The Palo Alto Networks Application Framework extends the capabilities of the Palo Alto Next-Generation Security Platform to enable organisations to implement innovative cloud-based security applications from any provider, large or small.
According to the company, this framework represents a game-changing evolution of the Palo Alto Networks Next-Generation Security Platform, disrupting the consumption model for organisations to rapidly access, evaluate and adopt cutting-edge security technologies with the Palo Alto Networks infrastructure they already have.
The framework, the company said, will extend the power of the platform to more rapidly achieve automated, consistent and scalable breach prevention capabilities, all delivered from the cloud.
The announcement comes just four months after Palo Alto Networks CEO Mark McLaughlin told RSA Conference 2017 that collaborative security platforms will enable developers to focus on innovation and force the security industry to change business models.
Security platforms with open application programming interfaces (APIs) are set to turn the business model for the information security industry on its head, he said, in response to the need for new models that will drive more innovation, value and encourage sharing of threat intelligence in highly automated ways.
This is what the application framework will deliver, Nir Zuk, founder and CTO of Palo Alto networks, told the opening session of Ignite ‘17 in Vancouver, Canada.
The framework enables a software-as-a-service (SaaS) consumption model, allowing customers to rapidly evaluate and deploy capabilities through security applications built by Palo Alto Networks, third-party developers, managed security service providers (MSSPs) and their own teams.
This new model will use existing Palo Alto Networks sensors, customer-specific data stores and security infrastructure, enabling organisations to activate cloud-delivered applications instantly from different providers as security needs change and without deploying or managing additional products.
Zuk said the amount entrepreneurs spend on security research and development (R&D) and investment in new startups, “which is on an unsustainable path”, as well the requirements machine learning will bring to the market in terms of storage, computer power and centralisation, means the cyber security industry is ready for disruption.
The need for disruption is also clear when you look at cyber security costs, he said. “It has become impossible for organisations to consume cyber security because it costs a lot of money to figure out whether something works or not in your infrastructure, and the technology coming to market requires very frequent updates.”
Security ‘must become a set of services’
In light of all the things that are not working well, Zuk said the conclusion is that cyber security has to become a set of services that organisations consume, rather than a set of technologies that are deployed on-premise.
“All the cyber security technologies that companies are using today in their infrastructure have to turn into services that organisations buy, but require nothing to be deployed in the company infrastructure to be consumed,” he said.
However, Zuk said that could be “tricky” because, unlike other software delivered as a service such as enterprise resource planning (ERP) and customer relationship management (CRM), security needs agents in the infrastructure, the network, endpoints and SaaS applications. This is so it can to stop the bad things and collect information into a centralised location where analytical tools can run.
“The future we see is a future where you have a set of network technologies – physical and virtual, on-premise, co-located and in the cloud – you have endpoint technology, a single endpoint agent and a single process looking at your SaaS applications. This is to reinforce policies, look for and stop bad things, and collect information into a centralised threat intelligence cloud where the bad things are discovered within that data,” he said.
According to Zuk, once an organisation has a single network agent in each location – physical or virtual – in the organisation’s infrastructure, and once there is an agent on the endpoint and an agent looking at SaaS applications, everything the organisation buys from that point is a service.
“This will enable organisations to try something new by simply turning it on. If it works, start paying for it. If not, turn it off and try something else because there is no need to deploy anything on-premise in terms of data collection, and there is no need to upgrade anything as services will be updated continually,” he said.
This approach will also help spur innovation, said Zuk. “If you are an entrepreneur and you want to start a company delivering a great algorithm you just came up with, you don’t need to raise tens of millions of dollars and hire 50 engineers to build products. With a small team, you can build a product and run it in the cloud on all the data that has been collected. If you deliver value, tens of thousands of customers will see it and be willing to pay for it.”
Disruption will ‘change how cyber security is consumed’
In this new model, Palo Alto Networks provides a layer that acts as an agent in firewalls, endpoints and SaaS. It also provides a “massive data collection scheme” that is “attractively priced” that enables organisations to collect tens of thousands of terabytes of data a day, as well as keep petabytes of data online for use by various algorithms. On top of that, Zuk added, there is a set of applications.
These applications –such as Wildfire, AutoFocus and LightCyber – are not only provided by Palo Alto Networks, but there are also applications provided by third parties. “Any supplier of any size that wants to build an application to run on the [Palo Alto Security Platform] is welcome – even our competitors,” said Zuk.
“I would like to get to the point where users don’t have to buy any of these services from Palo Alto Networks. If they don’t like Wildfire, there should be many other sandbox suppliers to choose from. All our competitors are invited to participate in this.
“It will quickly be clear what works and what doesn’t work. This disruption will completely change the way organisations consume cyber security. There will be no more deployed products on-premise either physically or virtually” he said.
Instead, Zuk said organisations will have just one thing in the network, the firewall, one thing on an endpoint and one service that looks at all the SaaS applications, but everything else will come as a service.
Because the Palo Alto Networks Security Platform provides all the basic infrastructure, developers do not have to worry about anything that is not directly related to cyber security. “Just build your GUI [graphical user interface], run your queries and deliver your value,” he said.
According to Zuk, 99% of current security product development is related to delivery and has nothing to do with security. “It is about enabling your product to run on all types of network and all types of operating systems. There is a lot of work just to get your innovation into the hands of customers, and I think a lot of innovation is lost because of that,” he told Computer Weekly.
This new approach, he said, enables entrepreneurs to focus just on the security piece and then provides a means to get it into customer hands and test it immediately.
Applications that can run on top of the Palo Alto Security Platform, he said, will most likely include applications for things such as data visualisation for reporting or threat hunting, comparing stored data with threat intelligence data feeds to provide more value, and machine learning-based threat detection applications.
“Once you detect bad things, there are going to be APIs that allow you to gain – with permission – control through the network, endpoint and SaaS agents to take action to stop attacks.
“The most important thing is that organisations don’t have to deploy anything. They just flip a switch to try an application and, if it provides value, they pay for it, but if it doesn’t, they can just move on to the next one. This is the way cyber security will be consumed from now on,” he said.
More than 30 security industry suppliers have already engaged with Palo Alto Networks to develop applications for the Palo Alto Networks Application Framework, including Carbon Black, CrowdStrike, ForeScout, IBM, Phantom, PhishMe, Proofpoint, ProtectWise, Recorded Future, Splunk and Wandera.
The Palo Alto Networks Application Framework and applications that have been developed on top of it are expected to be generally available in late 2017 or early 2018, with continuous and ongoing introduction of security applications.
However, the ability for organisations to collect data from the infrastructure – networks, endpoints and SaaS applications – is already available.
Read more about innovation
- The UK government launches a probe into barriers that stifle entrepreneurs, and creates a plan on how to drive innovation.
- Competition becomes a team sport in the digital era, with companies joining forces to get to grips with the latest innovations.
- As smartphone sales continue to stagnate, suppliers are looking to innovate in more novel ways.