All news with #palo alto networks tag

🛡️ Unit 42’s Browser Defense Playbook warns that modern work happens primarily in the browser—about 85% of daily tasks—and that attackers increasingly exploit that centrality with phishing, malicious extensions, drive-by downloads and session hijacks. The guide identifies common failures such as unmanaged extensions, lax policies and blind spots in encrypted traffic. It recommends extending zero trust to the browser with strong MFA, conditional access, continuous monitoring and vetted extension allow lists, and points to Prisma Browser for agentless inspection and DLP.

🔒 Palo Alto Networks Unit 42 and Amazon Web Services have expanded their partnership to offer a no-cost Unit 42 Incident Response Retainer in AWS Marketplace for qualified customers. The retainer provides 250 hours of initial incident response, a 2-hour response SLA and 24/7/365 access to Unit 42’s incident response team. The offering is designed to accelerate containment, enable holistic investigations across cloud and enterprise environments, and reduce procurement overhead while providing preferred pricing for proactive services.

🔎 Amazon CloudWatch now provides unified data management and analytics to consolidate operational, security, and compliance data across AWS and third-party sources. The launch enables organization-wide ingestion from AWS sources such as AWS CloudTrail, Amazon VPC, and Amazon WAF, plus managed collectors for CrowdStrike, Okta, and Palo Alto Networks. Customers can use pipelines to transform and enrich logs to standard formats like OCSF and define facets for faster insights. Data can be stored in managed Amazon S3 Tables at no additional storage charge and queried natively or with any Apache Iceberg-compatible analytics tool.

🛡️ November 2025 saw a flurry of cybersecurity acquisitions as major vendors raced to embed AI, observability and exposure management across their portfolios. Deals included Palo Alto Networks' $3.35bn purchase of Chronosphere, LevelBlue's completion of its Cybereason acquisition, and Bugcrowd's buy of AI app-security firm Mayhem. Other moves saw Safe Security acquire Balbix, Zscaler buy SPLX, and Arctic Wolf agree to acquire UpSight to bolster ransomware prevention. Collectively these transactions accelerate AI-driven automation and resilience across cloud, endpoint and software security.

⚠️ Researchers at Palo Alto Networks Unit42 found that uncensored models like WormGPT 4 and community-driven KawaiiGPT can generate functional tools for ransomware, lateral movement, and phishing. WormGPT 4 produced a PowerShell locker and a convincing ransom note, while KawaiiGPT generated scripts for credential harvesting and remote command execution. Both are accessible via subscriptions or local installs, lowering the bar for novice attackers.

🔒 Cloud security posture management (CSPM) combines threat intelligence, continuous detection, and automated remediation to find and fix cloud misconfigurations that can expose data. Customers—not cloud providers—are responsible for configuring and protecting workloads, so organizations must select CSPM that delivers multicloud visibility, integrated data security, and policy-driven automated remediation. Modern offerings increasingly fold CSPM into broader CNAPP and SSE suites from vendors such as Wiz, Palo Alto Networks, Tenable, and CrowdStrike, making coverage, integration, and operational model critical factors in vendor selection.

🔎 GreyNoise reports a roughly 40x surge in malicious scans against Palo Alto Networks GlobalProtect VPN login portals beginning November 14, with about 2.3 million sessions hitting the /global-protect/login.esp endpoint between Nov 14–19. Activity focused on the United States, Mexico, and Pakistan and is linked to recurring TCP/JA4t fingerprints and ASN reuse, notably AS200373 and AS208885. GreyNoise recommends treating these probes as active reconnaissance — block and monitor attempts rather than dismissing them.

🔐 Meerah Rajavel, CIO at Palo Alto Networks, argues that security must be integrated into AI from the outset rather than tacked on later. She frames AI value around three pillars — velocity, efficiency and experience — and describes how Panda AI transformed employee support, automating 72% of IT requests. Rajavel warns that models and data are primary attack surfaces and urges supply-chain, runtime and prompt protections, noting the company embeds these controls in Cortex XDR.

🔒 Palo Alto Networks announced that Prisma AIRS now integrates natively with Azure AI Foundry, enabling direct prompt and response scanning through the Prisma AIRS AI Runtime Security API. The integration provides real-time, model-agnostic threat detection for prompt injection, sensitive data leakage, malicious code and URLs, and toxic outputs, and supports custom topic filters. By embedding security into AI development workflows, teams gain production-grade protections without slowing innovation; the feature is available now via an early access program.

🔐 Palo Alto Networks Unit 42 identified two interconnected 2025 campaigns that used large-scale brand impersonation to deliver variants of the Gh0st remote access Trojan to Chinese-speaking users globally. The adversary evolved from simple droppers (Campaign Trio, Feb–Mar 2025) to sophisticated, multi-stage MSI-based chains abusing signed binaries, VBScript droppers and public cloud storage (Campaign Chorus, May 2025 onward). The report includes representative IoCs and mitigation guidance for Advanced WildFire, Cortex XDR and allied protections.

🔒 Arista Networks and Palo Alto Networks extended their partnership to deliver a framework for zero-trust inside the data center. The integration pairs Arista’s Multi-Domain Segmentation Services (MSS) fabric and full network visibility with Palo Alto’s next-generation firewall (NGFW) to enable an inspect-once, enforce-many model. CloudVision MSS supports dynamic quarantine and can offload trusted high-bandwidth 'elephant flows' after inspection, while the NGFW triggers hardware line-rate isolation when threats are detected. Unified policy orchestration and Arista Validated Designs (AVD) with AVA automation add network-as-code and CI/CD-friendly deployment so NetOps and SecOps can scale independently.

🔒 Palo Alto Networks found that 26% of Linux systems and 8% of Windows systems are running outdated versions across telemetry from 27 million devices spanning 1,800 companies. The analysis also shows 39% of devices lack active endpoint protection and roughly one-third of devices operate outside IT control. Poor segmentation and unmanaged edge devices increase the risk of undetected compromise.

🛡️ In just a few years, AI has shifted from futuristic innovation to core business infrastructure, yet security practices have not kept pace. Palo Alto Networks presents a Secure AI by Design Policy Roadmap that defines the AI attack surface and prescribes actionable measures across external tools, agents, applications, and infrastructure. The Roadmap aligns with recent U.S. policy moves — including the June 2025 Executive Order and the July 2025 White House AI Action Plan — and calls for purpose-built defenses rather than retrofitting legacy controls.

🔍 New research from Palo Alto Networks shows enterprise networks remain sprawling and poorly controlled: telemetry from 27 million devices across 1,800 enterprises found 26% of Linux and 8% of Windows systems running on end-of-life OS versions, 39% of directory-registered devices lack active endpoint protection, and 32.5% operate outside IT control. Poor segmentation — present in 77% of networks — and unmanaged edge devices increase attacker opportunities.

🔒 Unit 42 details how attackers force Windows hosts to authenticate to attacker-controlled systems by abusing rarely monitored RPC interfaces. The report explains techniques, including misuse of UNC path parameters and obscure opnums, and reviews a March 2025 healthcare incident that leveraged MS-EVEN ElfrOpenBELW. It outlines indicators such as bursts of failed NTLM authentications and RPC calls containing external UNC targets. Recommendations include detection, RPC filtering, SMB signing, and Cortex XDR protections.

🔍 Unit 42 disclosed LANDFALL, a previously unknown commercial-grade Android spyware family that abused a Samsung DNG parsing zero-day (CVE-2025-21042) to run native payloads embedded in malformed DNG files. The campaign targeted Samsung Galaxy models and enabled microphone and call recording, location tracking, and exfiltration of photos, contacts and databases via native loaders and SELinux manipulation. Apply vendor firmware updates and contact Unit 42 for incident response.

🔐 Enterprises must redesign security as AI moves from experimentation to production, and CIOs need a prevention-first, unified approach. This guide reframes Confidentiality, Integrity and Availability for AI, stressing rigorous access controls, end-to-end data lineage, adversarial testing and a defensible supply chain to prevent poisoning, prompt injection and model hijacking. Palo Alto Networks advocates embedding security across MLOps, real-time visibility of models and agents, and executive accountability to eliminate shadow AI and ensure resilient, auditable AI deployments.

🔐 CISOs are urged to learn from 1990s ERP migrations as they evaluate vendor-led security platforms from Cisco, CrowdStrike, Microsoft, Palo Alto Networks and others. Research shows many enterprises run 40–80 discrete security tools, driving silos, integration headaches, and alert fatigue. The article warns that platformization can repeat ERP mistakes—data inconsistency, excessive customization, political resistance, and costly timelines—and recommends executive sponsorship, phased implementations, a modern data pipeline, team retraining, and process reengineering to succeed.

🔒 Prisma AIRS 2.0 presents a unified AI security platform that addresses the “AI black box” by combining AI Model Security and automated AI Red Teaming. It inventories models, inference datasets, applications and agents in real time, inspects model artifacts within CI/CD and model registries, and conducts continuous, context-aware adversarial testing. The platform integrates curated threat intelligence and governance mappings to deliver auditable risk scores and prioritized remediation guidance for enterprise teams.

🔍 Threat intelligence is valuable but only effective when organizations maintain reliable asset management. Asset management—the inventory, monitoring, and administration of hosts—provides the foundational visibility needed to detect, patch, and prevent intrusions. Bradley Duncan cites historic malware like Emotet and Qakbot to show how poor asset hygiene enabled massive infections and urges proactive measures such as Unit 42's Attack Surface Assessment.