Event Recording

How the Current Crisis could become a Catalyst for Various Transformations

Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Morning everyone. So my name is not Martin side. I'm standing in for my boss who called a cold, and I have the pleasure to be with you here this morning. So I'm leading the systems engineering teams for the global accounts at Palo Alto Networks. So the question is, if the current crisis is really a, an accelerator, a catalyst for transformations, and before we respond to that, let's, let's think about what kind of transformations we are talking about. So what we are talking about with customers these days are a couple of things. One thing is we are talking about vendor or tool consolidation. So what Martin, Kuppinger mentioned this morning, this is really a big topic and as part of that, it's always the the point how much automation, how much automation can help me by doing that. In the end, organizations want to improve their security capabilities, and there are of course these big projects buzzwords out there.
Zero trust, network access, xdr. And so what we are discussing with, with our customers there, but there are other parts like working from home. These are the, this is something very significant since the pandemic and the ongoing shift to the cloud. This is what is happening in most of the meetings. One of these points or more of those, so behind that are basically three transformations in the security market that we are seeing. The first one is network transformation. And if we talk about network transformation, it's basically a combination of two things. One thing is the cloudification. So the desire to use the advantages of the cloud to to be able to scale quickly, to automate whatever is possible and to combine this with security by design. So not using security at the end and attaching it to existing solutions, but instead by design. Putting this together.
And this is a merge of the networking and the security market. And you can see this of significantly a very, very, in a very specific way if you see that budgets are being combined to address network transformation projects. These are networking budgets and security budgets because you have to solve certain problems there because the, the way that networks work have changed today it is important to, to come up with a, with an IT where you secure all your users on all your devices in a very granular way. And the desires really have a consistent policy for whatever you do, independent of where the user is located. So he could be in an office, he could be on the road, he could be at Starbucks or at home. It should all be the same thing. And basically what users are then doing, they're connecting to applications which sit anywhere.
It could be in the data center as always, as it always has been, but also in the cloud more and more so the perimeter's gone and the attack surface has completely changed. The way we approach that and we see that the market is moving towards that, is that if you want to address that, it's good to have a network security platform which basically incorporates all the capabilities, all the security capabilities that you need in software delivered through the cloud. So all we do, all capabilities we have are basically subscriptions that we run in the cloud. And this network security platform is the glue between the users and the applications wherever they are. And if you, if you do it like that and if you really believe in software that this is the right thing to do, then the beauty of that is it doesn't matter where this software runs, it can run on an appliance somewhere in your data centers. It can run as a virtual virtual firewall somewhere maybe delivered through a marketplace or a hyperscaler and also it can be delivered as a service, so as a SASSI solution. So if you have that and always the same capabilities, that's actually where the market is, is moving towards
The, the big, the big topic around sasi and zero trust, network access. I don't want to go too much in detail, but all our customers have projects out there in, in this area. And if you want to, if you want to compare solutions that are available, sometimes it's very difficult to to find the differences, but the, the biggest differences are in granularity because everyone will tell you we are doing least privilege access. That's one of the basics of zero trust and therefore also of zero trust network access. But what is least priv, what has least privilege access been? 10 years ago it was very much around what is allowed in terms of communication from an IP A to an I P V, but it was not application aware. And then over time these solutions became more application aware. But very often the solutions out there differentiate only for let's say web-based traffic and non web-based traffic. But you can be much more granular. That's what we believe. And if you do, if you do that, then you, you are very well prepared for for what is happening in this transformation. Like all the others, we are combining the solutions with services and also with the digital experience management. This is what you see in our portfolio and somewhere else. So the network transformation is happening and it has been driven by the, by the pandemic. We've seen the work from home topic was driving this very much.
The second transformation we are working on is the cloud transformation. This has been going on for quite some time. I put a date in here, 2010 maybe it was even a bit earlier. And what happened in, in the cloud transformation was basically that applications and infrastructure was moving to the cloud was a different split of responsibilities. And that that would, it was basically the game of the, of the first part of the last decade. More and more we are looking at something we refer to as shift left. So in the beginning we looked at securing the cloud in during run time. So if something's running in the cloud, how do we protect it? What are the measures? But it makes sense to shift left, to move left in this application life cycle because even during deployment or during the building of the code, the code development, there are opportunities to secure what is happening later.
Lock four J a very huge campaign that we saw last year is basically something that that takes steps in in the deployment phase. And there are so many possibilities that you can secure code even during development. And it's now is the time really to look at that and to use solutions who do that. The typical approach in our industry would be well buy a point solution for, for all of these areas. And there are solutions out there. If you have been at, its a, the security fair in Berg Couple a couple of weeks ago. There are so many new companies, so many small companies, lots of point products, you can do all that. But this is basically counteracting what you're trying to do in the consolidation of tools because it's no longer possible to handle all that. And if, if you look at a typical number, maybe 12 to 15 point products, that's what you could see here. We are addressing this basically in a cloud security platform in a, in a consolidated way, do we do everything and solve every problem that you have? Probably not. There was a question earlier on, on the lock in the, the risk of of lock in vendor. I think our, the, the task for all of us is really to consolidate but to get to a single vendor in security, we have far away from that and probably this will never happen. So no worries about that, but it helps to consolidate in certain areas.
