This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Cloud-Delivered Security Service (CDSS) April Newsletter

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Blogs
7 min read

Cloud-Delivered Security Service (CDSS) April Newsletter

tbolatiwa
L4 Transporter
‎04-28-2026 12:53 PM

Cloud-Delivered Security Service: The Monthly Newsletter for Security That Never Sleeps

Welcome to the April edition of the Cloud-Delivered Security Service (CDSS) Newsletter

 

Welcome to the April edition of the Cloud-Delivered Security Services (CDSS) Newsletter. This month brings strong momentum across CDSS, with new innovations that enhance visibility, extend protection to every user, and strengthen prevention across the entire attack lifecycle. In this edition, we highlight the introduction of the Threat Insights Dashboard, expanded endpoint protection with ADNSR and Prisma Agent, and continued advancements across our cloud-delivered security portfolio. Together, these updates help organizations stay ahead of increasingly sophisticated, AI-driven threats.

 

What’s New In CDSS

Screenshot 2026-01-05 at 1.46.49 PM.png 

 

  • New Threat Insights Dashboard Introduction: We are introducing Threat Insights as part of Strata Cloud Manager, now available in early access. It serves as a strategic command center, providing a clear view of how an integrated platform detects and blocks threats across the full attack lifecycle of real-world campaigns. It correlates activity across network, DNS, web, and cloud layers, giving security teams deeper visibility into how attacks unfold and where gaps may exist. This insight enables faster, more informed action to strengthen overall cybersecurity posture.
  • Palo Alto Networks Joins DNS-OARC as a Platinum Member: Palo Alto Networks recently joined the DNS-OARC community as a Platinum Member. Together, our organizations share a commitment to advancing collaboration in research and operational excellence across the global DNS ecosystem. DNS is critical to both internet infrastructure and security, and this collaboration facilitates the sharing of real-world insights among researchers and practitioners.
  • ADNSR Now Includes Prisma Agent: Advanced DNS Security Resolver now includes Prisma Agent, extending DNS-layer protection directly to endpoints. For customers, this means consistent security even when users are off the network or not connected through a VPN. Threats such as DNS hijacking, DNS tunneling, and command-and-control communication can now be blocked regardless of location. This added coverage closes critical visibility gaps and ensures protection follows the user everywhere.
  • End-of-Sale for Hardware Firewall ELA SKUs Announcement: We have announced the End-of-Sale (EOS) of the legacy commercial (PAN-ENT-SUB-ELA) and government (PAN-ENT-GOV-ELA-XXX) Enterprise License Agreement (ELA) SKUs, effective August 20, 2026. As part of this transition, we are introducing ELA8, reflecting the continued evolution of our cloud-delivered security services portfolio. ELA8 is designed to deliver enhanced protection across modern environments, with new capabilities that extend prevention earlier in the attack lifecycle and strengthen defenses against increasingly sophisticated and evasive threats.

 

Security Spotlight of the Month

Palo Alto Networks continues to set the standard in firewall security, as highlighted in the latest SecureIQLab 2026 Advanced Cloud Firewall Public Validation Report. With industry-leading results in threat prevention, evasion protection, and data security, Palo Alto Networks significantly outperformed the peer average across all categories. These results reinforce our commitment to delivering consistent, real-time protection against today’s most advanced threats.

 

  • 99.07% Overall Security Efficacy: Palo Alto Networks (PANW) led the field with a 99.07% efficacy score, significantly outperforming the group test average of 64.55%.
  • 100% Vulnerability Protection: PANW achieved a perfect score for "Vulnerability-based Attacks" such as exploit blocking and vulnerability scanning), performing double the group average of 50%.
  • Evasion & Browser Threat Leadership: PANW secured 100% in both the "Advanced Evasive Categories" and "Browser-based Threats" categories, while the group averages were 48.73% and 67.93%, respectively.
  • 100% Application Threat Protection: PANW blocked 100% of application-based threats, more than doubling the group average of 45.88%.
  • Unmatched Container & Data Protection: PANW achieved 100% in both "Container-Security" and "Data-Loss-and-Leakage," far exceeding the group averages of 38.64% and 27.27%, respectively.

Screenshot 2026-04-28 at 2.42.00 PM.png

 

Latest Product Updates Across CDSS Core Subscriptions

FedRAMP Moderate: FedRAMP Moderate authorization for ALL of the CDSS Core Subscriptions is complete. Refer to all Palo Alto Networks FedRAMP Authorized services here.

 

Advanced URL Filtering

  • Browser-Runtime Malicious Category: Prisma Access and PANW Firewalls now leverage real-time detections from the Prisma Browser to identify attacks executed within the browser environment. This integration provides unique zero-day protection against "patient-zero" threats that manifest only at runtime, providing a depth of inspection that exceeds traditional network layers and strengthens the overall security architecture. Launched in Sept 2025, the Compromised-website category has blocked 1.6M malicious URLs across 8.2M sessions. Well-adopted by customers, it has halved support tickets and automated false-positive rejections through real-time behavioral confirmation.

Advanced Wildfire

  • In-Line Cloud Analysis to effectively defeat metamorphic malware: Currently available as Beta for Prisma Access 6.1.1 with Explicit Proxy. It supports scanning all file types up to 100MB, ensuring prevention within seconds. 
  • Codegene: The proprietary Codegene database to automatically identify and fingerprint shared malware logic. By identifying "fingerprints" in malicious code logic reused across malware families, the system automatically deploys high-confidence YARA rules.

Advanced Threat Prevention

  • The Command Injection Header Model has been improved to significantly increase the True Positive Rate (TPR) and reduce the False Positive Rate (FPR).
  • Palo Alto Networks received a “Recommended” rating in NSS Labs EFW 2005 report with 100% Exploit evasion resistance and 96.07% overall Security Effectiveness. Palo Alto Networks also excelled, ranking first in the SecureIQ 2025 Command and Control Comparative report, with an overall block rate of 97.02%. 

Advanced DNS Security

Tips & Best Practices

Tip of the Week:
Ensure consistency across your cybersecurity controls.

 

What is the best practice?
Align policies and enforcement actions across network, DNS, web, and threat prevention layers to eliminate gaps that attackers can exploit. With CDSS, security teams can centrally define and enforce consistent protections using unified security profiles, real-time threat intelligence, and shared policy frameworks. This ensures that malicious domains, URLs, files, and command-and-control activity are blocked consistently across all traffic, reducing blind spots and strengthening overall network security.

 

Did You Know Threat Facts & Insights

Screenshot 2026-02-28 at 6.30.12 AM.png

Did you know… Attackers are now generating polymorphic malware at scale using AI, allowing them to continuously evade traditional signature-based defenses. 

 

Cloud-Delivered Security Services address this challenge through advanced, AI-driven analysis and real-time threat intelligence to detect and stop unknown and rapidly evolving threats. Inline inspection of files and traffic, combined with global intelligence, enables CDSS to identify malicious behavior beyond static signatures and enforce prevention instantly across the network, stopping even newly generated threats before they impact users or systems.

Explore More Cloud-Delivered Security Services  Resources

Stay Protected with Cloud-Delivered Security Services 

Palo Alto Networks Cloud-Delivered Security Services (CDSS) help organizations stay ahead of modern threats with unified, AI-driven protection across DNS, web, network, and device environments. This month’s highlights demonstrate how integrated visibility, consistent protection, and expanded coverage across users and environments strengthen security and close critical gaps. To learn more about how CDSS can support your security strategy, including hands-on experience through the CDSS Ultimate Test Drive,  contact your Palo Alto Networks representative. Stay tuned for next month’s updates as we continue to deliver innovations that simplify security and improve protection across your environment.

  • 475 Views
  • 0 comments
  • 1 Likes
Register or Sign-in
Labels
Contributors
Popular Blogs
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks