Palo Alto Networks Vision and Strategic Direction

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello good afternoon I'm near I'm the founder of palo alto networks i started this mess about fourteen years ago just just under fourteen years ago we've been selling products for twelve years and started as a network security vendor and then we ventured into other areas as well and we can talk about why and how overall today palo alto networks is the largest cyber security vendor in the world were the largest in terms of value the largest in terms of total sales largest in terms of revenues and other metrics as well in network security versus where we started were probably about 50 percent bigger than the next player in the market okay depending how you look at their accounting tricks so so that's these are the 30 minutes of sorry 30 seconds of marketing fluff now let's talk about the real stuff why did why did I start Palo Alto Networks why did a company did why did the world need yet another cyber security company the reason why I or we I mean it wasn't just myself started Palo Alto Networks is to try to unscrew the cybersecurity industry and what I mean by unscrew is if you look at the evolution of the cybersecurity industry you'll see that for every problem there is a set of companies that solve that problem and then those companies become relatively big and ignore the rest of the challenges that customers have with cybersecurity and then you have customers sorry they asking for more stuff and your new set of company these companies get funded and and build the next thing to solve the next cyber security challenge and so on and we end up in a situation today where many of our customers have dozens of vendors dozens of cyber security vendors in in their infrastructure so we started Palo Alto Networks to fix that and we started with network security so what we've done with network security is we transformed the market from a market where you used to buy many different products it either deployed them throughout your infrastructure most cases it was too expensive so you deploy them in very small number of locations and backhaul all your traffic into these locations and transformed it for our customers into you by product we call it a next-generation firewall and then everything else that you need again initially network security is delivered as a subscription service on top of it and that's a griffon service in most cases is delivered as a SAS service from the cloud and and that was what that was the big change that we've created there there were attempts before us to take multiple security products and put them on one box and sell them as one box and of course that doesn't work what we've done is we put one product called next-generation firewall with one engine on it well in reality a couple of engines that are able to do all kind of different things and the actual work the actual brain is in the cloud in our data centers delivered as the SAS service our customers don't deploy sandbox our customers use the sandbox that we provide from the club and we have literally thousands and and probably tens of thousands of servers running the sandbox for all our customers or at least half our customers are are using that when we when we started delivering that service maybe seven years ago everybody were laughing at us they like customers would never send files to the cloud customers will never take not just our executables examples that run in in their network but all PDF documents and Word document Excel documents and and so on and they'll never upload it into your service in the cloud you need to build an on-premise sandbox an argument was on permits and boxes don't work you need to update the sandbox at least once a week usually once a day because of things that the adversary is doing nobody's going to do software updates on premise every day or every week they'll do it maybe once every six months number two it's very easy to overwhelm a sandbox running on premise if you know that the capacity is a thousand files per hour no problem I'll just send you ten thousand email attachments and you'll have two soundbox all of them and you'll be backlog for the next ten hours allowing me to do whatever I want when you run it in the cloud it's much more difficult to do that we can update the software every day like you know the advantage of SAS services when we started there was another company do we mention company names or we don't mention company names which was the leader in sandboxes since then they were acquired by Mandy and you know and and and there were the market leader they had hundreds of customers maybe thousands of customers their market cap was actually higher than ours and today they have probably the same number of customers we have 30,000 customers using our sandbox in the cloud okay hundreds of millions of dollars a year business for us and those customers send all their files to the cloud for sandboxing and then when we find something bad we update not just them but we have that our entire customer base with with whatever we find in order to stop the attack across multiple vectors and sandbox is one example in our example is behavior analytics our customers don't deploy behavior analytic sensors they upload the data to the cloud we run behavior analytic in the cloud our customers don't deploy proxies it's a cloud delivered service our customers don't deploy IPS is separately from the firewall well this is a simple service it's mostly mostly a signature service deliver from the cloud and there are many examples like that of things that our customers don't do but rather get delivered as a service and we started doing it with network security now as I said in network security today we are by far the largest vendor in the world and then we went into endpoint security and not only we have a really really good endpoint security