The VM-Series protects your applications and data with
next-generation security features that deliver superior
visibility, precise control, and threat prevention at the
application level. Automation features and centralized
management allow you to embed security in your application
development process, ensuring security can keep pace with
the speed of the cloud:
• Application visibility for informed security decisions: The
VM-Series provides application visibility across all ports,
meaning you have far more relevant information about
your cloud environment to help you make rapid, informed
policy decisions.
• “Segment/Allow” applications for security and compliance:
Today’s cyberthreats commonly compromise an individual
workstation or user, and then move laterally across your
network, placing your mission-critical applications and data
at risk wherever they are. Using segmentation and allow listing
policies allows you to control applications communicating
across different subnets to block lateral threat movement and
achieve regulatory compliance.
• Prevent advanced attacks within allowed application flows:
Attacks, much like many applications, can use any port,
rendering traditional prevention mechanisms ineffective.
The VM-Series allows native integration with our clouddelivered subscription services, such as Threat Prevention,
DNS Security, and WildFire® to apply application-specific
policies that block exploits, prevent malware, and stop
previously unknown threats from infecting your cloud.
• Control application access with user-based policies:
Integration with a wide range of user repositories—such
as Microsoft Exchange, Active Directory®, and LDAP—
complements application allow listing with user identity
as an added policy element that controls access to
applications and data. When deployed in conjunction with
Palo Alto Networks GlobalProtect™ for network security at
the endpoint, the VM-Series enables you to extend your
corporate security policies to mobile devices and users,
regardless of their locations.
• Policy consistency through centralized management:
Panorama™ provides centralized network security
management for your VM-Series firewalls across multiple
cloud deployments, along with your physical security
appliances, ensuring policy consistency and cohesion.
Rich, centralized logging and reporting capabilities provide
visibility into virtualized applications, users, and content.
• Container protection for managed Kubernetes
environments: The VM-Series protects containers running
in Google Kubernetes® Engine and Azure® Kubernetes
Service with the same visibility and threat prevention
capabilities that can protect business-critical workloads
on Google Cloud and Microsoft Azure. Container visibility
empowers security operations teams to make informed
security decisions and respond more quickly to potential
incidents. Threat Prevention, WildFire, and URL Filtering
policies can be used to protect Kubernetes clusters from
known and unknown threats. Panorama enables you to
automate policy updates as Kubernetes services are added
or removed, ensuring security keeps pace with your everchanging managed Kubernetes environments.

Grant access based on users, and prevent known
and unknown threats.

Improve security posture and achieve compliance.

Centrally manage policies across both
physical and virtual firewalls to ensure
consistent security posture.