CEO Nikesh Arora: Palo Alto Networks Has Achieved The ‘Holy Grail’ Of Security

‘This is our attempt to say, look, the (Security Operations Center) SOC needs a new paradigm,’ says Palo Alto Networks CEO Nikesh Arora. “The new paradigm is we have to collect good data, we have to analyze good data, we have to figure out anomalous behavior and stop it as it is happening,. To me, that is the Holy Grail of security, real time security, blocking the event as it’s happening!’


With its AI-based Cortex XSIAM Security Operations Center (SOC) platform, Palo Alto Networks has achieved what amounts to the ‘holy grail” of security with the ability to stop threats in “real time,” said Palo Alto Networks CEO Nikesh Arora.

“This is our attempt to say, look, the SOC needs a new paradigm. The new paradigm is we have to collect good data, we have to analyze good data, we have to figure out anomalous behavior and stop it as it is happening,” said Arora. “To me, that is the Holy Grail of security, real time security, blocking the event as it’s happening! That’s going to require a huge overhaul of our customers security operations centers, our customers’ security architecture. If our partners can work with us, get ahead of this, understand this problem, understand the new paradigm, there’s tons and tons of business for them as well as for us.”

Arora made the comments in a 45-minute Best of Breed (BoB) virtual interview with CRN Executive Editor Jennifer Follett and Executive Editor News Steven Burke.

Sponsored post

Since Cortex XSIAM was launched in March every single sale has been a seven figure deal, said Arora. That’s the first time Arora has seen that kind of reception to a product in his nearly five years as CEO of Palo Alto Networks, he said.

“I think this is a a huge potential market,” he said. “This is the market that has has traditionally been occupied by SIEM vendors, data ingestion players, by UBEA (User Entity and Behavior Analytics) players, by all these things and tools that we have built to help the SOC (Security Operations Center). I think all of that stuff is going to be sort of overhauled and redone with AI as the basis and good data is the baseline. I think that’s the XSIAM opportunity.”

[RELATED: Public Cloud Marketplace Credits Are A ‘Transitory Payment Mechanism’: Palo Alto Networks CEO Nikesh Arora]

Bringing AI to the SOC represents a landmark opportunity for Palo Alto Networks and its partners, said Arora. “It’s early days, but I think as we get our feet wet, we can understand exactly what the customers need,” he said. “As we build the product to its full potential, they’ll be tremendous opportunities from partners to work with us to make sure that they can go address individual customers and go down this journey with us, perhaps in a transformation way, or perhaps as managed services partners.”

For Arora, who came to Palo Alto Networks with a view that real time security was a “data problem,” Cortex XSIAM represents the culmination of the Palo Alto Networks security transformation.

Cortex XSIAM represents a fundamentally new way of stopping attacks, said Arora. “The traditional model was let’s collect all the data in the enterprise in a large data lake, and people did that in many different ways: they had these SIEM vendors, they had these data ingestion plays and they were collecting the data,” he said.

For Palo Alto Networks that meant analyzing 67,000 security alerts a week, said Arora. The first step in the Palo Alto Networks XSIAM journey was overhauling the company’s XDR (extended detection and response) product. That reduced the number of alerts the company was analyzing by a factor of 50 times, said Arora. The company’s automation product reduced that by another eight times, he said.

With Cortex XSIAM the mean time for Palo Alto Networks to respond to a breach has moved from 20 days when he joined the company to under one minute, said Arora.

“That’s the transformation I’m talking about,” he said. “It’s the transformation of how we think about collecting data for security purposes, how you automate it, how you use AI and that’s really what I think the overall impact is going to be. There’s a series of vendors out there who have traditionally offered the capabilities. In some cases they’re 15 years old. I think that’s where we’re going to see a bunch of upheaval.”

Worth Davis, senior vice president for Calian Group, a global IT and cybersecurity provider with five global SOCs, applauded Palo Alto Networks for being aggressive in bringing AI capabilities to the SOC. “That is going to help drive partner profitability,” he said.

Calian is already using AI-based capabilities in its five SOCs, said Davis. “The most important thing with security is that your team and the customer is focused on the right things, if you are using older methodologies you end up spending a lot of time on noise,” he said. “You have to heavily invest in AI and automation so both you and your customer are focusing on what is real and what is important. Customers have limited staff and you don’t want to fatigue your technical teams with noise. AI plays a critical role in reducing that noise.”

Eli Katz, director of cloud, consumption and security New York-based PKA Technologies, No. 466 on the CRN SP 500, praised Palo Alto Networks’ innovative use of AI in Cortex XSIAM to recognize and stop attacks.

Traditional SIEM based approaches to security have resulted in security alert fatigue and event overload, said Katz. “Traditional SIEM environments require hundreds – if not thousands of alerts per day- that have to be manually handled,” he said. “What Palo Alto Networks is doing is putting AI into the model so we can respond to threats faster. AI and machine learning makes it faster, better and easier for security analysts and engineers to respond to what is actually happening in their environment. Building machine learning and AI into a product like this is a no brainer. Something like this ensures we are actively and proactively protecting what matters most: the data and our users.”

Ethan Simmons, managing partner of life sciences services superstar Pinnacle Technology Partners (PTP), a Palo Alto Networks partner, said he also sees AI as a critical in stopping attacks.

“The amount of data that is collected from all the end point devices poses a massive challenge that requires AI,” said Simmons, whose company uses a next generation SIEM called Fluency. “AI allows you to find these security events faster and stop them.”