agent that recently is winning the number one in all security tests it's also able to subscribe to at least the relevant SAS services and deliver the same SAS services on top of the endpoint so the same sandbox is running both on the network traffic and in the in an end on endpoint files that appear on endpoint that we've never seen before and then we we entered the Casbah market through an acquisition same thing we connected some of these services the 11th one relevant ones to to SAS then we entered the past security and IAS security market through two acquisitions the CEO of one of these acquisitions will speak later Varun same thing we're connecting those services to again the relevant SAS services it's a process that takes time but but but it's it's it's happening and we recently announced the acquisition of the world's leading container security company in the world's leading server less security company twistlock and pure sec and same thing once we we close these acquisitions the small one already closed the larger one hasn't we're going to start the process of integrating those things with the same services you get the same cybersecurity function as a SAS delivered service on top of network endpoint SAS applications past applications infrastructure as a service containers and so on and that's that's really our strategy that's our philosophy that's where we see the market going we see a cyber security market where almost everything is consumed as a service and we're just we're not the one only ones right we're seeing companies like octa transforming the identity market from an on-premise market to a cloud delivered market seen that happening with vulnerability scanning right from an on-premise scanning to cloud delivered scanning and so on I think it's natural that the industry like almost any other IT industry will transform itself to assess delivered industry and and we're doing it across networked physical and virtual endpoints as pass is containers serverless whatever the world invents tomorrow we'll find a way to attach our services to it and deliver SAS services on top of that ok so that's in in whatever five minutes or seven minutes what Palo Alto Networks does and what's special about Palo Alto Networks questions okay if there are no questions that's good I have other things to say so like I said the reason the reason we thought that the world needed at another cyber security vendor and and we were right I mean we grew to be the largest vendor in 12 years competing against companies that have been selling for what 25 30 years is because of the way the industry has treated its customers of requiring customers to use many different on-premise products versus delivering an integrated solution from from the cloud and the industry has worked really really hard on on doing that in enterprise security meaning securing enterprises on premise net werk endpoint and maybe a few other things we're seeing the same process now happening with cloud security so if you're a customer today and you ask yourself what do I need to protect myself in the cloud well you need a virtual firewall I know there's an argument about whether you need it or not I can I can argue with anyone and show you why you cannot secure public cloud deployments without a real firewall but let's leave that aside you need endpoint security you need container security you need server less security you need pass security you need is security and and there are the things that you need and the industry using its legacy approach is screwing that as well the industry is now creating a separate silo a set of companies usually over funded and and overcrowded silos of delivering each one of these so you have a set of companies doing past security we bought the two leading ones you have a set company of companies doing container security yet another set of companies doing surveillance security yet another set of companies doing virtual firewalls I mean these are the traditional firewall companies yet another set of companies doing endpoint security and and so on and and we think that there is an opportunity for for a vendor like us to from the get-go build an integrated solution of Best of Breed capabilities so customers don't have to repeat the mistakes of the past when it comes to securing their their cloud deployments and when I say cloud I mean both public and private cloud and and find a way to to to have a solution that they don't need to spend a lot of time integrating and and and and operationalizing and which is why we recently made acquisitions of the leading companies in each of these spaces not all of them in we think that in virtual firewall we didn't have to acquire anyone we are by far the leader in virtual firewalls we are the number one vendor on each marketplace of public cloud providers an endpoint we didn't have to do that but in the other areas we went out and we bought the Best of Breed the best companies out there and and we're in the process of integrating together into one suite that customers don't need to integrate themselves and then the other other area that we think the industry is working really hard right now on trying to screw again the same way we did with endpoint security by over funding overcrowded silos is the Security Operations Center so if you look at the Security Operations Center which is the place where all these other things that we do eventually end up because that's were alerts and other thing end up it all started with the seam the security incident and Event Manager which doesn't do incident and event management but that's okay so it all started with the seam and and and I think most most realized today that seems don't really do much when it comes to security it's mostly a tool for seeing dashboards and and other meaningless reports as well as being able to go in and query for things if you're part of if you're in a incident