{"id":156279,"date":"2022-03-10T08:30:04","date_gmt":"2022-03-10T16:30:04","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=156279"},"modified":"2022-03-10T08:36:52","modified_gmt":"2022-03-10T16:36:52","slug":"network-security-innovation-and-prevention","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2022\/03\/network-security-innovation-and-prevention\/","title":{"rendered":"Network Security Innovation and Prevention with PAN-OS 10.2 Nebula"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Automation is helping attackers evade network security defenses with sophisticated red-team tools that are improving the speed and success rate of covert and long term attacks. <\/span><span style=\"font-weight: 400;\">T<\/span><span style=\"font-weight: 400;\">he latest trend of widely available, highly evasive attack tools<\/span><span style=\"font-weight: 400;\"> (like the easily available Cobalt Strike tools) have the potential to elevate any attacker\u2019s skill to a nation-state level of sophistication. Signatures and databases simply aren\u2019t enough to stop these next-generation threats.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To successfully protect against such highly-evasive modern day threats, network security must be able to quickly detect and validate unknown threats, operate on real, live traffic to see and stop attacks as they\u2019re happening, and do all of this at lightning speed with no impact to user productivity. Nebula achieves network security innovation and prevention with <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2022\/02\/inline-deep-learning\/\"><span style=\"font-weight: 400;\">inline deep learning<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<h2><a id=\"post-156279-_utvm8g19d3vo\"><\/a>Inline Deep Learning Delivers Network Security Innovation<\/h2>\n<p>Network security speed and performance limitations are the Achilles heel preventing the cybersecurity industry from bringing deep learning inline. Solutions historically have analyzed data offline or out-of-band, resulting in two big challenges for network security teams.<\/p>\n<p>First, analysis is performed in a simulated environment that is unable to identify the newest highly evasive tactics. For example:<\/p>\n<ul>\n<li>Web crawling is too easy to evade with cloaking and other tricks.<\/li>\n<li>Sandboxing, while useful, can't ensure visibility of the real attack.<\/li>\n<\/ul>\n<p>Second, since the analysis is happening offline the threat can\u2019t be prevented in real-time.<\/p>\n<p>Instead, security teams are reliant on preventing the attack further down the attack chain, identifying an alert then performing investigation and manual response, or updating to deliver a prevention signature minutes or days later after the initial victim has already been compromised.<\/p>\n<p>Finally, the infrastructure needed to re-invent this process wasn't available. Silicon in yesterday's chips did not allow the processing speed necessary to efficiently compute today\u2019s complex algorithms, and cloud infrastructure couldn't be scaled fast enough to meet the needs.<\/p>\n<p>How do we know inline deep learning is the answer? As one of the most sophisticated variants of machine learning, it\u2019s already <a href=\"https:\/\/www.techtarget.com\/searchenterpriseai\/definition\/deep-learning-deep-neural-network\" rel=\"nofollow,noopener\" >used to solve<\/a> today\u2019s most difficult classification problems. However the computational power needed to enable deep learning analysis of real-time attack traffic has restricted its use to offline applications.<\/p>\n<p>Until now.<\/p>\n<h2><a id=\"post-156279-_chr15chrbi9h\"><\/a>What's Changed?<\/h2>\n<p><a href=\"https:\/\/start.paloaltonetworks.com\/nebula?utm_medium=social&amp;utm_source=Flyout&amp;utm_campaign=nebula-launch-blog\">Nebula, the 10.2 release of PAN-OS<\/a> brings massive, deep learning firepower to every network security location from small branch to campus to cloud to data center \u2013 on premise and in the cloud, <em>everywhere<\/em>.<\/p>\n<p>The ability to perform this degree of inline supercomputing has only come together within the last year or so. To achieve it, we actually re-engineered a unique processing architecture through a special collaboration with a chip manufacturer to gain a 6x performance improvement in deep learning computation. In combination with this new high-powered processor we architected a unique, ultra-low latency, global, cloud infrastructure. We secure every corner of the enterprise, across every configuration in which the enterprise does business \u2013 from on-prem appliances, to software firewalls, to cloud-delivered SASE. We do it faster and better than ever.<\/p>\n<h2><a id=\"post-156279-_71neyziav49p\"><\/a>Network Security Redefined. Again.<\/h2>\n<p><a href=\"https:\/\/start.paloaltonetworks.com\/nebula?utm_medium=social&amp;utm_source=Flyout&amp;utm_campaign=nebula-launch-blog\">PAN-OS 10.2 Nebula <\/a> can stop zero-day attacks as they attempt to break in by leveraging the power of data and deep learning in real time without sacrificing performance. Nebula collects, analyzes and interprets potential zero-day threats in real time (a network security first) to deliver 6x faster prevention and 48% more evasive threats detected, surpassing anything previously available.