Palo Alto Networks Ignite Europe in Barcelona – Technical Takeaways
This technical user conference organized by Palo Alto Networks celebrated its second European anniversary last week in Barcelona. Again, it brought light to their strategy and security approach.
As an opener, Nir Zuk, Palo Alto Networks’ CTO, gave us a reminder on how the market desperately tried to come up with separate and specific solutions, making the security market very complex with lots of products.
The related challenge we have today is: how to manage all these different tools while ensuring the threats they find are being shared to enable an automated response.
The Palo Alto Networks solutions have been an answer to this challenge for some years now. So, anything new?
SASE (Secure Access Service Edge)
As a complete SASE solution, Prisma Access delivers end-to-end networking and security services from a globally-distributed cloud platform. Concretely, this translates into different new features.
SD-WAN is now considered from the security point of view, which translates into various new functions:
- Their Prima Access has been extended in the cloud, giving customers a choice to manage their SASE environment with Panorama (as they used to) or to use the native cloud interface.
Also, with the large extension of the local presence around the world (including Belgium), their presence and performance have risen.
- Prisma access includes a full firewall-as-a-service, including features.
- Prisma Access is the only cloud-delivered SASE offering that guarantees the performance of SaaS application access, extending the existing uptime and security processing performance SLAs
- In the branch, the new PanOS that’s coming up on the firewall will enable SD-WAN features mainly on the path selection metrics and redundancy, the rest of the features will remain based on the already existing functionalities of the firewalls. So, this combines the best of both worlds in one solution!
- Prisma Access for Networks is not licensed per active site/location as you would expect, but based on the total bandwidth used across all sites. This means you can add as many locations as you want across the globe and divide the purchased bandwidth between them.
- DNS Security, as we know it from the virtual and hardware form factors, is now also available in Prisma Access.
- A new Data Loss Prevention service in an inline security form factor is natively built into Prisma Access. The DLP engine was upgraded a few months ago with a whole new set of patterns and analytics but, until now, it was only available for Prisma SaaS.
Thanks to acquisitions combined with their portfolio, Palo Alto Networks is now able to cover all security requirements with Prisma Cloud.
Requirements include vulnerability management, compliance of configuration monitoring, workload security, network security, and data security to allow an automated response.
Prisma Cloud also supports the main IaaS, PaaS, and SaaS providers, together with the container and serverless providers with an integrated security solution.
Then, next to the existing VMWare NSX integration of the VM Series, there is now a native integration with Nutanix Prism and Flow to allow information exchange of the running workloads, as well as microsegmentation allowing to apply Palo Alto Networks security measures dynamically.
On the Cortex front, there is even more exciting news! At Ignite ’19, Palo Alto Networks announced their opening to logs coming from competitive solutions. This means that Palo Alto Networks XDR is already at version 2.0, using Artificial Intelligence to get the most out of the security solutions in place, and speeding up, even more, the detection and response capabilities without having to jump from screen to screen.
Additionally, that same interface has now been merged with the Traps endpoint management in order to further enhance the consistency and ease of deployment, as well as the addition of device control in the policy.
If you add the integration of the Demisto solution, demonstrated at Ignite by Orange Cyberdefense, then you can extend automation to SOC operations, allowing security orchestration and making it the most extensive response platform on the market.
Zingbox integration in Cortex for IoT
The current solution automates the lifecycle of IoT devices, from inventory to security posture, usage and decommissioning.
Near future integration is a new firewall subscription, allowing avoidance of new probe deployments.
So, this is a sum-up of the insights I gained at Palo Alto Networks’ Ignite 2019 in Barcelona. If you want more details about these solutions, please do not hesitate to reach out.