response situation or an investigation situation and and seams do some correlation you can say if you see this this this and this then you know generate an alert because enterprises don't have enough alerts already we need to generate more alerts so they have not a hundred thousand alerts they cannot handle but one hundred and ten thousand alerts every day they cannot handle so that's that's what seems to and since everybody realized that seam is certainly not enough probably not doing much we start seeing different silos being created so the other thing maybe about seams before I talk about those silos is Sims really collect logs they don't collect data okay what I mean by data is all all system calls from endpoints I need that's data that's that's meaningful data all the system calls or at least a lot of the important system calls that happen on endpoints really deep information from the network I want to see every time anyone logs into Facebook I wanna see I want to know the user name and I want to see who their friends are why because I want to do machine learning to see if it's a bot or it's a real Facebook user okay so this is something that you really want to collect but seems don't collect seems wait for the firewall or the endpoint or an application or a server or whatever you connected your sim to to be gracious enough to report something and then seems also have the issue of being too expensive so customers have to choose what they login what they don't load in that's another issue but because of all these deficiencies were start seeing silos right so so see don't collect data from endpoints at best they collect logs from an antivirus running on the end point whenever that then the virus detect something so we started seeing a set of companies being funded funded in for creating an agent yet another agent sitting on the end point collecting data from the end point into yet another data Lake other than the same process the data using Shin learning rules humans whatever finding attacks and then responding to these attacks with instructions back to the end point as to what to do we call these vendors EDR vendors endpoint detection and response okay there's a long list of vendors there separately from that the industry has funded or has funded another silo in doing the same thing for network so a set of vendors that are building Network sensors they expect you to deploy the network sensors collect deep data from the network send all the data into yet another data Lake run on that data Lake whatever machine learning rules humans whatever it is find attacks respond back to the network we don't have a good name for that but in most cases we'll call them Yui be a vendors user and entity behavior analytics even though Yui be a can be applied to many other things as well it's okay that's not enough what about cloud ok let's create another silo create companies collecting data from public clouds and private clouds process the data using machine learning rules humans whatever and if you find something bad respond back to the cloud that's not enough what about SAS applications let's find a set of companies doing that for SAS applications will call them Cosby ok cloud access and security broker they don't do any access brokerage but that's ok also but but but so you get a picture right now we're seeing companies being funded around IOT companies being funded they're out collecting data from IOT s either putting their own sensors or in most cases collecting it from us using the deep data that we can collect from from the traffic using their algorithms machine learning rules humans whatever to find IOT related attacks and then they're still not responding back to the IO T's but maybe one day they'll respond back to the IO T's so each of this is done inside each of these is going to a different data Lake a different set of data and Dutch doesn't make sense it doesn't make sense number one to limit yourself when you look for attacks to data coming from a specific location it will be very beneficial if when you look for attacks you would use both endpoint network clouds as and and so on data and number two it doesn't make any financial sense okay so that's again that's just what arcs industry the cybersecurity industry is really good at it's at creating a lot of silos and that's part of what we are fixing as well yes I have a question regarding the everything going so cloud and everything kind of go into your system so one of the things I work on my current role is doing development for analytics for the clients I don't work in that department directly I support them in the security side but they do a lot of that where they build a solution or do the code for the client specifically but then the client owns that code they own that about me in your search in your kind of deployment and that if you kind of everything's going into your system does that mean they're kind of dependent on your solution so if they were to move to another client they would move to another company everything would be kind of starting over and when you a yes or no so so so there two aspect so the first thing is which data do you collect would use as sensors for the data today our customers are limited to using our products as sensors but we're adding more sensors okay so potentially competitor products can be added as well as things that we don't do and they don't do like applications and servers and so on there's there's two school of thoughts here the first school of thought is the engineering school of thought which is will only collect data that is useful so for example I'm not going to collect data from our firewall competitors because the five competitors at best can collect five tuples you know source IP destination IP source port destination port protocol information that was maybe 15 years ago relevant on the internet when things are IP addresses and