Palo Alto Networks pushes platformization, AI for security
The vendor's strategy involves leveraging AI and platformization to streamline cybersecurity tools and data. This approach aims to enhance the ability to defend against advanced cyber threats. By consolidating resources, organizations can better protect against increasingly sophisticated attacks. Ignite in New York provided a platform for the vendor to showcase their innovative cybersecurity solutions. The use of AI can help improve response times and overall security posture.
One of the overarching themes of Palo Alto Networks' recent Ignite customer event in New York City was how to make security solvable. A major component of this is the incorporation of AI across the stack, not just to aid in the detection of malicious activity, but help security teams become more efficient, do more with less, and ensure the business can be as productive and agile as possible.
Platform Approach
The event focused on a few key areas where Palo Alto Networks feels it has significant differentiation, including “platformization,” AI-driven SecOps, protecting runtime with the company’s Cortex Cloud, and extending network security via the browser.
If you’ve paid any attention to Palo Alto Networks over the last year, you’re well-versed in their viewpoint on platforms. In short, there are too many tools, protecting too many varied attack surfaces, from motivated attackers who have the time and resources to find an entry point somewhere in the environment. This makes a platform approach the only way to efficiently collect, analyze, and operationalize the data necessary to stop these attacks.
Underpinning their strategy is the idea that cybersecurity has shifted from a sensor and detection business to a data business. At Ignite, Palo Alto Networks cited a handful of large enterprise customers that are moving with them along this platformization journey. In reality, I think most large enterprises are still way out from the large-scale consolidation platformization entails.
AI-driven SecOps
A lot of the platform conversation applies specifically to Palo Alto Network’s SOC platform, XSIAM. But overall, the key focus at Ignite was around using AI for automation. At issue: human-centered SOC no longer works. Palo Alto Networks is quickly moving toward an agentic AI model, where analysts can be alerted to an issue, shown the pertinent information supporting the finding, be presented with the solution, and click a button to implement it.
Additionally, we're quickly going to reach a point where a new generation of SOC analysts is completely comfortable with automation and has significantly fewer reservations about allowing an AI agent to make certain decisions. We’re not there yet, but it’s quickly approaching.
Protecting Runtime
The cloud security conversation has typically been focused on posture; what's running, is it properly configured, are there vulnerabilities, what's the level of exposure, and so on. Palo Alto Networks announced Cortex Cloud in February to connect posture-focused cloud security, with runtime protection and detection and response. The company calls it "code to cloud to SOC."
Because of the SOC overlap, Cortex Cloud is available in XSIAM as well. In reality, many organizations will continue to have different personas responsible for the different aspects of cloud security. This means it will likely be common for an organization to still start with a specific use case within Cortex Cloud and then expand over time to the others.
Extending Network Security via the Browser
With regard to network security, Palo Alto called out both its AI Access Security system and its unified, AI-powered network security management and operations via Strata Cloud Manager as key differentiators. But by far the most focus went to Prisma Access Browser.
Palo Alto highlighted the number of SaaS applications knowledge workers use, the types of devices they access applications from, and the amount of time spent in the browser as key reasons this is a key security control point.
What felt different from the past was the fact that less time was spent talking about Prisma Access Browser as a piece of the SASE puzzle and seemingly more focus was placed on it as a stand-alone use case.
Palo Alto Networks has correctly identified one of, if not the key issue with cybersecurity: it has become too difficult to ensure proper security across the enterprise. Some may disagree with their recommended solution -- platformization -- but what can't be argued is that the company is putting significant resources toward the approach and many customers are following them on the journey to make security solvable.
John Grady is a principal analyst at Enterprise Strategy Group, now part of Omdia, who covers network security. Grady has more than 15 years of IT vendor and analyst experience. Enterprise Strategy Group analysts have business relationships with technology providers.