Palo Alto SE Summit 2020: what happens in Vegas?

Last week, I attended the Palo Alto SE Summit 2020 in Las Vegas. At this event, more than 1200 Palo Alto Networks SE (system engineer) and 600 Partner SE’s from all over the globe gathered to get to know Palo Alto Network’s latest products and their vision on the future of cybersecurity. In this blogpost, I would like to share my key takeaways.

Complete enterprise security

Palo Alto Networks uses 3 security areas that, combined, form a complete enterprise security solution.

  • Secure the Enterprise: hardware and software NGFW
  • Prisma: Cloud security-focused: SaaS, Cloud infrastructure and SASE
  • Cortex: Threat hunting focus with prevention (previously Traps), XDR (detection) and Demisto (SOAR)

The acquisitions made by Palo Alto Networks last year (Aporeto, Zingbox, Twistlock, PureSec and Demisto) will help them optimize these areas to be highly comprehensive. It is unique that they will be able to provide a single pane of glass and be able to perform prevention, detection, and response with the mindset of automation. Now they will focus on making everything more streamlined.

Because the prevention, detection, and response are within one system, theautomation and completeness of security are higher than when using point solutions where you have to glue everything together yourself. The information sharing and automation possibilities between the areas truly make the difference in providing full security across the enterprise.

Another focus point in each of these subsolutions is customer simplicity, which makes the deployment of security as easy as possible. The automation capabilities avoid manual mistakes and shorten the delivery time. This is a necessary luxury in times where there is a big shortage of resources who can implement and maintain security. After deployment, visibility and support will benefit from enhancements that will be made. Looks very promising what will be coming in 2020.

Zingbox to protect IoT

Lastly, they highlighted the plans forthe Zingbox integration. IoT is present in basically all networks today. Not being able to protect IoT devices with agents nor patch them, causes a big security risk. AI-powered Zingbox IoT Guardian is the most deployed, most capable, and most cost-effective cloud-based solution for trusted, optimized, and autonomous IoT. Gaining visibility and insights into these IoT devices is a strong added value combining it with Palo Alto Networks firewalls.

Workshop time

Next to the general sessions, also hands-on workshops were organized. They were sometimes a bit short, as there was much to cover and learn.

Workshops that we had were about:

  • Prisma Access: This workshop showed its security value, visibility, and flexibility. I would certainly recommend requesting a presentation or demo when interested. Keep in mind that major improvements regarding features, visibility and troubleshooting will be released in 2020.
  • XDR threat hunting: During this hands-on lab, an XDR environment was provided and learned to investigate the incidents made by XDR. Using XDR, it was possible to perform deep analysis by having all information in one interface. Making it possible to answer questions like: root cause of infection? Did information get out of the network? Did we block certain activities? Do we see abnormal behavior from hosts around the breach timeframe? Etc.
  • Demisto: This was the first time I could get access to this product, and I created 2 custom playbooks. The playbooks could take IOCs in and deliver information automatically into the NGFW. I think possibilities are endless with Demisto. I must say the product is very visual to build playbooks. Having an application for mobile phones to request confirmation before an action is made looks very useful; other actions can also be made using the app.
  • SD-WAN: Made use of a setup between branch and hub. Looked into all the visibility details that Panorama is providing about the SD-WAN infrastructure, latency, packet loss and jitter. But also, a main dashboard providing direct information about impacted applications, links… With SD-WAN, you can see in one view if users are impacted by failure of some connections.

Conclusion

During the Palo Alto Networks SE Summit 2020 in Las Vegas, a huge amount of information was shared about NGFW, Prisma, and XDR with a focus on making the integration tighter and making it more consumable.

I think explaining to our customers what Palo Alto Networks is doing in each security area will become key for SecureLink next year. We can explain the broader strategy, the value and benefits it will bring.