port numbers so the first school of thought is will only collect data that is useful for analytics the second school of thought is let's collect everything and and you know if customers are willing to pay for that's all I think there's still argument as to which one you should do and so that's that's on a data collection side on the application side of using the data so we provide applications like the texture and respond your response today we do it across Network and endpoint we need to do it across other things as well and and sandboxing and other applications but our system is open to any third party that wants to build their own application whether it's a competitor like endpoint competitor that says hey I only collect endpoint data why don't I use the data that Palo Alto Networks connect that way I don't collect that way I don't even have to deal with putting an agent on an endpoint Palo Alto Networks also collect Network and other data as well so let's take our secret sauce and apply to everything and also customers can write their own applications on top of the data and that's transferable I mean we haven't done that yet but the idea is to create a marketplace and and be able to transfer that around I really think that's that's the future of the cybersecurity industry especially when more and more of the cyber security detection and response as well as prevention is based on data you know we have to create a one place where the data is and then create an ecosystem on top of it kind of what Apple and Google did with the phone I guess that in that way basically I've asked the same questions like all companies we've chat with so for just my colleagues but them if because I work in the UK my head office is in the UK but we've got offices around the world including specifically in New York and so the biggest question I always have with vendors is what do they do about GDP our considerations and if you're doing if you're dealing with analytics you have to deal with the data so that data in my scenario cannot leave the EU and so a couple of the companies I said basically you'd have to have two solutions like two different instances is that the same with you you'd have to have two different instances yeah so so we have today we we have data centers that store that data in both the US and the EU as well as some of the data we store in Japan in in Singapore and we'll be adding more this year partly by moving to public cloud providers as well okay so we have that the applications that you write yeah they run better if they're local in the data is local but theoretically you can write your application in such a way that you take intermediate results from different locations and then combine them together in one location they're basically saying you wouldn't necessarily have two different separate instances you just have two different data pools okay to date how do you correlate the data between the two that's that makes the application little bit more difficult yes most of the data is so a lot of the day stamp serious data so the data is time serious it's a series of events so or data that you collected so there are tricks you can do there because you can tell where you are it's not random data that's in random order that yeah I mean as a security guy keep thinking like you go back to what you're saying before about the same about seems are expensive and putting more data in there yeah from a security standpoint I'm like I want all the data I want all the information all the Lorex because then I can correlate events across the different systems but then the CFO is saying oh that bills kind of high hold about the bill let's say that we solve it okay we charge today two thousand dollars a year per terabyte in the cloud all in including the service so that's that's cheaper then you can do it yourself so forget about the bill you're right well you know get all the date it's the CFO that's the one that's it for you're right as we progress more as like you know you look at as you look at Google the cloud services they have the price per terabyte is just dropping correct I think that I think that there is a bigger question that I think you're referring to or not no question but the issue which is yeah there going to be a new tool I think that's there's going to be there gonna be a clash between cybersecurity and regulation there already is there's already is an election just going to increase that's my question so in a highly regulated industry whatever one it is or a highly regulated country like Europe you know your countries like Europe and Japan and China actually forget our reasons forensics becomes a real nightmare in the cloud and if I'm sending you my data my files mm-hmm and they reference things that are highly regulated you can't actually have them anywhere because now they're out of my control so if they're out of my control you guys have to prove beyond a shadow of a doubt forensically prove that you haven't modified them yeah so I need to know do you have chain of custody inside your cloud and how do you do your chain of cops yeah so actually most of these files would delete immediately we just get on your data from the final delete doesn't mean it's deleted we all know that it's deleted we make sure it's deleted I mean but give me chain of custody that you did it can you do that I'm not so it needs to be proven I would love to know if it's provable chain of custody if you have a deletion because when people say they delete things in the cloud that actually doesn't get deleted in the cloud I know yeah so we we actually hold it only in memory a lot of these files extract metadata and then the metadata goes to databases but but you're right we have to prove that and I also have to prove that you deleted the metadata yeah well now the data about the data is related to the forensic it's all related it's related but there's information