Palo Alto Networks Embeds ML Models in Firewalls

Palo Alto Networks (PAN) today unveiled a series of next-generation firewalls (NGFW) that rely on machine learning (ML) models running inline rather than signatures to thwart cybersecurity threats in real-time.

Anand Oswal, senior vice president of product management and engineering for PAN, said while firewalls have been able to invoke ML models externally, the ML-Powered NGFW marks the first time ML algorithms have been embedded within the firewall.

Available in multiple form factors spanning physical appliances and virtual machines to containers, the ML-Powered NGFW series firewalls can also be extended to any internet of things (IoT) environment via a subscription service option now available.

Oswal said signature-based security platforms have a disadvantage because cybersecurity teams are dependent on IT vendors to identify a type of threat and then create a signature to add to a firewall. Teams then employ that signature to create a new rule. ML models, conversely, analyze vast amounts of telemetry data, then surface new policy recommendations to cybersecurity teams.

Also, with the addition of the CN-Series within the ML-Powered NGFW family, PAN is embracing containers as an additional form factor for deploying firewalls. As a container, a CN-Series firewall can be deployed on any platform without having to be concerned about what type of virtual machine is required. A container can be deployed on top of either a virtual machine or a bare-metal server.

Oswal noted the ML-Powered NGFW also makes it easier to apply microsegmentation all the way up through layer 7 of an application environment, which gives cybersecurity teams the ability to apply ML models as part of a layered approach to cybersecurity. Those layers can also be applied more cost-effectively using a consumption-based model enabled by the new subscription option, he said.

Cybersecurity teams will have to decide what mix of firewall formats makes the most sense for them to cover an ever-increasing attack surface. In addition to cloud platforms and IoT devices, cybersecurity teams are now coming to terms with a workforce that will be working remotely a lot more often, due to the effects of the COVID-19 pandemic.

At the same time, cybersecurity attacks are becoming more sophisticated. At this juncture, Oswal said it’s impossible for cybersecurity teams to manually combat those threats without relying more on automation and AI, but it’s not likely automation or AI will replace the need for cybersecurity professionals anytime soon. After all, ML models are only at this point surfacing recommendations. However, as AI continues to evolve, many of the rote tasks that conspire to make cybersecurity teams less efficient will be eliminated.

In the meantime, cybersecurity teams might want to start plotting a firewall upgrade strategy now. It won’t take long for cybercriminals to target those organizations that don’t have firewalls that make use of ML models.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks
Michael Vizard

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 236 posts and counting.See all posts by mike-vizard