Welcome to the February 2024 edition of Always Innovating in Network Security from Palo Alto Networks. This month, we cover our latest innovations in Cloud NGFW for Azure and Advanced URL Filtering.
1. Innovations in Cloud NGFW for Azure -
- Single Sign-On (SSO) integration with the Support Portal account. Organizations can now seamlessly integrate their SSO login flow with their Palo Alto Networks Customer Support Portal account for Cloud NGFW for Azure subscriptions. Additionally, support for public domain email addresses broadened accessibility and simplified access control management.
- Cloud NGFW for Azure integrated support for the Palo Alto Networks DNS Security service, empowering users to protect vNET and vWAN traffic from advanced DNS-based threats.
- Private Source NAT support was introduced, allowing users to create a Private NAT gateway for network address translation.
- To support customers who uses non-RFC1918 IP addresses internally, Cloud NGFW for Azure was refined to empower customers to deploy Cloud NGFW with additional private IP ranges besides those addresses specified in RFC 1918 for vNET and vWAN deployments.
- With support for 100Gbps, the firewall can now automatically scale up for both vNET and vWAN deployments. This enhancement signifies a significant leap forward in handling high-throughput scenarios. (TechDocs)
2. New Protections in Adv URL Filtering -
- Phishing Campaign Detection: A phishing campaign is made up of individual phishing attacks over time, where attackers use automation tools to evade phishing detectors and sneak attacks by making subtle variations to the phishing content including links, images, or pages. Attacks from Phishing Campaigns are long-lasting, have a wide blast-radius, and are fast-mutating. The new AURL Phishing Campaign detector is able to detect the wider attack footprint for a wider protection surface and identify patterns across individual phishing attacks to deduce the phishing campaign signature. The new detection uses advances in Deep Learning (in addition to Machine Learning) to reduce the model tuning time and manual intervention needed.
- Protection Against LLM Generated Phishing Attacks: Attackers are now leveraging Generative AI to rapidly and effortlessly craft sophisticated, customized, and benign-looking malicious JavaScript for launching phishing attacks. Unlike off-the-shelf obfuscation tools like ‘obfuscator.io’ and others that generate easily identifiable or randomly changing content, these LLM models (such as WormGPT and FraudGPT) have the capability to modify or remove common identifiers used by security vendors to trigger detection signatures, enabling them to evade traditional detection techniques. So how does AURL now protect against this? By utilizing prompt engineering, we are able to leverage LLMs to rewrite malicious JavaScript and generate a rich and diverse dataset of LLM obfuscated scripts and by using this generated data as input, we have developed a new deep learning model that improves detection accuracy and detection efficacy to help counter AI-generated phishing attacks.
Customer Corner - We are adding a new feature to our monthly Always Innovating Blog called Customer Corner, highlighting a customer story or use case aligned with the capabilities featured in the blog. Many of our customers face the same issues and concerns as they protect their businesses from cyberthreats.
This month, we feature a leading managed security services provider (MSSP) ON2IT in our customer corner. ONIT is experiencing exceptional returns from the Palo Alto Networks Cloud Next-Generation Firewalls for Azure, reducing Azure network security deployment time from days to minutes. Read more about ONIT’s experience here.
We hope you enjoyed the February edition of Always Innovating in NetSec. To keep up with the latest innovations in Network Security, come back next month. If you missed our recent Always Innovating blogs, here are links to the November/December, October, and September editions.