Web proxy support and SaaS security posture management (SSPM) are among new Nova security features designed to help businesses tackle zero-day threats. Credit: inkoly / Getty Images Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities.In a press release, Anand Oswal, senior VP network security at Palo Alto Networks, said that the new version of Nova is now able to stop 26% more zero-day malware than traditional sandboxes and detect 60% more injection attacks. The updates are the latest in a series of security releases from Palo Alto in 2022.Malware growing more evasive, injection attacks a top web app security riskMalware has evolved to become highly evasive and increasingly sandbox-aware. In May, researchers at cybersecurity vendor Proofpoint analyzed a remote access Trojan (RAT) malware campaign (Nerbian RAT) that used several advanced evasion techniques to target global organizations. These included anti-analysis and anti-reversing capabilities. New sandboxing techniques are needed to help mitigate more sophisticated and evasive malware, Palo Alto stated. The new Advanced WildFire service has therefore been designed to introduce new capabilities such as intelligent run-time memory analysis combined with stealthy observation and automated unpacking to stay hidden from malware and defeat advanced evasions, according to the vendor. Injection attacks that push malicious code into systems by exploiting unpatched vulnerabilities in software continue to pose significant threats to organizations. They remain one of the top attack threats on the OWASP Top 10 Web Application Security Risks list, whilst BreachLock’s Annual Penetration Testing Intelligence Report 2022 listed SQL injection and cross-site scripting errors (XSS) as the bane of security teams, accounting for more than a third of the critical risks found in web applications. Palo Alto said its enhanced ATP service reimagines the intrusion prevention system (IPS) with inline capabilities for stopping zero-day injection attacks, using ATP deep-learning models built on high fidelity telemetry data across tens of thousands of exploited vulnerabilities over the last decade.Web proxy support, SSPM among new security features of PAN-OS 11.0 NovaIn addition, Palo Alto has introduced features designed to improve organizations’ cybersecurity and resilience. The first is new web proxy support for customers who need to run explicit proxies in their network due to architecture or compliance requirements. The latest Nova version can now use natively integrated proxy capabilities for Palo Alto Networks’ next-generation firewall to help secure web and non-web traffic, allowing customers to deploy and centrally manage consistent network security across locations, branches, and mobile users, Palo Alto stated. Next are new SSPM capabilities to help find and eliminate misconfigurations in 60-plus enterprise SaaS apps via native Palo Alto Networks Next-Generation CASB integration with Nova and Prisma SASE. This delivers support for near-real time data protection in modern collaboration apps and suspicious user behavior detection. This helps to protect sensitive data in modern SaaS apps from compromised accounts and insider threats, the vendor claimed.Last are more proactive Palo Alto Networks AIOps features that help reduce misconfigurations that can lead to security breaches, Palo Alto stated. Launched earlier this year, AIOps now guards against violations of best practices and enables remediation of inefficiencies in security policies before committing changes, helping organizations strengthen defenses against cyberattacks, it added.In a statement, John Grady, ESG senior analyst, said that as attackers continue to develop new ways to evade traditional defenses, security teams struggle to defend organizations with point solutions that are complex to deploy and operate. “Palo Alto Networks PAN-OS 11.0 Nova addresses these critical challenges by stopping zero-day threats in real-time, simplifying security architectures, and improving cyber hygiene.”Palo Alto said PAN-OS 11.0 and most of the security services – which will be compatible with previous versions of PAN-OS – will be available in November. Related content news analysis Microsoft fixes three zero-day vulnerabilities, two actively exploited The company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize. By Lucian Constantin May 15, 2024 6 mins Windows Security Zero-day vulnerability brandpost Sponsored by Palo Alto Networks How you may be affected by the new proposed Critical Infrastructure Cyber Incident Reporting Rule The current cybersecurity regulatory landscape continues to evolve, and CIRCIA’s incident reporting requirements are just one of the many emerging regulations organizations will need to observe By Anand Oswal, Senior Vice President and GM of Network Security at Palo Alto Networks May 15, 2024 5 mins Security news Singing River ransomware attack now thought to have affected over 895,000 The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack. By Shweta Sharma May 15, 2024 4 mins Data Breach Ransomware brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe