* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Network Security](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/)
* [IoT Security](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/category/iot-security/)
* Always Innovating: Innova...

# Always Innovating: Innovations across NG-CASB, IoT/OT, Adv URL \& SWFW

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Falways-innovating-nov-dec-2023%2F)  
[](https://twitter.com/share?text=Always+Innovating%3A+Innovations+across+NG-CASB%2C+IoT%2FOT%2C+Adv+URL+%26%23038%3B+SWFW&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Falways-innovating-nov-dec-2023%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Falways-innovating-nov-dec-2023%2F&title=Always+Innovating%3A+Innovations+across+NG-CASB%2C+IoT%2FOT%2C+Adv+URL+%26%23038%3B+SWFW&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/network-security/always-innovating-nov-dec-2023/&ts=markdown)  
\[\](mailto:?subject=Always Innovating: Innovations across NG-CASB, IoT/OT, Adv URL \& SWFW)  
Link copied  
By [Ganesh Balamitran](https://www.paloaltonetworks.com/blog/author/ganesh-balamitran/?ts=markdown "Posts by Ganesh Balamitran")  
Dec 20, 2023  
6 minutes  
[IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)  
[Advanced URL Filtering](https://www.paloaltonetworks.com/blog/tag/advanced-url-filtering/?ts=markdown)  
[Always Innovating](https://www.paloaltonetworks.com/blog/tag/always-innovating/?ts=markdown)  
[NG-CASB](https://www.paloaltonetworks.com/blog/tag/ng-casb/?ts=markdown)  
[software firewalls](https://www.paloaltonetworks.com/blog/tag/software-firewalls/?ts=markdown)

Welcome to the Nov-Dec 2023 edition of Always Innovating in Network Security from Palo Alto Networks. We have had a busy couple of months and as we enter the holidays, we bring you a combined blog covering new innovations from both November and December. In this edition we cover a broad range of innovations - from NG-CASB for Prisma SASE, to IoT/OT Security, to Adv URL Filtering and finally to Software Firewalls. So, grab a hot chocolate and dive into these innovations.

