Palo Alto Networks Accelerates Security in PAN-OS 9.0 Update

New release of Palo Alto Network's core operating system platform adds multiple new features including a DNS security service and a Policy Optimizer capability.


Palo Alto Networks is boosting its network security platforms with the new PAN-OS 9.0 update that was announced on Feb. 12.

PAN-OS is a hardened operating system based on Linux that provides a secure, enterprise grade environment for executing Palo Alto's network security capabilities. PAN-OS 9.0 includes over 60 new features and tools that can be deployed on Palo Alto Networks security platforms. Among the features is a new DNS security service, which help to protect organizations against different types of risks in DNS traffic. DNS (Domain Name System) connects IP address to common domain names, facilitating traffic delivery across the internet.

"Our DNS Security service rapidly identifies threats hidden in DNS traffic using shared threat intelligence and machine learning," Navneet Singh, Product Marketing Director at Palo Alto Networks, told eWEEK. "New protections are enforced by the next-generation firewall, which enables automated protections and eliminates the need for standalone tools."

The need to protect DNS traffic has been highlighted by Palo Alto Networks Unit 42 research group as  primary concern for a variety of reasons. According to Unit 42, almost 80 percent of malware makes use of DNS as part of the communication workflow for command and control.

Policy Optimizer

Another new feature that has landed in the PAN-OS 9 update is called Policy Optimizer, which looks to help organizations become more efficient with the various network security policies that have been deployed. Singh explained that network administrators can use Policy Optimizer's workflows and the intelligence gathered by PAN-OS to move from legacy port-based rules to application-based rules. 

"These policies strengthen security and take significantly less time to manage," Singh said. "In the past, this process was time-consuming and risky." 

Policies aren't the only thing that is being optimized in the PAN-OS 9 update. Palo Alto Networks is also improving its VM-Series of network security appliances for faster cloud security capabilities.

"We’ve introduced support in the VM-Series virtualized next-generation firewall for new public and private cloud environments, which include Oracle Cloud and Alibaba Cloud for public cloud as well as Cisco Enterprise Network Compute System (ENCS) and Nutanix for private cloud," Singh said. "In addition, we leveraged interface acceleration technologies  including SR-IOV and DPDK and new instance types resulting in increased firewall throughput performance on both Amazon Web Services and Microsoft Azure by up to 2.5x."


Palo Alto Networks is also providing accelerated performance with new PA-7000 Series network processing cards.

Singh said that the new cards can be used with existing Palo Alto Networks hardware chassis. The new network processing cards provide up to 350 Gbps of threat prevention throughput. He added that the cards provide both decryption capacity as well as performance gains over existing network processing cards for the PA-7000.

Looking forward, Palo Alto Networks is working on further improving PAN-OS to help organizations keep up with the evolving threat landscape.

"With each version of PAN-OS, Palo Alto Networks introduces more automation features that leverage predictive analytics to prevent successful attacks," Singh said. "Manual approaches to security do not scale and for businesses to keep up, automation and analytics must be tightly integrated to immediately translate intelligence into action."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.