Palo Alto Networks pushes platformization, AI for security

At Ignite in New York, the vendor laid out plans to use AI and ‘platformization’ to consolidate cybersecurity tools and data to combat increasingly sophisticated attacks.

One of the overarching themes of Palo Alto Networks' recent Ignite customer event in New York City was how to make security solvable.

A major component of this is the incorporation of AI across the stack, not just to aid in the detection of malicious activity, but help security teams become more efficient, do more with less, and ensure the business can be as productive and agile as possible.

The event focused on a few key areas where Palo Alto Networks feels it has significant differentiation, including “platformization,” AI-driven SecOps, protecting runtime with the company’s Cortex Cloud, and extending network security via the browser.

A platform approach

If you’ve paid any attention to Palo Alto Networks over the last year, you’re well-versed in their viewpoint on platforms.

In short, there are too many tools, protecting too many varied attack surfaces, from motivated attackers who have the time and resources to find an entry point somewhere in the environment. This makes a platform approach the only way to efficiently collect, analyze, and operationalize the data necessary to stop these attacks.

Underpinning their strategy is the idea that cybersecurity has shifted from a sensor and detection business to a data business. At Ignite, Palo Alto Networks cited a handful of large enterprise customers that are moving with them along this platformization journey.

In reality, I think most large enterprises are still way out from the large-scale consolidation platformization entails. When Enterprise Strategy Group, now part of Omdia, researched this topic in the past, openness was cited as a key component of a cybersecurity platform. Standards like the Open Cybersecurity Schema Framework seek to accomplish the same overall goal, across multiple vendors.

In the end, multiple things can be true: We need consolidation, there is value in simplified architectures, and some organizations will fully embrace a platform approach; at the same time, many will take a more middle-of-the-road approach, deploy platforms in a more limited fashion and follow a best-of-breed model in other areas.

AI-driven SecOps

A lot of the platform conversation applies specifically to Palo Alto Network’s SOC platform, XSIAM. But overall, the key focus at Ignite was around using AI for automation.

At issue: human-centered SOC no longer works. Putting multiple interfaces in front of an analyst and asking them to connect dots across disparate data sources then identify and perform required remediation actions, and do so quickly, is a strategy that does not scale.

Palo Alto Networks is quickly moving toward an agentic AI model, where analysts can be alerted to an issue, shown the pertinent information supporting the finding, be presented with the solution, and click a button to implement it.

This isn't a new concept, but having built XSIAM from the ground up specifically to get to this point, Palo Alto has an advantage. Additionally, we're quickly going to reach a point where a new generation of SOC analysts is completely comfortable with automation and has significantly fewer reservations about allowing an AI agent to make certain decisions. We’re not there yet, but it’s quickly approaching.

Protecting runtime

The cloud security conversation has typically been focused on posture; what's running, is it properly configured, are there vulnerabilities, what's the level of exposure, and so on.

Palo Alto Networks announced Cortex Cloud in February to connect posture-focused cloud security, with runtime protection and detection and response. The company calls it "code to cloud to SOC." Because of the SOC overlap, Cortex Cloud is available in XSIAM as well.

In reality, many organizations will continue to have different personas responsible for the different aspects of cloud security. This means it will likely be common for an organization to still start with a specific use case within Cortex Cloud and then expand over time to the others. But in the long run, the ability to centralize posture, runtime, and detection and response should help improve visibility and generate better outcomes for organizations overall.

Extending network security via the browser

With regard to network security, Palo Alto called out both its AI Access Security system and its unified, AI-powered network security management and operations via Strata Cloud Manager as key differentiators.

But by far the most focus went to Prisma Access Browser. Palo Alto highlighted the number of SaaS applications knowledge workers use, the types of devices they access applications from, and the amount of time spent in the browser as key reasons this is a key security control point.

What felt different from the past was the fact that less time was spent talking about Prisma Access Browser as a piece of the SASE puzzle and seemingly more focus was placed on it as a stand-alone use case. For sure, Palo Alto still sees Prisma Access Browser as a component of its broader SASE strategy. However, based on the positioning, the differentiation between network-based security and browser-based security may be narrowing to the performance, experience, and optimization benefits generated when traffic is carried over the SASE network.

Palo Alto Networks has correctly identified one of, if not the key issue with cybersecurity: it has become too difficult to ensure proper security across the enterprise. Some may disagree with their recommended solution -- platformization --but what can't be argued is that the company is putting significant resources toward the approach and many customers are following them on the journey to make security solvable.

John Grady is a principal analyst at Enterprise Strategy Group, now part of Omdia, who covers network security. Grady has more than 15 years of IT vendor and analyst experience.

Enterprise Strategy Group analysts have business relationships with technology providers.

Dig Deeper on Network security