Skip to content

Palo Alto Networks new PAN-OS 10.2 Nebula

5 minutes read

Palo Alto Networks Nebula – A New Era of Cybersecurity

With cyberattacks continuing to rise, whilst reaching new levels of sophistication and complexity, a new era of cybersecurity protection is required.

With the high degree of complexity now seen in attacks, and reports that Cybercriminals can penetrate 93% of company networks, protecting your network and company data from compromise is becoming an ever-expanding task. To rise to this evolving challenge, the release of intelligent and innovative new cyber security solutions is critical.

Palo Alto Networks is a leading innovator in cybersecurity, in their latest release of their PAN-OS software, aptly named “Nebula”; in reference to interstellar clouds of gas and dust which are difficult to see with the naked eye; they have introduced a highly sophisticated, zero-day attack detection, advanced threat prevention along with enhanced security features and new hardware models.

Modern Network security requires a fundamentally new approach to stop zero-day threats, Nebula does this with inline deep learning, an all-new cloud-based deep learning engine that detects today’s most challenging unknown attacks, six times fasters, which brings a next-level of prevention inline to defend the initial target, which is a huge change in the network security market.

The Palo Alto Networks Nebula PAN-OS upgrade is designed to protect businesses from unknown threats, by leveraging cloud computing, artificial intelligence (AI) and inline deep learning techniques, which will collect, analyse, identify and stop, even the most sophisticated attacks as they happen.  With Palo Alto Networks citing that “Nebula can stop 48% more zero-day threats, six faster than previous versions”.

Reported as an industry first, PAN-OS Nebula enables organisations to:

  • Leverage the power of data and deep learning in real-time: Deep learning is a type of machine learning, ideal for detecting unknown and evasive threats. Palo Alto Networks deep learning system analyses live traffic as it enters the network, detecting and preventing today’s most sophisticated attacks as they’re happening.
  • Find and stop zero-day attacks as they attempt to break in: Nebula brings security analysis from “offline” to “in-line”, in order to stop evasive attacks instantly, without sacrificing performance.

Additional updates and enhanced security subscriptions in the new Palo Alto Networks Nebula release include:

Advanced Threat Prevention

The Advanced Threat Prevention subscription is a new subscription that is available, leading from PAN’s previous Threat Prevention subscription, which will also still be available for customers. Their Advanced Threat Prevention is the only IPS to stop unknown C2 attacks in real-time, which Palo claims will stop 48% more threats than previously and is able to able to stop 96% from web-based C2 from hack tools such as Cobalt Strike.

Advanced URL and DNS Protection

With the new Advanced URL and enhanced DNS Protection, Palo Alto Networks report that this is the industry’s first real-time prevention of new and evasive web-based attacks, stopping 35% more phishing attacks and preventing 40% more threats than traditional web filtering databases, using powerful new detectors to identify evasive techniques that are used in 90% of modern phishing attacks. Palo report that 76% of what they are detecting daily, is being seen 24 hours before other vendor solutions.

When clients purchase the new advanced subscriptions, this will include everything that the previous subscriptions had, along with the additional security enhancements.

IoT Security 2.0

Palo Alto Networks IoT 2.0, offers greater visibility, compliance, and zero-trust enforcement for IoT devices, with 90% of all devices discovered in 48 hours and 20X faster policy decisions, using machine learning.

AIOps subscriptions

With Palo Alto Networks new AIOps subscription for Next-Generation Firewalls (NGFWs) they have revolutionised NGFW operations with machine learning-powered insights for the best security posture and optimal health. AIOps is a SaaS operation, working as a proactive health and security check. AIOps will report best practices and make recommendations that are easy to deploy, it gives network admins insights across their firewall deployments to maximise return on investment and will predict firewall health and performance, helping to ensure that organisations avoid performance gaps and availability outages, whilst delivering best practices on security policies.

New Palo Alto Networks Firewalls

In addition to the release of PAN-OS 10.2 Nebula, Palo Alto Networks have also released two new ML-powered Next-Generation Firewall models, the PA-3400-Series and the PA-5400-Series, offering three times better security performance over the previous generations, and up to 30% lower cost per Mbps against its competitors.

Compared to the previous generation, the PA-5400 Series has seven times content inspection per core and up to 38 high-performance cores. The PA-3400 Series has close to four times content inspection per core and up to 19 high-performance cores. With up to a 50% reduction in rack space usage and increased energy efficiency, these new firewalls can help make organizations’ IT infrastructure more sustainable and environmentally friendly.

The new models, officially launched later this month (March 2022), have comprehensive security controls including Advanced Threat Prevention, Advanced URL and DNS Protection, Wildfire, DLP, IoT and inline SaaS.

Prepare for End-of-Life PAN-OS

With today’s changing threat landscape, running older technology is no longer sufficient, with many of Palo Alto Networks Firewalls and OS’s moving to end of life, and with the release of their new ML-powered firewalls and security enhancements, now is the time to consider upgrading to a newer, intelligent firewall solution that will strengthen your security measures.

  • PAN-OS 8.1 and 9.0 went end-of-life on March 1st 2022
  • PAN-OS 10.0 will be end-of-life on 16th July 2022
  • For older generation firewalls, the preferred release to ensure optimal performance is PAN-OS 9.1, please refer to the end-of-life hardware dates below, however.

If you have an older generation Palo Alto Networks Firewall and you are unsure of what version of PAN-OS is supported, please refer to the compatibility matrix here, along with key hardware end-of-life dates, which you can view here.

Find Out More

As a Palo Alto Networks Innovator Partner, we can help you to improve your security by refreshing your aging firewall estate or by migrating your PAN-OS to the latest version. To encourage customers to upgrade their older Palo Alto Networks firewalls, which may not contain all the latest protections and capabilities, Palo Alto Networks are currently offering a refresh promotion, valid now through July 29th 2022, offering additional refresh savings to help customers upgrade and maximise their protection.

For help with your refresh, or for any advice on which version of PAN-OS is most suitable for your firewall environment please get in touch with us on 01932 232345.

Want to know more?

Contact us today to explore how our tailored solutions can align with your business priorities.