1. Strata – Network Security

Strata provides Zero Trust Network Security through machine learning-powered Next-Generation Firewalls (NGFWs) and cloud-delivered security services.

• NGFWs: Physical (PA-Series), Virtual (VM-Series), Containerized (CN-Series), Cloud NGFW for AWS
• Security Services: Advanced Threat Prevention, DNS Security, Advanced URL Filtering, Advanced WildFire, IoT Security, Data Loss Prevention (DLP)
• Management Tools: Panorama, Strata Cloud Manager

2. Prisma – Cloud Security

Prisma Cloud offers a Cloud-Native Application Protection Platform (CNAPP) that secures applications from development to deployment.

• Core Capabilities: Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Cloud Infrastructure Entitlement Management (CIEM), Web Application & API Security (WAAS), Data Security Posture Management (DSPM), AI Security Posture Management (AI-SPM)
• Prisma Access: Secure Access Service Edge (SASE) solution providing Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB)
• Prisma SD-WAN: Hardware (ION Series) and Software (ION Virtual Series) models for next-generation SD-WAN solutions

3. Cortex – AI-Driven Security Operations

Cortex is an AI-powered platform designed to transform Security Operations Centers (SOCs).

• Cortex XDR: Integrates endpoint, network, and cloud data for extended detection and response
• Cortex XSOAR: Offers security orchestration, automation, and response capabilities
• Cortex Xpanse: Provides attack surface management by continuously discovering and monitoring assets
• Cortex XSIAM: An AI-driven SOC platform that unifies data and automates threat detection and response

4. AI Security Solutions

Palo Alto Networks has introduced AI-specific security tools to address emerging threats:

• AI Access Security: Ensures secure access to AI applications
• AI Runtime Security: Protects against threats like prompt injection and training data poisoning
• AI Security Posture Management (AI-SPM): Provides visibility and control over AI models and supply chains

5. Unit 42 – Threat Intelligence and Incident Response

Unit 42 offers expert threat intelligence and incident response services:

• Threat Intelligence Services
• Incident Response Services
• Proactive Assessments
• Security Strategy Transformation

1. App-ID

Classifies traffic based on applications, enabling precise control over application usage regardless of port, protocol, or encryption.

2. User-ID

Associates network traffic with specific users by integrating with directory services, allowing for user-based policies instead of relying solely on IP addresses.

3. Content-ID

Provides threat prevention by inspecting content for malware, exploits, and data exfiltration attempts.

• Antivirus: Detects and blocks known malware.
• Anti-Spyware: Identifies and prevents spyware communications.
• Vulnerability Protection: Shields against known software vulnerabilities.
• File Blocking: Controls the transfer of specific file types.
• Data Filtering: Prevents unauthorized data transfers.
• URL Filtering: Controls access to web content based on categories.

4. WildFire

Offers advanced threat detection by analyzing suspicious files in a cloud-based sandbox environment to identify unknown malware and zero-day exploits.

5. Threat Prevention

Combines multiple security technologies to detect and block threats, including intrusion prevention and anti-malware capabilities.

6. DNS Security

Protects against DNS-based threats by preventing access to malicious domains and blocking command-and-control communications.

7. GlobalProtect

Extends firewall protection to remote users by establishing secure VPN connections, ensuring consistent security policies across all users.

8. Panorama

Provides centralized management for multiple firewalls, allowing for streamlined policy creation, deployment, and monitoring.

9. Security Policy Components

Defines rules that determine how traffic is handled by the firewall.

• Source/Destination Zones: Specifies the network zones for traffic origination and termination.
• Applications: Identifies the applications involved in the traffic.
• Users: Associates policies with specific users or groups.
• URL Categories: Applies rules based on web content categories.
• Services: Defines the network services (e.g., HTTP, HTTPS) involved.
• Actions: Determines whether to allow, deny, or log the traffic.

Additional Resources

• Components of a Security Policy Rule
• PaloGuard: Security Features
• Firewall Features Overview (PDF)

Additional Resources

• Palo Alto Networks Products A-Z
• Multiplatform Product Portfolio
• Product Portfolio Overview Video