UPDATED 08:00 EDT / JUNE 17 2020

palo-alto-networks-ml-powered-ngfw SECURITY

Palo Alto Networks debuts its machine learning-powered next-generation firewall

Network security platform provider Palo Alto Networks Inc. is expanding its product portfolio with the launch of what it says is the world’s first machine learning-powered Next-Generation Firewall.

In addition, it also announced a version of the firewall for Kubernetes apps that can run unchanged on multiple computing environments, plus a new machine learning-powered “internet of things” security service based on technology it acquired from its $75 million acquisition of Zingbox Inc. last year.

Palo Alto said its new firewall runs its latest PAN-OS 10.0 software, and uses machine learning to identify malware and “phishing” attacks that were previously undetectable by traditional firewall services. The problem, the company said, is that as attackers use computers to change attacks automatically, signatures become less valuable in preventing the attacks. It said the new firewall prevents previously unknown attacks using in-line machine learning models.

In addition, the firewall offers “zero-delay protection” that helps reduce reaction times to threats from days to just minutes, resulting in a 99.5% reduction in infected systems, the company said. Moreover, the firewall relies on machine learning to analyze the massive amounts of telemetry data that networks generate to help recommend security policies. The goal is to reduce the chance of human error and thus better secure IoT devices.

The company is also launching a containerized version of its ML-Powered Next-Generation Firewall, called the CN-Series. It’s designed especially for customers running container-based applications in Kubernetes environments. Software containers are used to host the components of modern apps that can run on any kind of computing infrastructure, while Kubernetes is the open-source software that’s used to manage them.

The CN-Series firewall is designed to provide runtime protection capabilities for hosts, containers, and serverless deployments. The company said this kind of specialized protection is needed because software containers can lead to infrastructure-wide vulnerabilities.

The problem is that as container-based apps go into production, they tend to connect to critical legacy applications such as Active Directory or shared databases. If the containerized apps are compromised, it means those legacy systems are also at risk.

Palo Alto Networks said the CN-Series container next-generation firewall integrates natively within Kubernetes environments to enable layer-7 visibility and full protection of all inbound, east-west, and outbound traffic at a namespace or even a pod level. Moreover, the CN-Series firewall can be deployed regardless of where applications are hosted, be it an on-premises environment or a public cloud service such as Google Kubernetes Engine or Amazon Elastic Kubernetes Service.

Finally, Palo Alto Networks said it’s introducing a new IoT Security service that uses machine learning to deliver “complete device visibility” across the network. The new service is based on Zingbox’s patented three-tier machine learning platform that helps companies to discover and identify unmanaged devices, and is enhanced by the company’s own App-ID technology. Customers will be able to discover new IoT devices automatically within their networks, assess risks and then automate the creation of new security policies to secure those devices.

Palo Alto Networks said its new firewalls and security services will be made available in mid-July, when version 10.0 of its PAN-OS is released.

Image: Palo Alto Networks

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.