For today’s enterprise, enabling business innovation across multicloud and AI environments means grappling with unprecedented complexity. A primary challenge is securely connecting workloads and data across disparate cloud environments, as each provider has its own unique networking constructs and security models. This complexity is compounded by a patchwork of disparate security tools, which leads to inconsistent policy enforcement and dangerous visibility gaps. This fragmented approach for both networking and security is no longer sustainable, creating an environment prone to misconfigurations and blind spots given the speed and scale of modern application development.

To address these significant security challenges, we are introducing a set of deeply integrated capabilities for our software firewalls. This expanded solution establishes the industry’s first automated multicloud security fabric, delivering a single, cohesive security posture across AWS, Azure and Google Cloud. It unifies continuous visibility and risk assessment, automated deployment of consistent security controls, and advanced threat prevention to protect every type of workload—from traditional virtual machines to containerized applications and emerging AI models.

Powered by the just-announced PAN-OS 12.1 Orion operating system, these new capabilities are designed to tackle multicloud complexity head-on. The platform simplifies security by providing a data-driven understanding of risk across all cloud and AI assets (CLARA), automates the application of consistent security with microperimeters to contain lateral threats, and scales on-demand with a hyperscale fabric (HSF) to ensure protection keeps pace with business innovation.

This expanded software firewall solution delivers value through four core capabilities that directly address the most pressing challenges in multicloud and AI security.

Core Capability 1: Eliminate Blind Spots with Comprehensive Visibility

A core function of the unified security fabric is to provide a single source of truth for your entire asset inventory. In dynamic cloud environments, this is a persistent challenge. Our cloud network security platform addresses this by providing continuous, automated discovery of all applications and workloads—including virtual machines, containers and AI models—across all cloud-native, multicloud and hybrid environments. This visibility is paired with continuous risk assessment, which automatically detects misconfigurations, traffic flow analysis, vulnerabilities and exposures, allowing your teams to move from reactive discovery to proactive risk remediation.

Comprehensive visibility across traditional and AI workloads is the foundation of effective risk management.

Core Capability 2: Automate Deployments to Simplify Multicloud Security

The security fabric has been designed to automatically match the velocity of DevOps, which is critical because manual configuration to securely interconnect applications across multiple clouds can stall rapid development expectations. This multicloud security fabric automatically interconnects cloud regions and applies consistent security policies across AWS, Azure and Google Cloud environments. As new applications are deployed, they are automatically interconnected and protected by Palo Alto Networks software firewalls with unmatched Layer 7 threat efficacy, allowing cloud network security teams to function as an integrated enabler of innovation.

With one-click, a secure multicloud security fabric is installed across public and private clouds, ensuring immediate and consistent protection.

Core Capability 3: Secure Modern Applications with Advanced Threat Prevention

This security fabric is not just about connectivity: It’s built to deliver advanced threat prevention as an essential capability. This is critical, because modern applications create new pathways for sophisticated threats, which native cloud service provider (CSP) controls often miss. The fabric provides deep Level 7 inspection and inline security to stop these emerging threats. This includes specialized protections for AI runtimes to prevent attacks like prompt injection and model exfiltration, as well as the enforcement of microperimeters to contain the lateral movement characteristic of modern ransomware attacks. Additionally, the hyperscale architecture ensures these advanced protections are delivered at line rate, which secures high-scale workloads without introducing performance bottlenecks.

Securing east-west application traffic with a microperimeter is a core tenet of Zero Trust, containing breaches by preventing the lateral movement of threats.

Core Capability 4: Establish Centralized Governance and Unified Policy

Managing disparate cloud environments creates operational silos and makes troubleshooting network connectivity nearly impossible. That’s why the entire fabric is governed from a single point of control: Strata Cloud Manager. From this centralized console, operations teams gain end-to-end visibility, with tools to trace the complete path of application traffic across the multicloud network. This powerful diagnostic capability automatically highlights network problems, such as misconfigurations or performance bottlenecks, and pinpoints the exact location of an issue. This dramatically simplifies troubleshooting and reduces mean time to resolution, enabling teams to move from complex manual diagnostics to streamlined, one-click remediation.

Ensure immediate, automated remediation of security issues for uninterrupted protection.

Begin with a Data-Driven Understanding of Your Risk

A unified security foundation is essential for enabling business innovation securely. The journey begins with understanding your specific risk posture. To help you start, we invite you to take the Cloud Network and AI Risk Assessment (CLARA). This assessment provides a data-driven view of your multicloud and AI assets, helping you identify active risks and prioritize your security efforts.