You can now use centralized Device Associations management to add firewall and Panorama devices to a tenant service group (TSGs) and associate them with Strata Logging Service. The Device Associations provides a centralized management view of devices associated with your application. This centralized approach ensures a more efficient and consistent onboarding experience regardless of the whether you onboard device from Strata Logging Service standalone app or from Strata Cloud Manager.

The Prisma Access Secure Enterprise Browser (Prisma Access Browser) is a browser designed specifically for enterprise use and is fortified with security features to protect users and organizations against cyberthreats like phishing, malware, eavesdropping, and data exfiltration.

The initial release of Prisma Access Browser includes the following:

Palo Alto Networks AI Runtime Security is a purpose-built firewall to discover, protect, and defend the enterprise traffic flows against all potential threats focusing on addressing AI-specific vulnerabilities such as prompt injection, and denial-of-service attacks on AI models. It combines continuous runtime threat analysis of your AI applications, models, and data sets with AI powered security to stop attackers in their tracks. The AI Runtime Security leverages real-time AI-powered security protecting your AI application ecosystem from both AI-specific and conventional network attacks.

AI Runtime Security leverages critical anomaly detection capabilities and protects AI models from manipulation to ensure the reliability and integrity of AI output data. It rejects prompt injections, malicious responses, training data poisoning, malicious URLs, command and control, embedded unsafe URLs, and lateral threat movement.

AI Runtime Security uses Palo Alto Networks Strata Cloud Manager (SCM) as the main configuration and management engine. To begin with, activate and onboard your cloud service provider account on SCM. The AI Security Profile imports security capabilities from Enterprise DLP and URL Filtering for inline detection of threats in AI application traffic.

The AI Runtime Security is powered by the following four key elements:

Discover - The AI Runtime Security discovers your enterprise AI application and all other applications. The AI Runtime Security dashboard provides complete visibility and security insights of your AI and other applications in just a few clicks. You can effortlessly gain actionable intelligence on AI traffic flows covering your applications, models, user access, and infrastructure threats.

Deploy - The AI Runtime Security deployment using Terraform templates automates the deployment procedure reducing the human error, lowering the required time for manual configuration tasks, and for protecting your enterprise AI applications. Deploy your AI Runtime Security instance downloading the Terraform templates and provide permissions to your cloud service provider account projects to analyze flow logs and DNS logs.

Detect - Identify unprotected traffic flows with potential security threats to the cloud network and detect the potential security risks based on logs and recommended actions to remediate.

Defend - Shield your organization’s AI application ecosystem from AI-specific and conventional network attacks by leveraging real-time AI-powered security. Get the continuous discovery of the AI network traffic on the containers and namespaces.

To learn more about AI Runtime Security activation, onboarding, and deployment, see AI Runtime Security documentation.

Advanced Threat Prevention now supports Local Deep Learning, which provides a mechanism to perform fast, local deep learning-based analysis of zero-day and other evasive threats, as a complementary feature to the cloud-based Inline Cloud Analysis component of Advanced Threat Prevention. With an Advanced Threat Prevention license, known malicious traffic that matches against Palo Alto Networks published signature set are dropped (or have another user-defined action applied to them); however, certain traffic that matches the criteria for suspicious content are rerouted for analysis using the Deep Leaning Analysis detection module. If further analysis is necessary, the traffic is sent to the Advanced Threat Prevention cloud for additional analysis, as well as the requisite false-positive and false-negative checks. The Deep Learning detection module is based on the proven detection modules operating in the Advanced Threat Prevention cloud, and as such, have the same zero-day and advanced threat detection capabilities. However, they also have the added advantage of processing a much higher volume of traffic, without the lag associated with cloud queries. This enables you to inspect more traffic and receive verdicts in a shorter span of time. This is especially beneficial when faced with challenging network conditions.

Updates to Local Deep Learning models are delivered through content updates. Local Deep Learning is enabled and configured using the Anti-Spyware profile and requires an active Advanced Threat Prevention license.

You can now manage your Strata Logging Service instance with Strata Cloud Manager. After you have activated and deployed Strata Logging Service, log in to Strata Cloud Manager on hub and select SettingsStrata Logging Service to manage your Strata Logging Service instance. Additionally, you can also continue to use the Strata Logging Service standalone app available on the hub to manage your instances. The logging data is the same in both Strata Logging Service app and Strata Cloud Manager, except for their web interface differences.

