Palo Alto Networks to enhance full range of protection for full range of public clouds

Improvements to Palo Alto Networks’ Next-Generation Security Platform will extend inline, API-based and host based are protections for all three major public clouds.

Security vendor Palo Alto Networks has announced an extension of the cloud capabilities of their Next-Generation Security Platform, all of which are slated for general availability in March. While existing support for the AWS and Azure clouds has been extended, cloud workload protection has been introduced for the Google Cloud Platform. Their Panorama network security management for both their next-gen firewalls and VM-Series virtual next-gen firewalls has also been extended to the public cloud for the first time. Their Aperture SaaS protection has been extended to the AWS and Google clouds. Finally, their Traps endpoint protection against zero-day attacks now covers Linux as well as Windows, so it can be deployed in the majority of hosted public cloud environments.

“Inline, API-based and host-based are the three basic types of online protection, and with these enhancements, we now offer full protection in all three for all three of the major public clouds,” said Chris Morosco, Product Marketing Director for Data Center and Cloud Security, Palo Alto Networks.

Morosco noted that Palo Alto Networks has been incrementally extending all these capabilities since they moved beyond their first initial virtual firewall for private clouds with a 2014 integration for the AWS cloud.

“In 2016, we introduced Azure support and started building out the integrations to cloud providers – not just providing cloud support, but building hooks as well,” Morosco said. “All of this was based on our VM-Series firewalls, which protect against inline threats.”

The growth of the multi-cloud world has made protection more complex.

“We are migrating from shifting physical data centres to clouds, and to building cloud applications specific for the cloud,” Morosco said. “That means an inline security capability alone will no longer give full protection. “In 2017, we connected Aperture to AWS to provide EC2 protection, and took our first steps into API-based protection. We also continued to greatly enhance VM-Series cloud protection for both AWS and Azure.”

That brings us to the newest round of improvements.

“This latest release further enhances VM-series inline support for AWS and Azure, and we have now also extended it to work with Google Cloud,” Morosco said. “For instance, we now provide much more advanced auto-scaling for AWS with our Security Centre integration.”

Palo Alto’s Aperture SaaS security service is now available in all three major public clouds as well.

“We have extended Aperture to Azure and Google, so we now have API protection for all three clouds,” Morosco said.

Host-based protection has also been broadened.

“Our Traps endpoint protection against zero-day attacks has been available for Windows since 2015, providing a very lightweight agent protection,” Morosco stated. “Now it also works in Linux, so it can be deployed in the majority of hosted public cloud environments.”

Finally, Panorama network security management will now be supported in all the major clouds.

“We didn’t want log-in and management in clouds to have to be done on a physical device, so we took Panorama, which had a private cloud capability before, and gave it a virtual capability for public clouds,” Morosco said.

All these enhancements are scheduled for general availability in March 2018.