Web proxy support and SaaS security posture management (SSPM) are among new Nova security features designed to help businesses tackle zero-day threats. Credit: inkoly / Getty Images Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities.In a press release, Anand Oswal, senior VP network security at Palo Alto Networks, said that the new version of Nova is now able to stop 26% more zero-day malware than traditional sandboxes and detect 60% more injection attacks. The updates are the latest in a series of security releases from Palo Alto in 2022.Malware growing more evasive, injection attacks a top web app security riskMalware has evolved to become highly evasive and increasingly sandbox-aware. In May, researchers at cybersecurity vendor Proofpoint analyzed a remote access Trojan (RAT) malware campaign (Nerbian RAT) that used several advanced evasion techniques to target global organizations. These included anti-analysis and anti-reversing capabilities. New sandboxing techniques are needed to help mitigate more sophisticated and evasive malware, Palo Alto stated. The new Advanced WildFire service has therefore been designed to introduce new capabilities such as intelligent run-time memory analysis combined with stealthy observation and automated unpacking to stay hidden from malware and defeat advanced evasions, according to the vendor. Injection attacks that push malicious code into systems by exploiting unpatched vulnerabilities in software continue to pose significant threats to organizations. They remain one of the top attack threats on the OWASP Top 10 Web Application Security Risks list, whilst BreachLock’s Annual Penetration Testing Intelligence Report 2022 listed SQL injection and cross-site scripting errors (XSS) as the bane of security teams, accounting for more than a third of the critical risks found in web applications. Palo Alto said its enhanced ATP service reimagines the intrusion prevention system (IPS) with inline capabilities for stopping zero-day injection attacks, using ATP deep-learning models built on high fidelity telemetry data across tens of thousands of exploited vulnerabilities over the last decade.Web proxy support, SSPM among new security features of PAN-OS 11.0 NovaIn addition, Palo Alto has introduced features designed to improve organizations’ cybersecurity and resilience. The first is new web proxy support for customers who need to run explicit proxies in their network due to architecture or compliance requirements. The latest Nova version can now use natively integrated proxy capabilities for Palo Alto Networks’ next-generation firewall to help secure web and non-web traffic, allowing customers to deploy and centrally manage consistent network security across locations, branches, and mobile users, Palo Alto stated. Next are new SSPM capabilities to help find and eliminate misconfigurations in 60-plus enterprise SaaS apps via native Palo Alto Networks Next-Generation CASB integration with Nova and Prisma SASE. This delivers support for near-real time data protection in modern collaboration apps and suspicious user behavior detection. This helps to protect sensitive data in modern SaaS apps from compromised accounts and insider threats, the vendor claimed.Last are more proactive Palo Alto Networks AIOps features that help reduce misconfigurations that can lead to security breaches, Palo Alto stated. Launched earlier this year, AIOps now guards against violations of best practices and enables remediation of inefficiencies in security policies before committing changes, helping organizations strengthen defenses against cyberattacks, it added.In a statement, John Grady, ESG senior analyst, said that as attackers continue to develop new ways to evade traditional defenses, security teams struggle to defend organizations with point solutions that are complex to deploy and operate. “Palo Alto Networks PAN-OS 11.0 Nova addresses these critical challenges by stopping zero-day threats in real-time, simplifying security architectures, and improving cyber hygiene.” Palo Alto said PAN-OS 11.0 and most of the security services – which will be compatible with previous versions of PAN-OS – will be available in November. Related content news Spam blocklist SORBS shuts down after over two decades The service was unsustainable but those in the email deliverability industry expressed mixed feelings about the closure. By Evan Schuman Jun 07, 2024 4 mins Email Security Antispam news analysis New RansomHub ransomware gang has ties to older Knight group File encryption malware used by RansomHub appears to be a modified variant of the Knight ransomware, also known as Cyclops. By Lucian Constantin Jun 07, 2024 4 mins Hacker Groups Ransomware Hacking feature Whitelisting explained: How it works and where it fits in a security program Whitelisting locks down computers so only approved applications can run. Is the security worth the administrative hassle? By Josh Fruhlinger and CSO Staff Jun 07, 2024 10 mins Email Security Application Security Data and Information Security interview How Amazon CISO Amy Herzog responds to cybersecurity challenges Amazon CISO for devices and advertising products and services describes how her team works with product and devops teams to ensure products are cybersecure. By David Strom Jun 07, 2024 5 mins Security Practices Vulnerabilities Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe