Announcing PAN-OS 8.1: Streamline SSL Decryption, Accelerate Adoption of Security Best Practices

Feb 20, 2018
4 minutes
... views

Today, we are pleased to announce PAN-OS 8.1, the latest version of the software that powers our next-generation firewalls. This release enables you to easily adopt application-based security, removes barriers to securing encrypted traffic, simplifies management of large networks and helps you quickly identify advanced threats in conjunction with Magnifier for behavioral analytics.

Let’s look at some of these enhancements in detail.

 

Simplified App-Based Security

App-ID classifies all traffic, including SaaS, traversing your network so you can safely enable desired applications and block unwanted ones. PAN-OS 8.1 makes it easier to adopt and maintain an application-based security policy.

  • Eliminate security risk: The new rule usage tracking tools empower organizations to review and confidently remove obsolete application-based policy rules as well as retire legacy rules – based on when a rule was last hit – to eliminate holes that create security risks.
  • Easily adopt new apps: Adopting new App-IDs, which used to be released weekly, usually requires a policy review. Now, new App-IDs are released on the third Tuesday of every month, giving you time to review the effect of the new App-ID and change policy if needed. New capabilities enable you to easily understand the impact of new and modified App-IDs on your traffic and policy.
  • Safely enable SaaS usage: SaaS applications host sensitive data, and you need to ensure data is stored in secure, compliant SaaS services. To add to existing capabilities, such as application filters, application characteristics and visibility, you can now use new SaaS application characteristics, such as lack of certifications, poor terms of service, history of data breaches and so on, to view and control their usage. In addition, the next-generation firewall can now add HTTP headers to SaaS app requests to granularly allow access to enterprise accounts while preventing access to free and consumer accounts.

 

Streamlined SSL Decryption

Decryption image 2Most enterprise web traffic is now encrypted, and attackers exploit this to hide threats from security devices. The new Decryption Broker feature removes all barriers to securing encrypted traffic. Our next-generation firewall now decrypts the traffic, applies security and load balances decrypted flows across multiple stacks of security devices for additional enforcement. This eliminates dedicated SSL off-loaders, reducing network complexity and making decryption simple to operate.

 

Performance Boost for Internet-Edge Security

  • Secure the high-speed internet edge: The Palo Alto Networks PA-3200 Series of next-generation firewalls comprises the PA-3260, PA-3250 and PA-3220. These appliances deliver up to five times the performance, up to seven times the decryption performance and up to 20 times greater decryption session capacity of existing hardware, making them ideal for securing all internet-bound traffic, including encrypted traffic.
  • Secure large data centers and high-performance mobile networks: The Palo Alto Networks PA-5280 is the latest addition to the PA-5200 Series appliances. It prevents threats, safely enables applications, and is suitable for mobile network environments as well as large enterprise datacenters. The PA-5280 offers security at throughput speed of 68 Gbps and session capacity of 64 million.
  • Secure industrial deployments: Palo Alto Networks PA-220R ruggedized appliance brings next-generation capabilities to industrial applications in harsh environments. Read the blog post for more information.

 

Improved Efficiency and Performance for Management 

Panorama 8.1 provides greater efficiency for teams that manage physical and virtual appliances running PAN-OS. Using variables in templates, you can now leverage common configuration across many devices while substituting device-specific values in place of IP addresses, IP ranges, FQDNs and more. With device health monitoring, Panorama provides a deployment-wide view into the health and status of your next-generation firewalls. Trending of critical system resources up to 90 days helps you identify gradual changes in your environment. Proactive monitoring automatically creates alerts when substantial changes occur in the utilization of critical device resources, ensuring you’re the first to know.

In addition, new M-600 and M-200 appliances deliver high-performance management.

 

Advanced Threat Detection and Prevention

  • Advanced threat detection. Updates to WildFire include dynamic unpacking, which defeats packing techniques attackers use to evade detection.
  • Prevention everywhere. This update has improved detection of malware targeting Linux servers and IoT devices. Plus, you can detect and prevent malware moving freely inside the network with new SMB protocol support and find malware hiding in less common file archive formats, including RAR and 7z (from 7-Zip).
  • Rich data for analytics. Enhanced application logs evolve next-generation firewalls into advanced network sensors for analytics, including Application Framework apps. Magnifier uses this data to allow customers to identify advanced attacks, insider threats and malware with precision.

 

Palo Alto Networks Next-Generation Firewall provides effective protections you can use, automates tasks so you can focus on what matters and enables you to consume innovations quickly. The new capabilities in PAN-OS 8.1 allow you to accelerate the adoption of next-generation security best practices so you can prevent the most advanced threats and safely enable your business.

To learn more, visit our PAN-OS 8.1 security page.


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.