Ignite 20 Keynote - Lee Klarich

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and thank you so much for joining us at ignite 2020. you know it's a little bit different obviously being virtual and while i really do miss actually being able to see all of you and interact and talk to all of you it's fantastic that we're able to get so many more people to join us for this event now this is going to be focused on product and our roadmap to a more secure tomorrow and i'm really excited to share with you as i do it every ignite the really great product work my team's been working on and to share a few new things that we've never talked about publicly before and so with that let me just recount some of the pieces uh trends really that nikesh near amit and others have have really been talking about around the this i'll call it new normal of remote working the shift to the cloud and really the accelerated adoption of cloud that we've been seeing over the last few years and certainly what i see is a very critical need really bordering on necessity of leveraging more and more data ai and automation as part of the tool set that we have as security professionals to deal with the attack landscape that we face today now if we start with network transformation and specifically how we secure this network transformation it's it's useful i think to start with a view of how we sort of built up over time to the point where we are today and that that point is actually not a particularly good point you know the the sort of fractured approach the to digital transformation that has been building up over the years has has led to complexity it's led to disjointed architecture it's led to security gaps and it's quite frankly time for a new approach and and that approach is something that we've been working on over many years um you know this is not something that happens over overnight and i believe that this platform approach that we've been working on is the right approach to solve this problem specifically being able to take hardware form factors software form factors and cloud delivered and across all of those in a very consistent way deliver a set of security services that are enterprise class that are integrated that are comprehensive and only in this fashion are you able to actually truly adopt a a new network security uh architecture otherwise this fractured approach doesn't work and let me just call your attention to a couple of things here you may notice a couple of security services that weren't there uh just a few months ago in july we announced iot security as an integrated security offering within our firewalls a platform and just last week we announced dop as the latest attached security service across these products really excited to see the the build out of these security services and again you can consume them consistently and manage them from a single control plane across all these form factors now the one that you probably noticed as being the most new in all of that is what we in the industry are calling sassy or secure access service edge the pronunciation of that is a little bit funny but this is actually a really important trend it's a trend toward being able to leverage the cloud to deliver security and network out to branch offices retail offices remote workers mobile users etc in a consistent way and so we start with prism access which is really how we deliver all of those security capabilities from the cloud our full enterprise security stack available as a service to you to reach all of these these users and importantly being able to secure all applications whether those applications are in your data center are hosted in public cloud are consumed with sas or even just securing traffic going out to the internet to make sure that users stay secure now we combine that with network as a service integrating our cloudgenex sd-wan capabilities leader in this quad in the the quadrant around next-gen sd-wan recently placed they're extremely proud of that combining it with a cloud network global in nature 100 plus pops around the world purpose built for moving and traffic quickly connecting users to applications very quickly and so we combine these together we make it easy for you to consume them in concert and we're seeing just tremendous adoption of this architecture again primarily driven by the acceleration of secure remote workers and cloud adoption now what's one of the pieces that's important about this is this becomes a big part of your network and so how do you have visibility into how the service is operating for you and for that i am extremely excited to announce prism access insights we've been running this as a community trial for the last few months we thought we would have you know a handful of users signed up for it and in fact we've had over 500 prisma access customers trying it out and now we're able to offer it to all prism access customers so let's take a look at this great offering welcome to a quick overview on prisma access insights prisma access securely connects home users mobile users and remote offices to the internet cloud applications and data centers with industry's best in class security prisma access also integrates with cloudgenex nextgen sd-wan to provide the industry's most comprehensive sassy solution automatically connecting branches to prisma access prisma access insights provides granular visibility advanced data correlation real-time alerts and auto remediation of issues to help maintain a robust deployment the flight path view of all mobile users provides visibility into the health and consumption trends of prisma access locations visualization trends on policy changes and bandwidth consumption help in making proactive business decisions in essence prisma access insights provides advanced analytics and rich actionable data that simplifies the management and monitoring of your sassy solution thank you awesome look i'm really excited about making this available to all prism access customers and i'll even add one more little uh never before disclosed piece of this which is we are also actively working on the first add-on module to prisma access insights already which will