And the third transformation that we are seeing, and this is just starting now and we think that, that we are driving this, but others will, will follow here is the transformation of the soc, the security operation center has has a a problem because while all other areas were innovating over the last 10, 15 years, the SOC hasn't changed too much. It's not that it has not changed, but if you think about the network, the perimeter's gone. We are looking at zero trust and sassi. If you look at infrastructure, the data center has moved to the cloud, Cloud partially not completely. And the end point, we know that antivirus is no longer what helps you. This is what Martin, Kuppinger meant. Well that's the known, if I protect against the norm, that's easy, but against the unknown you need edr, xdr more information there. So lots of innovation, but in the soc they're still the SIM and even the SIM of course there are new features in the system, but from a concept point of view, this hasn't changed very much.
And you will probably agree that what we see there is that an Analyst in the SOC has the issue that there are so many sensors out there and so many alerts. And the question is really what do you do there? This is an example from a, from a typical enterprise, you may have completely different numbers, even higher numbers. I can show you our numbers later on. They are higher. But let's assume 11,000 alerts per day. Usually it takes four days to, to investigate those. The SOC cannot reach their KPIs. And it means actually that 212 days, the Analyst is just trying to keep the lights on. So if you want to change something, there's not much left. Maybe in Germany, 230 days is in my tax form what I'm working. So if if, if you're sick for a few days that that's not much left. So something has to change there. And what we are doing here is we are trying to combine certain things that are available into a new, new product. And let me, let me give you the idea behind that because it addresses this transformation in the soc. What we have done so far and including ourselves in the SOC was basically the Analyst is is the center of what we are doing. And we have created tools that help him to, to detect, investigate, and respond. And we added recently, over the last few years, lots of strong analytics on it with ai, machine learning, all this on top. And in the end we thought, ah, there are also possibilities to automate certain things that we do. We're trying to flip this and put this from, from the,
From, from the head to the, to the ground. And basically we want to start with automation first. So the idea is why don't we start taking all those alerts, build a, a very, very powerful automation engine, use analytics for that, use all the tools for that, but in an automated way so that in the end only a small portion will remain that the Analyst has to even look at. Sounds trivial, but it's a, it's a different concept. And I have to say I listened carefully to Martin Kuppinger this morning. Cybersecurity for you is more than tools from vendors. You have lots of questions around your processes, your people, how, how to use it. So that's a big, that's a big journey. But if we do that, basically the first thing is of course you need good data, good input, good sensors. That's one thing. And it's important that you do not only use the data from a certain vendor, but that you can include external data of any kind. And every one of you is doing that. External sources, whatever you're using, you, you always try to integrate various sources. Then the automate automation first approach so that you can get to a proactive security.
So we are combining basically all the, all the, let me see if I have a laser, I don't have it. We combine all the functions that you see on the left side into a new suite into a new solution. And we are using this already in our soc. And now I give you the, the numbers from our soc. So what we see is 36 billion events every day. That's a lot. So we are, we are, we're, we are creating a lot of, of events. That's okay. This automation basically drives this down to 133 alerts, which can be grouped into seven incidents. 125 of those are mitigated in an automated way. And so that on a typical day, maybe eight manual alerts have to be worked by the, by the Analyst. Of course this varies from day to day and we cannot never be sure what will happen tomorrow.
But that's the typical situation we have. And this brings down of course the meantime to detect and to respond. And believe it or not, we run, I mean we are not, not so small. We are already 12,000 employees in the company and we are running our SOC from nine to five with I think nine employees. And that's, that's it. And that works. So the, the platforms that that we are addressing are really addressing those large transformations in the network, in the cloud and also around the, the endpoint and the, and the soc. Going back to the question, if the, the crisis or the crisis is that we see these days are accelerating those transformations, from my point of view, that's a clear yes. We've seen the pandemic as the first, first crisis in of, of those in a row that was driving work from home increase of a attack surface and therefore network transformation was driven by that.
And if you, if you listen to senior carefully and you listen to the, to the news and the geopolitical things going on, the risk for every company is increasing. And this means that whatever you do, if you have networks to protect, if you have your cloud assets to protect, you have to put more focus on that. And so these transformations are driving that. We are seeing that, we are seeing that there are more budgets available also for security in this area. This is what I wanted to share with you, that was my view and I would like to, I would be happy to discuss during a break, but if you have questions now, feel free. Thank you.
So are there any questions in the room? Anyone? Anyone? Good? I just have one question here.
That's good.
Would you agree that change management, no change management program is an essential part of any kind of digital transformation as well? We're not kind of, you know, we've talked almost exclusively around the technology this morning, but you know, in your experience, okay, even if you do this, you still need to look at change management.
That's the big thing that I mentioned right now. We very often look at it from a technology point of view and what, what this means for tools and what we can offer to the market for the enterprises, it's a bigger thing. It's around process is people and you need change management for that. You need to, to think about how to do that. And sometimes this, this is a cultural change which is involved. If you think about that we, that we look at the, the cultural change you would need for an autonomous soc. That's, that's a big thing and a big change and you need change management processes there to, to get there for sure.
Okay, great. Any, any more? Going, going, gone. Thanks very much aunt.
Thank you very much.

