Skip to content

Couldn’t make it to this year’s Palo Alto Networks SE Summit? Don’t worry, Kevin Thys, senior consultant, attended the event in Las Vegas and is here giving you a quick recap and his key takeaways from the four-day conference.

After three years, the Palo Alto Networks SE Summit is finally back. This is the event of the year where accredited System Engineers of Palo Alto Networks get their technical knowledge updated on the portfolio of Strata, Cortex & Prisma via keynotes and hands-on labs. But this is also a chance to get a sneak peek at upcoming features.

Being a member of the CyberForce community, Kevin was invited to join this year’s event.  As Jarviss is a Platinum Managed Security Service Provider, this was also an excellent opportunity to learn and get in touch with product managers, consulting engineers and system engineers from Palo Alto.  

 

#1 Certification changes

There will be coming changes to certification to make it clearer to customers what value the partner can bring in Strata, Cortex & Prisma. Indicating also how important it is for Palo Alto Networks to get good, trained partner SE’s. So, the products they develop get configured as they should be configured, they do this to give customers the best experience and security.

 

#2 Strata Invests in AIOps and Automation for Better Security and Visibility

Strata platform focuses on automation together with AI, ML & Deep Learning. Not only for security services such as the advanced URL, threat prevention, WildFire & DNS security, but also heavy investments are made in AIOps to improve and assist in configuring the products correctly. Ideas such as looking at telemetry data to predict if a power supply could fail or failed and shipping directly a new power supply. This will move support into more proactive support and not require collecting logs when cases are opened, as the support will already have the required information.

 

#3 Prisma Cloud Focuses Heavily On Alert Prioritization

One of the most interesting investments by the company is Prisma Cloud. It assists customers in prioritizing which alerts to focus on first. This will be done by looking at stitching alerts related to assets, risks of each alert, the amount of assets impacted, …. Together with improving Web User Interface (UI) to make the experience better and integrating also last acquisitions even more into the other capabilities of the platform.

 

Kevin’s thoughts

I think in the coming years more customers will be moving to a hybrid multi-cloud platform such as Prisma Cloud. This will be key in managing your security. By starting at the development of the application, to avoid having tons of alerts in runtime, in all the clouds where the application is running. Where those alerts would pop up separately and create alert fatigue, resulting in bad security operations.

 

#4 New ways of Managing Firewalls On-premises

Prisma Sase, more investments are made in cloud management. In the long term, this will completely change how firewalls will be managed on-premises. As this is still not released, it is not allowed to provide any details. But call us for a session, and we can show you what the future will be like in managing your security policies.

 

#5 ADAM Brings Better Insights into User Experiences

The Active Directory Application Mode (ADAM) functionality will be expanded. It will have an even better view on what your users are experiencing. Applications will have scores based on several parameters. Having historical data on those parameters will help network operations to see immediately why users are having a decreased applications experience. Combine this with Prisma Sase & SD-WAN and there could be taken automated action to move to other locations or connections to get the user experience back up and running.

 

#6 Improved XSIAM Takes Automation to a New Level

Jarviss is using XSOAR with the idea to perform first automation, to take away the burden of repeating tasks. XSIAM will take this even a step further for the customer. By automatically choosing to run some automation based on the context of the incident type and proposing to run additional automation. Or wait for input from a user or SOC analyst to take further automated action. This will also improve the customer experience for customers taking the Managed XDR service from Jarviss. XSIAM will be correlated and automate beyond the Palo Alto Networks portfolio.

 

#7 Next-generation Firewalls to Better Secure Public Clouds

How to secure public cloud with the next-generation firewall (NGFW)? More than 10k customers are already using Palo Alto Networks NGFW in public cloud. They will also offer a Firewall as a service (FWaas). So, deployment and architecture become less complex. The FWaas will be a cloud native asset, you deploy to send traffic to this service. The service will be kept operational by Palo Alto networks, including automatic scaling.

 

#8 Prisma Cloud Wins Customers With Updated Security Features

Key reasons why customers choose for Prisma Cloud:

  • Close security visibility gaps in native security tools
  • Simplify the cloud native security operations
  • Improve developer productivity while staying secure
  • Cover key compliance gaps in built-in security tooling
  • Reduce business risks of cloud native compute and serverless services

 

#9 Increased Focus on Quality in AI and ML

Cloud Delivered Security Services keynote went through advanced threat prevention, URL filtering, WildFire & DNS security. The main takeaway here was that a lot of vendors claim that they also do in those areas, AI/ML. But the quality is different because of the huge R&D investments made in the years before it was released, and the power of taking enhanced information in one single time out of the traffic. Where others are still not capable of doing this, what is impacting performance. The only way to deliver this security service with this quality is by leveraging the cloud. Together with the cloud providers, a lot of money was spent on hardware to bring this service to all customers.

 

#10 Risk-based Incident Sorting Helps Prioritize Most Critical Issues

Prisma Cloud showed value of all the visibilities with the risk-based incident sorting that will provide easy priority for the cloud teams where to focus on, so most critical issues get resolved first. Furthermore, the impact of shifting to the left to perform security was demonstrated. If you solve a vulnerability during development, more than 100 alerts could be resolved in runtime. Avoiding teams handling the runtime from getting overwhelmed with alerts, a simple change in development could take care of that.

 

#11 Automated Firewall Stitching Improves Detection and Response

The first part of the keynote focused on automation, starting with just XDR pro and showing what automation capabilities are available and the benefits of these capabilities. The automated stitching of NGFW to endpoint data is still a key benefit for detecting and providing automated full visibility. For example, a threat in the firewall is automatically pointed to the process on the endpoint from which it is coming from. Building further on this with stitching to user information. Over time, the user information visibility will be expanded.

Using automation will resolve turnover in teams, and automation will avoid teams to be less efficient. XSIAM will help determine if a specific source of information is needed and the exact data that is useful for providing more automation. So, the incident can be as clear as possible or be resolved automatically.

 

#12 Single Pass Architecture to Gain Traction in the Future

What it takes to be the best in Network Security. The main idea was to use a single pass architecture and compare its advantages to sequentially inspecting network flows. Taking out the data from the network flow and sending this in parallel for inspection on app-id, virus, spyware, vulnerability, …. It is much more efficient than taking data out of the network flow for each inspection you turn on.

During this keynote, the strong points and references to third-party testing of security subscriptions were shown. The use of security bundles was pointed out to be very competitive regarding pricing in combination with the new 4th gen hardware.

 

Jarviss has extensive knowledge in Palo Alto Networks. If you are interested in learning more about these technologies.

Send us an email at info@jarviss.be or give us a call at +32 9 394 99 11.

Author: Kevin Thys