Web proxy support and SaaS security posture management (SSPM) are among new Nova security features designed to help businesses tackle zero-day threats. Credit: inkoly / Getty Images Palo Alto Networks has announced PAN-OS 11.0 Nova, the latest version of its PAN-OS software, featuring new product updates and features. These include the Advanced WildFire cloud-delivered security service to help protect against evasive malware and the Advanced Threat Prevention (ATP) service, which protects against injection attacks. The cybersecurity vendor also revealed new web proxy support and enhanced cloud access security broker (CASB) integration with new SaaS security posture management (SSPM) capabilities.In a press release, Anand Oswal, senior VP network security at Palo Alto Networks, said that the new version of Nova is now able to stop 26% more zero-day malware than traditional sandboxes and detect 60% more injection attacks. The updates are the latest in a series of security releases from Palo Alto in 2022.Malware growing more evasive, injection attacks a top web app security riskMalware has evolved to become highly evasive and increasingly sandbox-aware. In May, researchers at cybersecurity vendor Proofpoint analyzed a remote access Trojan (RAT) malware campaign (Nerbian RAT) that used several advanced evasion techniques to target global organizations. These included anti-analysis and anti-reversing capabilities. New sandboxing techniques are needed to help mitigate more sophisticated and evasive malware, Palo Alto stated. The new Advanced WildFire service has therefore been designed to introduce new capabilities such as intelligent run-time memory analysis combined with stealthy observation and automated unpacking to stay hidden from malware and defeat advanced evasions, according to the vendor. Injection attacks that push malicious code into systems by exploiting unpatched vulnerabilities in software continue to pose significant threats to organizations. They remain one of the top attack threats on the OWASP Top 10 Web Application Security Risks list, whilst BreachLock’s Annual Penetration Testing Intelligence Report 2022 listed SQL injection and cross-site scripting errors (XSS) as the bane of security teams, accounting for more than a third of the critical risks found in web applications. Palo Alto said its enhanced ATP service reimagines the intrusion prevention system (IPS) with inline capabilities for stopping zero-day injection attacks, using ATP deep-learning models built on high fidelity telemetry data across tens of thousands of exploited vulnerabilities over the last decade.Web proxy support, SSPM among new security features of PAN-OS 11.0 NovaIn addition, Palo Alto has introduced features designed to improve organizations’ cybersecurity and resilience. The first is new web proxy support for customers who need to run explicit proxies in their network due to architecture or compliance requirements. The latest Nova version can now use natively integrated proxy capabilities for Palo Alto Networks’ next-generation firewall to help secure web and non-web traffic, allowing customers to deploy and centrally manage consistent network security across locations, branches, and mobile users, Palo Alto stated. Next are new SSPM capabilities to help find and eliminate misconfigurations in 60-plus enterprise SaaS apps via native Palo Alto Networks Next-Generation CASB integration with Nova and Prisma SASE. This delivers support for near-real time data protection in modern collaboration apps and suspicious user behavior detection. This helps to protect sensitive data in modern SaaS apps from compromised accounts and insider threats, the vendor claimed.Last are more proactive Palo Alto Networks AIOps features that help reduce misconfigurations that can lead to security breaches, Palo Alto stated. Launched earlier this year, AIOps now guards against violations of best practices and enables remediation of inefficiencies in security policies before committing changes, helping organizations strengthen defenses against cyberattacks, it added.In a statement, John Grady, ESG senior analyst, said that as attackers continue to develop new ways to evade traditional defenses, security teams struggle to defend organizations with point solutions that are complex to deploy and operate. “Palo Alto Networks PAN-OS 11.0 Nova addresses these critical challenges by stopping zero-day threats in real-time, simplifying security architectures, and improving cyber hygiene.”Palo Alto said PAN-OS 11.0 and most of the security services – which will be compatible with previous versions of PAN-OS – will be available in November. Related content news Google launches Google Threat Intelligence at RSA Conference The new addition to Google Cloud Security is designed to give security teams information to inform approaches to protecting against external threats, managing attack surfaces, and mitigating digital risks. By Sascha Brodsky May 06, 2024 4 mins Google Cloud Functions Cloud Security Security Software brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics AI is modernizing how SOCs function, triaging countless alerts down to a handful of attacks that matter most. By Mike Nichols, Product for Security at Elastic May 06, 2024 3 mins Artificial Intelligence how-to Download the Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and steve_zurier May 06, 2024 1 min Zero Trust Access Control Network Security news Germany blames Russian hackers for months-long cyber espionage The attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts. By Shweta Sharma May 06, 2024 4 mins Advanced Persistent Threats Hacker Groups PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe