* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* Always Innovating: Advanc...

# Always Innovating: Advanced Threat Prevention and Software Firewalls

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Falways-innovating-august-2023%2F)  
[](https://twitter.com/share?text=Always+Innovating%3A+Advanced+Threat+Prevention+and+Software+Firewalls&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Falways-innovating-august-2023%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Falways-innovating-august-2023%2F&title=Always+Innovating%3A+Advanced+Threat+Prevention+and+Software+Firewalls&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/always-innovating-august-2023/&ts=markdown)  
\[\](mailto:?subject=Always Innovating: Advanced Threat Prevention and Software Firewalls)  
Link copied  
By [Ganesh Balamitran](https://www.paloaltonetworks.com/blog/author/ganesh-balamitran/?ts=markdown "Posts by Ganesh Balamitran")  
Aug 22, 2023  
6 minutes  
[Advanced Threat Prevention](https://www.paloaltonetworks.com/blog/tag/advanced-threat-prevention/?ts=markdown)  
[Always Innovating](https://www.paloaltonetworks.com/blog/tag/always-innovating/?ts=markdown)  
[Cloud NGFW](https://www.paloaltonetworks.com/blog/tag/cloud-ngfw/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/tag/next-generation-firewalls/?ts=markdown)  
[Panorama](https://www.paloaltonetworks.com/blog/tag/panorama/?ts=markdown)  
[WildFire](https://www.paloaltonetworks.com/blog/tag/wildfire/?ts=markdown)

Following our [strong Fiscal Year 2023 financial results](https://investors.paloaltonetworks.com/news-releases/news-release-details/palo-alto-networks-reports-fiscal-fourth-quarter-and-fiscal-7), we bring you the August 2023 edition of Always Innovating in Network Security. In this edition, we share our latest innovations in Advanced Threat Prevention (ATP) and Software Firewalls. One of the ATP innovations released this month is the ability to prevent unknown Command and Control (C2) propagated by the Empire framework. The ATP reports are getting richer and will have MITRE mappings, and we have added Australia to our growing list of ATP regional clouds, ensuring customers get the fastest security updates no matter where they are in the world.

We also launched Cloud NGFW for Azure, and added new Panorama managed features to Cloud NGFW for AWS. On VM-Series for GCP, we now support Load Balancer enabled High Availability Active/Passive Support.

**1. Advanced Threat Prevention Empire C2 Detection**

Building upon our [PAN-OS 10.2 Nebula](https://www.paloaltonetworks.com/network-security/whats-new-in-nebula) innovations preventing Cobalt Strike Command and Control (C2), we are excited to announce the expansion of our prevention capability to Empire C2 *(supported in PAN-OS 11.0.2+)* --- a formidable Command and Control framework that ranks among the most popular on GitHub. It is similar to Cobalt Strike in that it can create malleable profiles which are good at hiding from signature-based defenses. With new inline deep learning models, Advanced Threat Prevention is able to prevent unknown C2 propagated specifically by the Empire tool. Combined with our signature based detections, this capability further strengthens our ability to stop zero-day and highly evasive attacks. Check out our quick demo (*6 mins*) below to learn more about how Advanced Threat Prevention stops evasive command and control network traffic from Empire.

**2. Advanced Threat Prevention Report Enhancements**

**Attack Evidence**

Understanding the reasoning behind an AI-generated malicious verdict is often challenging. Unlike signatures that hinge on exact matches, machine learning evaluates numerous data points, resulting in a more intricate process that doesn't align with the straightforward nature of signature-based defenses. This is why we are introducing human readable detection explanations to add a layer of transparency and insight into attacks, empowering practitioners to grasp the meaning behind verdicts with simplicity. Currently, this feature is available in the [Advanced Threat Prevention Report](https://docs.paloaltonetworks.com/advanced-threat-prevention/administration/monitor-threat-prevention/view-advanced-threat-prevention-report) for Empire C2 detections.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/08/word-image-302957-1.png)

*Here is an example of an Empire detection happening in the early stage of an attack.*

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/08/word-image-302957-2.png)

*Here is an example of an Empire detection happening during the later stages of an attack, when a compromised system is being controlled.*

**MITRE Mappings**

Embrace the cutting-edge power of threat analysis with the Advanced Threat Prevention Report. When Advanced Threat Prevention analyzes threats, this report provides detailed information about detection, attack transactions, sessions and related processes. Now, the report includes MITRE ATT\&CK® classified techniques used.

Within the report, the Detection Service Results section is the star of the show, breaking down threat activities and techniques. With the new addition of MITRE ATT\&CK® classified techniques, you'll gain insight into how attackers try to breach your systems. This knowledge enables you to strengthen your defenses and stop potential threats before they get worse. Learn more about the Advanced Threat Prevention report on [Palo Alto Networks Tech Docs](https://docs.paloaltonetworks.com/advanced-threat-prevention/administration/monitor-threat-prevention/view-advanced-threat-prevention-report).

**3. Advanced Threat Prevention Australia Regional Cloud**

At Palo Alto Networks, we are deeply committed to providing cutting-edge security solutions to customers worldwide. We are thrilled to announce the launch of our Advanced Threat Prevention Regional Cloud in Australia, expanding our local cloud infrastructure to nine regions. This launch reflects our unwavering dedication to helping organizations like yours achieve the highest level of security while adhering to data residency requirements. Palo Alto Networks simplifies compliance and certification with local cloud security infrastructures in more than 76 countries worldwide. Check out our products, regions and their certifications on [our website](https://www.paloaltonetworks.com/products/regional-cloud-locations).

