The PA-500next-generation firewall is designed to protect medium sized networks. Rack-mountable. Supports fault-tolerant configurations.The PA-500 enables to secure organization through advanced visibility and control of applications, users and content at throughput speeds of up to 250 Mbps. Dedicated computing resources assigned to networking, security, signature matching and management functions ensure predictable performance. Key Security Features: Classifies all applications, on all ports, all the time • Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed. • Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping. • Categorizes unidentified applications for policy control, threat forensics or App-ID™ development. Enforces security policies for any user, at any location • Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android®, or Apple® iOS platforms. • Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®. • Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information. Prevents known and unknown threats • Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed. • Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing. • Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection. The controlling element of the PA-500 is PAN-OS®, a security-specific operating system that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content, and user – in other words, the business elements that run your business –mare then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time. 

Use of SaaS applications is exploding because software as a service is so easy. But, because of that simplicity, the security risks of SaaS are also on the rise. The use of unsanctioned SaaS apps can expose sensitive data and propagate malware – and even sanctioned SaaS adoption can increase the risk of data exposure, breaches and noncompliance. By offering advanced data protection and consistency across clouds, Palo Alto Networks reins in the risks. Our products address your cloud access security broker needs and provide advanced capabilities in risk discovery, data loss prevention, user behavior monitoring and advanced threat protection. Now you can maintain compliance while preventing data leaks and business disruption through a fully cloud-delivered CASB deployment. Risk discovery and deep visibility Palo Alto Networks provides unparalleled visibility and precise control of all applications, including SaaS as one of the many application categories supported through an extensive library of application signatures. Easy-to-navigate SaaS usage dashboards and detailed reporting help rein in shadow IT risk and get you started on your journey to securing SaaS applications. In addition, discover risks at a much deeper level with an API-based approach that provides complete visibility across all user, folder and file activity, generating detailed analysis that helps you quickly determine if there are any data risk- or compliance-related policy violations. Data leak prevention and compliance Define granular, context-aware policy control to drive enforcement as well as quarantine users and data as soon as violations occur. This enables you to quickly and easily satisfy data risk compliance requirements, such as those related to PCI, PII or PHI data, while still maintaining the benefits of cloud-based applications. Aperture can connect directly to enterprise SaaS applications to provide:

• Data classification and monitoring
• Data loss prevention, or DLP, capabilities
• User activity tracking for anomalies
• Known and unknown malware prevention
• Detailed risk and usage reporting

User behavior monitoring Heuristic-based user behavior monitoring and alerting enables you to easily identify suspicious behavior, such as logins from unexpected regions, unusually large usage activity or multiple failed login attempts, indicative of credential theft. Advanced threat prevention WildFire malware prevention service, integrated across the platform, provides advanced threat prevention to block known malware and identify and block unknown malware. You can keep threats from spreading through the SaaS applications, preventing a new insertion point for malware. New malware discovered is automatically shared with the broader enterprise security tools, strengthening your overall security posture.

LightCyber empowers organizations to detect and stop active attacks in their network. Founded by cybersecurity experts in 2012, LightCyber has been leading the industry in the development of automated behavioral analytics capabilities and uses sophisticated machine learning to quickly, efficiently and accurately identify attacks based on identifying behavioral anomalies inside the network. LightCyber’s products have been successfully deployed by top-tier companies in the financial, healthcare, legal, telecom, government, media and technology sectors.

LightCyber detects malicious insiders, targeted external attackers and operationalized malware by monitoring network traffic; learns the behavior of all users and devices; and detects the anomalies that deviate from expected behavior. LightCyber starts with a blank slate and employs unsupervised machine learning to create these baseline profiles. From this ongoing profiling process, LightCyber pinpoints anomalous behaviors that are indicative of an attack or risky user behavior.

Targeted attackers can find ways to compromise systems and infiltrate networks. Once attackers are in the network, they begin a step-by-step process of reconnaissance and lateral movement using networking and admin tools. To stay under the radar, they often avoid using malware or known exploits. However, they still need to understand the network design and find the location of sensitive assets and expand their realm of control to gain access to these assets by conducting reconnaissance and lateral movement.

LightCyber stops attacks early by understanding how users and devices typically behave and by recognizing changes in behavior – such as a regular user performing administrative activity or scanning rarely accessed file shares – to stop an advanced attack early and definitively.

