Analysis: Palo Alto Networks introduces new security capabilities at RSAC Conference – News

Palo Alto Networks Inc. kicked off this week’s RSA Conference in San Francisco by introducing new capabilities for its ever-expanding security portfolio.

The announcements were focused on its two major platforms: network security and Cortex.

Prisma Access Browser 2.0

Palo Alto Networks has introduced Prisma Access Browser 2.0 into its secure access service edge offering. In late 2023, Palo Alto acquired Talon to jump into the secure enterprise browser market and now it has made the offering part of its SASE stack. Capabilities include:

• Safely enabling generative artificial intelligence use and protecting data with real-time visibility, access control and user coaching to accurately secure sensitive data with LLM-powered context-based classification to prevent leaks or breaches.
• Real-time defense against sophisticated web attacks to detect evasive and targeted attacks, such as AI-generated cloaking and SaaS-hosted phishing.
• A reimagined unified user experience that provides maximum performance for modern web and SaaS applications while enabling users to easily launch legacy infrastructure from the same browser.

Other new Prisma SASE capabilities include endpoint data loss prevention; integration into Prisma SD-WAN to support new productivity apps and extend enhanced user-to-app performance to the branch; simplifying the information technology experience with a next-generation unified SASE agent; and the addition of Oracle Cloud Infrastructure to extend the global reach of Prisma SASE and deliver cloud resiliency and greater uptime.

Secure enterprise browsers aren’t new, but the market has been in a bit of a renaissance. Older solutions required users to install a separate browser, where current solutions, such as Prisma Access Browser run in Chrome and Edge making it invisible to the user. Also, with the permanency of remote work, for many organizations, the browser has become the primary workspace. Securing the user and data at the browser brings consistent security to the first line of defense.

Cortex XSIAM 3.0

Palo Alto unveiled the 3.0 version of Cortex XSIAM, the next version of its SecOps platform. Among the new features are proactive exposure management and advanced email security, which enable customers to consolidate more functions onto Cortex with better and faster results, providing a proof point as to the value of platforming their security operations center.

Cortex Exposure Management prevent attacks by using AI to analyze the massive amounts of data to prioritize and remediate actions across the attack surface. What’s interesting about the release is it changes the role of XSIAM. Palo Alto Chief Executive Nikesh Arora often talks about security tools being designed for “peacetime” or “wartime,” with XSIAM being the former. Exposure management adds in element of war time and playing a dual role.

Other new capabilities include:

• Providing a unified solution to uncover risks across native network, endpoint, and cloud scanners that can integrate with third-party sources.
• Reducing alert noise based on actual risk by using AI to prioritize high-risk, exploitable vulnerabilities — without the need for compensating controls — and eliminating false alarms.
• Preventing future attacks by creating new projections for critical risks in native network, endpoint and cloud security solutions, and automating remediation with playbooks across first- and third-party tools.
• Stopping sophisticated email-based attacks with Cortex Advanced Email Security by:
  • Detecting advanced fishing and email-based threats with large language model-powered analytics that continuously learn from emerging threats.
  • Using built-in automation to stop attacks in real time, automatically remove malicious emails, disable compromised accounts and isolate affected endpoints.
  • Extending detection and response with email context that correlates email, identity, endpoint and cloud data to show the full attack path to facilitate incident response.

Palo Alto expects the new SASE features, Exposure Management, and Advanced Email Security to be generally available in Q4 of fiscal 2025, which ends July 31.

Prisma AIRS

Palo Alto also introduced Prisma AIRS (pictured), which is an AI security platform designed to protect the entire enterprise AI ecosystem, including applications, agents, models and data. It addresses both traditional and AI-specific threats, enabling organizations to deploy AI more confidently.

Built on the Secure AI by Design portfolio that Palo Alto launched in 2024, Prisma AIRS capabilities include:

• AI Model Scanning checks AI models for vulnerabilities to enable enterprises to secure AI ecosystems against a wide range of risks, including model tampering, malicious scripts and deserialization attacks.
• Posture Management delivers insight into AI ecosystem security posture risks due to a number of issues, including excessive permissions, sensitive data exposure to platform misconfigurations, and access misconfigurations.
• AI Red Teaming enables security teams to identify potential exposure and risks proactively. They can use a Red Teaming agent to stress-test AI deployments by performing automated penetration tests on AI apps that adapt how an attacker would.
• Runtime Security protects LLM-powered AI apps, models and data against runtime threats, including prompt injection, malicious code, toxic content, resource overload, and more.
• AI Agent Security enables enterprises to secure agents, including those built on no-code/low-code platforms, against various new agentic threats.

During RSAC, Palo Alto announced the intent to acquire Protect AI. As the name suggests, the vendor focuses on security AI and machine learning systems. At the event I talked with Anand Oswal, senior vice president and general manager of network security at Palo Alto, about the acquisition. “When the deal does close, Protect AI will become part of the Prisma AIRS team, accelerating our journey to comprehensively secure every app, agent, data set and model,” he said, so there’s more to come.

For Palo Alto, this was a strong set of announcements as it expands the definition and capabilities of its platforms. Almost every security professional I talk to has bought into the concept of the platform but struggle with how to get from where they are today to the future state of a platform.

The challenge for Palo Alto, and the other platform vendors, will be to help companies migrate from multivendor, multitool environment and consolidate down to a few platforms. It’s what customers want. Now the vendors need to help them get there.

Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for News.

Photo: TK