Palo Alto Networks
More information: https://paloaltonetworks.com
Description of technology
WILDFIRE - detects unknown malware using static and dynamic analysis techniques, where suspicious files are opened/executed, and their behavior is analyzed. The system, leveraging machine learning, can identify key file attributes indicative of malicious activity and feed this knowledge to the Endpoint Security system for even better and more complete protection.
PRISMA PUBLIC CLOUD - provides mechanisms for protection and compliance verification in public cloud environments while delivering full visibility of configured controls. Supported by machine learning, it correlates data and calculates resource risk in the cloud environment. It can detect vulnerabilities and remediate misconfigurations in templates built by the client. Prisma SaaS provides control over SaaS applications, detects incidents in cloud infrastructure, identifies leakage of sensitive data via cloud applications, and detects malware in employee cloud resources. Integrated with WildFire, it identifies malware in employee cloud resources. Performs retro-inspection – scans previously stored employee files in cloud resources to detect security violations, including data leaks, malware distribution.
Cloud Security - Cloud Access Security Broker
CLOUD ACCESS SECURITY BROKER - malware detection, detection of new applications using inline-ML, creation of rules regarding file and data sharing in SaaS applications, OCR, DLP, advanced patterns and profiles, and intelligent recognition of sensitive data.
Cloud Security - Cloud Infrastructure Entitlement Management
PRISMA CLOUD (ENTERPRISE EDITION) - subscription-based add-on to Prisma Cloud, allowing log querying, defining alerting rules, monitoring permission dependencies, defining “net-effective permissions”, and an advanced query language (RQL).
Cloud Security - Cloud Security Posture Management
PRISMA CLOUD (ENTERPRISE EDITION) - licensed via credits, includes a large number of predefined standards and rules, support for IaaC and CI/CD deployments. Remediation actions are possible, including custom ones via API; expandable with Data Security subscriptions (malware, DLP) and Network Security (micro-segmentation); includes UEBA module and detection of network anomalies in the cloud.
Cloud Security - Cloud Workload Protection Platform
PRISMA CLOUD (ENTERPRISE OR COMPUTE EDITION) - licensed via credits, provides monitoring and protection based on vulnerabilities, compliance, protection of various types of workloads (hosts, containers, serverless, registry, clusters, etc.), support for SOC (forensics, runtime OWASP protection, cloud-based attacks, etc.), traffic and access control, protection across the entire application lifecycle (CI/CD, repository scanning, integrations).
Cloud Security - Cloud-Native Protection Platform
PRISMA CLOUD (ENTERPRISE EDITION) - features CSPM and CWPP functionalities, integrates security into CI/CD and DevOps processes, and offers a wide range of integrations with dedicated tools. The platform supports advanced monitoring, analytics, and incident management to ensure continuous security oversight.
Cloud Security - Security Access Service Edge
PRISMA SASE - provides centralized management through a SaaS dashboard or Panorama, ensuring secure, encrypted connections via GlobalProtect. The platform is built on the proven functions and mechanisms of PAN NGFW, integrating access control and network security, and allowing policy configuration for different users and remote offices.
CORTEX XDR - delivers advanced endpoint security by combining prevention, detection, and response within a unified platform. Using behavioral analytics, machine learning and telemetry from endpoints, network, and cloud sources, it correlates events to identify sophisticated attacks that traditional antivirus tools cannot detect. Cortex XDR prevents malware, exploits, ransomware and fileless attacks, while continuously monitoring endpoint activity to uncover anomalies and lateral movement. The solution automates investigation workflows, enriches alerts with contextual data, and enables rapid containment through centralized response actions, such as isolation, process termination, and artifact removal.
NEXT-GENERATION FIREWALLS (NGFW) - allow implementation of security policies based on users, granular control of applications they use, and content transmitted across the enterprise network. Available firewall devices are suitable for securing various environments such as data centers, headquarters, or branch offices. These solutions work well both in classic roles of perimeter or internal network protection and in specialized applications, e.g., in challenging industrial conditions.
GLOBALPROTECT - protects mobile systems from malware and ATP attacks, while providing secure and convenient VPN remote access to IT services. The cloud-based version of the solution is Prisma Access, which provides a comparable level of protection without deploying on-premises components and allows centralized management of security policies for mobile users.
CORTEX XSOAR - dedicated SOAR (Security Orchestration, Automation, and Response) software that allows security teams (SOC) to more effectively manage incident handling and accelerate response time to new incidents. Additionally, internal mechanisms standardize incidents across different platforms and enable automation of all aspects of incident handling. The solution also supports teamwork and, using machine learning, identifies the most appropriate SOC team members to handle specific incidents.
CORTEX XDR - detects security incidents based on analysis of user behavior within IT systems using advanced methods such as machine learning. Cortex XDR is a detection and response application that integrates multiple systems to prevent diverse threats and attacks. It uses data collected from firewalls, Traps tools, and GlobalProtect, as well as data stored in the Cortex Data Lake cloud. The solution enables precise detection of undesirable network behavior and can draw conclusions and, importantly, take action to mitigate both known and unknown attacks.
VIRTUAL SECURITY - protects virtual environments through NGFW firewall functionalities integrated with virtual infrastructures (e.g., ESX, NSX, Azure, AWS). Thanks to built-in integration, these systems can naturally and quickly adapt to the dynamic nature of virtualized resources.