I arrived into a cold snap of Las Vegas winter, ready to learn all about the upcoming Palo Alto Networks product updates at their Annual SE Summit. Hats off to Palo Alto Networks – this was a very well organized three days. Throughout the conference, there wasn’t much free time or marketing speak, as the intent was for Palo Alto Networks to provide their System Engineers (SEs) and partner SEs – including yours truly – access to their technologies and to understand the thought processes behind them.
The technology I was most excited to get my hands on was RedLock. Palo Alto Networks purchased RedLock in October of last year and combined the technology they already had from the acquisition of Evident.io to create a full public cloud inventory and reporting tool. Prior to the conference, I had heard from peers in the security industry that this was a product to sit up and pay attention to, and they were correct.
With prepackaged policies and single-click compliance reports for CIS, NIST, and PCI, RedLock helps monitor cloud resources for configuration abnormalities and keeps inventory of the deployments in each of the public clouds. RedLock also allows customers to build custom policies based on the organization’s needs. It continuously monitors for policy violations by both existing resources and newly created resources. For example, RedLock would trigger an alert the moment a user exposes their S3 bucket to the public. I enjoyed the interface of the product and how easy it was to use the query language to query across an organization’s public cloud deployments.
Product Announcements & Feature Updates
Palo Alto Networks opened the conference with a theme of “Secure the Enterprise”. The focus on improving an organization’s security posture was prevalent throughout the event, showcasing new product announcements and upgraded features. Here were some highlights that fit into this theme:
- Palo Alto Networks has made upgrades to their Expedition tool which customers and partners can utilize to convert their configuration from another vendor to PAN-OS. Originally simply a migration tool, the program now utilizes machine learning combined with the user’s logs to provide suggestions to accelerate the conversion to an application aware policy.
- Iron Skillet templates were introduced at the conference. These are pre-built configurations that are already utilizing Palo Alto Networks best practices, allowing customers and partners to download the config files and modify the existing template to amply their own configurations.
On the final day of the conference, PAN OS 9.0 was revealed. There are over sixty new features that customers can take advantage of, but three specific features stood out to me. First, the Policy Optimizer tool, which is enabled by default in PAN 9.0. This tool analyzes rule characteristics and helps prioritize which rules should be converted first to assist Palo Alto Networks’ customers in upgrading their port and protocol-based rulesets over to an APP-ID based rule base.
The second feature announcement that stood out was a new DNS security subscription. Customers with the existing Threat Prevention subscription can purchase this new cloud-based service to augment their architecture and enhance current DNS-Sinkholing. I am a big proponent of including some method of DNS security in their architecture and am happy to see Palo Alto Networks has started to move into this space.
The third noteworthy feature was the announcement that URLs are now assigned to multiple categories and will include a risk rating of low, medium, or high risk based on how likely that website is to expose you to threats. This is a great upgrade, as organizations previously had to decide to either allow or block a whole category based on the subject matter. If a user in that organization needed access to a website in a blocked category, IT was forced to grant the access using a static block or allow with no assurance that the site was hosting malicious content or a drive by download. With PAN OS 9.0, you can allow access to a site, but granularly limit the options available for the users to interact with that content when they visit, such as restricting risky downloads.
This SE Summit was an excellent event, and I believe 2019 will be a great year for Palo Alto Networks customers and partners. Please feel free to reach out if you have questions or want to discuss any of the announcements or updates made at the conference.