At Ignite ’22 cybersecurity conference, Palo Alto Networks looks to capitalize on consolidation

Check out all the on-demand sessions from the Intelligent Security Summit here.

Aiming to alleviate the costs and time-drains CISOs face keeping cloud, network and security operations centers (SOCs) secure, Palo Alto Networks made a compelling case at its Ignite ’22 cybersecurity conference to consolidate security tech stacks. Like CrowdStrike, which is consolidating tech stacks as a growth strategy, Palo Alto Networks’ latest financial results, earnings call and announcements at Ignite ’22 all reflect an intensifying focus on capitalizing on consolidation. 

Palo Alto’s 2022 What’s Next in Cyber survey finds that 77% of C-suite leaders say they are highly likely to reduce the number of security solutions and services they rely on. Their responses show that a typical global enterprise has an average of 31 cybersecurity apps, services and tools, and contracts with 13 different vendors. Forty-one percent of organizations are working with 10 or more cybersecurity vendors. With security budgets under greater scrutiny for the business value they deliver, CISOs need to drive revenue to advance their careers. Consolidating duplicate systems helps improve the accuracy and intelligence an integrated tech stack can provide while reducing costs and improving cybersecurity’s revenue contribution. 

Selling the consolidation vision at Ignite ’22  

Palo Alto Networks has created a compelling vision that puts consolidation at the core of its go-to-market strategy. “And customers are actually onto it. They want the consolidation because right now, customers are going through the three biggest transformations ever: They’re going to network security transformation, they’re going through a cloud transformation, and [though] many of them don’t know … they’re about to go to an SOC transformation,” said Nikesh Arora, Palo Alto Networks chairman and CEO, during his keynote.   

Selling the benefits of consolidating cybersecurity applications and tools on a single platform is working. The company’s fiscal first-quarter revenue grew 25% yearly to $1.6 billion, and fiscal first-quarter billings grew 27% yearly to $1.7 billion. “At the center of our strategy is the need to drive more consolidation to get customers to a better security posture. Towards that end, we continue to see large cross-platform buys and grow our millionaire customers at a steady clip,” Arora said on Palo Alto’s recent earnings call.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

The company relies on upselling and cross-selling from its Strata, Prisma Cloud and Cortex platforms, capitalizing on opportunities with prospects and customers to replace redundant, often legacy applications, tools and systems.

The company’s evolving platform strategy is creating more opportunities to consolidate customers’ tech stacks while capitalizing on unified threat intelligence. Source: Palo Alto Networks 2021 Analyst Day Presentation

Keynotes and senior management Q&A sessions throughout Ignite ’22 reinforced this consolidation vision by emphasizing the need to secure hybrid, multi-cloud configurations, help customers deal with accelerating digital transformation, and recognize how “in five years SOCs will be run using AI,” according to company founder and CTO Nir Zuk. The intensifying security landscape is feeding into the consolidation vision, given the proliferation of attacks and the need for better threat intelligence and more trusted partners on the platform.     

Prisma and Cortex have cybersecurity momentum  

Ignite ’22 provided proof points of Palo Alto Networks’ intensive R&D spending on cloud security and security operations, including two of the three platforms the company relies on for its product and services revenue today. VentureBeat spoke with several CISOs, CIOs and IT leaders at Ignite ’22 to see if the build-out of Prisma Cloud and Cortex is scalable enough to handle customers’ needs beyond network security.  

The security leaders told VentureBeat that Prisma’s “shift left” strategy, strengthened by the acquisition of Cider Security, along with Software Composition Analysis (SCA), is needed to provide the tools an organization needs to produce Software Bills of Materials (SBOMs). The purpose is to comply with the White House’s Executive Order 14028, which requires software vendors to provide an SBOM, and the requirements in the September 14, 2022 memorandum from the director of the Office of Management and Budget (OMB) to the heads of executive branch departments and agencies. 

“Out-Innovating the Attackers,” the keynote by Lee Klarich, Palo Alto Networks’ chief product officer, was the best presentation at Ignite ‘22 because it showed how the company’s 4,000 devops engineers and product managers are translating urgent challenges customers face into products. An example of how effective the product organization is at innovating can be seen in Prisma Cloud’s new announcements, seen in the slide below from Lee’s presentation. SCA and the Cider Security acquisition are table stakes for securing software supply chains.