focus on the digital experience monitoring or the effectively the end-to-end connection from the user to the application and being able to see in real time the quality of that connection and how to address any potential issues that might be might exist there so putting a lot of energy behind this we think is a absolute fantastic add-on to prism access now one more uh piece when we talk about network transformation 5g and i'm actually not talking about this kind of 5g which is probably what all of us maybe as individuals care about cell phones that run faster but actually what 5g is enabling from an enterprise perspective 5g has the potential to really revolutionize how enterprise networks work as well whether that's a new connect connectivity method for branch offices whether that's enabling new connected devices connected products or even actually building up private wireless networks for manufacturing utilities and other industries and so as that happens security becomes super important and today i'm excited to announce a industry first of 5g security from palo alto networks we will be able to secure 5g infrastructure itself to make sure that the traffic is running across secure infrastructure secure the devices that connect to 5g and secure these private 5g networks that are going to be built up where we can provide that security to many enterprises and the service fighters that are running them as well and we do all of this in a 5g native approach or architecture which effectively is based on the containerized cn series of our next-gen firewall and of course the hardware form factors as well where hardware performs the scalability as needed so very excited about that addition to the family now switching gears to cloud cloud adoption is happening at rapid rate we we all see that um i think all of you see that within your companies and the approach to cloud security though is one that we're very passionate about and opinionated about what that right approach is and our approach of course is prismacloud let me tell you a little bit about what we're focused on there and where we're headed we you know when we look at cloud one of the sort of you know perspectives we have is that cloud applications are architected differently they're architected using a greater number of tech stacks they're multi-cloud sometimes hybrid cloud and so the approach to cloud security needs to take that into account and that is why we have taken approach of building a comprehensive security platform one that can span across all the different tech stacks and aspects of the application life cycle it's one where we do understand that it's still security and it's it's often your business at stake and so best in class has to be maintained as we build this comprehensive platform and we have to make it available across the full application life cycle and so with that context we have built this cloud native security platform that's designed and capable of focusing across cloud security posture management cloud workload protection cloud network security and even recently cloud infrastructure entitlement management now stepping back for a second this is where we were up until recently great product with prismacloud covering the first two big pillars of cloud security but just last month we announced a significant expansion to prismacloud with prismacloud 2.0 adding data security web app and api security identity-based micro-segmentation iem security and and what you're seeing is us build out that comprehensive aspect of this platform while still maintaining the best in class focus so let me show you a couple of these new modules to give you a sense for how incredible and useful they will be in your cloud security posture and we'll start with data security we recently released a brand new prismacloud data security module we're very excited about it because it solves three big problems for customers that use cloud storage first do they have any publicly exposed buckets and objects second they have any malware and third how do they get a comprehensive security view of the cloud storage first the product provides visibility the number of buckets the customer has how many of them are public the number of objects they have how many of them are public and of all the publicly exposed objects how many of them have sensitive data such as pii healthcare financial information and intellectual property second the product uses the wildfire service to detect objects that contain malware third unlike other silo products in the market that only provide one aspect of security we provide a much more comprehensive perspective in a single screen including configuration configuration alerts such as ss logging not enabled all the trail of user activities as well as data classification and manual detection inside the objects thank you that is such an important part of cloud security you know cloud storage has been a big challenge actually over the last several years and we really aim to to address and fix that and give you peace of mind now the the second uh module i want to share with you and and this is the im security module which is coming soon this is such an important part uh of of cloud security and addresses an emerging challenge that a number of you and your cloud teams have probably seen as you adopt public cloud uh for your application infrastructure hey everyone bars watts here uh prismacloud is getting ready to launch the new im security module enterprises that manage large numbers of cloud accounts and resources currently struggle to gain visibility and effectively govern permissions for them resulting in a large number of overprivileged and otherwise risky permissions the new prismacloud iem security module addresses these challenges first by providing broad visibility of effective permissions secondly with monitoring risky and unused entitlements and final recommendations of less privilege and titleman and automated response also we leverage machine learning to monitor user behavior with our ueba capabilities users get simple to use yet powerful best-in-class iem security controls across their cloud environments seamlessly integrated into prismacloud