Cybersecurity vendor Palo Alto Networks\u00a0has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks.SD-WAN for IoT security provides device visibility, prevents threatsPrisma SD-WAN with integrated IoT security enables accurate detection and identification of branch IoT devices, Palo Alto Networks stated. It allows customers to enable security controls from within the familiar cloud management for Prisma SASE without the need for additional appliances and sensors to be deployed in the network in order to gain visibility into IoT devices and prevent threats.\u201cPrisma SD-WAN enables identification of any IoT appliance within a branch network regardless of its supported operating system or the vendor,\u201d the vendor tells CSO. \u201cWith 57% of devices with unknown vulnerabilities and 83% of devices running unsupported operating systems, Prisma SD-WAN\u2019s detection capability ensures every IoT device information is sent to Prisma Access to enforce security policies to protect both devices and the applications accessed.\u201dPrisma SD-WAN provides extra visibility into intra-branch traffic, allowing Prisma Access to provide a rich and accurate IoT inventory, while ensuring IoT devices are egressing application traffic from the branch on encrypted SD-WAN fabric to Prisma Access where they are inspected to ensure zero-trust, Palo Alto Networks said.On-prem controller for Prisma SD-WAN helps customers meet security compliance requirementsOn-prem controller for Prisma SD-WAN helps customers meet their industry-specific security compliance requirements, Palo Alto Networks said. \u201cThe Prisma SD-WAN On Premise Controller can be deployed on customer servers as a virtual instance, and manages all SD-WAN visibility, data, and security keys,\u201d the vendor tells CSO. For businesses in certain verticals and areas that require data like network and user information for data conformance, on-prem controller ensures regulatory and compliance standards, the firm adds. \u201cFor businesses in areas where data cannot reside in the cloud, Prisma SD-WAN on-prem controller provides the ability to deploy SD-WAN appliances, manage business policies, and view SD-WAN analytics for their day-to-day operations.\u201dAdvanced URL filtering seeks to tackle the rise of modern web attacksPalo Alto Networks also announced that Prisma Access Cloud SWG now employs advanced URL filtering for the prevention of unknown and evasive MitM and SaaS platform phishing attacks to help address the rise in the sophistication and scale of modern web attacks. \u201cSome highly sophisticated threat actors are using proxies to relay the end user\u2019s original login page to the target server while stealing or scraping login credentials like session tokens, passwords, cookies, or whatever the site is using for authentication,\u201d Palo Alto Networks tells CSO.The nature of this attack allows adversaries to circumvent any additional multifactor authentication (MFA) that might be present on authentication flows without any detection from the end user or intermediaries, Palo Alto Networks said. \u201cUnlike traditional phishing attacks that simply replicate a login page, MitM attacks use a reverse-proxy server to relay the actual (real) login page directly to the end user\u2019s browser. This makes the threat invisible from the client\u2019s perspective because traditional indicators of compromise, like the age and reputation of the phishing page, are no longer reliable,\u201d the vendor says. By utilizing various HTTP-based signals, Palo Alto Networks claims to be able to generate unique HTTP header signatures that are then used to train its MitM inline model to catch the presence of these attacks. \u201cWe then identify whether there\u2019s a proxy and whether it\u2019s been tampered with. Phishing threats of this nature are analyzed and blocked in real time. All this works together to provide real-time analysis and real-time prevention of zero-day MitM phishing threats.\u201dAs for SaaS platform attacks, advanced attackers are increasingly utilizing legitimate SaaS platforms to evade security vendors and carry out phishing, Palo Alto Networks says. \u201cWix, OneDrive, and Google Drive are some examples of SaaS platforms that are known to have phishing traffic. Since the typical indicators for SaaS platform phishing attacks may be benign, we use other indicators that have more to do with the content of the page, as well as the user\u2019s behavior. We look at the source code, on what platform it\u2019s on, how the form was created, whether it contains any password-specific identifiers, and we also look at the text with OCR and image analysis. This is also powered by a new ML-powered detection model.\u201dBy analyzing screenshots and source code of these web pages, Palo Alto Networks claims it can detect these phishing pages, even when they are hosted on legitimate platforms. \u201cThe detector is agnostic of the SaaS platforms which means new platform support automatically gets added.\u201d The new capabilities will be available by May 2023, Palo Alto Networks stated.