Introducing PAN-OS 9.0: Stop Threats Hiding in DNS, Close Security Gaps

Jesse Ralston


Today, we’re excited to announce PAN-OS 9.0, the latest version of the software that powers our next-generation firewalls. PAN-OS 9.0 delivers over 60 tightly integrated innovations that strengthen security. The new DNS Security service continues our tradition of expanding the platform and replacing disconnected point products. We have always set the standard for next-generation firewalls — keeping you on the cutting edge while simplifying security.

Here are a few highlights from PAN-OS 9.0.

Stop threats hiding in DNS traffic

DNS is essential to running your business, but according to the Unit 42 threat research team, almost 80 percent of malware uses DNS to establish command and control. Today, security teams lack the visibility, scale, and agility needed to stop threats that use DNS. Our new DNS Security service applies predictive analytics and infinite cloud scale to disrupt attacks that use DNS for command and control or data theft. Using shared threat intelligence and machine learning, DNS Security enables teams to quickly identify threats hidden in DNS traffic. Because the service is tightly integrated with our next-generation firewall, customers get automated protections and eliminate the need for independent tools or changes to DNS infrastructure.

Close dangerous policy gaps faster and more easily

The new Policy Optimizer strengthens security by closing dangerous policy gaps left by legacy firewall policies. Policy Optimizer’s simple workflows use intelligence gathered by PAN-OS to easily move from legacy rules to App-ID-based rules. Taking complexity out by removing scores of legacy rules reduces human error, which is a leading cause of data breaches. With PAN-OS 9.0, we continue to deliver the tools you need to implement best practices that reduce the risk of attack.

Reduce web-based threat exposure

We’ve taken URL Filtering to the next level with powerful new capabilities to protect your organization from web-based threats. Applied analytics powers granular web policy for more control and flexibility than ever. New risk ratings take the guesswork out of choosing which sites to block or allow. Based on policy, automated actions let you trigger additional inspection or containment, including turning on SSL decryption. Machine learning-based image recognition dramatically increases phishing detection, finding even the most evasive sites attempting to steal your credentials. And finally, your protection is always up to date with instant updates for newly discovered malicious sites.

Protect your network with the fastest next-generation firewall ever

Organizations with large data centers, high volumes of encrypted traffic, and a growing ecosystem of internet of things (IoT) devices must secure more network traffic than ever. Our PA-7000 Series, with new line cards, is the fastest next-generation firewall in the industry, delivering performance without compromising security. Our all-new Network Processing Cards (NPCs), Switch Management Cards (SMCs), and Log Forwarding Cards (LFCs) deliver 350 Gbps of protected throughput, measured with application identification, intrusion prevention, antivirus, anti-spyware, advanced malware analysis, and logging enabled. Palo Alto Networks customers can use the improved cards with their existing chassis and cards, ensuring their security investments are protected.

Consistently secure all of your clouds

Organizations want consistent security across multiple public clouds and virtualized data centers. The VM-Series now provides the broadest range of public cloud and virtualized data center environments by adding support for Oracle Cloud, Alibaba Cloud, Cisco ENCS, and Nutanix. Firewall throughput performance improvements for AWS and Azure of up to 2.5X combined with autoscaling and transitive architectures allow our customers to automate security for dynamic and large-scale public cloud deployments.

Secure large environments at scale

New innovations to Panorama make scaling network security easier. With PAN-OS 9.0, security teams can manage up to 5,000 firewalls with a single instance of Panorama. When required, customers can use Panorama Interconnect plugin to scale the single pane of glass to 30,000 firewalls. Panorama manages security for the entire network using a single security rule base for firewall, threat prevention, URL filtering, application awareness, user identification, advanced malware analysis, file blocking, and data filtering. Panorama helps administrators reduce operational workload and meet budget constraints, while improving overall security posture.

Strengthen network and security operations

New Transformation Services offerings will strengthen security with deep analysis of configuration and network traffic as well as enforcement of advanced security policies. These next-generation firewall, threat, and security operations services are designed to complement our Security Operating Platform by focusing on operational capabilities. This provides maximum protection to enable businesses for future growth.

 

To learn more, visit our PAN-OS 9.0 security page.

Watch Lee Klarich, chief product officer, dive into what’s new in PAN-OS 9.0.

To learn more about Transformation Services, visit https://www.paloaltonetworks.com/transformation

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.