Tuesday, February 20, 2018
Today, Palo Alto Networks released PAN-OS 8.1. Users will be glad to find this release enables easy adoption of application-based security, removes barriers to securing encrypted traffic, simplifies management of large networks and helps you quickly identify advanced threats in conjunction with Magnifier for behavioral analytics.
Below, with help from Palo Alto Networks, we’ve broken down the features in detail, and what it means for you.
1. Simplified App-Based Security: App-ID classifies all traffic, including SaaS, traversing your network so you can safely enable desired applications and block unwanted ones. PAN-OS 8.1 makes it easier to adopt and maintain an application-based security policy and includes the following enhancements:
- Eliminate security risk: The new rule usage tracking tools empower organizations to review and remove obsolete application-based policy rules, as well as retire legacy rules – based on when a rule was last hit – to eliminate holes that create security risks.
- Easily adopt new apps: Adopting new App-IDs, which used to be released weekly, usually requires a policy review. Now, new App-IDs are released on the third Tuesday of every month, giving you time to review the effect of the new App-ID and change policy if needed. New capabilities enable you to easily understand the impact of new and modified App-IDs on your traffic and policy.
- Safely enable SaaS usage: SaaS applications host sensitive data, and you need to ensure data is stored in secure, compliant SaaS services. To add to existing capabilities, such as application filters, application characteristics and visibility, you can now use new SaaS application characteristics, such as lack of certifications, poor terms of service, history of data breaches, and so on, to view and control their usage. In addition, the next-generation firewall can now add HTTP headers to SaaS app requests to granularly allow access to enterprise accounts while preventing access to free and consumer accounts.
2. Streamlined SSL Decryption: Most enterprise web traffic is now encrypted, and attackers exploit this to hide threats from security devices. The new Decryption Broker feature removes all barriers to securing encrypted traffic. Palo Alto’s next-generation firewall now decrypts the traffic, applies security and load balances decrypted flows across multiple stacks of security devices for additional enforcement. This eliminates dedicated SSL off-loaders, reducing network complexity and making decryption simple to operate.
3. Performance Boost for Internet-Edge Security: With this new release comes improved and increased performance, including the following areas:
- Secure the high-speed internet edge: The Palo Alto Networks PA-3200 Series of next-generation firewalls comprises the PA-3260, PA-3250 and PA-3220. These appliances deliver up to five times the performance, up to seven times the decryption performance and up to 20 times greater decryption session capacity of existing hardware, making them ideal for securing all internet-bound traffic, including encrypted traffic.
- Secure large data centers and high-performance mobile networks: The Palo Alto Networks PA-5280 is the latest addition to the PA-5200 Series appliances. It prevents threats, safely enables applications, and is suitable for mobile network environments, as well as large enterprise datacenters. The PA-5280 offers security at throughput speed of 68 Gbps and session capacity of 64 million.
- Secure industrial deployments: Palo Alto Networks PA-220R ruggedized appliance brings next-generation capabilities to industrial applications in harsh environments. Read this blog post from Palo Alto Networks for more information.
4. Improved Efficiency and Performance for Management: Panorama 8.1 provides greater efficiency for teams that manage physical and virtual appliances running PAN-OS. A few examples include:
- Using variables in templates, you can now leverage common configuration across many devices, while substituting device-specific values in place of IP addresses, IP ranges, FQDNs and more.
- With device health monitoring, Panorama provides a deployment-wide view into the health and status of your next-generation firewalls.
- Trending of critical system resources up to 90 days helps you identify gradual changes in your environment.
- Proactive monitoring automatically creates alerts when substantial changes occur in the utilization of critical device resources, ensuring you’re the first to know.
- In addition, new M-600 and M-200 appliances deliver high-performance management.
5. Advanced Threat Detection and Prevention: PAN-OS 8.1 touts improved capabilities for greater threat detection and prevention, including the following:
- Advanced threat detection. Updates to WildFire include dynamic unpacking, which defeats packing techniques attackers use to evade detection.
- Prevention everywhere. This update has improved detection of malware targeting Linux servers and IoT devices. You can also detect and prevent malware moving freely inside the network with new SMB protocol support and find malware hiding in less common file archive formats, including RAR and 7z (from 7-Zip).
- Rich data for analytics. Enhanced application logsevolve next-generation firewalls into advanced network sensors for analytics, including Application Framework apps. Magnifier uses this data to allow users to identify advanced attacks, insider threats and malware with precision.
With this new release, you will find there are more effective protections to use and the ability to automate tasks is a great advantage, ultimately allowing you to focus on greater tasks and better secure your business.
Have you given PAN-OS 8.1 a try? Have comments? We want to hear from you. Start a discussion thread here.
Check out these Fuel blogs for further reading: