Palo Alto Networks Introduces Complete Zero Trust Network Security

An all-encompassing Zero Trust approach to network security is critical for safeguarding productivity in the new reality of remote, mobile and hybrid work. To help organizations accomplish Zero Trust, we’re introducing complete Zero Trust Network Security with several industry-first innovations that protect against emerging threats while enabling full employee productivity and cloud adoption – and secure a world where any user can work anywhere without restrictions.

To secure access in today’s hybrid workplaces, we’re releasing an integrated cloud access security broker (CASB) that keeps pace with the explosion of software-as-a-service (SaaS) applications; a Cloud Identity Engine that makes it easy to verify user identity; expanded DNS Security; and industry-first protection against zero-day web threats with a new Advanced URL Filtering service. Along with new ML-Powered NGFW appliances, these innovations are all designed to meet the immediate and future needs of flexible work. Join our upcoming launch event series to learn more.

 

Zero Trust – Why It Matters for Productivity

Treating every connection the same is the foundation of Zero Trust Network Security. This has a profound effect on employee productivity. By removing implied trust, implied distrust is also removed, so being “off the network” is no longer an inhibitor. Employees can enjoy the same secure access to all applications from any location, completely seamless and transparent to them. Imagine, as a user, having consistent access and protection for every connection without even thinking about it. While this benefits employees, security efforts reap the benefits as well.

Our newly announced capabilities offer complete Zero Trust Network Security, helping organizations deliver on the productivity promise of hybrid work:

 

Secure Access to the Right Applications

An integrated CASB that allows customers to proactively extend secure access to all SaaS applications, including those never seen before.

This release introduces the only integrated SaaS security solution that delivers proactive visibility, compliance and best-in-class protection for all SaaS applications, including the ones your organization has never seen before. This approach eliminates cumbersome, middleman approaches because the solution is natively integrated into existing firewalls by Palo Alto Networks.

 

Secure Access for the Right Users

The industry’s first Cloud Identity Engine allows customers to easily authenticate and authorize their users across enterprise networks, clouds and applications, irrespective of where their identity stores live.

Every access policy decision should be made with verified knowledge of user identities, apps and devices. Our context-based access policies have always been foundational, and the context is derived from users, applications and devices.

With the introduction of our Cloud Identity Engine, we’re simplifying Zero Trust adoption. Cloud Identity Engine enables you to consistently authenticate and authorize your users regardless of where user identity lives – on-premises, in the cloud or a hybrid of the two. As a result, users can securely access applications and data regardless of their location.

The Cloud Identity Engine can be configured and made ready for a large enterprise in about 10 minutes. Cloud-based, point-and-click integrations with hybrid, multi-cloud and on-premises software identity providers simplify authentication, authorization and single sign-on.

 

Enhanced Security

The new Advanced URL Filtering service offers industry-first prevention of zero-day web attacks with inline machine learning capabilities. The expanded DNS Security capabilities prevent emerging DNS attacks that no other vendor protects against.

A true Zero Trust architecture not only enables access to the right applications and data, but it also secures that access. This means it prevents vulnerability exploits, tunneling, malware, phishing and malicious websites. That's why we’re expanding our best-in-class internet security with a new Advanced URL Filtering service and DNS Security capabilities. Now you can stop new, evasive and targeted web-based threats in real time, as well as emerging DNS-layer network attacks and exfiltration techniques.

Advanced URL Filtering introduces the industry’s only inline web protection engine to instantly prevent new, evasive and targeted attacks by blocking zero-day web pages in real-time. The filter utilizes realtime threat and credential-theft protection combined with industry-leading, anti-phishing capabilities. Advanced URL Filtering prevents the most damaging web-based attacks aimed at enterprise networks, today, with over 40% of what it prevents unknown to other vendors at the time of discovery.

As the pioneer in machine learning for NGFWs, we’re pleased to offer new ML-powered attack prevention to DNS Security, the first to stop the next generation of DNS-based attacks. DNS Security has added seven new protections that identify and disrupt the latest DNS-layer network attacks and data exfiltration techniques such as dangling DNS and ultra-slow tunneling, which are used to exploit networks and quietly steal data.