Stay Connected

KuppingerCole on social media

Related Videos


Recap Cybersecurity Leadership Summit 2022


Key Findings on Malign Information, Misinformation, and Cyberattacks

Ksenia Iliuk, Head of Research at Detector Media, Ukraine tells us about some key findings of their research in the media landscape of Ukraine. Find out what she has to say about Telegram and what it has to do with #cybersecurity .

Analyst Chat

Analyst Chat #149: The Top 5 Cybersecurity Trends - Looking Back at CSLS 2022

Deep Fakes, AI as friend and foe, Business Resilience, Mis-, Dis- and Malinformation: The Cybersecurity Leadership Summit has taken place in Berlin and covered all of this and much more. Martin Kuppinger and Matthias look back on the event and identify their Top 5 Trends from CSLS2022 in…

Event Recording

Assessing your Cybersecurity Tools Portfolio: Optimize Cost, Increase Security

Most organizations don’t suffer from a lack of cybersecurity tools. They suffer from the cost and administrative burden of running too many of these. They suffer from the lack of integration. They suffer from the lack of skills in optimally configuring the tools and analyzing the…

Event Recording

Cyber Warfare - A Reality Check

Cyber Warfare and Disinformation have been heavily weaponized since Russia´s full-scale Invasion of Ukraine and even before, aiming at destabilizing the free part of the world. It is the "synergy of the evil" between cyber warfare and MDM (Misinformation, Disinformation,…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00