Prisma Cloud's Innovation is Shifting Cloud Security "Left"
Strengthening Prisma Cloud with new applications, tools and systems is needed to secure its customers’ software supply chains. CISOs with whom VentureBeat spoke gave the company high marks for getting this done. Source: Ignite ’22 conference

Active attack surface management (ASM) is now on the Cortex platform  

Xpanse Active ASM aims to help security teams not just actively find but also proactively fix their known and unknown internet-connected risks. Xpanse Active ASM equips organizations with automation to give them an edge over attackers. “While the fundamental need for attack surface management hasn’t changed, today’s threat landscape is much different. Organizations need an active defense system that operates faster than attackers can,” said Matt Kraning, chief technology officer of Cortex for Palo Alto Networks.

“As the leader and pioneer in the ASM market, we realize that customers need complete, accurate and timely discovery and remediation of risky exposures in their internet-connected systems. With Xpanse Active ASM, we give defenders the ability to see their exposures instantly and shut them down automatically, with no human labor required.”

Xpanse Active ASM provides the following:

  • Active Discovery: Attackers use frequent, automated probes to find vulnerable and exposed assets. Organizations need tools that give them the same visibility. The Active Discovery module refreshes its internet-scale database several times daily and uses supervised machine learning (ML) to map these vulnerabilities accurately. This helps an organization get an outside-in view of its network — the same view attackers have.
  • Active Learning: Xpanse continuously processes discovery data, mapping new data to the people responsible for each system. The Active Learning module continuously analyzes and maps the streamed discovery data to understand and prioritize top risks in real time. As a result, customers can stay ahead of attackers by closing down the riskiest exposures quickly.
  • Active Response: While instant discovery of vulnerabilities and exposures can give security teams a realistic risk picture, identifying issues isn’t enough. Automated remediation is key to staying ahead of attackers. It saves response time in the SOC by eliminating the manual step of creating a ticket for analysts, who must then spend hours of manual effort tracking down the owner of the affected system and resolving the vulnerability. True automation is solving the end-to-end remediation process without human intervention. Active Response includes native embedded automatic remediation capabilities that use Active Discovery data and Active Learning analysis to automatically shut down exposures before they allow threats into a network. It executes ASM-specific playbooks to triage, deactivate and repair vulnerabilities automatically.

The Xpanse Active Response module includes built-in end-to-end remediation playbooks. These playbooks automatically eliminate critical risks, such as exposed Remote Desktop Protocol (RDP) servers and insecure OpenSSH instances, without any manual labor.

Following remediation, Active Response automatically verifies that remediation was successful by scanning assets, compiling audited actions and placing investigation details into clear dashboards and reports.

Introducing Xpanse Active ASM
Palo Alto Networks recently announced a multiyear deal for Cortex Xpanse to equip the
Department of Defense with Internet Operations Management capabilities. Source: Ignite ’22 Conference

The $100 billion market cap remains elusive  

For Palo Alto Networks to be the first cybersecurity company to reach a $100 billion market capitalization, as CEO Nikesh Arora has predicted in an interview, there are several challenges the company must first overcome to achieve competitive parity. 

Most noticeable at Ignite ’22 was the need for more partners to be exhibiting Palo Alto’s solutions and greater enthusiasm for partner solutions on the part of Palo Alto Networks’ customers. To reach a $100 billion market cap, channel and technology partners must deliver more revenue globally, not just in the U.S.    

Second, despite the new products that capitalize on the company’s evolving machine learning expertise as Xpanse Active ASM does, Palo Alto Networks still isn’t showing that it has AI and ML embedded in its DNA. Consider CrowdStrike’s rapid innovations in ML, with Threat Graph, Asset Graph, Falcon Discover for IoT and many products and services released just this year.

Devops is one of Palo Alto Networks’ strongest areas today, based on what was presented at Ignite ’22. To reach that $100 billion market cap, it needs to fulfill its vision of running an SOC on AI in five years or less while focusing on using ML as a devops force multiplier across all product strategies.

Partners needed

Palo Alto Networks also announced a zero-trust network access (ZTNA) partnership with Google. Palo Alto’s Prisma Access will team with BeyondCorp Enterprise from Google Cloud to enable users to work together securely and seamlessly on different devices from different locations. However, this seemed to be more a validation of work the two companies have already done together than something fundamentally new.

With zero trust dominating nearly every conversation today, the lack of partner announcements was a missed opportunity to generate more interest in Palo Alto Networks’ partner base. Paradoxically, if Palo Alto opened up ZTNA sales opportunities to partners more, it could make significant gains toward its $100 billion market cap goal.

As Nikesh said in the keynote, “the only way you can get zero trust security is through Palo Alto.” Providing partners with an opportunity to profit from that strategy would energize the area of the company that needs to scale the most to reach that market cap goal.

Originally appeared on: TheSpuzz