PAN-OS includes several enhancements and new features that improve the security of PAN-OS against attacks on the platform. A majority of these features are implemented behind the scenes as part of the platform’s built-in protections. These features are designed to prevent successful exploits, reduce the impact of exploits, detect attempted exploits, and enable the ability to respond to attacks on PAN-OS. These security features either have settings that can be configured or that generate logs to provide more information on PAN-OS security.

PAN-OS security is enhanced with Integrity Measurement Architecture (IMA) to protect against sophisticated attacks and reduce the impact if a process is being compromised. These security mechanisms work together to restrict what an attacker can do if they manage to exploit a vulnerability in PAN-OS, limiting their ability to move laterally within the system or tamper with critical system files and logs.

IMA runs in enforcement mode by default, and only allows execution of binaries and programs cryptographically signed by Palo Alto Networks. This prevents the execution of malware that might be dropped by an attacker and blocks attempts to modify existing PAN-OS binaries, effectively extending the secure boot and hardware root of trust into the run-time environment. When IMA detects an attempted violation, it logs a critical severity alert that you can use for investigation.

You can monitor IMA violations through system logs using the CLI or from the web interface. When IMA detects violations or attempted violations, PAN-OS can be configured to either continue running (collect logs and alerts for investigation), which is the default, or reboot to maintenance mode to disrupt the attacker and facilitate a more thorough investigation.

The IMA security enhancements work alongside other PAN-OS security features, including updated open source software components, improved cryptographic libraries, TPM-based secure boot, hardware root of trust (on Gen 4 hardware and newer), and both boot-time and periodic software integrity checks. Together, these mechanisms create multiple layers of defense that significantly improve the security posture of your PAN-OS devices against sophisticated attacks.