Cybersecurity tactics are naturally reactive. While enterprises can deploy systems and solutions to minimize known attacks and account for common threat vectors, the real test of effective security comes when malicious actors deploy new tactics, tools or technologies. As many observers have noted, cyberattacks have become more sophisticated, widespread and relentless.
To combat this changing landscape, organizations need tools capable of closing the gap between detection and action, in turn reducing potential risk to critical systems. Firewalls remain the workhorses of frontline enterprise security, but as attacks continue to evolve, traditional solutions are falling behind.
Next-generation firewalls (NGFWs) offer a real-time approach to threat detection and defense — and the new PA-400 series by Palo Alto Networks takes active protection a step further with the addition of integrated machine learning (ML) algorithms.
Firewalls: From Stateful to Streamlined
First-generation firewalls leveraged what’s known as “stateful inspection,” which classifies traffic only in reference to common destination ports, such as Transport Control Protocol port 80 for HTTP. While this was sufficient for enterprises using onsite, proprietary software tools that remained inside corporate networks, the rapid rise of open-source software and mobile applications fundamentally changed the security landscape.
DISCOVER: Dive deeper into next-gen firewalls with Palo Alto.
According to Tom O’Brien, vice president for Strata at Palo Alto Networks, however, this level of protection wasn’t enough for long. “As the need for application awareness arose,” he says, “many vendors added application visibility and other software or hardware ‘blades’ into their stateful inspection firewalls, which they subsequently sold as unified threat management offerings. However, since their functions were retrofitted and not natively integrated, UTMs did not improve security.”
Next-generation firewalls can capture network context to make security decisions based on applications, users and content. NGFWs can identify potentially malicious applications regardless of their origin or their attempts at obfuscation and can identify users regardless of device or IP address to provide real-time protection against both known and unknown threats.
“This integrated design both improves security and simplifies operations,” says O’Brien. “Given the model’s success, the term ‘next-generation firewall’ is now synonymous with ‘firewall.’”
What Sets the PA-400 Series Apart
The PA-400 series takes NGFW functionality a step farther with the native integration of robust machine learning. By embedding ML algorithms directly into the core of the firewall, the PA-400 series can provide real-time Internet of Things device identification along with inline and signature-based attack protection.
Key features of the PA-400 series include:
- By leveraging massive cloud scale, this next-generation firewall provides zero-delay signature detection to empower early response.
- Integrated machine learning offers complete visibility across IoT networks and other connected devices.
- By collecting threat and contextual data over time, the PA-400 series can offer automated and intelligent policy recommendations to improve overall network security.
In practice, machine learning makes it possible for NGFWs to dynamically evolve alongside security threats. As new tactics emerge, these firewalls learn what sets them apart from previously detected threats and then contextualize them within the larger corporate network.
Firewalls Support Zero-Trust Solutions
A zero-trust security model is essential for modern data protection, especially as enterprises shift to long-term hybrid work models, with employees using a variety of corporate-owned and personal endpoints. “Attackers often view these endpoints as back doors into the larger enterprise,” says O’Brien. “While distributed enterprises with thousands of branches are also subject to attacks at every location, valuable customer data and financial transactions are prime targets for attackers.”
Zero-trust architecture assumes nothing and authenticates everything to increase overall security. Next-generation firewalls help support zero-trust architecture by capturing contextual data about network activities that can help inform decisions to grant or deny access.
When it comes to the impact of the PA-400 series on enterprise security, O’Brien doesn’t mince words.
“Reactive security can’t keep up with today’s threats — or prepare you for tomorrow’s,” he says. “Palo Alto Networks’ ML-powered NGFW sets the new standard as the ideal enterprise control point, serving as the first line of defense in any modern, highly effective security platform.”
Brought to you by: