- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
We are pleased to announce the integration of the CN-Series Container Next-Generation Firewall with IoT Security Subscriptions. This support enables customers to achieve comprehensive Layer 7 Kubernetes container traffic visibility and protection within their Kubernetes clusters, ensuring enhanced insight into their applications as they ingest and interact with IoT device data to carry out business-critical tasks in Enterprise IoT and OT device network security use cases.
Recent business advancements have prompted organizations to implement IoT and OT sensors for gathering information about their environment to develop crucial applications. Examples include shelf sensors for inventory management systems or medical device sensors for surgical procedures. Despite their significant role, IoT devices have become the most susceptible network device for external attacks.1 These devices have unrestricted access to business-critical applications relying on their data feeds, introducing new avenues for threats to proliferate within an organization's environments.
Containerization, particularly with Kubernetes, has been gaining popularity in organizations as a scalable and lightweight solution for hosting applications. Consequently, businesses are increasingly deploying IoT data ingestion apps on Kubernetes platforms, whether in the cloud, data centers, or local sites using white boxes. However, the containerization of these applications presents unique security challenges, as traditional firewall form-factors, such as hardware or virtual machines, struggle to secure Kubernetes environments. The issue arises because Kubernetes clusters often share private IP spaces, and when traffic exits the cluster, it is NAT'd to the Node IP. Consequently, the firewall cannot distinguish between different apps and pods, as they all appear with the same NAT'd Node IP address of the Kubernetes cluster.
_______________________
1 The State Of IoT Security, 2023” May 18, 2023, Forrester
The Palo Alto Networks CN-Series container firewall is the first next-generation firewall designed to secure Kubernetes orchestration environments. Its containerized form-factor enables organizations to establish comprehensive Layer 7 and K8s-label-based policies for cloud-native container applications, incorporating content inspection based on Kubernetes labels such as namespaces and services. When used with the IoT subscription, CN-Series automatically identifies your IoT devices on the network, providing comprehensive visibility and security at the device level.
Deployed by HELM charts with just one command, CN-Series seamlessly autoscales horizontally in alignment with cluster traffic, all without necessitating alterations to the cluster's core networking or Container Network Interface (CNI). Furthermore, the CN-Series ensures a smooth deployment process within the continuous integration, continuous deployment (CI/CD) pipeline, providing real-time network protection. This is achieved through a unified management experience via Panorama, offering a single pane-of-glass oversight across multiple firewalls.
Now, CN-Series can secure your Kubernetes applications as they process data from your IoT applications. Click here to learn more about the IoT Security subscription and here to see how it integrates with CN-Series container firewalls.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
5 Likes | |
3 Likes | |
2 Likes | |
2 Likes | |
2 Likes |
User | Likes Count |
---|---|
11 | |
2 | |
2 | |
2 | |
2 |