Palo Alto Networks has introduced PAN-OS 11.0 Nova, the newest model of its PAN-OS software program, that includes new product updates and options. These embrace the Superior WildFire cloud-delivered safety service to assist defend towards evasive malware and the Superior Risk Prevention (ATP) service, which protects towards injection assaults. The cybersecurity vendor additionally revealed new net proxy assist and enhanced cloud entry safety dealer (CASB) integration with new SaaS safety posture administration (SSPM) capabilities.
In a press launch, Anand Oswal, senior VP community safety at Palo Alto Networks, mentioned that the brand new model of Nova is now capable of cease 26% extra zero-day malware than conventional sandboxes and detect 60% extra injection assaults. The updates are the newest in a sequence of safety releases from Palo Alto in 2022.
Malware rising extra evasive, injection assaults a high net app safety danger
Malware has advanced to turn into extremely evasive and more and more sandbox-aware. In Could, researchers at cybersecurity vendor Proofpoint analyzed a distant entry Trojan (RAT) malware marketing campaign (Nerbian RAT) that used a number of superior evasion strategies to focus on world organizations. These included anti-analysis and anti-reversing capabilities. New sandboxing strategies are wanted to assist mitigate extra refined and evasive malware, Palo Alto acknowledged. The brand new Superior WildFire service has subsequently been designed to introduce new capabilities resembling clever run-time reminiscence evaluation mixed with stealthy remark and automatic unpacking to remain hidden from malware and defeat superior evasions, based on the seller.
Injection assaults that push malicious code into techniques by exploiting unpatched vulnerabilities in software program proceed to pose important threats to organizations. They continue to be one of many high assault threats on the OWASP Prime 10 Internet Utility Safety Dangers listing, while BreachLock’s Annual Penetration Testing Intelligence Report 2022 listed SQL injection and cross-site scripting errors (XSS) because the bane of safety groups, accounting for greater than a 3rd of the important dangers present in net purposes.
Palo Alto mentioned its enhanced ATP service reimagines the intrusion prevention system (IPS) with inline capabilities for stopping zero-day injection assaults, utilizing ATP deep-learning fashions constructed on excessive constancy telemetry knowledge throughout tens of hundreds of exploited vulnerabilities during the last decade.
Internet proxy assist, SSPM amongst new security measures of PAN-OS 11.0 Nova
As well as, Palo Alto has launched options designed to enhance organizations’ cybersecurity and resilience. The primary is new net proxy assist for patrons who have to run specific proxies of their community resulting from structure or compliance necessities. The most recent Nova model can now use natively built-in proxy capabilities for Palo Alto Networks’ next-generation firewall to assist safe net and non-web site visitors, permitting prospects to deploy and centrally handle constant community safety throughout places, branches, and cell customers, Palo Alto acknowledged.
Subsequent are new SSPM capabilities to assist discover and remove misconfigurations in 60-plus enterprise SaaS apps by way of native Palo Alto Networks Subsequent-Technology CASB integration with Nova and Prisma SASE. This delivers assist for near-real time knowledge safety in trendy collaboration apps and suspicious person conduct detection. This helps to guard delicate knowledge in trendy SaaS apps from compromised accounts and insider threats, the seller claimed.
Final are extra proactive Palo Alto Networks AIOps options that assist cut back misconfigurations that may result in safety breaches, Palo Alto acknowledged. Launched earlier this yr, AIOps now guards towards violations of greatest practices and allows remediation of inefficiencies in safety insurance policies earlier than committing modifications, serving to organizations strengthen defenses towards cyberattacks, it added.
In a press release, John Grady, ESG senior analyst, mentioned that as attackers proceed to develop new methods to evade conventional defenses, safety groups battle to defend organizations with level options which might be advanced to deploy and function. “Palo Alto Networks PAN-OS 11.0 Nova addresses these important challenges by stopping zero-day threats in real-time, simplifying safety architectures, and enhancing cyber hygiene.”
Palo Alto mentioned PAN-OS 11.0 and many of the safety providers – which shall be suitable with earlier variations of PAN-OS – shall be obtainable in November.
Copyright © 2022 IDG Communications, Inc.