Cybersecurity solutions firm Palo Alto Networks’ PAN-OS 11.0 Nova, the latest version of its PAN-OS software released more than 50 product updates and innovations to help stop zero day threats.

Included in the updates are the new Advanced WildFire cloud-delivered security service that brings protection against evasive malware and the Advanced Threat Prevention (ATP) service which now protects against zero-day injection attacks.

“Attackers continue to develop new ways to evade traditional defenses, while security teams struggle to defend organizations with point solutions that are complex to deploy and operate,” said John Grady, ESG senior analyst. “Palo Alto Networks PAN-OS 11.0 Nova addresses these critical challenges by stopping zero-day threats in real-time, simplifying security architectures, and improving cyber hygiene.”

Palo Alto Networks predicts more attacks on Metaverse, MIoT, cloud in 2023
Palo Alto Networks bolsters SaaS applications security

Security against Zero Day Threats

The new Advanced WildFire service builds upon its custom hardened hypervisor to introduce radical new capabilities, such as intelligent run-time memory analysis combined with stealthy observation and automated unpacking to stay hidden from malware and defeat advanced evasions. These new capabilities enable Advanced WildFire to stop more highly evasive zero-day malware than traditional sandboxes.

The enhanced ATP service reimagines the intrusion prevention system (IPS) with industry-first inline capabilities for stopping zero-day injection attacks. Injection attacks — one of the top attacks on the OWASP “Top 10 Web Application Security Risks” list — attempt to push malicious code into a computing system by exploiting unpatched vulnerabilities in software. Such malicious code executes remote commands that lead to data loss or full system compromise.

To protect against such injection attacks, ATP deep-learning models have been built on high-fidelity telemetry data across tens of thousands of exploited vulnerabilities over the last decade. Internal testing has shown that the enhanced ATP service detects 60% more zero-day injection attacks than traditional solutions miss.

In addition to all the PAN-OS software updates, a new set of 4th generation ML-Powered NGFWs bring these new capabilities to branches, campus locations, and data centers at up to five times higher performance compared to the previous generation. The new hardware firewalls also bring the flexibility of fiber and Power over Ethernet (PoE) to small branches.