Fundamentally Changing Network Security with Inline Deep Learning

This post is also available in: 日本語 (Japanese)

When the ILOVEYOU virus hit in 2000, it was a simpler time: organizations knew when they had it and when it was gone. They also knew another attack wouldn’t come around for a year or so because, at that time, that’s generally how long it took bad actors to come up with something new. 20+ years later, we almost long for this type of virus… almost.

In those days, most cyberattacks could be prevented by signatures that detected known attacks. This was quite effective as many attacks tended to be variations of one another. Net-new attacks were rare, and generally only more capable, well-funded groups could launch them. In this landscape, defending against a zero-day attack was a reactive process, set into motion only after the initial target was impacted. Over many years, the industry focused on shortening the time it took to react to a new attack, from weeks to days to hours, and in our case even minutes. But, we need to do more.

The cyberthreat landscape continues to change. This has been true for as long as it has existed, but we’ve reached a new pinnacle. Bad actors of all kinds now have a powerful arsenal of nation state-level attacks at their fingertips. As a result, uniquely advanced (as well as previously rare and highly targeted) attacks are now rampant. Unfortunately, these days, every organization must assume they will be the target of a sophisticated attack.

But, there is good news: this problem is solvable. And, not just in theory. What’s common about these new attacks is that it is actually possible to both detect and stop them before they successfully compromise a target – with inline deep learning.

Inline Deep Learning Stops Zero-Day Threats

With Nebula (PAN-OS 10.2), the latest upgrade of our industry-leading PAN-OS software, we’ve brought deep learning (one of the most advanced forms of machine learning) inline. In doing so, we are solving a challenge that many thought was unsolvable – stopping zero day attacks without prior knowledge of the attack.

For context, using deep learning in security is definitely not new. In fact, we’ve been utilizing it for several years, but it was previously limited to out-of-band applications because inline detection and prevention has to be super fast. This is very difficult because it is computationally intensive. We’ve solved this issue by utilizing a unique cloud delivery mechanism. This brand new, industry-first approach to network security fundamentally changes network security. In fact, we believe that this is how all network security will be done in the future. Here are just a couple examples:

• Cobalt Strike has become a go-to tool for hackers because of its endless customizability, which also makes it very easy to obscure command-and-control (C2) operations. With inline deep learning, we are able to provide strong protection (nearly 100%) for one of the most difficult to detect Cobalt Strike C2 techniques in use today, in addition to many other types of evasive and unknown C2.
• Successful phishing attacks have increased with hybrid work and phishing-as-a-service. 90% of phishing services now come with built-in evasive techniques. With Advanced URL Filtering, we’ve extended real-time analysis to all web content and added additional phishing detectors, enabling us to stop 40% more phishing attacks.

And this is just the start. One of the great aspects of deep learning is that the models constantly improve as more and more data is analyzed.

We laid the foundation for this innovation with the introduction of the ML-Powered Next Generation Firewall (NGFW). By taking our machine learning capabilities and bringing them inline as part of the PAN-OS, we were able to prevent up to 95% of never-before-seen malware. Intertwining analytics into network security by pushing protections as deep into the stack as possible for efficiency was a critical, foundational step toward defending against zero-day attacks as they attempt to break in (not afterwards). With the Nebula release, we have even more powerful tools to use against a broader range of attacks. And I bet you thought the term “ML-Powered NGFW” was just hype.

Additional Innovations in PAN-OS 10.2 Nebula

There is a ton of amazing innovation in our new release, including enhancement of the industry’s smartest security for IoT devices and our 10th security service, AIOps, which uses machine learning to predict up to 51% of disruptions to your NGFWs before they are impactful. Further, we’ve introduced the fourth generation of our ML-Powered NGFWs with PA-3400 and PA-5400 Series. These new ML-Powered NGFWs join our other fourth generation PA-400 Series and PA-5450 NGFWs to provide unprecedented protection for the data center, campus, branch and enterprise edge.

You can read about what’s new on our PAN-OS 10.2 Nebula page, or register for our live launch event to get an in-depth tour of the features and benefits that make Nebula an enormous leap in network security.