Palo Alto Networks bolstered its security portfolio with products that target enterprise network users looking to make the move to a zero-trust environment.\nThe new capabilities focus on a number of zero trust mechanisms\u2014including \u00a0SaaS, cloud and DNS that will be available in June\u2014and will make it significantly easier for organizations to adopt zero-trust security across the enterprise, according to Anand Oswal, senior vice president and general manager with Palo Alto.\n\nAs more people are working from anywhere, they require fast and always-on access to data and applications in the distributed cloud, regardless of location, Oswal said. \u201cAn all-encompassing zero-trust approach to network security is critical for safeguarding productivity in the new reality of remote, mobile, and hybrid work,\u201d he said.\nAnd while traditional VPNs are still the predominant enterprise-security control for remote users, zero trust is growing, especially for use with cloud operations.\nIn October, \u00a0Enterprise Management Associates research found that the COVID-19 pandemic had prompted 60% of enterprises to accelerate their zero trust networking strategies. EMA found 61% of enterprises reported that pandemic-related changes to their businesses have directly led to an increase in security issues.\nFor its part Palo Alto has gone all-in on zero trust with an integrated cloud-access security broker (CASB) to protect SaaS applications as well as a Cloud Identity Engine that together lets customers authenticate and authorize their users across enterprise networks, clouds, and applications.\n\u201cEvery access-policy decision should be made with verified knowledge of user identities, apps and devices,\u201d Oswal wrote in a blog about the announcement. \u201cOur context-based access policies have always been foundational, and the context is derived from users, applications, and devices. The Cloud Identity Engine can be configured and made ready for a large enterprise in about 10 minutes. Cloud-based, point-and-click integrations with hybrid, multi-cloud, and on-premises software-identity providers simplify authentication, authorization, and single sign-on.\u201d\nThe security company also added Advanced URL Filtering service that the company says protects against zero-day web attacks with inline machine-learning capabilities.\n\u201cAdvanced URL Filtering utilizes real-time threat and credential-theft protection combined with industry-leading, anti-phishing capabilities,\u201d Oswal wrote. \u201cAdvanced URL Filtering prevents the most damaging web-based attacks aimed at enterprise networks today, with over 40% of what it prevents unknown to other vendors at the time of discovery.\u201d\nIn keeping with its new zero-trust features, Palo Alto introduced seven new features for its DNS Security that identify and disrupt the latest DNS-layer network attacks and data-exfiltration techniques such as dangling DNS and ultra-slow tunneling, which are used to quietly steal data, Oswal stated.\nAlso part of the zero-trust enhancements, Palo Alto added to its firewall family with a high-end campus and hyperscale-sized models\u2013 the PA-5450 and the branch office PA-400.\nThe PA-5450 offers 120 Gbps throughput with security services enabled, four times more than the previous generation (30Gbps threat prevention throughput on PA-5260). It is purpose-built to apply decryption and ML-powered security to stop zero-day attacks, as well as known threats. Customers can buy the chassis and then grow from one to five cards as an organization scales.\nThe PA-400 Series offers up to 10 times higher performance over the company\u2019s previous branch firewall and supports zero-touch provisioning to simplify deployment to large numbers of sites, Oswal stated.\u00a0\nMicrosoft zero-trust at RSA Conference 2021\nZero trust has been a hot topic at this week\u2019s RSA security conference. For example, Microsoft announced additional security features for its real-time policy engine Azure AD Conditional Access, that lets customers more easily manage security policies and access control.\n\u201cThe hybrid work environment, with some users working remotely and others in group office settings, introduces more digital attack surfaces, complexity, and risk as perimeters are now increasingly fluid,\u201d wrote Vasu Jakkal, corporate vice president of security, compliance and identity with Microsoft.\u00a0 \u201cA Zero Trust strategy will be top of mind for many organizations because its principles\u2014verify explicitly, grant least privileged access, and assume breach\u2014help maintain security amid the IT complexity that comes with hybrid work.\u201d\nIBM, too, has gotten into the zero-trust game by recently announcing a SaaS version of Cloud Pak for Security that now includes security blueprints that offer a roadmap of security capabilities along with guidance on how to integrate them as part of a zero-trust architecture.\nUsing these blueprints, organizations can define user access to data and help reduce exposure in the event of compromise. This connection will help generate insights into data usage and privacy risk, enforce security policies, automate remediation responses as well as help organizations detect and respond efficiently to risk and compliance issues, IBM stated. \u00a0\n\u201cZero trust offers a better way to address the complexity in security that\u2019s challenging our businesses today,\u201d Mary O'Brien, general manager, IBM Security said during her RSA keynote. \u201cTraditionally, security focused on building a perimeter of protection around valuable assets. That worked well for decades for the majority of our valued assets. But that\u2019s not the way we do business anymore. Today, it\u2019s not uncommon to have all of your users, data and applications operating in different environments, and they all need to connect to one another quickly, seamlessly, and securely.\u201d\nAt its, core zero trust is a multidimensional approach to addressing risk and protecting data where nothing is inherently trusted, she said.\nO\u2019Brien shared the virtual stage with Dow Chemical CISO, Mauricio Guerra who said the company has decided to deploy a zero-trust network architecture because that\u2019s what the company needed to enable users to have full, secure access to all forms of internet, cloud, and IoT services\n\u201cSo one of the first deliverables of our zero-trust model was secure access to internet. Second, we have delivered a secure access to our different locations, replacing data pools that we had before. We are replacing our telecommunications network, and zero trust is helping us with an SD-WAN solution,\u201d Guerra said.