Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Palo Alto Networks Pushes Major Refresh of Network Security Portfolio

Palo Alto Networks is focusing on the virtualized data center to help IT administrators fight off threats targeting virtual environments.

Palo Alto Networks is focusing on the virtualized data center to help IT administrators fight off threats targeting virtual environments.

Network security firm Palo Alto Networks announced its “largest ever” refresh of its network security portfolio on Tuesday, introducing new virtual and physical appliances, a new anti-malware subscription service, and the latest version of its operating system. The new Palo Alto Networks VM-Series, which will be integrated with VMware’s vSphere virtualization operating system, will allow IT administrators to see what kind of data is flowing between virtual machines, Chris King, director of product marketing at Palo Alto Networks, told SecurityWeek. The VM-Series is currently available only for the VMware hypervisor.

Palo Alto Networks LogoMost physical firewall appliances can’t see what is happening within the virtual machines on a physical host as their visibility is limited to the traffic coming from outside and reaching the physical host, King said. VM-Series, on the other hand, as a virtual appliance, has the ability to see that traffic and to offer IT administrators with application-, user-, and content-based firewall capabilities, King said.

“We are now able to offer a full feature next generation firewall in a virtual machine data center,” King said.

The new virtual and physical appliances are based on the new PAN-OS 5.0 operating system, King said. PAN OS 5 added management capabilities to the virtual firewall, making it easier for enterprises to tie user- and app-based policies to virtual machines or server deployments, King said. Existing customers can upgrade their Palo Alto Networks products to the new operating system for free, King said.

Palo Alto Networks M-100 Management ApplianceIT administrators have to deal with the challenge of managing virtual machines even when they migrate within the virtual environment and get new IP addresses. With the new VM-Series, IT administrators will be able to tie policy to the applications and not the IP address, so even as the machines move around, the policies are still in effect, King said.

The new PAN OS 5.0 offers the dynamic objects technology to give security policies flexibility. The new feature also is useful for customers who are running virtual machines with varying trust levels n the same physical host, King said. While there are some virtual environments where administrators are able to keep the trust levels homogenous, in most cases, they vary, King said. This is particularly the case in multi-tenant, multi-trust environment, King said.

One virtual machine with a low-trust level may be a threat to other virtual machines with high-trust levels, so it was important to make sure the appropriate security policies were applied and maintained at all times.

Starting at $2,700, the VM-Series will come in three forms. The VM-100 is the most basic, supporting 50,000 sessions, 250 rules, 10 security zones, 2,500 address objects, 25 IPsec tunnels, and 25 SSL VPN tunnels. The VM-200 supports 100,000 sessions, 2,000 rules, 20 security zones, 4,00 address objects, 500 IPsec tunnels, and 200 SSL VPN tunnels. Finally, the VM-300 supports 250,000 sessions, 5,000 rules, 40 security zones, 10,000 address objects, 2,000 IPsec tunnels, and 500 SSL VPN tunnels.

The network security firm also updated its threat prevention offerings with a subscription service to its WildFire cloud-based malware prevention service, King said. WildFire currently detects malware affecting a broad range of applications, including zero-day threats. The new service is now capable of delivering malware signatures to all subscribers within an hour of the malware being detected, King said. Customers also get on-box logging and reporting capabilities with the WildFire service.

Advertisement. Scroll to continue reading.

Palo Alto Networks PA-3000 FirewallPalo Alto also launched the PA-3000 Series next-generation firewall for enterprise customers starting at $14,000. The PA-3020 and PA-3050 deliver up to 4 Gbps App-ID throughput, the company said. The new appliances are part of the company’s new mid-range platform, ranging from 2 Gbps to 4 G bps, to give enterprises more options, King said.

The M-100 appliance is a dedicated Palo Alto Networks Panorama management system to offer distributed log collection capabilities and centralized control over all the Palo Alto firewalls deployed on the network.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.