• United States
Senior Editor

Palo Alto Networks pushes enterprise zero trust

News Analysis
May 19, 20215 mins
Cloud SecurityNetwork SecuritySecurity

Palo Alto Networks has added products and features for enterprises looking to build a zero-trust security environment.

Zero trust Netskope
Credit: Netskope

Palo Alto Networks bolstered its security portfolio with products that target enterprise network users looking to make the move to a zero-trust environment.

The new capabilities focus on a number of zero trust mechanisms—including  SaaS, cloud and DNS that will be available in June—and will make it significantly easier for organizations to adopt zero-trust security across the enterprise, according to Anand Oswal, senior vice president and general manager with Palo Alto.

As more people are working from anywhere, they require fast and always-on access to data and applications in the distributed cloud, regardless of location, Oswal said. “An all-encompassing zero-trust approach to network security is critical for safeguarding productivity in the new reality of remote, mobile, and hybrid work,” he said.

And while traditional VPNs are still the predominant enterprise-security control for remote users, zero trust is growing, especially for use with cloud operations.

In October,  Enterprise Management Associates research found that the COVID-19 pandemic had prompted 60% of enterprises to accelerate their zero trust networking strategies. EMA found 61% of enterprises reported that pandemic-related changes to their businesses have directly led to an increase in security issues.

For its part Palo Alto has gone all-in on zero trust with an integrated cloud-access security broker (CASB) to protect SaaS applications as well as a Cloud Identity Engine that together lets customers authenticate and authorize their users across enterprise networks, clouds, and applications.

“Every access-policy decision should be made with verified knowledge of user identities, apps and devices,” Oswal wrote in a blog about the announcement. “Our context-based access policies have always been foundational, and the context is derived from users, applications, and devices. The Cloud Identity Engine can be configured and made ready for a large enterprise in about 10 minutes. Cloud-based, point-and-click integrations with hybrid, multi-cloud, and on-premises software-identity providers simplify authentication, authorization, and single sign-on.”

The security company also added Advanced URL Filtering service that the company says protects against zero-day web attacks with inline machine-learning capabilities.

“Advanced URL Filtering utilizes real-time threat and credential-theft protection combined with industry-leading, anti-phishing capabilities,” Oswal wrote. “Advanced URL Filtering prevents the most damaging web-based attacks aimed at enterprise networks today, with over 40% of what it prevents unknown to other vendors at the time of discovery.”

In keeping with its new zero-trust features, Palo Alto introduced seven new features for its DNS Security that identify and disrupt the latest DNS-layer network attacks and data-exfiltration techniques such as dangling DNS and ultra-slow tunneling, which are used to quietly steal data, Oswal stated.

Also part of the zero-trust enhancements, Palo Alto added to its firewall family with a high-end campus and hyperscale-sized models– the PA-5450 and the branch office PA-400.

The PA-5450 offers 120 Gbps throughput with security services enabled, four times more than the previous generation (30Gbps threat prevention throughput on PA-5260). It is purpose-built to apply decryption and ML-powered security to stop zero-day attacks, as well as known threats. Customers can buy the chassis and then grow from one to five cards as an organization scales.

The PA-400 Series offers up to 10 times higher performance over the company’s previous branch firewall and supports zero-touch provisioning to simplify deployment to large numbers of sites, Oswal stated. 

Microsoft zero-trust at RSA Conference 2021

Zero trust has been a hot topic at this week’s RSA security conference. For example, Microsoft announced additional security features for its real-time policy engine Azure AD Conditional Access, that lets customers more easily manage security policies and access control.

“The hybrid work environment, with some users working remotely and others in group office settings, introduces more digital attack surfaces, complexity, and risk as perimeters are now increasingly fluid,” wrote Vasu Jakkal, corporate vice president of security, compliance and identity with Microsoft.  “A Zero Trust strategy will be top of mind for many organizations because its principles—verify explicitly, grant least privileged access, and assume breach—help maintain security amid the IT complexity that comes with hybrid work.”

IBM, too, has gotten into the zero-trust game by recently announcing a SaaS version of Cloud Pak for Security that now includes security blueprints that offer a roadmap of security capabilities along with guidance on how to integrate them as part of a zero-trust architecture.

Using these blueprints, organizations can define user access to data and help reduce exposure in the event of compromise. This connection will help generate insights into data usage and privacy risk, enforce security policies, automate remediation responses as well as help organizations detect and respond efficiently to risk and compliance issues, IBM stated.  

“Zero trust offers a better way to address the complexity in security that’s challenging our businesses today,” Mary O’Brien, general manager, IBM Security said during her RSA keynote. “Traditionally, security focused on building a perimeter of protection around valuable assets. That worked well for decades for the majority of our valued assets. But that’s not the way we do business anymore. Today, it’s not uncommon to have all of your users, data and applications operating in different environments, and they all need to connect to one another quickly, seamlessly, and securely.”

At its, core zero trust is a multidimensional approach to addressing risk and protecting data where nothing is inherently trusted, she said.

O’Brien shared the virtual stage with Dow Chemical CISO, Mauricio Guerra who said the company has decided to deploy a zero-trust network architecture because that’s what the company needed to enable users to have full, secure access to all forms of internet, cloud, and IoT services

“So one of the first deliverables of our zero-trust model was secure access to internet. Second, we have delivered a secure access to our different locations, replacing data pools that we had before. We are replacing our telecommunications network, and zero trust is helping us with an SD-WAN solution,” Guerra said.