Use Strata Logging Service to:

• Check the status of a Strata Logging Service instance
• View and onboard firewalls, Cloud NGFW, Prisma Access, or Panorama appliances
• View the allocated log storage quota, the available storage space, and the number of days the logs are retained based on your incoming log rate
• Configure log storage quota
• Search, filter, and export log data
• Forward log data to external servers for long-term storage, SOC, or internal audit

You can host Strata Logging Service in multiple regions. To comply with data privacy regulations that require you to keep data within a specific region, you can select it as a host region when you activate Strata Logging Service. You must also allow specific FQDNs or IP address range and TCP ports for each region to send logs to and forward logs from Strata Logging Service. In addition, depending on the platform you are using, you must allow traffic from different sources to connect to Strata Logging Service successfully. Strata Logging Service ensures data redundancy by storing your data in two different zones in the region you choose. Therefore, in case of an outage, Strata Logging Service will failover to the secondary zone in an attempt to prevent interruption of service.

If you want to use a third-party app to ingest your Strata Logging Service log data, ensure that the third-party app is supported in the same region as your Strata Logging Service instance. Otherwise, the third-party app will be unable to access your data. Third-party apps are currently supported in only the following regions:

To simplify your logging experience, some log field names have changed. These changes will affect how field names appear and how they are forwarded. To ensure a smooth transition for your log forwarding profiles, we will continue to support the old names for the near future. Fields will be forwarded with both the new names and old names, so you can choose whether to leverage the new names or continue with your current configurations. Therefore, no action is required to maintain log forwarding functionality.

You can now forward past-dated logs (up to the past 3 days from the current date) from Strata Logging Service to your preferred syslog, HTTPS, or email servers with log replay profiles. You can use this option to retrieve old logs in case of connection failures or outages at the destination server. To create the log replay profile, you clone the parameters from your preferred existing log forwarding profile and provide the date range for which you want to forward the logs.

You can host Strata Logging Service in multiple regions. To comply with data privacy regulations that require you to keep data within a specific region, you can select it as a host region when you activate Strata Logging Service. You must also allow specific FQDNs or IP address range and TCP ports for each region to send logs to and forward logs from Strata Logging Service. In addition, depending on the platform you are using, you must allow traffic from different sources to connect to Strata Logging Service successfully. Strata Logging Service ensures data redundancy by storing your data in two different zones in the region you choose. Therefore, in case of an outage, Strata Logging Service will failover to the secondary zone in an attempt to prevent interruption of service.

If you want to use a third-party app to ingest your Strata Logging Service log data, ensure that the third-party app is supported in the same region as your Strata Logging Service instance. Otherwise, the third-party app will be unable to access your data. Third-party apps are currently supported in only the following regions:

Browser and web-based attacks are continuously evolving, resulting in security challenges for many enterprises. Web browsers, being a major entry point for malware to penetrate networks, pose a significant security risk to enterprises, prompting the increasing need to protect networks and devices from zero day attacks. Highly regulated industries, such as government and financial institutions, also require browser traffic isolation as a mandatory compliance requirement.

While most enterprises want to block 100% of attacks by using network security and endpoint security methods, such a goal might not be realistic. Most attacks start with the compromise of an endpoint that connects to malicious or compromised sites or by opening malicious content from those sites. An attacker only needs one miss to take over an endpoint and compromise the network. When this happens, the consequences of that compromise and the impact to your organization can be damaging.

Remote Browser Isolation (RBI) creates a no-code execution isolation environment for a user's local browser, so that no website code and files are executed on their local browser. Unlike other isolation solutions, RBI uses next-generation isolation technologies to deliver near-native experiences for users accessing websites without compromising on security.

RBI is a service that isolates and transfers all browsing activity away from the user's managed devices and corporate networks to an outside entity such as Prisma Access, which secures and isolates potentially malicious code and content within their platform. Natively integrated with Prisma Access, RBI allows you to apply isolation profiles easily to existing security policies. Isolation profiles can restrict many user controls such as copy and paste actions, keyboard inputs, and sharing options like file uploading, downloading, and printing files to keep sensitive data and information secure. All traffic in isolation undergoes analysis and threat prevention provided by Cloud-Delivered Security Services (CDSS) such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, and SaaS Security.

You can now use enhanced filtering and viewing capabilities to search and view relevant logs easily. The enhancements include: