4 Takeaways from the 2020 Palo Alto Networks SE Summit

Ryan Skally
Palo Alto Networks Cyberforce Hero

 

It’s that time again – Palo Alto Network’s SE Summit and this year’s event was not disappointing! Now that they’re the largest security company, Palo Alto Networks had a lot going on during this year’s SE Summit.

 

Here are the main items of focus that I learned from this year’s Summit:

  • No mention or release of any new hardware
  • Rebrand of offering names and a new logo
  • SD-WAN comes to Palo Alto Networks
  • PAN-OS continues with cool, new features

 

Hardware

For the second straight year, no new hardware was released or mentioned. This year’s event was all about software, integrating some of their past year acquisitions and subscription-based licensing. There was a lot of information to be had and take in like usual. New changes, some good and some bad.

 

New Names & Logo

For the past year or so the marketing department has been busy rebranding their business and their offerings. For the first time in 15 years, Palo Alto Networks has a new logo! In addition, the biggest name change to match Cortex and Prisma is Strata. Strata is the new family name for everything Next-Gen Firewall (NGFW).

The NGFW is and will continue to be a focal point for Palo Alto Networks as it should be. Last year they released their DNS Security subscription to the firewall. Something that hadn’t been done in quite a few years. Expected later this (or next) year will be the addition of an IoT subscription via their most recent acquisition of Zingbox. This will join the existing, all-encompassing App-ID, User-ID and Content-ID that we’ve known for many years. Device-ID will be the latest identification technology added to Strata that will allow the identification of device types that are traversing your environment and also tag those devices, group them, and appropriately add them to the security policies. This will be a major benefit as organizations continue to deal with the explosive growth of IoT devices on their networks.

 

SD-WAN comes to Palo Alto Networks

Other than the new name change to Strata, the firewall family is still adding in a ton of new features with the newly released PAN-OS 9.1. The biggest and one of the most important ones being their addition of SD-WAN functionality that will be supported for both hardware and VM-Series firewalls. Customers will be able to create profiles such as Interface, Traffic Distribution (set order and prioritization of paths/links), Path Quality, (set acceptable jitter, latency, loss thresholds) and SD-WAN (rules that tie all of the above together for any given application).

SD-WAN is obviously new and in its infancy stage because Panorama will be required to build the mesh of tunnels between firewalls. I’m hoping this will change in the future to a cloud-based Cortex app approach like Prisma Access. Also, with this 1.0 release, it will not be able to optimize application traffic or prioritize one application over another. These last 2 features are important in the world of SD-WAN. However, there was mention of these being added in the next iteration of their SD-WAN capability.

 

New Features

There are so many new things coming to the firewall and Palo Alto Networks as a whole. But I will dive into one more addition to Strata that seriously piqued my interest. The world is moving more and more into serverless and container environments as they should be. Palo Alto Networks introduced its Container-Based NGFW (CN-NGFW) offering which allows customers to deploy this container firewall into a Kubernetes environment. Palo Alto Networks made it well known that they want to be able to deploy their firewalls in any customer’s environment regardless of the infrastructure. They’re not 100% there yet and also not far off. But this definitely moves that goal further in the right direction. We’ve all heard of micro-segmentation at this point. This is where we get into pico-segmentation and being able to monitor and control the traffic traversing from container to container and not just server to server.

Cortex is the AI-based hub the extends the next-generation continuous security operations platform into the cloud. Cortex is focused on the endpoint, ML/AI, and orchestration/automation applications in Palo Alto Network’s platform. This includes the Hub for native and 3rd party applications, the Data Lake (formerly Logging Service), XDR (EPP, EDR, NTA, UBA), and XSOAR (formerly Demisto).

The news that Demisto’s name was changing was not very well received at the conference. At first mention at the event, the new name was going to be Cortex SOAR. Roughly 5% of the audience liked that name and I might be generous on that. Probably, the big reason for it now being changed to XSOAR instead of just SOAR. The Demisto name will surely be missed.

Palo Alto Networks made a thought-provoking statement about current SIEM technologies and what most customers do with their SIEMs. In a typical SIEM deployment, customers only being able to ingest data. With their evolution of the SIEM, they are able to not only ingest that data but also digest that data into actionable automated responses alleviating the pain and time with manual intervention. This is a huge win for us and our customers since we are always talking heavily about Integration, Automation, and Orchestration. The IAO trifecta if you will. Two of the biggest changes to Cortex and the Data Lake is the 3rd party (Cisco, Checkpoint, Fortinet, and others) FW support for logs and alerts. They’ve also created a new open REST API that can provide integrated alerts/analytics for anything reporting to the new API. Cortex XSOAR will have prebuilt playbooks to take advantage of their new API.

Moving on to the XDR product and platform, comes a much-needed change with the introduction of XDR 2.0. This was probably my favorite update at the event. Before SE Summit, there were 3 separate Cortex apps (1 for Traps and 2 for XDR) located in the Cortex Hub. Now they are all under the same wheelhouse and single pane of glass console. XDR is now broken out into two subscription-based categories, XDR Prevent (Traps) and XDR Pro. These are 2 subscription levels that include EPP functionality with XDR Prevent and EDR, NTA, and UBA functionality with XDR Pro. This was something that was desperately needed, and Palo Alto Networks delivered on it.

Prisma has already had a ton of changes added over the last year. Prisma being their unified multi-cloud offering including a lot of their recent acquisitions to provide a well-rounded cloud offering to those customers looking for SAAS, Serverless, Container, and multi-cloud protection.

The biggest thing to happen to Prisma is also the breakout of subscription-based. It is not an all or nothing situation. Customers will be able to choose a workload type based on the application.

 

The two offerings for Prisma that will be both be sold as per host subscriptions:

  • Prisma Public Cloud Compute – SaaS offering (comprised of PureSec, Twistlock, Aporato, Redlock, Evident)
  • Prisma Cloud Enterprise – On-Prem offering (comprised of PureSec, Twistlock, Aporato)

 

Wrapup

SE Summit 2020 was a big success this year. The number one network security company in the world is still moving in the right direction and moving there fast. I’m always wary when a security product gets acquired because what is that security product going to look like, is it going to be implemented correctly in its new product family line, or was it acquired to destroy competition. I’ve never had to worry about what Palo Alto Networks has done with their acquisitions because their main goal is to make their platform better. That’s exactly what they’ve done and continue to do. Without their recent acquisitions (last 18-20 months) into Serverless, Container, Multi-Cloud, UBA, SOAR and IoT security, they wouldn’t be where they are at currently. Currently, they are poised to not only keep that number one position but grow that lead even larger.