PANOS 10 is here and GA!

It was a great moment when the promise from our product team came true. "The time has come, we're going live this weekend!". On Friday evening I had already pushed the "Check Updates" button on my PA220 several times. Then on Saturday the shout out from one of our colleagues in our group chat: "Guys, PANOS 10 is here!!!"

PANOS 10 is a unique security software, a true all-rounder fully packed with highlights and unique capabilities. The Palo Alto Networks security sensor can be tailored to any purpose and any environment, something like this has never been seen in the IT Cybersecurity Industry.

The world's first ML powered NGFW

PANOS 10 is now capable of using machine learning inline on the dataplane. A true game changer for the industry.

The world needs a new type of firewall—one with machine learning and analytics at its core, capable of identifying new threats, devices, and more without relying on fingerprinting or signatures. It must continuously update the machine learning models by analyzing data using unlimited cloud compute. It must continuously collect telemetry and recommend policy and configuration changes to reduce risk and reduce chances of error.

IoT Security

The IoT Security solution works in collaboration with the PANOS sensor to dynamically discover and maintain a real-time inventory of the IoT devices on your network. Through AI and machine-learning algorithms, the IoT Security solution achieves a high level of accuracy, even classifying IoT device types encountered for the first time. And because it’s dynamic, your IoT device inventory is always up to date. IoT Security also provides the automatic generation of policy recommendations to control IoT device traffic, as well as the automatic creation of IoT device attributes for use in PANOS security policies.

HA Clustering for Multiple Data Centers

Data centers with multiple locations and high throughput need high availability (HA) with more than two members to ensure high reliability and to avoid a single point of failure. PAN-OS HA can now support clustering of up to 16 firewalls that perform session state synchronization. HA pairs in each data center prevent a single firewall failure and a data center failure, and asymmetric traffic from a data center is not dropped when sent to another data center.

HA Clustering for Horizontal Scaling of Firewalls

Within a data center, HA solutions must be able to scale horizontally. To provide seamless horizontal scalability of performance and capacity, PAN-OS HA can now support clustering of up to 16 firewalls that perform session state synchronization. In the event of a network outage or a firewall going down, the sessions fail over to a different firewall in the cluster.

Containerized Next-Generation Firewall for Securing Kubernetes Deployments

As you adopt Kubernetes and containers for application development and operational agility, you can now automate the deployment of the next-generation firewalls in environments such as OpenShift, native Kubernetes, GKE, AKS, or EKS, using native Kubernetes constructs. The CN-Series firewall is the containerized form factor of the next-generation firewall that provides complete Layer 7 visibility, application-level segmentation, and protection from advanced threats for traffic going between trust zones in public cloud or data center environments. The containerized form factor has a distributed PAN-OS architecture with CN-Mgmt and CN-NGFW pods that integrate into your CI/CD pipeline and help you secure traffic going from containerized applications running in Kubernetes clusters to VMs, bare metal servers, or to other containerized applications.

DNS Intelligence

It's quite a while that we introduced inline DNS Security fully integrated into the single platform. With PANOS 10 we are adding more DNS intelligence and capabilities, the DNS Security service now collects additional server response and request information to provide improved analytics, DNS detection, and prevention.

The DNS Security service now features individually configurable and extensible DNS Security Signature Categories, which allows you to create discrete security policies based on the risk factors associated with certain types of DNS traffic. Applying these new domain categories in your DNS Security policies allows you to implement granular access control to different categories of domains based on the risk that these domains pose to your organization.

Decryption for TLSv1.3

You can now decrypt, gain full visibility into, and prevent known and unknown threats in TLSv1.3 protocol traffic. TLSv1.3 is the latest version of the TLS protocol, which provides security and performance improvements for applications. PAN-OS 10 supports TLSv1.3 decryption in all modes: SSL Forward Proxy, SSL Inbound Inspection, SSL Decryption Broker, and SSL Decryption Port Mirroring, and also for GlobalProtect Clientless VPN.

Final Word

There is so much more to learn about Palo Alto Networks and all the innovation that has been driven over the past years and will also determine the future of cyber security.

Please visit us at: https://www.paloaltonetworks.com/ to learn more.

Thank you for reading!

Sincerely, Ciro Pizzo