there that is a more benign than the information in the original file and it's clear what the information is I mean it's structured the data and you can decide whether you want it or not I mean look I think I think you're absolutely right I think that look here here's a here's a technical statement okay we cannot do cybersecurity without data I mean we can only stop it security with the load without a lot of data however there are a lot of non drummond are very large few very large regulated industries that have challenges with sharing data okay and I think that these industries or the regulator's of that those industries at some point will need to decide whether those industries are going to be protected from a cyber cyber security perspective or whether they are going to keep insisting on their current regulation I I don't think these two can continue forever two about law exists the laws are changing currently to be even more rigid that's what's happening today like you can't encrypt data or you have to lose lower encryption you can't store data outside of the country to me those are really rigid laws yeah but that doesn't really apply to governments getting involved though that's wha well no I agree I'm saying that's that's sometimes it's government if you look at GDP our GDP our has exceptions for security for example and and look yeah governments and regulation is always behind yes and but they'll catch up they'll have no choice or they'll go to complete opposite direction and that'll be their choice that's that's okay I mean governments that want their industries to be non-competitive because they're not going to be able to secure themselves that that's also fine yeah you know that's that's what we're going to go yeah one more question so um a lot of my customers our federal government customers yes and for whatever reason it seems like security companies who have products in the cloud they're a little slow to adopt FedRAMP certification do you have any thoughts on that you know I think they should adopt FedRAMP certification I think that I think that our recently or today even this the deal between AWS and the DoD was signed right or it's about to be signed I think yeah you'd run there right so yeah you should look I think that uh if you look at it you know fifty thousand feet picture it's going to be easier to make sure that the cloud works for your customer our customers whatever then trying to create an on-premise solution just it's going it's going to take less energy and the outcome is going to be much better if we find a way or to find a way not if to find a way to enable your customers and anyone else's customers to use the cloud for cybersecurity so that's what we're doing right we spend our energy on finding ways for different customers in different industries in different countries to use the cloud for cybersecurity so I get that and I agree with you but a lot of the clouds you're basing on wherever they are or Avene of your own have to still have provable security of the right yeah I agree then the question is this how do you guys prove out that your sandbox is going to be adequate how do you prove out that it meets all the requirements and regulations and just general this soap so to prove that it works so there is a list of certifications that you need to get yes that most customers would look at like 70 suck to whatever right I don't even know the names of all of them and yeah we are we have most of them and we're in the process of getting those that we don't have across the world and there's also doing the right thing these regulations are also a little bit behind and and yeah you need to to invest a lot of time I think that the best way governments can regular or regulators can regulate security is to regulate the outcomes meaning rather than telling us or anyone else how to secure the data they should regulate the outcome and have very high penalties for achieving the wrong outcome so for example if if you would have to pay $100 for every record that you lost and you're a retailer that just lost 70 million records and you have to pay 7 billion dollars as a penalty your security will look different and will be much better than if the government tries to regulate how you need to do your security which doesn't work because everyone that was hacked and credit card numbers were stolen from them were PCI compliant I I would I would argue that whilst regulations don't solve everything it does make a positive impact to the world I mean again you GDP are I think it's absolutely beyond GDP are regulates outcomes doesn't regulate how to do it yes it does to a point though it does state any do you state-of-the-art secure security and privacy by design so from the conception of the idea you have to put privacy controls in place yes and whilst it's not the full solution I do think it does make a very positive impact because it's not only punishing the company it's also holding the directors personally liable for failure yeah and that's I think that's a great way to regulate --ax you mostly regulate the outcomes of what happens if you are not secure okay rather than trying to tell me how to be secure tell me what happens if I'm not secure and let me make the decision what's that okay because the assumption should be and especially here in the u.s. rights that's the philosophy is that marketplaces work well or markets work well and if you regulate the market the market would work well so regulate the outcome not the way the market works I know and as things like GDP are they're definitely government's or politicians trying to do a good thing sometimes implementation does always work and as an IT person sometimes we feel it the worst

Info

Channel: Tech Field Day

Views: 20,560

Rating: 4.8766518 out of 5

Keywords:

Id: hFn1UvfcGYM

Channel Id: undefined

Length: 30min 22sec (1822 seconds)

Published: Thu Jun 20 2019