How Palo Alto Networks XSIAM Is Starting To Displace SIEM
‘We think we’ve got a very formidable moat against everybody else,’ the head of Palo Alto Networks’ Cortex business tells CRN.
The rapid growth Palo Alto Networks is seeing for its Cortex XSIAM offering is being fueled by customers switching from existing SIEM products, thanks in large part to the improved cybersecurity outcomes available with the company’s AI-powered system, the head of the vendor’s Cortex business told CRN.
Released in October 2022, the original goal at Palo Alto Networks for XSIAM (extended security intelligence and automation management) was to generate more than $100 million in bookings during its first year in the market. But over the course of just three quarters, the “autonomous SOC” (Security Operations Center) platform had already generated more than double that amount, surpassing $200 million in bookings, the company said in August.
Shailesh Rao, president of Palo Alto Networks’ Cortex business, said in an interview that the company offers numerous advantages with XSIAM that no current provider of SIEM (security information and event management) can claim.
“We think we’ve got a very formidable moat against everybody else,” Rao told CRN. “I don’t think others are close.”
Rao said he didn’t want to specifically comment on how XSIAM compares to SIEM stalwart Splunk, which Cisco plans to acquire for $28 billion.
However, many industry executives have said the acquisition, which is expected to close by the end of September 2024, will have major implications in the SIEM market. Some customers may see it as an opportunity to see what else is out there, while others will no doubt find the merging of Cisco’s XDR (extended detection and response) platform and Splunk’s SIEM technology to be a powerful combination, solution providers have said.
In its bid to displace SIEM, XSIAM leverages Palo Alto Networks’ deep expertise in AI and machine learning for security — as well as its massive trove of cybersecurity data — which put together are unmatched by other vendors, according to Rao.
The results are dramatically improved outcomes for cybersecurity, he said, and that has grabbed the interest of many organizations.
“We have seen customers transition from their existing SIEM over to XSIAM,” Rao said. “We’re starting to see that already.”
Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, told CRN that Splunk will bring a huge influx of data and AI capabilities to the Cisco security platform.
“The thesis around Splunk is very simple — in order to be a world-class networking company, you also have to be a world-class security company. In order to be a world-class security company, you have to deal with these breaches at machine scale, not at human scale,” Patel said in a recent interview. “And in order to deal with [breaches] at machine scale, you have to be really good at AI. And you can’t be good at AI if you’re not good at data. And Splunk provides us a massive data platform.”
When it comes to AI/ML, there’s no question that domain expertise is critical, Rao said. And at Palo Alto Networks, “from everything else I see, we have more researchers that have been doing this for longer than anybody else in cyber,” he said. “I think that’s a very formidable moat.”
Additionally, “every new company that comes out will have to contend with one thing we have, that they don’t — which is more data,” Rao said. “We’re finding 1.5 million new attack patterns everyday because of how much data we have. Eventually that becomes a formidable enough barrier that it’s going to be very hard to beat.”
During the company’s latest quarterly call with analysts in August, Arora said that XSIAM is “shaping up to be our fastest-growing offering” to date.
“This is strong validation that our outcome-based value proposition [with] XSIAM is resonating well with security organizations — and also a sign that interest in applying AI to transform security operations is very high,” Arora said.
During its last quarter, a major technology service provider “chose our [Cortex] XDR and XSIAM capabilities in a transaction worth over $30 million,” he said, after the customer evaluated replacing both its endpoint security and SIEM tools with Palo Alto Networks technologies.
“This is the second quarter in a row where we have signed an eight-figure deal that was driven by a unique capability to provide both XDR and XSIAM, competing against separate competitors in each of these categories,” Arora said during the quarterly call.
At cybersecurity powerhouse Optiv — No. 24 on CRN’s Solution Provider 500 and a top Palo Alto Networks partner — CISO Max Shier said that XSIAM is proving to be a “significant change in how you look at SIEMs and how you integrate data.”
“The things that you can do in XSIAM are pretty amazing. It’s like a SOC-in-a-box,” Shier said. “It’s a great product.”
Rao said he wanted to be clear that he does believe customers did the right thing by adopting SIEM technologies years ago.
“It was the best decision they could make at the time,” he said. Today, however, “they’re not getting the outcomes they wanted.”
That is because all SIEMs, one way or another, depend upon writing rules against a dataset to try to identify patterns, Rao said. “Fundamentally, I’m writing a rule for what I know,” he said.
But in today’s threat landscape, organizations that are only concerned with stopping known types of attacks will have massive gaps in their security, according to Rao.
“The difference between all existing technologies that are database-drive — which is every SIEM out there — versus XSIAM [is that] we’re crunching through large datasets, using machine learning to find out everything that needs to be known, whether you know it or not,” he said. “We’ll find everything that needs to be found. So we’re telling you everything you need to know, not just the things you know you want to find. That’s the big difference.”