**4. Cloud NGFW for Azure GA Announcement** On August 1, 2023 we announced that [Cloud NGFW for Azure](https://www.paloaltonetworks.com/network-security/cloud-ngfw-for-azure) is now generally available (GA), and expanding into seven more Azure regions to safeguard applications and workloads around the globe. As a generally available service, customers can now depend on Cloud NGFW for Azure to provide best-in-class security, backed by an uptime service-level agreement (SLA) of 99.99%.

Cloud NGFW for Azure is now available in a total of [12 regions](https://docs.paloaltonetworks.com/cloud-ngfw/azure/cloud-ngfw-for-azure/getting-started-with-cngfw-for-azure/supported-regions-and-zones), with more regions coming soon. Customers securing their applications with Cloud NGFW for Azure will benefit from the ease of use of an Azure-native ISV managed service, the ability to extend security from on-prem to Azure with Panorama, and, of course, Palo Alto Networks best-in-class security powered by AI and ML. To get your free, 30-day trial, simply go to the [Azure Marketplace listing](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/paloaltonetworks.pan_swfw_cloud_ngfw?tab=Overview). To see how pricing works, check out this easy, [interactive pricing estimator](https://www.paloaltonetworks.com/resources/tools/ngfw-for-azure). For more information visit our [TechDocs](https://docs.paloaltonetworks.com/cloud-ngfw/azure/cloud-ngfw-for-azure) and watch the [demo video](https://www.youtube.com/watch?v=G_MH_dFy7Hg).

**5. Additional Panorama Managed Features introduced for Cloud NGFW for AWS**

[Last month](https://www.paloaltonetworks.com/blog/network-security/always-innovating-july-2023/), we unveiled the integration of Cloud NGFW for AWS with Panorama. We are now excited to introduce two *Panorama Managed features* for Cloud NGFW for AWS:

a. [Tag Based Policies](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/panorama-integration-overview/tag_based_policies)

With Tag Based Policies you can

1. Utilize the Cloud NGFW console to seamlessly integrate your AWS accounts and extract tags from the associated AWS resources.
2. Leverage the power of the Panorama plugin to conduct periodic tag queries from your Cloud NGFW tenant.
3. Seamlessly incorporate retrieved tags into Panorama device groups, enabling efficient management of [Dynamic Address Group](https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/use-dynamic-address-groups-in-policy) objects and rules.

b. [WildFire](https://www.paloaltonetworks.com/network-security/wildfire)

Offered as an additional security service, WildFire combines machine learning, dynamic and static analysis and a custom-built analysis environment to discover even the most sophisticated threats across multiple stages and attack vectors.

To see how to add Panorama to Cloud NGFW for AWS, refer to this [documentation](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/panorama-integration-overview). For a video demo to setup Cloud NGFW for AWS integration with Panorama, click[here](https://www.youtube.com/watch?v=ePqSonKfa8w). You can also estimate costs quickly with our interactive[pricing estimator](https://paloaltonetworks.com/resources/tools/ngfw-for-aws-azure-estimator). Or simply get started with your free, [30-day trial](http://aws.amazon.com/marketplace/pp/prodview-nkug66dl4df4i) at AWS Marketplace and see how you can extend security from on-prem to AWS quickly and easily. To keep up with the latest, checkout [What's New in Cloud NGFW for AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/cloud-ngfw-for-aws-release-updates/whats-new-cloud-ngfw-for-aws).

**6. Google Cloud (GCP) Load Balancer enabled High Availability Active/Passive Support for VM-Series**

We have released our High Availability (HA) Active-Passive integration of VM-Series with GCP's load balancer. Using the load balancer's built-in failover mechanism, VM-Series can failover from the active instance to the passive instance within seconds, guaranteeing resilience. To learn more, check out documentation [here](https://docs.paloaltonetworks.com/vm-series/11-0/vm-series-deployment/set-up-the-vm-series-firewall-on-google-cloud-platform/setup-active-passive-ha-on-gcp/architecture-of-gcp-ha).

Following on from [June 2023](https://www.paloaltonetworks.com/blog/network-security/always-innovating-network-security-platform/) (Phishing Detection, DNS and Industrial OT) and [July 2023](https://www.paloaltonetworks.com/blog/network-security/always-innovating-july-2023/) (User Experience, Threat Coverage and Management), this month's Always Innovating in Network Security covered our latest innovations in Advanced Threat Prevention (ATP) and Software Firewalls (Cloud NGFW for Azure, Cloud NGFW for AWS and VM-Series for GCP). Achieve your best protection and features by staying abreast of all of our latest innovations through this monthly series - and make sure you checkout our next edition coming out in September.

*** ** * ** ***

## Related Blogs

[#### Always Innovating: Cloud Native Security for Azure, AWS \& GCP](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-september-2023/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Boost Cloud Security with Cloud NGFW: Achieve 163% ROI \& More](https://www2.paloaltonetworks.com/blog/network-security/forrester-spotlight-cloud-ngfw/)

### [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown)

[#### Always Innovating: Data Security for Enterprises](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-october-2023/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Always Innovating: User Experience, Threat Coverage and Management](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-july-2023/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Announcing the First Unit 42 Network Threat Trends Research Report](https://www2.paloaltonetworks.com/blog/network-security/unit-42-network-threat-trends-research/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### CN-Series Container Firewalls on AWS Marketplace for Containers Anywhere](https://www2.paloaltonetworks.com/blog/network-security/cn-series-aws-marketplace-for-containers-anywhere/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language