PAN 8.0 Major Release – What’s New?

June 23, 2017 | vietsunshine

To provide organizations with the best security capabilities to prevent successful cyberattacks, PAN-OS® 8.0, includes a colossal amount of enhancements and capabilities, including:
  • Secure any cloud! AWS, Azure and more
  • Secure SaaS (Office 365®, Box, Slack®) with visibility and enforcement
  • Prevent sandbox evasion, automate C2 detection, and leverage advanced intel sharing
  • Prevent credential theft usage and abuse
  • Simplify security operations with enhanced management, speed and automation
  • New high-performance hardware models to tackle encrypted traffic and more

Learn more about the new Features Introduced in PAN-OS 8.0.

For questions about PAN-OS 8.0 visit the Live Community.


Accelerating Multi-Cloud Deployments

Organizations are rapidly embracing multi-cloud architectures that span software-defined data centers (private clouds) and public cloud environments. To help organizations protect their cloud-based applications and data from cyberattacks, PAN-OS 8.0 expands the VM-Series with new models and optimized performance, making it the broadest, most powerful line of virtualized firewall appliances on the market. New scalability and resiliency features for Microsoft® Azure® and Amazon® Web Services enable organizations to build secure cloud centric architectures. Workflow automation features for VMware®NSX® and KVM with OpenStack® help streamline VM-Series deployments.

Related Links:

Enabling the Safe Use of SaaS Applications

Software-as-a-service (SaaS) applications are changing the way organizations do business. Despite being incredibly useful tools to drive productivity, they pose high levels of risk.

PAN-OS 8.0 introduces several new capabilities helping our customers gain unprecedented levels of SaaS visibility and control based on users, content and applications. Aperture™ SaaS security service, a key component of our platform for securing sanctioned SaaS applications, is now available globally with the launch of new data centers in Europe and Asia. This global expansion also introduces enhanced data leakage prevention (DLP) and machine learning capabilities for documents written in native regional languages, such as German and Japanese. Furthermore, Aperture has added support for complete automation of policy violations, enabling our customers to remediate large volumes of risk with minimal overhead.

Our integrated platform provides detailed SaaS visibility and granular control, data governance, automated risk remediation, and malware prevention, so organizations can achieve complete SaaS protection.

Related Links:

Preventing Credential-Based Attacks

The theft and use of stolen passwords is one of the oldest attacks in the book, yet it remains highly effective. With stolen credentials, an adversary can bypass the entire attack lifecycle by impersonating a valid user, move uninterrupted throughout the organization’s network, and shift to the abuse of credentials from within.

PAN-OS 8.0 neutralizes credential theft by providing prevention capabilities across the attack lifecycle to stop the theft and subsequent abuse of stolen credentials.

The platform identifies and prevents attempts to steal credentials by stopping the submission of valid corporate credentials to illegitimate websites, and neutralizes an attacker’s ability to use stolen credentials for lateral movement and network compromise by enforcing authentication policies at the network layer.

Related Links:

Multi-Method Threat Prevention Innovations

To stay ahead of increasingly sophisticated adversaries, PAN-OS 8.0 introduces several industry-first innovations that drive forward our ability to detect and prevent the most evasive threats, block command-and-control traffic in far more effective ways, and allow our customers to gain leverage from any threat intelligence source, including:

  • WildFire™ service has an all-new anti-evasion analysis engine that brings together the benefit of multiple independent detection techniques:
    • New machine learning that operates on thousands of extracted features to further the WildFire service’s ability to detect more malware and variants while maintaining high accuracy.
    • An entirely new malware analysis environment, custom built from the ground up without any dependency on open-source emulation tools used throughout the industry that are readily identifiable by the adversary.
    • An innovative bare-metal execution environment where suspicious, evasive files are dynamically steered for detonation on real hardware systems, enabling detection for the most evasive anti-VM threats.
  • Advancing command-and-control (C2) prevention by introducing end-to-end automation of the generation, delivery and enforcement of payload-based C2 protections, based on data from WildFire customers. This system eliminates the trade-off between quick automated protections, based on URL or DNS, and effective, but low-scale manual signature creation that was the status quo in the security industry.
  • Extending AutoFocus™ contextual threat intelligence service with the MineMeld application, enabling security teams to aggregate, correlate, and automatically turn any third-party threat intelligence source into prevention across the Palo Alto Networks Next-Generation Security Platform.

Related Links:

High-Performance, Intelligent, Centralized Management

The most innovative, advanced technology loses value if not managed effectively. The Panorama™ network security management 8.0 release introduces new capabilities that provide organizations with access to the richest, most comprehensive set of actionable data from the network as well as from the endpoints secured by Palo Alto Networks Traps™ advanced endpoint protection or from other third-party sources in the future. Combined with complete network visibility and increased automation, organizations are able to streamline management workflows and focus on the issues that matter most.

Related Links:

New Family of Breakthrough Performance Hardware

The increasing use of encrypted traffic and rapid consumption of cloud-based applications, coupled with ever-increasing data center consolidation, are driving new processing power, performance and capacity requirements. Powered by PAN-OS 8.0, the new hardware appliances help deliver next generation of security capabilities anywhere in the network including datacenter cores, enterprise perimeters, as well as branch and remote offices.

Related Links:

Simplifying User-ID Deployments at Scale

User-ID™ technology, a standard feature on Palo Alto Networks next-generation firewalls, enables you to leverage user information stored in a wide range of repositories. PAN-OS 8.0 introduces powerful enhancements that make it easier for organizations of all sizes to control access to their resources based on user identity. By ensuring that only the right users have access to the right resources at all times, User-ID mitigates problems associated with identity theft and helps prevent modern-day breaches.

Related Links:

Security for Service Providers

The expanded line of virtual network functions (VNFs) or VM-Series Firewalls provides new capabilities and increased performance to service providers with deployment flexibility, agility and scalability to support an expanded range of deployment scenarios.

  • Managed security service providers (MSSPs) can leverage a broader portfolio of VNFs to expand their business across multiple enterprise virtualized CPE (vCPE) use cases.
  • Mobile network operators (MNOs) can leverage VNFs with high performance and scalability to support various core network virtualization (NFV/SDN) scenarios.

Related Links:


Technology Integration With Palo Alto Networks

PAN-OS 8.0 provides capabilities to better enable our tech partners to integrate with and take advantage of our Next-Generation Security Platform. These partnerships extend our platform with new log filtering and logging capabilities, SAML support and third-party threat intelligence integrations with the new MineMeld application for AutoFocus.

Related Links:

Tags: ,