lolloj - Fotolia
The information security industry is ripe for disruption because software producers typically struggle to get innovative products to market and end-user organisations find new products difficult and costly to use.
The solution is a software-as-a-service (SaaS) distribution and consumption model for the entire cyber security industry, according to Nir Zuk, founder and CTO of Palto Alto Networks, because it addresses these key issues.
Software developers can concentrate on innovation – because the underlying platform takes care of the rest, including visibility and distribution to potential customers, he said. The innovation is simply made available as a service to all platform users, who can switch a service on to try it, pay for the product if it works well, or turn it off and try another without deploying any software on-premise.
The only non-SaaS elements will be the physical devices deployed in the infrastructure, but everything else will be sold as a service, which is the way most other kinds of software have gone already.
“If you are a security entrepreneur today and you want to start a company, more than 99% of what you need to do on the product development side has nothing to do with security,” Zuk told Computer Weekly. “Instead, it has to do with delivery.
“If your product requires access to networks, then you need to build a box that will go into the network and that means having to go into big and small networks, virtual networks and cloud networks. And if your product requires you to go on endpoints, you have to build something that works all versions of all operating systems. So there is a lot of work just to get your innovation into the hands of customers.”
The next challenge, said Zuk, is to get customers to deploy yet another network or endpoint product and, as a result, a lot of security innovation is lost.
Palo Alto Networks has been working on enabling this disruption for some time, and has now announced its Application Framework, which will provide an environment for any security supplier of any size to develop applications to run on the Palo Alto Security Platform.
“What we are offering entrepreneurs is to focus just on building the security piece of their innovation, and then a path to get it into customers’ hands immediately,” said Zuk.
Test it immediately
Because it is a SaaS model, customers can test it immediately and decide whether or not it works and whether they are willing to pay for it, he said, while entrepreneurs will get immediate feedback on whether their product provides value and will have the opportunity to fix it on the fly if necessary, without going through years of deluding themselves about the quality of the product and blaming poor sales on matters such as difficult deployment.
Even though more than 30 security industry suppliers have already signed up to develop applications using the framework – with the first applications expected in late 2017 or early 2018 – Palo Alto Networks has also partnered with two venture capital firms to set up a $20m venture fund to attract even more partners by providing early-stage capital investments.
The company hopes to prove that by switching to a pure SaaS model, it will be possible to take new products to market and generate revenue relatively quickly without needing a huge amount of capital.
One of the bases for the application framework, said Zuk, is the ability to collect a lot of information from the infrastructure, including networks, endpoints and SaaS applications, which Palo Alto customers can already use instead of deploying on-premise log collection infrastructure.
“By doing this in the cloud, it is infinitely scalable, which means organisations can provision log file stores of several petabytes with just five mouse clicks that would otherwise be virtually impossible on-premise from a cost and operational point of view,” he said.
The value in this, said Zuk, is that it will enable applications to run on the security platform that require huge amounts of data, such as applications that involve some kind of analytics or machine learning.
Although this kind of infinitely scalable data stores is new, the approach is not, said Zuk. “From day one, [Palo Alto Networks] has aimed at processing as much as possible not on-premise, but in a centralised location,” he said. “From day zero, we delivered security as a service from the cloud.”
The company started with a threat prevention service, then added services for URL filtering, threat analysis and behaviour analytics, becoming one of the first security suppliers to switch from selling hardware and maintenance to selling mainly subscription-based services.
Through the application framework and security platform, Palo Alto Networks is hoping to see an acceleration of that, not only internally, but also with external partners.
“Instead of adding a new service every few years to deal with the latest challenges, we want to add potentially hundreds of new services every year,” said Zuk.
From the start, all the physical and virtual products from Palo Alto Networks have been built to support this, he said.
“They have been built to enable massive collection of information, to receive instructions via APIs [application program interfaces] from outside, and to look for all kinds of bad things in parallel at extremely high speeds using what we call the single-pass architecture.”
According to Zuk, Palo Alto Networks is well placed to enable disruption in the security market in terms of its size and information-gathering agent technology to provide the enforcement points on the network, endpoint and for SaaS.
“It is unlikely that all the vendors will agree on how to enforce [policy] and how to collect information, especially given that the only vendor that [currently] has the APIs to do that is us,” he said.
“What is important is the applications that run on top of those agents,” said Zuk, “not who is providing those agents as long as they can work at extremely high speed, that they are API-enabled, that they are able to collect very detailed data in high volumes, and are that they are able to stop malicious activity fast.”
The value is in the applications, he said, which will not only come from Palo Alto Networks, but also partners and even competitors, all of whom Zuk expects to switch to a SaaS model within a decade as end-user organisations reject buying software on the promise that it will deliver returns within five years and the assumption that the supplier will still be in business.
“We are at the beginning of a process that will completely change the industry, and it is very similar to what we have done to disrupt network security,” he said, pointing out that as a result, companies dedicated to selling network intrusion detection and prevention systems have practically disappeared.
While a SaaS approach to information security is ostensibly a win-win situation for all stakeholders, the fact remains that Palo Alto Networks is putting itself at the centre of this proposed new ecosystem.
As the provider of all the agents and the application framework, the biggest winner is arguably likely to be Palo Alto Networks itself, so it remains to be seen whether significant numbers of organisations will switch to Palo Alto Networks to benefit from a SaaS mode for security and whether significant numbers of competitors will buy in to the vision of making it easier for everyone to raise the security bar, or whether they will see it as a bit like turkeys voting for Christmas.
But Zuk remains confident, suggesting that market forces may mean the industry may not really have a choice. “Most of the customers I have been speaking to are telling me that, starting tomorrow, they are going to require their security suppliers to use the Palo Alto Networks application framework because they are done deploying [new security software] in their infrastructure,” he said.
“We will know we have been successful when our largest, direct competitors swallow their pride and write their applications to our framework – and that day is going to come. They are going to be forced to.”