Modern data centers are in a state of constant evolution, driven by the need for greater flexibility and security. While capacity planning is a core operational discipline, infrastructure must scale efficiently to support business growth and adapt to seasonal traffic fluctuations. This drive for agility is closely tied to improving operational efficiency.
In many virtualized environments, low CPU utilization can lead to server sprawl, increasing capital and operational expenditures. As infrastructure becomes more dynamic, security must seamlessly adapt to avoid bottlenecking the very business outcomes it is meant to enable.
Adding to this complexity, many businesses are navigating multi-year cloud migration journeys, creating a prolonged hybrid state. For instance, a May 2025 ESG study indicates that while organizations aim to double their public cloud footprint by 2027 [1], the most common deployment today is just 25% of production workloads. During this transition, on-premise firewall capacity requirements can change at a variable rate, creating a significant challenge in maintaining consistent security across the enterprise.
This evolution now includes a critical new imperative: AI-readiness. As AI applications become central to business operations and productivity, their rapid deployment introduces a critical need for security that can keep pace. Without the right protections and the elasticity to scale with AI-driven demands, businesses risk compromising both their cutting-edge applications and the sensitive data they access.
To address these challenges, Palo Alto Networks has developed the Hyperscale Security Fabric (HSF). HSF is designed to secure the network at scale, ensuring security architecture is as agile and expansive as the operations it protects.
Hyperscale Security Fabric (HSF) is a dynamic cluster of Prisma AIRS firewalls with an integrated load balancer, engineered for elasticity, scalability, and resilience. Powered by the just-announced PAN-OS 12.1 Orion operating system, these firewalls deliver the advanced threat prevention and performance required for modern data centers. HSF architecture allows your security to automatically scale out to meet demand—handling up to 200 Gbps of threat prevention—and scale back in to release resources as traffic subsides. This ensures performance during traffic bursts and improves efficiency, while maintaining session continuity even if a firewall fails.
HSF is a fully orchestrated solution managed through Panorama for streamlined deployment and operations. You can achieve a mean time to secure (MTTS) of approximately 30 minutes, getting your critical protections in place significantly faster than hardware deployments. Plus, its scalable N+1 active-active architecture offers both flexibility and cost optimization, adapting to the evolving needs of your data center.
A zone-based architecture using HSF. An HSF cluster is built of two elements - GWs and DPs. ESXi is GA, KVM is on the roadmap.
HSF is engineered to secure your entire data center environment, providing robust protection for existing applications while preparing you for the next wave of AI innovation. As part of the Prisma AIRS platform, HSF brings AI security directly into your network. This includes Prisma AIRS' signature AI protections like AI App, Model, and Data Protection. By integrating these advanced capabilities, HSF ensures that your AI applications and the sensitive data they access are comprehensively protected right at the network edge. This is crucial for safeguarding your intellectual property and critical information across your full application portfolio, from current systems to emerging AI workloads.
HSF leverages our flexible Software NGFW credits licensing system, the same credits used for VM-Series and standalone Prisma AIRS firewalls. This means your security licensing is as dynamic as your infrastructure, and existing Palo Alto Networks customers can apply their spare credits to HSF without additional licensing costs. As HSF scales out, credits are deducted from your pool, and as it scales in (for example, after a burst traffic event), those credits are returned. This unique flexibility allows you to redeploy credits to more HSF firewalls, or even to VM-Series and standalone Prisma AIRS instances in other environments. Ultimately, Software NGFW credits ensure your security can move to wherever it's needed most, providing significant agility and cost efficiency.
Click here to learn the technical details of HSF or understand the true risk profile of your entire multicloud environment with Cloud Network and AI Risk Assessment (CLARA).
References:
[1] State of DevSecOps and Cloud Security Platforms: Scaling Security Practices to Accommodate Cloud-native Application Development. https://research.esg-global.com/reportaction/515202027/Marketing
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 1 Like | |
| 1 Like | |
| 1 Like | |
| 1 Like | |
| 1 Like |
