6 min

Palo Alto Networks is developing as a company to take a more dominant role in the market. The cybersecurity vendor became a big player on the market with advanced enterprise firewalls, but actually wants to solve more and more network and security issues. This message is packaged as SASE, also known in full as Secure Access Service Edge. We recently attended the company’s Ignite user conference to learn more about this step.

The ambition of Palo Alto Networks to address more and more network and security issues can be called daring beforehand. By initially entering the market with one type of product, Palo Alto Networks managed to grow into one of the larger security vendors. Then you could choose to stay fully focused on what you’re good at: in this case, firewalls. So, Palo Alto Networks is clearly different and expects a lot from the activities that come with it.

Traditional firewalls are no longer sufficient

According to Palo Alto Networks, companies need a new way to connect to and use applications. Enterprise organisations are taking more and more Software as a Service (SaaS) applications, and employees are working more and more mobile. This shift, and with it the shift of Palo Alto Networks, has been going on for some time now. According to Palo Alto Networks, however, it has not always been clear among enterprise organizations how many critical applications are cloud-based and how connectivity for the applications needs to be optimized. This awareness now seems to permeate more and more.

The traditional way of working of firewalls, therefore, needs to be overhauled. So-called perimeter firewalls that used to be popular are no longer sufficient. With a perimeter firewall, a physical appliance was installed to allow traffic between the internal network and the external network to run securely. All the resources of enterprise organisations were, as it were, in one place. Desktops were secure on the desk and applications were run in the internal data centre. The devices did have an external connection to the regular internet. In order for this to run smoothly, a perimeter was placed over the internal resources. This is based on the assumption that everything within one’s own boundaries is good. Everything that comes from outside is bad.

This approach is no longer sufficient in a SaaS and mobile work-driven world, since resources are located in places far beyond company boundaries. A ‘perimeter-less’ approach is more achievable, or as Palo Alto Networks also calls it: a ‘logical perimeter’.

Bringing Network as a Service and Security as a Service together

This automatically brings us closer to the previously mentioned SASE. A logical approach uses a variety of technologies to connect the user to an application securely. In practice, it means that network and security solutions will come together in one cloud-based product, the so-called SASE solution. From the network side, the technologies SD-WAN, Quality of Service (QoS), Policy-Based Forwarding, Network as a Service, IPSec and SSL VPN will be incorporated into SASE. Security, in turn, brings e.g. SSL decryption, Cloud Access Security Broker, Cloud Secure Web Gateways, Zero Trust Network Access, Firewall as a Service, DNS security, data loss prevention and sandboxing to the SASE solution.

By putting these services into a single cloud-based framework, enterprise organizations should be able to enjoy the benefits of the cloud. This means, for example, the flexibility and simplicity that comes with the cloud. For example, this means the flexibility and simplicity that comes with the cloud. For example, if you choose to purchase all the named services, the number of network and security solutions within your company will decrease. After all, much more is controlled centrally, resulting in simplified management and maintenance.

Bringing technologies on board

In order to support this course as much as possible, Palo Alto Networks has recently introduced many new technologies. Sometimes these solutions come from acquired parties, but they are also being built themselves. Palo Alto Networks usually checks whether a good team needs to be purchased for the specific product. For example, if there is an emerging startup on the acquisition radar with a very good team that still has to develop the product well, the acquisition negotiations are often started. Then there is the confidence that the team can ultimately make a better solution than Palo Alto Networks itself.

As a result, Palo Alto Networks’ acquisition strategy comes across as quite aggressive. Over a period of about a year, some five companies were acquired for a combined value of more than a billion dollars. Without a doubt, the most remarkable acquisition in the list was that of Demisto. For this party, Palo Alto Networks deposited 560 million dollars (about 500 million euros), such a high acquisition amount was never paid by the security supplier. This is because of the Demisto platform on which security teams can coordinate their approach after a cyber attack. For this purpose, Demisto gathers data about the attack, filters the most relevant details from the attack and has the possibility to reconstruct the attack.

Another good example of the aggressive approach is the purchase of Twistlock and PureSec. The intentions for the acquisitions were announced at the same time, last summer. For these companies, Palo Alto Networks paid $410 million and $47 million respectively. With this, Palo Alto Networks once again demonstrates its cloud ambitions. Twistlock brings a platform for securing cloud-native applications and workloads to the Palo Alto Networks portfolio, while PureSec technology is used to build and maintain secure serverless applications.

Other notable in-house technologies include those from Aporeto and Zingbox, a zero-trust security provider and a hack detection platform for IoT devices.

Coming together on engines

Currently, Palo Alto Networks is working on making all technologies work together as well as possible. For the time being, this seems to require a bit more focus than even more acquisitions, as this brings quite a few integration challenges. After all, the different products have their own architectures, but often need to be compatible with each other as much as possible.

In order to solve this integration problem, Palo Alto Networks has set itself the goal of landing all data and log data on its own engine. In this way, collaboration is promoted, and analytics can be applied. In this case, log data tells us that data traffic has been exchanged between a user and an application. Data must actually be extracted from the traffic in order to understand what was happening in the traffic. Palo Alto Networks can then look at all this data to detect suspicious activities. In this engine, as much data as possible is eventually stored, including data from third parties.

The purchased Demisto sometimes makes this situation even more remarkable, since the Demisto technology runs on its own engine. For this platform, it has always been important to analyse data from third-party systems. As a result, the engine cannot simply lapse. Palo Alto Networks, therefore, chooses to combine both engines as well as possible. If customers use both engines, they should almost always be able to perform deep analyses with one of the two engines.

Best-of-breed as an answer

The many possibilities that come with this are a dire need, which the entire security market is currently crying out for, according to Palo Alto Networks. The number of suppliers of security tools has increased to more than 100, which has led to a spider’s web of security solutions in enterprise organizations. The security teams are often too small to use all those products to implement an actual good strategy. As a result, the whole original idea of the solutions, creating safer business environments, is lost.

Security vendors that take on more tasks give the right answer to this, says Palo Alto Networks. The company also notes that vendor lock-in is not to be feared, as other tools remain important in which Palo Alto Networks simply cannot play a role. However, SASE should serve as an example for activities that can come together in one solution.

Other security suppliers seem to be responding, as well. Competitors such as Zscaler, Fortinet and Infoblox also jumped on the SASE train.

Demonstrating the importance of SASE

SASE, as a discipline, is becoming more and more popular. Combining networking and security capabilities in one cloud product is an interesting idea. After all, the traditional working method of firewalls is no longer sufficient, so the security approach has to be changed. Whether SASE is really the right answer, time will tell. More often, technological advances have been conceived that were expected, but for which adoption lagged behind. In any case, we continue to keep a close eye on SASE developments here at Techzine.