thank you very much now i don't know that's enough for for all of you but there's even more that i want to share with you today and give you a sneak peek into what's next for prismacloud first we're actively working on and building out the cloud network security pillar of prismacloud you saw the identity based micro segmentation but we're actively working to integrate the rest of cloud network security into prismacloud giving you a single pane of glass for managing all of your network security policies and visibility for the cloud that'll be really exciting second we we understand that with with cloud there's a strong desire to shift as much security left as possible meaning shift it much more toward the dev and devops before uh applications are even put into to to run time and this is an area we actually have spent a lot of time investing in already you've seen this with our container security capabilities with vulnerability uh scanning and things like that you've seen this with infrastructure's code capabilities that we released earlier this year but this focus on shift left is actually going to result in building out a complete application lifecycle security uh capability within prismacloud something we think that every one of our security uh prismacloud security customers are really going to benefit from and and want to take advantage of so no no slowdown from us on building out prismacloud stay tuned as we continue to to add to this wonderful platform let's shift gears to the third aspect of our product areas which is cortex and what i'd like to talk about is how we're approaching security operations with a whole new perspective and viewpoint on challenges that we think we can uniquely solve leveraging ai and automation now it's sometimes useful to start with uh the approach that we see in a lot of the industry and the approach that we think is not working and that is this sort of very reactive security model where subpar data typically highly filtered is pulled into multiple disparate data lakes where static detection rules are applied which ultimately results in a very manual process that quite frankly all of you feel the pain of this you simply can't keep up with all of the alerts and you end up in a model where a lot has to be ignored which then results in a very reactive model and that's just not going to cut it that does not work now and it's certainly not going to work into the future and so the approach that we're taking starts of course with prevention the more we can prevent the cleaner the data and the fewer alerts from there we focus on collecting real data and understanding that data such that we can drive our ai ml and analytics engines to be the most effective and most accurate possible and third we then leverage automation on top of that so that we really reserve the the human capital for the really hard challenges and then we try to make their job as easy as possible and we think that through that combination we can shift from this reactive model to a proactive security posture now let me step through each of those areas quickly first around prevention you know cortex xdr has been focused over many years of building out this multi-method prevention capability and i'm not going to talk through each of these individually i just wanted to show you the extent that we go to to make sure that we're really great at delivering highly accurate prevention outcomes and again this means fewer alerts this means more accurate data for when you do need the analyst to be involved now we take that and we add on top of it the ability to collect greater and greater levels of data from the endpoint to help us with incident correlation investigation response and most recently with the release of xdr 2.5 in september the addition of host insights and host insights is a incredible new module for xdr covering a number of different capabilities like vulnerability management application visibility and this really cool feature called search and destroy but instead of me trying to describe it let me show you what this looks like let's dive into host insights a new module for cortex xdr that consists of three powerful features vulnerability management host inventory and search and destroy vulnerability management reveals your application vulnerabilities as well as current patch levels to help you assess prioritize and manage your risk host inventory offers the industry's broadest set of host data providing you rich context for investigations including a complete view of your users otter runs and more in this case the services window reveals suspicious services which are potentially malware and should be removed often when you find an instance of malware you want to verify that it is eradicated across your enterprise and for that host insights has search and destroy with search and destroy you simply search for a file using a file path or hash and cortex xcr will sweep across your endpoints and display results in real time allowing you to swiftly eliminate all threats altogether host insights offers unmatched visibility and control to stop attacks with ease i think that's so cool i hope you do as well um you know xdr has continued to expand and extend his capabilities um uh so quickly and extending the value that that all of you uh receive when you use it so very excited about that now let's shift to data and analytics and let's start with data these these two data analytics are obviously very closely correlated together and the the on the data side you know there's there's a lot of folks that talk about data and typically when they talk about data really what they're talking about are alerts and logs which yes that is important but that's a little bit different than actual data when we look at endpoints yeah alerts and logs are a small piece but the actual data of everything that we can see on that endpoint is really what we're talking about we talk about network yes alerts and logs but we're talking about actual data pulled out of traffic flows so we can really analyze and understand what's happening and so on and so forth and this is you know part of our unique approach is this focus on really understanding the data