<\/p>\n<figure id=\"attachment_156280\" aria-describedby=\"caption-attachment-156280\" style=\"width: 999px\" class=\"wp-caption alignnone\"><div style=\"max-width:100%\" data-width=\"999\"><span class=\"ar-custom\" style=\"padding-bottom:49.35%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-156280 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2022\/03\/word-image-12.png\" alt=\"Graph of inline deep learning showing static analysis, signatures and ML-powered NGFW, preventing zero-day threats for network security innovation.\" width=\"999\" height=\"493\" \/><\/span><\/div><figcaption id=\"caption-attachment-156280\" class=\"wp-caption-text\">Figure 1. PAN-OS Nebula is the Next Evolution in Network Security<\/figcaption><\/figure>\n<p>Nebula also introduces new and enhanced security services. In concert with Palo Alto Networks firewalls, these services maximize ROI and extend best-in-class security without requiring independent infrastructures. Key Nebula innovations include next-generation security for IoT devices and 10th security service, AIOps by Palo Alto Networks.<\/p>\n<p>Our product and engineering teams are gearing up to demonstrate all of the new innovations and enhancements at our <a href=\"https:\/\/start.paloaltonetworks.com\/nebula\">Nebula in-person launch event<\/a> on March 22:<\/p>\n<ul>\n<li>Gain 3x security performance for data centers, campus, and branches.<\/li>\n<li>Predict and prevent up to 51% of disruptions in your network.<\/li>\n<li>Prevent 96% of web-based Cobalt Strike C2 in real-time.<\/li>\n<li>Prevent 40% more web-based attacks, 48 hours faster than traditional web-filtering databases.<\/li>\n<li>Prevent up to 95% of new file and web-based threats in-line.<\/li>\n<li>Get 40% more DNS-layer threat coverage than other leading vendors with predictive detections no other vendor offers.<\/li>\n<li>Discover 90% of IoT, including unmanaged devices, in 48 hours and automate enforcement of risk-reducing Zero Trust least-privileged access policies.\n<p><figure id=\"attachment_156293\" aria-describedby=\"caption-attachment-156293\" style=\"width: 727px\" class=\"wp-caption alignnone\"><div style=\"max-width:100%\" data-width=\"727\"><span class=\"ar-custom\" style=\"padding-bottom:73.59%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-156293 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2022\/03\/word-image-13.png\" alt=\"Graph of network security platform showing unified management.\" width=\"727\" height=\"535\" \/><\/span><\/div><figcaption id=\"caption-attachment-156293\" class=\"wp-caption-text\">Fig.2 The Complete Network Security Platform<\/figcaption><\/figure><\/li>\n<\/ul>\n<h2><a id=\"post-156279-_af79ms8cxpkp\"><\/a>Enterprises Need Nebula Now, More Than Ever<\/h2>\n<p>Each of the network security innovations in Nebula are built to do what other solutions simply can\u2019t \u2013 stop today\u2019s most sophisticated attacks<em> as they happen<\/em>. You can now stop up to <em>48% more zero-day threats 6x faster<\/em>. When facing a cyberattack, every second matters, and these improvements literally mean the difference between protection and reaction.<\/p>\n<p>These remarkable statistics aren\u2019t hype and we\u2019re ready to prove it to you at our live launch on March 22. <a href=\"https:\/\/start.paloaltonetworks.com\/nebula\">Register to learn about the benefits of Nebula<\/a> and gain a deeper understanding of everything that went into making this enormous leap forward in network security. Or you can read more about what\u2019s new on our <a href=\"https:\/\/www.paloaltonetworks.com\/network-security\/whats-new-in-nebula\">PAN-OS 10.2 Nebula page<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Network security must quickly detect and validate unknown threats. Nebula achieves network security innovation and prevention with inline deep learning. <\/p>\n","protected":false},"author":723,"featured_media":156307,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6724,6717],"tags":[7933,8329,758],"coauthors":[7076],"class_list":["post-156279","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-points-of-view","category-products-and-services","tag-deep-learning","tag-nebula","tag-pan-os","net_sec_category-next-generation-firewalls"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2022\/03\/Hmmmm.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/156279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/723"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=156279"}],"version-history":[{"count":5,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/156279\/revisions"}],"predecessor-version":[{"id":156323,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/156279\/revisions\/156323"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/156307"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=156279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=156279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=156279"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=156279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}