The LightCyber approach focuses on network and endpoint traffic, and on activity within the networking traffic, to drive its primary analysis. LightCyber uniquely offers:

Unsupervised machine learning to prevent unknown threats. LightCyber catches post-intrusion activity that does not involve malware or known exploits by learning expected behavior and detecting anomalies indicative of an attack.

Broad inputs to maximize detection accuracy and efficiency. LightCyber analyzes behavior across networks, users and endpoints to automate investigations and confirm suspicious behavior by pinpointing the endpoint process responsible for an attack. To achieve this, it analyzes the process in the cloud.

Attack mitigation across the entire attack lifecycle. LightCyber detects all stages of the attack lifecycle after the initial intrusion, focusing on hard-to-detect, low-and-slow reconnaissance and lateral movement to which most security products are blind.

Integrated remediation to prevent cyberattacks. Because LightCyber accurately detects attacks, it can block compromised devices and disable user accounts automatically, or administrators can do it through the click of a button.

LightCyber extends the ability of the Palo Alto Networks platform to mitigate unknown threats inside the network and root out attackers as they perform low-and-slow reconnaissance, expand control, and attempt to manipulate or steal data.

LightCyber enhances and extends our ability to prevent attacks across the attack lifecycle and especially at the internal reconnaissance and lateral movement stages, which are often important to a successful attack. With LightCyber added to our platform, it can further prevent command-and-control activity and data exfiltration by detecting anomalous behavior. You will gain unrivaled protection against targeted attacks, insider threats, risky behavior and malware inside your network.

Since our inception, Palo Alto Networks has pioneered new ways of tackling seemingly impossible security challenges and, along the way, has provided eye-opening visibility into user and application traffic as well as exceptional breach prevention capabilities. The LightCyber automated behavioral analytics technology represents another step in our evolution of delivering a platform at the forefront of the innovation curve. With the LightCyber technology, our platform will be able to analyze user, endpoint and network behavior and apply machine learning techniques to detect and stop active attackers inside the network who do not rely on malware or vulnerability exploits.

Flexible deployment options and native integration with our next-generation platform extend the policy enforcement and cyberthreat prevention to everywhere your users and data are located: in your network, on your endpoints and in the cloud. Superior architecture, superior benefits Complete visibility and precise control: Our next-generation firewalls provide complete visibility into all network traffic based on applications, users, content and devices. Automated security: Innovative features reduce manual tasks and enhance your security posture, for example, by disseminating protections from previously unknown threats globally in near-real time, correlating a series of related threat events to indicate a likely attack on your network, and using dynamic address groups in security rules to avoid updating server IP addresses frequently. Protection for your users and data everywhere: Our next-generation firewalls are natively integrated with our security platform, which prevents advanced and unknown cyberthreats no matter where the users and data are located: in your network, on your endpoints and in the cloud. Products: PA-5000 Series, PA-4000 Series, PA-3000 Series, PA-2000 Series, PA-500, PA-200, VM-Series, Management Platforms Visibility and Control Our next-generation firewall classifies all traffic, including encrypted traffic, based on application, application function, user and content. You can create comprehensive, precise security policies, resulting in safe enablement of applications. This lets only authorized users run sanctioned applications, greatly reducing the surface area of cyber attacks across the organization. Threat Prevention The combination of Content-IDTM and WildFireTM provides protection from known and unknown threats. Content-ID limits unauthorized data transfer and detects and blocks a wide range of threats. WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs) through static and dynamic analysis in a scalable, virtual environment, and automatically disseminates updated protections globally in near-real time. Built-in, not Bolted-on Today’s security architectures are a result of adding uncoordinated security layers one at a time, making them ineffective in dealing with modern threats. Unlike legacy firewalls that are based on this "layered security" architecture, our next-generation firewalls use a unified security design that classifies all traffic into full context before applying one set of flexible security rules in a single pass.

The threat landscape has quickly evolved to a level of sophistication that it can bypass traditional endpoint protection. Traps combines powerful endpoint protection technology with critical endpoint detection and response (EDR) capabilities into a single agent, enabling your security teams to automatically protect, detect and respond to known, unknown and sophisticated attacks, using machine learning and AI techniques from data collected on the endpoint, network and cloud. Unique in the breadth and depth of its endpoint protections, Traps:

• Stops malware, exploits and ransomware by observing attack techniques and behaviors.
• Uses machine learning and AI to automatically detect and respond to sophisticated attacks.
• Includes WildFire malware prevention service to improve accuracy and coverage.
• Harnesses Cortex XDR detection and response to speed, alert triage and incident response by providing a complete picture of each threat and its root cause, automatically.
• Coordinates enforcement with network and cloud security to prevent successful attacks.
• Provides a single lightweight agent for protection and response.
• Protects endpoints while online and offline, on a network and off.

