Palo Alto Networks’ latest firewalls include defenses for post-quantum world

Palo Alto Networks is baking post-quantum security best practices into the latest release of PAN-OS, its firewall software. It is releasing Next-Generation Firewall models that are optimized for quantum computing. 

PAN-OS 12.1 adds support for all of NIST’s standard post-quantum cryptography (PQC) algorithms, including FIPS 203: ML-KEM, FIPS 204: ML-DSA, and FIPS 205: SLH-DSA. It also supports other emerging algorithms that haven’t yet been standardized, including HQC, Classic McEliece, BIKE, and Frodo.

Palo Alto Networks’ approach involves global interoperability with international standards, cryptographic agility by supporting multiple standard and nonstandard algorithms, and support for hybrid algorithms that utilize classical and post-quantum algorithms. 

Additionally, the company introduced quantum-safe VPN tunnels and SSL/TLS sessions to defend against ‘harvest now, decrypt later’ attacks, where an attacker steals encrypted data now, so that when quantum computers become advanced enough, the encryption can be broken and the data accessed. 

The latest release enables organizations to conduct a Quantum Readiness assessment that provides an inventory of all of their cryptography usage so they can understand where they need to implement PQC standards. 

PAN-OS 12.1 also offers support for ETSI 014 protocol integration, which allows for the establishment of cryptographic keys that are resistant to even unknown computational advancements, the company explained. 

And finally, the company is introducing a cipher translation proxy to make legacy applications quantum safe, even if they can’t be upgraded immediately or that don’t support PQC. This acts as an intermediary layer that translates classical cryptographic communications into quantum-safe ones, as well as the other way around. 

“The quantum threat to encryption is no longer theoretical; it’s an inevitability that demands action now,” said Anand Oswal, SVP and GM of network security at Palo Alto Networks. “With these latest innovations that cover the entire quantum readiness lifecycle, we are pioneering the defense for this new era. Every Palo Alto Networks customer that uses our latest software will be able to accelerate their journey to becoming quantum safe, with the intelligence and infrastructure needed to proactively secure their most critical assets from tomorrow’s threats, today.”