Top 5 New Features of PAN-OS 7.1 That Benefit Healthcare Organizations

With the announcement of PAN-OS 7.1 this week, we are providing a variety of new features and improvements to make the Palo Alto Networks Next-Generation Security Platform even more effective at stopping cyberattacks and protecting data in healthcare IT environments. In this blog post, I’ll highlight five updates to PAN-OS that will be particularly useful to the healthcare community.

1. PAN-OS Now Supports More Cloud Providers

PAN-OS was built from the ground up with an architecture that solves cloud security challenges; and now, the PAN-OS 7.1 release adds even greater cloud support with Microsoft Azure, Hyper-V, and a full OpenStack controller ecosystem support. This extends the security platform to all major clouds as a unified platform, providing visibility, contextual policy control and threat protection no matter where the application or data resides. This enables application and data protection in any location the hospital requires.

2.Aperture Now Supports Office 365

Healthcare organizations that use SaaS applications, like Box and Google Drive, to share documents between staff members can use Aperture to protect against data exposure and threat insertion through the cloud. Aperture is able to connect directly to SaaS services to prevent threats at the source before exposure through encrypted connections can happen. This is especially a concern with Office 365, which is ubiquitous, comes with cloud sharing and storage, and is commonly used with local clients that make encrypted connections to the cloud.

The extensive SaaS application support that we offer is now enhanced with the release of PAN-OS 7.1 and the newest update to Aperture, which fully enables secure Office 365 deployments. App-ID adds the ability to identify Office 365 applications and how they are being used, even if they are encrypted, as well as the ability to decrypt Office 365 flows in order to inspect even deeper within the files being exchanged to look for threats. Aperture adds the ability to protect data from exposure and threats in the Office 365 cloud itself, stopping them at the source before they have a chance to move to the network or mobile devices.

3. WildFire Is 70% Faster

WildFire cloud-based malware analysis can now identify and prevent zero-day threats in only five minutes, stopping the spread of advanced attacks before they can cause harm. Healthcare organizations are highly targeted by sophisticated cyberattacks, so the speed at which unknown threats become known threats is a critical factor in the defense against such attacks. New machine-learning algorithms have been added to stop variations of known malware instantly, even if they have never been seen by WildFire, and reduce analysis time for Portable Executable (PE) variants of known malware.

WildFire now offers Mac OS X support as well, which means that Mac binaries can be analyzed and malware targeting Apple products can be prevented.

In addition, URL Filtering with PAN-DB is faster too: Newly discovered phishing websites are categorized within 30 minutes.

4. AutoFocus Now Tightly Integrates with PAN-OS

Healthcare organizations often struggle to delineate between actionable cyberthreat intelligence and all the noise. AutoFocus now tightly integrates with PAN-OS and Panorama management to bring advanced threat context to the entire organization, simplifying response efforts for the most critical attacks in a single, easy-to-use console. This puts the largest collection of unknown malware data at your fingertips, enabling you to automatically turn analysis efforts for unique, targeted attacks into proactive protections by blocking malicious domains, IP addresses, and URLs with AutoFocus and PAN-OS dynamic block lists. AutoFocus also adds the ability to bring threat intelligence into your existing security operations workflows with an improved API and support for the STIX information-sharing standard.

5. GlobalProtect Is Now Easier to Deploy and Offers a Better End-User Experience

There are many features of GlobalProtect that differentiate it from regular VPN clients, but the most powerful one is its ability to integrate with virtual firewalls in Amazon Web Services (AWS). This capability provides the same network-level threat protection wherever the laptop connects to the Internet. In healthcare environments, laptops are very mobile – hospital staff connect from home, coffee shops, and other remote networks where they are prone to infection by malware. GlobalProtect, when deployed with its AWS integration, solves this problem by intelligently routing all traffic (regardless of destination) through a GlobalProtect Gateway and next-generation firewall in AWS to protect your laptops wherever they are.

With the PAN-OS 7.1 launch, GlobalProtect is enhanced with three features that make it easier to deploy and offers a better end-user experience:

• Auto Scaling GlobalProtect Gateways: This enables organizations to deploy the platform in AWS and automatically adjust the number of gateways needed around the world. It brings high-performance protection closer to users, no matter where they are located.
• Cookie Authentication: An organization can make strong authentication easier to use with transparent single sign-on to every GlobalProtect Gateway.
• Certificate Enrollment: Simplify the deployment of certificates with GlobalProtect support for Simplified Certificate Enrollment Protocol (SCEP). The GlobalProtect app can now directly request certificates from the corporate PKI deployment.

These are five features of PAN-OS 7.1 that will immediately benefit healthcare organizations, but there are more features that you can read about in the release notes or at the resources below.

• Technical Documentation: VM-Series Firewall in Microsoft Azure
• Technical Documentation: VM-Series for Microsoft Hyper-V
• Technical Documentation: Five Minute WildFire Updates
• Technical Documentation: First Look at the AutoFocus Portal
• Technical Documentation: About the AutoFocus API
• Technical Documentation: AutoFocus API STIX Support
• Technical Documentation: Enhanced Two-Factor Authentication
• Technical Documentation: Certificate Enrollment

Matt Mellen

[Palo Alto Networks Research Center]