Palo Alto Networks Paves the Way with New OT Security Innovations

Nov 29, 2023
7 minutes

Introducing the PA-450R Rugged NGFW for Harsh Industrial Environments, Enterprise-Grade 5G Security for Industrial Operations and Streamlined Security Operations with Strata Cloud Manager

Earlier this year, Palo Alto Networks launched Zero Trust OT Security, a solution to help industrial asset owners and operators keep their operational technology (OT) environments secure. Zero Trust OT Security is built to provide visibility and security for OT assets and networks, 5G connected assets and remote operations.

To continue rising to the challenge of ever-evolving cybersecurity threats and customer needs, we are excited to announce several new capabilities that take security for OT environments to the next level. This includes the introduction of a new ruggedized firewall designed for harsh environments, as well as an industry-leading 5G security solution designed to safeguard industrial operations with enterprise-grade security.

Zero Trust OT Security offers a unique combination of hardware and software working together to provide a comprehensive OT security solution, and has been recognized as a leader in GigaOm Radar for Operational Technology (OT) Security.

As a key component of the Zero Trust OT Security solution, Industrial OT Security is the industry’s first ML-powered OT visibility engine that combines machine learning (ML) with crowdsourced telemetry to recognize over 500 unique asset profiles, more than 600 OT-specific threat signatures and over 1,100 OT applications.

Hollie Hennessy, senior analyst, Omdia:

"In today’s landscape, the growing interconnectivity of OT and IT networks create cybersecurity challenges for organizations to manage. Many customers are increasingly looking for broad-ranging solutions, which help to reduce complexity and close security gaps. With the latest set of innovations in their Zero Trust OT Security solution, Palo Alto Networks shows that it has clearly been listening to customers and continually investing to meet their OT security needs – with a platform approach and enhanced insights into vulnerabilities. The new ruggedized firewall and the deep coverage of 5G-connected devices stand out in helping customers with comprehensive visibility and security across OT environments, and throughout their digital transformation journeys.”

Rugged Performance for Harsh Industrial Environments with the New PA-450R NGFW

Industrial customers need solutions for OT network security that are purpose-built and reliable in environments where exposure to wide temperature ranges or dusty conditions is common. This new ruggedized NGFW extends our Palo Alto Networks best-in-class security to organizations’ harshest operational environments.

Designed for OT environments, like power substations, the PA-450R is a new ruggedized, ML-based Next-Generation Firewall (NGFW). It delivers up to 3X the performance of our previous generation of ruggedized firewalls, and is the fastest-in-class ruggedized firewall available today. It also has fail-to-wire capabilities that support seamless data pass-through during power failures to the NGFW, enabling continuous operations.

The PA-450R natively integrates with Industrial OT Security, bringing visibility, security, continuous trust verification and ongoing threat prevention together in one platform. With the PA-450R and Industrial OT Security, OT network safety and integrity are supported from a single, robust system that can withstand the harshest conditions to secure industrial environments.

Industry-Leading Asset Identification and Risk Visibility for 5G Connected Devices

5G connectivity within OT environments holds immense potential for operational efficiencies, but often lacks adequate security controls to mitigate cybersecurity risks. Palo Alto Networks provides the industry's first and only 5G security solution designed to comprehensively safeguard industrial operations with enterprise-grade security.

Augmenting Palo Alto Networks 5G-native security capabilities with Industrial OT Security, this solution delivers extensive visibility and protection for every cellular connected device, regardless of its network connection. It also supports other mobile-connected devices, including 4G/LTE and 3G.

Working seamlessly within the Palo Alto Networks NGFW, this solution offers customers the ability to correlate mobile-specific contexts, including IMEI and IMSI, with high-fidelity device identification, such as device type, vendor make, model, operating system and risk and behavior analytics. We’ve also enhanced the Industrial OT Security’s device database by incorporating an additional 220,000 device types, sourced from the GSMA database.

This unparalleled level of visibility empowers customers to enhance their operational technology asset management, assess risks, detect anomalies, and swiftly respond to threats. For instance, should a mobile device unexpectedly establish communication with an application (such as a file transfer) that typically isn't linked to its device category, the NGFW can promptly generate an alert. It will then recommend security policy adjustments to enforce, which leverage the capabilities of machine learning to proactively thwart real-time threats. This seamless integration offers a holistic security solution tailored for 5G and mobile connected devices in OT environments.

Risk-Based Vulnerability Management for Mission-Critical OT Environments

OT environments are often mission critical with high uptime requirements, significantly influencing which vulnerabilities to patch and when to patch them to avoid operational disruption, loss of revenue or unnecessary safety risks.

To help security teams reduce business risk by focusing on what matters the most, we are pleased to introduce a risk-priority classification feature within Industrial OT Security, based on a multifactor risk assessment. To identify vulnerabilities that pose the greatest risk, Industrial OT Security looks beyond CVSS, evaluating threat likelihood indicators and the impact to a customer’s organization should their assets be compromised.

With virtual patching capabilities, Industrial OT Security offers a critical advantage for enhanced threat protection in OT environments. It prevents cyberattacks from exploiting known vulnerabilities while awaiting a maintenance window for potential patching. This capability empowers security teams in OT environments to maintain the stability and reliability of OT systems while significantly bolstering cybersecurity defenses.

Improved Management Flexibility and Resiliency for OT Environments with the SD-WAN On-Premise Controller

Digital transformation is driving geographically dispersed OT assets, like power grids and oil fields, to establish stronger connections for centralized control. Organizations must meet stringent reliability and performance requirements, ensuring uninterrupted operations even in the event of internet outages. Software-defined wide area networking (SD-WAN) provides simplified, secure networking that surpasses traditional site-to-site VPNs. Businesses want the benefits of adopting SD-WAN in OT environments but also want to avoid introducing the additional risks of a direct connection to the internet.

Now the Prisma SD-WAN on-premise controller (OPC) brings next-generation secure, industrial SD-WAN management on-premises, so OT asset owners and operators can modernize their networks securely and confidently. With the SD-WAN OPC, end-to-end SD-WAN capabilities are offered on-premises, delivering simplicity and security benefits while providing the reliable connectivity that OT environments require.

Seamlessly Manage Security Operations for OT Assets, 5G Devices and Remote Operations with Strata Cloud Manager

IT-OT Convergence has accelerated the need to support more secure remote access and site-to-site connectivity for OT environments. As customers look at SASE-based approaches to secure remote operations, they want solutions that can achieve several key objectives. These include implementing Zero Trust security consistently across wired and wireless OT site-level networks. Additionally, customers want solutions that offer consolidated insights and can be managed in a unified, operationally efficient manner.

Earlier this month, Palo Alto Networks announced Strata Cloud Manager (SCM), an AI-powered Zero Trust management and operations management solution. It transforms network security by strengthening security and preventing network disruptions consistently across all enforcement points – a radical new approach to managing a network security platform.

SCM includes a dedicated Industrial OT Security dashboard, granting quick access to critical device security parameters, such as OT risk and alerts. With SCM, security teams reap the operational benefits of comprehensive configuration and security policy management across all form factors, including SASE, hardware and software firewalls, as well as security services to ensure consistency and reduce operational overhead.

To learn more about Strata Cloud Manager, the advancements to our NGFWs and how we’re pushing the boundaries of enterprise security, register for our launch event Introducing PAN-OS 11.1 Cosmos on February 13, 2024.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.