Palo Alto Networks pushes platformization, AI for security

A platform approach

If you've paid any attention to Palo Alto Networks over the last year, you're well versed in its viewpoint on platforms.

In short, there are too many tools, protecting too many varied attack surfaces, from motivated attackers who have the time and resources to find an entry point somewhere in the environment. This makes a platform approach the only way to efficiently collect, analyze and operationalize the data necessary to stop these attacks.

Underpinning its strategy is the idea that cybersecurity has shifted from a sensor and detection business to a data business. At Ignite, Palo Alto Networks cited a handful of large enterprise customers that are moving with it along this platformization journey.

In reality, I think most large enterprises are still way out from the large-scale consolidation that platformization entails. When Enterprise Strategy Group, now part of Omdia, researched this topic in the past, openness was cited as a key component of a cybersecurity platform. Standards like the Open Cybersecurity Schema Framework seek to accomplish the same overall goal, across multiple vendors.

In the end, multiple things can be true: We need consolidation, there is value in simplified architectures, and some organizations will fully embrace a platform approach; at the same time, many will take a more middle-of-the-road approach, deploy platforms in a more limited fashion and follow a best-of-breed model in other areas.

AI-driven SecOps

A lot of the platform conversation applies specifically to Palo Alto Networks' security operations center (SOC) platform, XSIAM. But overall, the key focus at Ignite was around using AI for automation.

At issue: Human-centered SOC no longer works. Putting multiple interfaces in front of an analyst and asking them to connect dots across disparate data sources, then identify and perform required remediation actions -- and do so quickly -- is a strategy that does not scale.

Palo Alto Networks is quickly moving toward an agentic AI model, where analysts can be alerted to an issue, shown the pertinent information supporting the finding, be presented with the solution and click a button to implement it.

This isn't a new concept, but having built XSIAM from the ground up specifically to get to this point, Palo Alto has an advantage. Additionally, we're quickly going to reach a point where a new generation of SOC analysts is completely comfortable with automation and has significantly fewer reservations about allowing an AI agent to make certain decisions. We're not there yet, but it's quickly approaching.

Protecting runtime

The cloud security conversation has typically been focused on posture -- what's running, is it properly configured, are there vulnerabilities, what's the level of exposure and so on.

Palo Alto Networks announced Cortex Cloud in February to connect posture-focused cloud security with runtime protection and detection and response. The company calls it "code to cloud to SOC." Because of the SOC overlap, Cortex Cloud is available in XSIAM as well.

In reality, many organizations will continue to have different personas responsible for the different aspects of cloud security. This means it will likely be common for an organization to still start with a specific use case within Cortex Cloud and then expand over time to the others. But in the long run, the ability to centralize posture, runtime, and detection and response should help improve visibility and generate better outcomes for organizations overall.

Extending network security via the browser

With regard to network security, Palo Alto Networks called out both its AI Access Security system and its unified, AI-powered network security management and operations via Strata Cloud Manager as key differentiators.

But by far the most focus went to Prisma Access Browser. Palo Alto highlighted the number of SaaS applications knowledge workers use, the types of devices they access applications from and the amount of time spent in the browser as top reasons this is a key security control point.

What felt different from the past was the fact that less time was spent talking about Prisma Access Browser as a piece of the secure access service edge (SASE) puzzle, and seemingly more focus was placed on it as a standalone use case. For sure, Palo Alto still sees Prisma Access Browser as a component of its broader SASE strategy. However, based on the positioning, the differentiation between network-based security and browser-based security might be narrowing to the performance, experience and optimization benefits generated when traffic is carried over the SASE network.

Palo Alto Networks has correctly identified one of, if not the key issue with cybersecurity: It has become too difficult to ensure proper security across the enterprise. Some might disagree with its recommended solution -- platformization -- but what can't be argued is that the company is putting significant resources toward the approach, and many customers are following Palo Alto on the journey to make security solvable.

John Grady is a principal analyst at Enterprise Strategy Group, now part of Omdia, who covers network security. Grady has more than 15 years of IT vendor and analyst experience.

Enterprise Strategy Group is part of Omdia. Its analysts have business relationships with technology vendors.