This blog originally posted on October 27, 2023.

Always Innovating: Data Security for Enterprises

Welcome to this edition of “Always Innovating in Network Security". This month, we dive deep into the innovations in Data Security through our Enterprise DLP solution. Safeguarding data stands at the forefront of Network Security, and we continue to enhance our Enterprise DLP offering to help customers safeguard their sensitive information. Additionally, we are also featuring innovations in Cloud Identity Engine, Adv Wildfire, Panorama and Prisma SD-WAN.

Constant innovations in network security help enterprises stay ahead of threats and adversaries, and establish Palo Alto Networks as the worldwide leader in Next Generation Firewalls (NGFW).

“We continue to see Palo Alto Networks as the worldwide NGFW revenue leader, with over 30% of worldwide NGFW revenue in 1Q23. Since the beginning of 2021, Palo Alto Networks has been able to grow their market share from ~25% to ~30%, ahead of their major competitors. This growth matches a trend where customers are seeing the value of broader, integrated offerings from strategic cybersecurity vendors.” - Fernando Montenegro, Senior Principal Analyst, Cybersecurity, Omdia.

1. Email Data Loss Prevention (DLP)

As hybrid work becomes more prevalent, employees heavily rely on digital tools like emails. This has raised concerns about email data loss due to accidents, malicious actions, or unauthorized disclosures. In Q1 2023, over six million records were exposed in data breaches, with email identified as a major vulnerability by 65% of security experts. To combat this, Palo Alto Networks has launched Email DLP, integrated with Next-Generation CASB. Email DLP identifies sensitive data using machine learning, protects data when sent to varying domains and ensures data safety regardless of the device or email client. It provides organizations with consistent data security, the ability to leverage extensive data detection methods and offers global insights into data risks.

2. Data Security for Generative AI apps

ChatGPT, which garnered 100 million users within two months of launch, exemplifies the rapid adoption of AI applications. While they improve productivity and creativity, they also present data security threats. Many enterprises are unaware that their employees might be utilizing such tools, risking sensitive data exposure. Responding to this, Palo Alto Networks introduces capabilities to bolster ChatGPT and AI app security through its Next-Generation CASB solution. This includes comprehensive app usage visibility, specific SaaS application controls and advanced data security employing ML for data classification and leakage prevention. With NG-CASB, organizations can safeguard against potential data leaks from AI tools.

3. Enterprise DLP end user alerting with Cortex XSOAR

The Enterprise Data Loss Prevention (DLP) product has taken significant strides in enhancing its integration with Cortex XSOAR, offering a host of user-centric alerting features that empower end users. The new integration now includes support for additional notification methods, including Slack, Microsoft Teams and a variety of email platforms. One noteworthy advancement is the deeper synergy with Microsoft Active Directory, providing DLP incidents with more comprehensive user-related information. The introduction of the auto-exemption feature, alongside data enrichment, enables users and analysts to navigate exemption requests with high levels of efficiency. To further bolster user experience, the integration now includes prompt feedback notifications immediately following incidents. This real-time feedback loop ensures users stay informed and in control. In summary, this improved integration between Enterprise DLP and Cortex XSOAR equips users with a powerful tool for maintaining a meticulous record of incidents, shedding light on why certain file transactions may be blocked.

4. IP-tag collection from cloud services in Cloud Identity Engine’s free, scalable service

The Cloud Identity Engine team introduced support for collecting IP-tags for use in Dynamic Address Groups directly from the cloud hosts Azure and AWS. With this enhancement, customers do not need to rely on the Panorama plugins for Azure and AWS in order to collect and distribute IP-tags. Check out these TechDocs to configure and deploy this capability.

5. Tag filtering and pruning in Azure Panorama plugin

We recently released a new enhancement to our Panorama Azure Plugin 5.1.1, which is used by organizations to harvest IP-Tags for dynamic and granular NGFW security policy creation around Azure Environments. Through filtering, organizations can streamline the tags ingested by the plugin to simplify searching for relevant tags. Pruning reduces the IP-Tags sent to the firewalls to only the ones used in security policy, reducing the footprint used by the process. To learn more about using Azure Plugin, please check out our documentation here.

6. NGFW now supports forwarding of Python scripts to the Advanced WildFire cloud

Script-based malware attacks are on the rise. A recent example of this is with "MrTonyScam" spreading a Python-based stealer to infect 100,000 Facebook business accounts per week (Sept 2023, DarkReading). By leveraging the analysis services of Advanced WildFire, NGFW is now able to detect malware in malicious Python scripts entering your network. For a more technical breakdown on how script-based attacks work, check out this Unit 42 Technical Analysis: Seaduke blog. See the detailed list of file types supported by Advanced WildFire here.

7. Prisma SD-WAN integration with AWS Cloud WAN

We have expanded our collaboration with Amazon Web Services (AWS) by integrating Prisma SD-WAN with AWS Cloud WAN using the newly introduced Tunnel-less Connect solution. Through this integration, enterprises operating in a distributed environment, with offices in multiple locations, can leverage our next generation Prisma SD-WAN solution and AWS’s global network to connect seamlessly and secure their on-premises branch and data center sites to AWS workloads. To learn more about the Prisma SD-WAN and AWS Cloud WAN integration, check out our new Cloud WAN integration guide.

8. ISO Certification for ATP

Advanced Threat Prevention has now received ISO certification, demonstrating that Palo Alto Networks has been independently assessed to have appropriate processes in place to ensure the security and reliability of sensitive customer data. Click here for more details.

That wraps up the October edition of Always Innovating in Network Security, bringing you the latest innovations as soon as they become available. In this edition we covered our latest innovations in data security, along with innovations in Cloud Identity Engine, Adv Wildfire, Panorama and Prisma SD-WAN. If you would like to go back and read the last 3 editions, here are the links to September, August, and July.