1. **Innovations in NG-CASB for Prisma SASE -** We recently released the following innovations for NG-CASB for Prisma SASE, and we covered them in the session titled "Cover Your SaaS With Next-Gen CASB and AI-Powered DLP" at [SASE Converge 2023](https://www.saseconverge.paloaltonetworks.com/).
   * **Security for Interconnected SaaS** - All-new security for interconnected SaaS protects your critical SaaS apps from risky or unintended third-party plugins and permissions with continuous scanning and audit of all connections, integrations and plugins to avert unwanted access and to protect sensitive data. We provide visibility into 3rd party plugin vendors, permission scopes, number of active users, installation date and other attributes that can be used to assess the risk of integrations and plugins. Access can be immediately revoked for problematic plugins to minimize risk to apps and data. For more details refer to this [blog post](https://www.paloaltonetworks.com/blog/sase/introducing-security-for-interconnected-saas/).
   * **Shift-Left for Data Security** - We are introducing a "shift left" approach to data security for SaaS by continuously monitoring data security posture, enabling data security administrators to take a proactive approach to securing data at risk. By taking a shift left approach for Data Security, organizations get end-to-end visibility into where data is most at risk with a unified Data Risk Explorer that enables users to drill down into sensitive data impact and breach likelihood across the organization based on location, data profiles, applications, instances and control points. In addition, we are making it even easier to accurately identify the sensitive data specific to your business with the power of AI and ML. Our DLP classifiers now feature over 100+ predefined document-type detectors and leverage the latest LLM technology to help further drive unparalleled accuracy. In addition to our new built-in ML-based document classifiers, administrators can now train custom ML models with their unique and proprietary documents to help ensure that our DLP is able to identify and protect their most sensitive data accurately. This capability can be used to discover and protect financial, legal, scientific and business documents such as pay stubs, employment contracts, legal intake forms and more that are unique to your organization. Customers can confidently rely on best-in-class data detection standards such as EDM, OCR, IDM, ML and Natural Language Processing classifiers to reduce the workload on security teams by alerting end users to data incidents in real time with user-led remediation. For more details refer to [this blog post](https://www.paloaltonetworks.com/blog/sase/why-traditional-dlp-fails-to-protect-your-most-sensitive-data/).
2. **Innovations in IoT/OT Security**
   * **Integrated Device-ID and policy management:** With [PAN-OS 11.1 COSMOS](https://www.paloaltonetworks.com/blog/2023/11/pan-os-11-1-cosmos-strata-cloud-manager/), we introduced integrated IoT/OT device visibility and Device-ID based policy management within [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager) and [Panorama](https://www.paloaltonetworks.com/network-security/panorama). These enhancements bring IoT/OT security into the mainstream network security workflow by enabling firewall admins to get IoT device visibility, behavior insights, create policies and enforce them all within a single management UI.
   * **Quicker time to asset visibility:** With this release, we provide a new capability which enables existing NGFWs to gain visibility into IoT/OT devices on the network without requiring complex network topology changes. SNMP Query (now available natively on PAN-OS) allows the NGFW to query the network infrastructure to gain the IoT device MAC and IP binding information making device discovery and identification simpler and faster. Read more [here](https://docs.paloaltonetworks.com/whats-new/november-2023/snmp-network-discovery-for-iot-security).
   * \*\*Extending IoT/OT support across new deployment use cases with private 5G/4G cellular networks and CN-Series:\*\*We now extend IoT/ OT asset visibility, risk analysis, anomaly detection and policy recommendations to deployments with private 5G/4G cellular networks and containerized environments using CN-Series.
   * \*\*IoT/OT Risk \& Vulnerability framework updates:\*\*Vulnerabilities on IoT/ OT assets are ever increasing and patching is not always possible. Additionally, not all vulnerabilities have the same severity, threat likelihood or impact and therefore do not represent the same level of risk. This is where you need a multidimensional, risk-based vulnerability prioritization methodology. The new RiskVuln feature takes base vulnerability metrics (e.g., CVSS Score/ Severity, Vulnerability type, Attack vector), threat metrics (e.g., EPSS score, Exploit kit availability, APT usage), impact metrics (e.g., Asset criticality, Impact on Integrity or Confidentiality or Availability) and protection options (e.g., Threat Prevention Coverage, Patch availability) to provide a comprehensive, multidimensional prioritization that can be used to plan remediation actions effectively.
3. **Scanning Activity Innovation in Advanced URL Filtering** - Attackers scan or probe the network using URLs with malicious parameters to discover vulnerabilities and/ or execute targeted attacks. Scanning-based attacks can lead to significant financial loss to the owners of the hosts generating the traffic. Vulnerabilities detected via scanning can lead to subsequent exploitation through credential theft, remote code execution or data exfiltration. The presence of malicious scanning traffic serves as an indicator of compromise. Advanced URL Filtering introduces a new detection to identify Scanning Attacks in real time. AURL offers continuous coverage for emerging URLs used for scanning attacks and helps customers identify and isolate infected hosts. For more details refer to [this blog post](https://live.paloaltonetworks.com/t5/community-blogs/new-advanced-url-filtering-category-scanning-activity/ba-p/547306).
4. **Innovations in Software Firewalls**
   * **VM-Series Auto-scaling with Session Resiliency GCP/AWS** - We are pleased to announce auto-scale support with Session Resiliency in VM-Series deployments in AWS/GCP. By using a Redis database to sync sessions, organizations can both auto-scale their firewalls to keep up with business demand while maintaining session continuity in case of a disaster event. To learn more, click [here](https://docs.paloaltonetworks.com/vm-series/11-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/vm-series-integration-with-gateway-load-balancer/enable-session-resiliency-on-vm-series-for-aws).
   * **CN-Series Support with IoT** - We are pleased to announce the integration of the CN-Series with IoT/OT security subscriptions. This support enables customers to achieve comprehensive Layer-7 visibility and protection within their Kubernetes clusters, ensuring enhanced insight into their applications as they ingest and interact with IoT device data to carry out business-critical tasks. For more information, check out this [link](https://docs.paloaltonetworks.com/cn-series/getting-started/cn-iot-security).
   * **OVN CNI Support with CN-Series** - We are excited to announce CN-Series' support of the Red Hat OpenShift OVN CNI. Customers can use the CN-Series NGFW in OpenShift environments for comprehensive Layer-7 inspection with security policies defined through Kubernetes labels. To learn more, check out this [link](https://docs.paloaltonetworks.com/cn-series/getting-started/cn-series-system-requirements-for-the-kubernetes-cluster/cn-series-deployment-environments#cn-series-deployment-environments-11-1).

And with that, we wrap up what has been a great year for us (and we hope it has been for you too). If you missed our recent Always Innovating blogs, here are links to the [October](https://www.paloaltonetworks.com/blog/network-security/always-innovating-october-2023/), [September](https://www.paloaltonetworks.com/blog/network-security/always-innovating-september-2023/) and [August](https://www.paloaltonetworks.com/blog/network-security/always-innovating-august-2023/) editions. Here's wishing you a very Happy 2024!

*** ** * ** ***

## Related Blogs

### [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Improving Phishing Detection, DNS and Industrial OT Security: The Always Innovating Series](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/always-innovating-network-security-platform/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### 'Tis the Season for Smarter Holiday Browsing Across Every Connection](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/tis-the-season-for-smarter-holiday-browsing-across-every-connection/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Converged Secure Connectivity For Critical Private Infrastructure](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/converged-secure-connectivity-for-critical-private-infrastructure/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Secure Your Cloud: Palo Alto Networks \& AWS LZA for Public Sector](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/secure-your-cloud-palo-alto-networks-aws-lza-for-public-sector/)

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### 2025 Report Exposes Widespread Device Security Risks](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/2025-report-exposes-widespread-device-security-risks/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Why Total Multicloud Visibility? You Can't Secure What You Can't See](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/why-total-multicloud-visibility-you-cant-secure-what-you-cant-see/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language