 

Making Secure Access Universally Available

Two new ML-Powered Next-Generation Firewall models enable Zero Trust Network Security across your enterprise – from the smallest branch offices to the largest campuses and hyperscale data centers.

Zero Trust Network Security must be consistently applied, no matter where users, devices or applications reside, including home offices, branches, large campus offices, data centers and cloud. Our hardware, software and cloud-delivered firewall form factors protect these locations consistently and globally.

 

New Hardware Platform Releases

This release expands the portfolio of our firewalls by adding two new hardware platforms.

PA-5450

The PA-5450 delivers world class performance for hyperscale data center, internet edge and campus segmentation deployments. It offers 120 Gbps throughput with security services enabled, four times more than the previous generation (30Gbps threat prevention throughput on PA-5260). It is purpose-built to apply decryption and ML-powered security to stop zero-day attacks, as well as known threats. PA-5450 secures your traffic, which is almost fully encrypted today. Compare that with competitive offerings, which usually take a drastic performance hit when new security services are enabled.

The PA-5450 features a scalable, modular design that allows performance upgrades as needs increase and goes a long way to protect against underprovisioning or overprovisioning. Customers can buy the chassis and then grow from one to five cards as an organization scales.

In addition to providing best-in-class security solutions, we deliver security that addresses your financial requirements while offering incredible value. According to a recent cost-benefit analysis by Forrester Consulting, our ML-Powered NGFW and SASE platform delivers a 247% ROI and payback in six months. The PA-5450 delivers equivalent or better performance than comparable platforms from Cisco and Check Point, with up to 70% TCO savings. We have a competitive trade-in program to help you modernize your environment’s security profile.

 

PA-400

The PA-400 Series is ideal for distributed enterprise branch offices and brings Palo Alto Networks best-in-class security at Fortinet prices. Compared to the previous generation, the PA-400 Series offers up to ten times higher performance with security services and decryption enabled. It reboots five times faster, enabling much shorter maintenance windows. Zero-touch provisioning simplifies deployment to tens, hundreds or thousands of branches. Compact and quiet with multiple mounting options, this platform is optimized for remote locations, thanks to a fanless design and built-in power redundancy that minimize the need to perform servicing in hard-to-reach locations. The PA-400 Series is ideal for organizations in search of the lowest TCO but wanting the best cybersecurity possible.

 

Why Our Approach Prepares You for the Future of Work

This release gives you more tools to achieve complete Zero Trust Network Security, so that your employees can succeed in the new world of work. Our fundamentally different approach for network security is designed to get you there:

  • Simplified, native integration with security services: IPS, URL filtering, advanced malware detection, DNS security, IoT security, enterprise DLP and now, SaaS security all simplify deployment and ongoing operations. The results are 247% ROI for a typical enterprise using our firewall platform.
  • Secure SaaS and web application access in the cloud-first world: This delivers continuous identification, categorization and granular risk-based control of all known and previously unknown SaaS applications. It consistently authenticates and authorizes users, regardless of location or where user identity stores live. Also, it effortlessly allows access to applications and data everywhere – cloud, on-prem and hybrid.
  • Prevention of unknown threats in realtime without compromising performance: We deliver security using inline ML-powered platforms purpose-built to deliver comprehensive security (including patient zero) and decryption at high speeds that your organization needs.

Security needs to grow and scale to wherever your organization is going – as you expand your people, your data, your locations and, perhaps most importantly, as you move forward on your cloud journey. While the boundaries of your organization have shifted and in some cases disappeared, security does not have to be complex to keep up. And neither do you or your employees.

Find out how we’re securing the flexible workplace. Register for our upcoming event series: Complete Zero Trust Network Security – and get ready to secure productivity wherever it takes place.

The Total Economic Impact™ of Palo Alto Networks for Network Security and SD-WAN is a commissioned study conducted by Forrester Consulting on behalf of Palo Alto Networks, January 2021.