have a way to bring the advanced capabilities and flexibility of next-generation firewall technology to these industrial sites with extreme temperatures, humidity, vibration, dust and sometimes electromagnetism.

The PA-220R has the key features you’d expect from a ruggedized industrial firewall such as extended specification for environmentals, having no moving parts, and support for high-availability supply and device failover architectures.

The PA-220R runs the same PAN-OS operating system that our customers are already familiar with through their use of NGFWs in their environmentally controlled IT and OT facilities. This not only gives users the advanced capabilities of securing industrial protocol traffic and stopping ICS-specific threats but, from an operational efficiency standpoint, it also allows central management of typically highly distributed OT installations and facilitates the establishment of a unified IT-OT cybersecurity architecture. Trying to address remote site security with disjointed point solutions and multiple central management entities is simply not an option for our customers who have experienced the benefits of our platform approach to security.

The PA-220R is intended to help our customers safely modernize their OT and prevent successful cyberattacks to critical infrastructure. It builds upon our large and growing set of App-IDs for ICS protocols and applications and partner ecosystem for ICS/SCADA.

Learn more about the PA-220R and our approach to helping our users safely modernize their OT:

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42