The Product Integrity Checklist
✓ Internal processes and oversight
✓ Hardware manufacturing processes
✓ Tamper-proof secure delivery of hardware products
✓ Third-party testing
✓ Vulnerability remediation and disclosure practices
✓ Executive Management Buy-In
At Palo Alto Networks, our highest priorities are the integrity of our products and security of our customers. We are dedicated to the needs of our customers and, as a provider of security products, we are aware of the risks facing our government and business customers around the world.
The commitment of Palo Alto Networks to product integrity was highlighted by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) case study in February 2020, which outlined how Palo Alto Networks uses end-to-end risk management as an example of best practice for supply chain management. This case study identifies and highlights how we inherently identify supply chain risks across our entire product lifecycle – design, sourcing, manufacturing, fulfilment and service – and take proactive action to ensure the integrity of our products. We are incredibly proud of this report.
We continue to pursue product integrity best practice via several key areas to ensure the quality and integrity of the Palo Alto Networks products:
Internal Processes and Oversight
Palo Alto Networks undertakes a number of internal processes to ensure the integrity of its PAN-OS products. In particular:
- Software & Firmware Signing: Palo Alto Networks digitally signs all of our PAN-OS software and updates. These signatures are checked and validated by the NGFW (appliance and virtual) prior to installation, thus ensuring all software and updates that are loaded have come from Palo Alto Networks.
- Secure Updates: Palo Alto Networks also provides all updates via a validated secure channel. When you enable Verify Update Server Identity, the Firewall or Panorama will verify that the server from which the software or content package is downloaded has an SSL certificate signed by a trusted authority. This adds an additional level of security for the communication between Firewalls or Panorama servers and the update server.
- Signature Verification: Palo Alto Networks performs software integrity checks on its products and performs software integrity checks for tamper detection and software corruption. The software integrity check validates that the operating system and data file structure are intact, as delivered by Palo Alto Networks. If the check detects a software corruption or possible appliance tampering, it generates a System log of critical severity. Since PAN-OS 8.1.3, this was further enhanced and the appliance will go into maintenance mode when the check fails, prohibiting the device from doing anything it should not, while allowing the administrator access to the device.
To ensure that new PAN-OS product introductions, ongoing product development and product changes such as bug fixes maintain the integrity of the products, Palo Alto Networks institutes checks and balances to oversee development. These measures include, but are not limited to, restrictions on who scopes and defines source code changes, reviewing new source code with a hierarchy of oversight, and ensuring a “chain of custody” throughout development, testing and Quality Assurance (QA) processes. We also require development managers to review and sign off on all code changes. These checks mitigate the risk of modification to the system that were not outlined in the design specifications.
Hardware Manufacturing Processes
Palo Alto Networks next-generation firewalls are manufactured in the United States of America. While manufacturing location does not in itself guarantee secure hardware, it does enable Palo Alto Networks to more easily manage personnel, facility and product security. Importantly, our U.S. manufacturer is ISO 9001 and C-TPAT certified – these standards invoke stringent quality processes to ensure supply chain security. We have a strong focus on our supply chain management, focused on security requirements and a collaborative relationship with suppliers to ensure a complete view of their security posture.
In fact, we regularly make decisions to forgo suppliers and certain manufacturing locations when they cannot offer the same security assurances, and we know it’s the right decision to protect our product and our customers.
Tamper-proof Secure Delivery of Hardware Products
To ensure that hardware purchased from Palo Alto Networks have not been tampered with during shipping, Palo Alto Networks asks each individual customer to verify the following upon receipt of each hardware product:
- The tracking number provided to each customer electronically when ordering the hardware product, which should match the tracking number that is physically labelled on the box or crate.
- The warranty seals on the device itself do not show evidence of tampering.
Palo Alto Networks products are subjected to significant quality assurance and vulnerability testing both internally and from third-party vendors involved in the certification of products to the Common Criteria (CC), U.S. Federal Information Processing Standards (FIPS) and other global government certifications.
Vulnerability Remediation and Disclosure Practices
All currently supported Palo Alto Networks PAN-OS-based products and services are designed with the highest security assurance standards in all aspects of a product lifecycle to help deliver highly trusted and secure products. Our product security assurance practices are based on recognized international standards such as ISO/IEC 29147:2018 (vulnerability disclosure), ISO/IEC 30111:2019 (vulnerability handling) and FIRST PSIRT Services Framework 1.0. We have a security incident response team to oversee receiving, identification, assessment, remediation, verification and publication of advisories for security vulnerabilities discovered in our products and services. We also maintain a comprehensive information portal for all of our products that covers End of Life – Software. For our specific hardware, the End of Life – Hardware summary can also be found on our public site. We are deeply committed to helping ensure the safety and security of our customers.
Executive Management Buy-In
The five practices described above are driven by, and have the buy-in of, Palo Alto Networks executive management. Supply chain risk management encompasses a whole-of-company strategy spanning operations, product management and other corporate functions; strong coordination is critical to our success.
As the global cybersecurity leader, the Palo Alto Networks mission is to be the cybersecurity partner of choice, protecting our digital way of life. To Palo Alto Networks, being the partner of choice means maintaining a strong supply chain and ensuring the integrity of our products for the ultimate benefit of our customers.