Stops malware and ransomware Traps prevents the launching of malicious executable files, DLLs and Office files with multiple methods of prevention, reducing the attack surface and increasing the accuracy of malware prevention. Provides behavior-based protection Sophisticated attacks that utilize multiple legitimate applications and processes are more common, can be hard to detect, and require visibility to correlate malicious behavior. Traps detects and stops attacks by monitoring for malicious behaviors across a sequence of events and terminates the attack when detected. Blocks exploits and fileless attacks Rather than focusing on individual attacks, Traps blocks the exploit techniques the attacks use. By doing so at each step in an exploit attempt, Traps breaks the attack lifecycle and renders threats ineffective. Coordinates enforcement with network and cloud Tight integration between network, endpoint and cloud enables a continually improving security posture and provides layered prevention from zero-day attacks. Whenever a firewall sees a new piece of malware or an endpoint sees a new threat, protections are made available in minutes to all other next-gen firewalls and endpoints running Traps with no effort on the admin’s part, whether it happens at 1 a.m. or 3 p.m. Detect and respond to sophisticated attacks Traps uses the Cortex Data Lake to store all event and incident data captured, allowing seamless integration with Cortex XDR for investigation and incident response. Cortex XDR, a cloud-based detection and response app that empowers SecOps to stop sophisticated attacks and adapt defenses in real time. By combining rich network, endpoint, and cloud data with analytics, Cortex XDR allows you to:

• Automatically determine the root cause to accelerate triage and incident response.
• Reduce the time and experience required from triage to threat hunting.
• Respond to threats quicker and adapt defenses from knowledge gained, making the next response even faster.

Palo Alto Networks WildFire cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The service employs a unique multi-technique approach, combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.

WildFire changes the equation for adversaries, turning every Palo Alto Networks platform deployment into a distributed sensor and enforcement point to stop zero-day malware and exploits before they can spread and become successful.Within the WildFire environment, threats are detonated, intelligence is extracted and preventions are automatically orchestrated across Palo Alto Networks Next-Generation Security Platform in as few as five minutes of first discovery anywhere in the world.

WildFire goes beyond traditional approaches used to detect unknown threats, bringing together the benefits of four independent techniques for high-fidelity and evasion-resistant discovery, including:

Dynamic analysis – observes files as they detonate in a purpose-built, evasion-resistant virtual environment, enabling detection of zero-day exploits and malware using hundreds of behavioral characteristics.

Static analysis – highly effective detection of malware and exploits that attempt to evade dynamic analysis, as well as instant identification of variants of existing malware.

Machine learning – extracts thousands of unique features from each file, training a predictive machine learning model to identify new malware – which is not possible with static or dynamic analysis alone.

Bare metal analysis – evasive threats are automatically sent to a real hardware environment for detonation, entirely removing an adversary’s ability to deploy anti-VM analysis techniques.

Together, these four unique techniques allow WildFire to discover and prevent unknown malware and exploits with high efficacy and near-zero false positives.

WildFire threat analysis service:

• Detects evasive zero-day exploits and malware with a unique combination of dynamic and static analysis, novel machine learning techniques, and an industry-first bare metal analysis environment.
• Orchestrates automated prevention for unknown threats in as few as five minutes from first discovery anywhere in the world, without requiring manual response.
• Builds collective immunity for unknown malware and exploits with shared real-time intelligence from approximately 17,000 subscribers.
• Provides highly relevant threat analysis and context with AutoFocus.

The PA-220R is a ruggedized next-generation Firewall that secures industrial and defense networks in a range of harsh environments, such as utility substations, power plants, manufacturing plants, oil and gas facilities, building management systems, and healthcare networks. Features:

• Classifies all applications, on all ports, all the time
• Enforces security policies for any user, at any location
• Prevents known and unknown threats
• Enables SD-WAN functionality

Highlights:

• Extended operating range for temperature
• Certified to IEC 61850-3 and IEEE 1613 environmental and testing standards for vibration, temperature, and immunity to electromagnetic interference
• Dual DC power (12–48V)
• High availability firewall configuration (active/active and active/passive)
• Fanless design with no moving parts
• Flexible I/O with support for both copper and optical via SFP ports
• Flexible mounting options, including DIN rail, rack, and wall mount
• Simplified remote site deployment via USB-based bootstrapping