Make Internet Access Safe - Adopt Zero Trust Network Security!

This post is also available in: 日本語 (Japanese)

As Lee Klarich outlined in his recent post, Zero Trust is a necessary approach to cyber-security that Palo Alto Networks is ideally suited for making internet access safe. To deliver on the promise of Zero Trust, you need a comprehensive approach, and our solutions make it significantly easier for our customers to:

1. Enable context-based network access.
2. Make that access safe.
3. Deliver access consistently with security available globally.

With more people, data, and devices to protect in more locations than ever, making internet access safe has never been more challenging for organizations. As applications move to the cloud and users work from anywhere, securing internet access has moved to the forefront in the battle against cybercriminals. Protection from modern day threats like evasive phishing, command-and-control and web-based exploits require real-time prevention that protects your web traffic, secures your DNS traffic and keeps pace with the explosive growth of SaaS applications. Of course, all of this needs centralized management and the ability to protect all locations and security capabilities and policies. They need to be consistent across physical appliances, entirely cloud-delivered or private cloud environments. Palo Alto Networks is the only vendor that can provide best-of-breed, natively integrated solutions, delivering comprehensive security for Internet access.

Making Internet Access Safer

With over 150,000 new malicious web pages every day, practically every attack URL is a zero-day URL. Traditional web security solutions that rely primarily on crawler technology can’t keep up. Palo Alto Networks has new Advanced URL Filtering that provides best-in-class web security. It moves beyond relying primarily on database-driven blocking of known malicious URLs, using inline machine learning to analyze, detect and prevent unknown, evasive and targeted web-based threats in real-time. While other solutions use machine learning for categorization or for preventing file-based attacks, only Palo Alto Networks provides inline machine learning (ML) to stop web-based threats in real-time. With over 40% of what we detect remaining unknown to other vendors at the time of detection, we’re not just preventing commodity attacks, but the truly evasive and targeted attacks that cause the most damage to enterprise organizations.

Making DNS Safer

Palo Alto Networks DNS Security protects the biggest blind spot in your web security. Up to 80% of modern attacks use DNS to help adversaries accomplish their objectives. Yet the majority of enterprise organizations do not have security tools that inspect DNS traffic, or they use over-the-top solutions that can be bypassed by simply changing DNS settings.

Our DNS Security solution is the most comprehensive in the industry and in our latest release we nearly tripled our coverage of DNS-based attacks, including industry-first protections that prevent the next generation of DNS-based attacks used to exploit networks and quietly steal data. We also solved the problem of predicting whether a newly registered domain (NRD) will be used maliciously before it is ever used in an attack. We are able to detect five times as many malicious NRDs as other solutions and we do so at least nine days faster. This predictive capability means customers are often protected before they even see malicious domains. Because we offer this as a cloud-delivered solution that is resolver agnostic, you don’t have to re-architect your DNS, and security cannot be bypassed through DNS setting changes. The best part is that it’s as easy to deploy as enabling a subscription.

Making SaaS Applications Safer

Existing cloud access security brokers (CASBs) are limited due to architectural and operational constraints. Palo Alto Networks SaaS Security helps our customers keep up with the SaaS explosion, automating discovery and protection while embedding into existing workflows. This leads to a whole new level of ease, simplicity and efficiency for the CASB market that Mario Espinoza outlines quite well in his post, “Palo Alto Networks Introduces SaaS Security with Integrated CASB”.

Bringing It All Together

One of the biggest advantages Palo Alto Networks has in detecting threats is the network effect all of our products benefit from. Everyday, we see threats through our Threat Prevention, WildFire, Advanced URL Filtering and DNS Security products, along with other sources such as passive DNS, honeypots and our threat intelligence team in Unit 42. This means that if one of our customers sees a threat, all of our other customers receive the benefit of protection against that threat. All of this gathered intelligence informs our machine learning, which constantly improves our detection capabilities. In addition, because our security is cloud-based, we’re able to provide investment protection for our customers — adding new detection capabilities with minimal impact to customers. This means the new capabilities described are available to all customers on PAN-OS 9.1 and higher.

Palo Alto Networks provides complete protection for your internet edge on a single platform. Can your security vendor say the same? Without security capabilities that provide real-time inline protection across all vectors, you can’t truly achieve Zero Trust. If you’re not using Palo Alto Networks, ask your security vendor if they provide real-time protection against web-based threats. Ask them if they can detect emerging DNS-based threats and automatically discover and control new SaaS apps. If not, we’d love to talk to you.

To learn more about Internet Security for Zero Trust, watch our event series, Complete Zero Trust Network Security, and get ready to secure productivity wherever it takes place.