Network security platform provider Palo Alto Networks Inc. is expanding its product portfolio with the launch of what it says is the world’s first machine learning-powered Next-Generation Firewall.

In addition, it also announced a version of the firewall for Kubernetes apps that can run unchanged on multiple computing environments, plus a new machine learning-powered “internet of things” security service based on technology it acquired from its $75 million acquisition of Zingbox Inc. last year.

Palo Alto said its new firewall runs its latest PAN-OS 10.0 software, and uses machine learning to identify malware and “phishing” attacks that were previously undetectable by traditional firewall services. The problem, the company said, is that as attackers use computers to change attacks automatically, signatures become less valuable in preventing the attacks. It said the new firewall prevents previously unknown attacks using in-line machine learning models.

In addition, the firewall offers “zero-delay protection” that helps reduce reaction times to threats from days to just minutes, resulting in a 99.5% reduction in infected systems, the company said. Moreover, the firewall relies on machine learning to analyze the massive amounts of telemetry data that networks generate to help recommend security policies. The goal is to reduce the chance of human error and thus better secure IoT devices.

The company is also launching a containerized version of its ML-Powered Next-Generation Firewall, called the CN-Series. It’s designed especially for customers running container-based applications in Kubernetes environments. Software containers are used to host the components of modern apps that can run on any kind of computing infrastructure, while Kubernetes is the open-source software that’s used to manage them.

The CN-Series firewall is designed to provide runtime protection capabilities for hosts, containers, and serverless deployments. The company said this kind of specialized protection is needed because software containers can lead to infrastructure-wide vulnerabilities.

The problem is that as container-based apps go into production, they tend to connect to critical legacy applications such as Active Directory or shared databases. If the containerized apps are compromised, it means those legacy systems are also at risk.

Palo Alto Networks said the CN-Series container next-generation firewall integrates natively within Kubernetes environments to enable layer-7 visibility and full protection of all inbound, east-west, and outbound traffic at a namespace or even a pod level. Moreover, the CN-Series firewall can be deployed regardless of where applications are hosted, be it an on-premises environment or a public cloud service such as Google Kubernetes Engine or Amazon Elastic Kubernetes Service.

Finally, Palo Alto Networks said it’s introducing a new IoT Security service that uses machine learning to deliver “complete device visibility” across the network. The new service is based on Zingbox’s patented three-tier machine learning platform that helps companies to discover and identify unmanaged devices, and is enhanced by the company’s own App-ID technology. Customers will be able to discover new IoT devices automatically within their networks, assess risks and then automate the creation of new security policies to secure those devices.

Palo Alto Networks said its new firewalls and security services will be made available in mid-July, when version 10.0 of its PAN-OS is released.

Image: Palo Alto Networks