ML in Palo Alto firewalls to protect IoT and containers

L Cybersecurity

Thanks to machine learning integrated into the Palo Alto Networks PAN-OS firewall operating system, firewalls are better armed to defend IoT devices and containers, whether on-premises or in the cloud.

By integrating machine learning with its next-generation firewall software (NGFW), Palo Alto Networks promises to improve the protection of traffic that flows between businesses, hybrid clouds, IoT devices, and remote workers. The machine learning integrated into the latest version of the Palo Alto firewall operating system – PAN 10.0 – must prevent attacks without signature in real time and quickly identify new devices – in particular IoT products – thanks to a behavior-based identification.

Next to traditional firewall protections like dynamic packet filtering, next generation firewall software now has advanced application, user and content based security assessment capabilities . “The patterns of security attacks are constantly changing and at a rapid pace and traditional signature-based approaches to security are not suited to keep up with the millions of new devices that run diverse and varied operating systems, and the software stacks running on the network, ”said Anand Oswal, senior vice president and general manager of Palo Alto. “Growing exponentially, IoT devices have exacerbated the problem because, due to the multitude of agents, patches and operating systems, it is impossible to define security policies that can take into account all these different factors” .

A more responsive firewall

Oswal says the integrated ML in the NGFW uses online machine learning models to identify known attack variants as well as many unknown cyber threats, and provides real-time protection against malware that can reach the 95%. “By collecting telemetry information over the network and combining it with existing Palo Alto data, the firewall can learn from the behaviors it observes, recognize trends and recommend appropriate security policies,” said said Anand Oswal. In addition, the new PAN 10.0 version of the Palo Alto firewall operating system includes more than 70 new features, including broader capabilities for decryption deployment, DNS attack prevention and layer support. TLS (Transportation Layer Security) 1.3.

According to experts, the ML is essential to keep an advantage over threats. “The use of machine learning becomes very important when huge amounts of data are collected over the network,” said Sreeni Kancharla, Vice President and Information Systems Security (RSSI) at Cadence Design Systems, a publisher of design-automation software and engineering services, when Palo Alto PAN 10 was launched. “It is important to shorten the response time to threats without further complicating the security environment”, a said Ms. Kancharla.

IoT security support

As far as IoT is concerned, PAN 10.0 is compatible with Palo Alto’s subscription service targeting IoT systems. “IoT devices present unique challenges for security teams. They are connected to the corporate core network, but they are generally not managed, “said Oswal. “Generally also, these devices are unregulated, they have unknown or unpatched vulnerabilities, and often their useful life exceeds the life they are supported.”

Anand Oswal recalled that according to a recent IoT security report published by Unit 42, the threat research department of Palo Alto, 57% of IoT devices were vulnerable to medium or high severity, and 98% of all traffic on IoT devices was unencrypted. The IoT service is based on IoT cloud discovery, identity and security technology that Palo Alto purchased last year from Zingbox for $ 75 million. “We have improved Zingbox technology with Palo Alto Networks’ App-ID technology that identifies applications passing through firewalls, which automatically discovers new IoT devices, assess risks and convert lessons learned in IoT security policies, “said Oswal again.

Protect Kubernetes

The PAN 10.0 operating system also works to protect another popular enterprise technology: Kubernetes containers. A containerized version of NGFW, called CN Series, protects container-based resources. According to Palo Alto, the solution combines container protection technologies acquired with the acquisition of Twistlock, with the microsgmentation capabilities of Aporeto. The CN Series provides Layer 7 visibility into container traffic and protection against the vulnerability of inbound, east-west and outbound traffic. Additionally, URL filtering can be used to prevent native cloud applications from connecting to potentially malicious code repositories or websites.

The CN Series can provide NGFW protection wherever applications are hosted. In the case of an on-premises data center, the solution can protect Kubernetes or Red Hat OpenShift. “In the case of a public cloud, protection can apply to Kubernetes and Red Hat OpenShift, but also to Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS) and Amazon’s Elastic Kubernetes Service (EKS)”, a clarified Palo Alto. Version 10.0 of PAN-OS should be available in mid-July. It can be delivered as software, appliance or cloud service. PAN-OS is also included in Prisma, Palo Alto’s cloud-based global security solution. It provides access control, advanced threat protection, user behavior monitoring and other services focused on protecting applications and enterprise resources.


Rate article