The 4 Compelling Things We Learned at Palo Alto Networks 2017 Ignite Conference

1.  3rd Party Application Framework – This announcement provides a comprehensive set of APIs that can be leveraged by 3rd party application developers to enhance the capabilities of the Palo platform. Similar to an “app store” for the Palo platform, customers will be able to develop, download or purchase extensions that leverage their existing infrastructure in new ways. This will help customers integrate existing and new platforms into the Palo Alto Platform which will assist with identifying nefarious activities in a more automated process. Many of these API capabilities are with several existing Integration Partners including ProtectWise, RecordedFuture, Attivo, Carbon Black, Fidelis, Splunk, Tufin, AlgoSec, CrowdStrike, Aruba, just to name a few. These announcements bring the potential for enhanced network visibility for incident response and unique threat intelligence. Since Integration Partners have worked with these partners previously, we can provide a complete overview of their individual and integrated capabilities and benefits.

2.  Thought Leadership: To their credit, Palo Alto has led in this area with the recent launch of MindMeld. Also, Palo  is one of the four founding members of the CyberThreat Alliance ( which brings together competing security providers with the goal of sharing learned threat data, tactics and protections. Additionally, Palo Alto also announced a  $20 Million fund to provide capital and tools to fuel the growth of seed-, early- and growth-stage security companies focused on developing innovative cloud-delivered capabilities for the Palo Alto Networks Application Framework (

3.  Managed Traps Service: Palo announced an additional option to obtain their end-point technology as a service with a managed service component as an option. This would be compelling to those organizations who are seeking a Next Generation End-Point protection and to have a provider manage that environment given most breaches occur on the end-point. Details are scheduled to be released over the next several months and we will share those once available.

4.  Cloud Activity Visibility & Compliance: Palo Alto made several cloud related announcements relating to its capabilities to monitoring, report and control data across cloud environments at Ignite. First, Palo announced a centralized, cloud-based security event logging capability. This is meant to address a constant headache for most organizations and often overlooked entirely by smaller ones. Palo’s new logging service offers data collection in the cloud that is easily deployed and instantly scaled. Customers will be able to consume this logging service in a OpEx model with no upfront investment in traditional security logging tools or the talent required to implement and maintain those systems. From a compliance perspective, many organizations struggle with deploying an appliance or virtual machine to perform penetration testing on their cloud deployments. There was no way to quickly generate documentation to provide to a PCI assessors (auditors). Some cloud providers have more enhanced capabilities, such as  AWS’s “Amazon Machine Images” (AMIs), which enables customers to create and share their own AMIs. That resolves the virtual machine deployment issue. This is also how a Palo Alto firewall is deployed into AWS, and a similar method is used to deploy firewalls to Azure as well. Regarding compliance, customers are still responsible for the security of their virtual machines and applications, and for providing evidence of that security. Cloud providers will take care of physical security, storage, networking, and geographical location. The lesson here is that if a high level of compliance, such as PCI is required, it is important to correct the right cloud provider and the right service that the provider offers. This information is not specific to Palo Alto networks, but applies there and to many other products.