understanding what data is valuable and is needed to drive the analytics-based outcomes and so as we look to the future here we're going to continue to extend the data sources next up is going to be thread intel data that we will be pulling in and natively using as part of our analytics and beyond that pulling in any data source to make available for search query normalization and analytics as well so yes we are going to take this approach to data and extend it out to all data sources when we collect that data we're going to collect it into a single data lake and by doing that we're then going to be able to extract transform and most importantly stitch that data together so that we understand how it is all related to each other that stitching piece is really important for understanding the full story of what is happening for example if we see an attack we can understand all the different aspects of it from start to finish across different data sources that in turn then really helps us in driving the analytics on top of that whether those analytics are edr nta ueba the iocs and behavior iocs that we have and coming soon a whole new set of analytics really focused on a number of the sim analytics use cases that we'll be able to build on top of this data including the any data that we'll be ingesting and so you're really seeing us extend the data and extend the analytics in order to accomplish better and better outcomes for you now coupled with that then is automation okay automation obviously becomes very important if we want to have a proactive security posture because automation can happen very quickly and automatically and not wait for people and that's where cortex xor comes in we have this great automation orchestration foundation with real-time collaboration case management thread intel management we added earlier this year and we continue to build on top of this now as i look at this first of all the the stats are amazing the number of automation actions that have taken place across xor is incredible over 300 million the last time i shared this probably about i think five or six months ago is 250 million so you're seeing phenomenal growth in the number of actions that we've been able to automate with this platform the out of box integrations are now over 500 and it's programmatic so we can add we can add more you can add more in the out of box out of the box playbooks almost 500 out of the box on top of which you can build when we can build additional content and all of that is important because what you're starting to see us do is really build out the additional automation use cases you know we started looking at the sock automation use cases but over time we've been extending these out to a complete enterprise security automation platform with so many different use cases that we can now automate it's getting really exciting and we're making that even better just last month we announced the cortex xor marketplace this marketplace is designed to gain contribution from the community the community meeting all of you many of our partners even our own internal employees are getting into the act and building new automation use cases for exor and all of this can then be delivered through the marketplace to you much of it is free content some of it is paid for because we have companies that are putting real development effort into this qa effort into it and even support behind the content packs that they are making available in this marketplace we are going to rapidly address new automation use cases with this and i'm really excited about it and so let me show you again what that looks like we are excited to introduce cortex xor marketplace which brings the power of orchestration to your fingertips with the marketplace you have access to a comprehensive library of automation use cases that are complete and easy to deploy there are over 500 use cases available from an extensive ecosystem of contributors you can easily explore use cases and discover new automation opportunities through the marketplace you can automate breach and attack simulations improve vulnerability management with rich context on assets accelerate incident response on insider threats reduce the time and effort to onboard and off-board employees and much much more every content pack includes a complete set of integrations automation playbooks and dashboards everything you need to quickly realize the value of your automation it just takes a single click to deploy and get started i'm really excited about i think this is going to have a significant impact on the ability to automate more and more security within the enterprise now if we take those two pieces together what you see is the building out of this proactive security platform expanding the data sources expanding the analytics and expanding the automation and building the the integration layer between those where xdr can make xor better xor can make xdr better and really excited about where we're heading with this and i hope you are as well now we bring this back to where we started there are a number of just you know really critical macro changes going on that really for the most part have all accelerated over the last six to nine months we are actively driving the secure network transformation that we see we want to be your partner in enabling that to happen we are actively driving the building of a comprehensive cloud native security platform with prismacloud and we are we couldn't be more excited about the progress we're making the investments we're making and the road map we have in front of us and with cortex really bringing this ai in automation focus to security operations that we think is going to be fundamentally important to the future of how cyber security is done and so with that i would like to say once again thank you so much for your time and attention today and joining us at ignite 2020 and continuing to engage with all of us and our teams as we go through this journey together

Info

Channel: Palo Alto Networks Ignite

Views: 1,572

Rating: undefined out of 5

Keywords:

Id: siJN4AgFWAQ

Channel Id: undefined

Length: 28min 15sec (1695 seconds)

Published: Thu Jan 07 2021