PAN-OS 10.0 for the World’s First ML-Powered NGFW Now Available

We announce the general availability of PAN-OS 10.0, our most significant release to date, and the operating system at the heart of the World’s First ML-Powered Next-Generation Firewall (NGFW) – making proactive, intelligent security a reality for our customers. 

Attackers are constantly improving their techniques, and cybersecurity attacks morph and advance at a rapid rate. In addition, new devices, including IoT devices, are added to your network every day, expanding the attack surface. Our ML-Powered NGFW enables you to stay ahead of unknown threats, see and secure everything, including IoT, and reduce errors with automatic policy recommendations. 

PAN-OS 10.0 introduces 70+ new innovations including an IoT Security Subscription, CN-Series, the containerized version of our ML-Powered NGFW, a new Data Processing Card (DPC), and major enhancements to decryption, SD-WAN, GlobalProtect and 5G capabilities. Our single-pass architecture makes it possible to achieve integrated, prevention-oriented security, while simplifying operations and providing maximum performance. This allows security functions on the NGFW to be applied all at once, eliminating redundancies and removing the need for external products. For a complete description of all the new innovations, please see The PAN-OS New Features Guide.

During a virtual event in June, which thousands of people have watched via live stream and on-demand, Nick Campagna, vice president of product management, and Jesse Ralston, senior vice president of engineering, joined Ashwath Murthy, product line senior director, to cover some of the top features of PAN-OS 10.0 and how they can empower you to be more proactive in protecting your business. You can view the session, What’s New in PAN-OS 10.0, on-demand for more in-depth information. I’ve summarized key details of what was shared about our top innovations below.

 

Decryption

95% of enterprise traffic is now encrypted. This rise in encryption makes it critical for enterprises to have visibility and control within encrypted traffic as malware can easily evade security measures by hiding in encrypted data. This new release allows you to decrypt TLS 1.3, addresses the difficulty in deploying and maintaining decryption, and increases visibility so you can decrypt safely and efficiently. Senior Product Manager Mandeep Singh Sandhu provided a live demo of these new capabilities.  

 

GlobalProtect Device Quarantine

The common approach to remediating infected devices is to block the device’s IP address on the network. However, devices often change their IP addresses as they roam the enterprise. As a result, this can potentially leave a compromised device connected to the network. This new feature strengthens your security posture by providing a reliable and automated approach to quarantining compromised devices by using endpoint identifiers that cannot be changed or forged. These identifiers can then be incorporated into all your policy decisions to constrain any infected device. 

 

SD-WAN

We announced many new SD-WAN features, such as Forward Error Correction (FEC), packet duplication and SaaS application path monitoring. FEC and packet duplication provide exceptional end user experience by improving reliability for highly sensitive, real-time applications such as video and voice. We’ve also incorporated the ability to fine-tune the packet loss threshold to optimize performance. SaaS application path monitoring improves the end-user experience by characterizing the performance of the full path between your users and their SaaS applications. This enables the application to be moved to a different, healthier path before users experience a brownout or blackout.

 

5G Networks

5G adoption is rapidly growing, and private 5G networks are becoming available globally. Although 5G mandates authentication and encryption, these do not automatically equate to security. With PAN-OS 10.0, we’ve added 5G protocol support and policy controls, including threat prevention for enterprise 5G traffic. We also announced Dynamic Threat Correlation and Security Enforcement capabilities based on subscriber identity (IMSI) and equipment identity (IMEI) to help isolate and/or quarantine infected IoT equipment and devices in an enterprise 5G network. 

PAN-OS 10.0, the operating system at the core of our ML-Powered NGFW, is continuously learning and improving security across multiple fronts, so you don’t just keep up but get ahead. Join us in ushering in the new era of proactive and intelligent security.

To learn more about the new PAN-OS 10.0 features shared during this event, see the full session, What’s New in PAN-OS 10.0.