Insight

One of the marketing campaigns that resonated the most with me over the last few years is the messaging behind Trend Micro’s XGen campaign because it aptly captures the challenge cybersecurity teams face: the complexity of securing multiple generations of technology. That is, it’s not just about next-gen. It’s also about protecting the last gen, and whatever comes after next-gen.

After all, while we still have mainframes, tape libraries, and Oracle running on UNIX, appdev teams are leveraging public cloud platforms and a rich set of microservices to rapidly build and deliver applications. Such heterogeneity represents a requirement to secure a diverse set of applications stacks deployed across hybrid, multi-clouds. Palo Alto Networks’ stated intention to acquire Twistlock and PureSec, the former for container security, and the latter for serverless security, is a strong move to add cloud-native application security controls to companies’ already extensive product portfolio.

Why Twistlock and PureSec

Twistlock, a pioneer, along with Aqua Security, in container security, initially helped organizations secure their journey to microservices architectures with a focus on identifying and remediating container image vulnerabilities. As organizations moved along the build-ship-run continuum and started to deploy containerized apps to production, Twistlock provided an anomaly-based approach to threat detection. More recently, Twistlock has delivered additional runtime controls including file integrity monitoring and RASP (runtime application self-protection), all new and highly valuable additions to Palo Alto’s set of cloud security products.

With serverless functions being employed in the context of microservices architected applications, Palo Alto Networks needed to move yet further up the stack. PureSec fills this gap with what PureSec describes as a serverless security firewall, one that assesses the runtime behavior of serverless functions including how functions interact with file systems, run shell commands, communicate with external entities, and more. This anomaly-based approach is well aligned with Twistlock’s similar approach to runtime container security, and the serverless firewall positioning is certainly sympatico with Palo Alto Networks’ roots.

Rationalizing Palo Alto Networks’ Cloud Security Portfolio

So, where does Twistlock and PureSec fit in the PAN portfolio? I’m looking forward to learning more about how the new products will be packaged at Palo Alto’s Ignite event next week, but both seem to fit neatly under the newly announced Prisma cloud security product brand.

After acquiring Evident.IO and Redlock, Palo Alto needed to rationalize those cloud security posture management (CSPM) products with the company’s Aperture cloud access security broker (CASB), GlobalProtect Zero Trust network segmentation product, Traps host-based anti-exploit control, and, of course, the vm-based firewall series. Prisma does that in a clean new packaging model with functional descriptors.

Why is that a big deal? When vendors acquire multiple companies and retain the company and/or product brands, it creates a tremendous amount of confusion for buyers, channel partners, and sellers alike; the lack of descriptive product names too often requires the equivalent of a decoder ring to map brands to functional capabilities. The last thing cybersecurity leaders need is additional complexity, so kudos to Palo Alto for getting crisp on branding and packaging.

The Makings of an Enterprise-class Cybersecurity Platform

We’re all well aware of the acute shortage of cybersecurity skills. Recent research conducted by ESG highlights the issue with 53% of organizations citing a problematic shortage of cybersecurity skills. Two-thirds of the participants in the same study shared that IT has become more complex over the last two years. These realities, along with ever-motivated adversaries, are the drivers behind the trend toward cybersecurity platforms that provide threat detection, prevention, and response across major attack vectors via a centralized, cloud-delivered control plane.

By adding container and serverless security controls to their roster of cybersecurity products and services, Palo Alto Networks is well positioned to meet the cybersecurity platform market requirement. But as is true with any acquisition, it’s all about integration. Beyond integrating the teams and the go-to-market model, it will be critical that the technology be integrated into a clearly packaged set of offerings that ride on a common platform. Prisma provides the packaging framework, now the tech needs a platform of shared services to provide improved operational efficiencies desperately needed to mitigate the ongoing lack of skills and increased complexity.

As security teams commit more and more resources to detection and response activities, endpoint detection and response (EDR) solutions are becoming core to the process. But when we take a step back and look at the bigger picture surrounding threat detection and response, we see multiple, disparate solutions being used to detect and investigate threats, requiring analysts to log into multiple systems or post-process data from these systems to correlate alerts. With many organizations utilizing a best-of-breed tools strategy for their security stack, integrations have become core to the sanity of most security teams.

(more…)