Palo Alto Networks extends Google partnership and strengthens Xpanse at Ignite event

The integration of PAN’s Prisma Access with GCP’s BeyondCorp Enterprise lets Prisma users secure their devices through an unmanaged browser, while the Cortex platform has been strengthened by adding new proactive capabilities to Xpanse Active Attack Surface Management.

Matt Kraning, CTO of Cortex, Palo Alto Networks.

Last week, at their Ignite ‘22 Conference in Las Vegas, Palo Alto Networks made a pair of major announcements to bolster their cybersecurity portfolio. The company announced an expansion of their partnership with Google Cloud that integrates Zero Trust solutions from both companies, Google Cloud’s BeyondCorp Enterprise and Palo Alto Networks’ Prisma Access. It will let Prisma users secure access for their unmanaged devices through a Chrome browser. The other announcement involves Xpanse Active Attack Surface Management for Palo Alto Networks Cortex, and adds a new automated capability to proactively fix both known and unknown internet-connected risks, as well as detect them.

Integration announcements made at events typically involve a hot offering just announced by the hosting vendor. That’s not the case with the Google-Palo Alto Networks partnership, however. Google Cloud BeyondCorp Enterprise dates from 2012, when it was originally positioned as a pure VPN replacement, which has evolved with the technology into a Zero Trust solution. Palo Alto Networks’ Prisma Access is not quite as venerable, but is still approximately five years old, and is also a mature solution.

“We have had a strong partnership with Google since 2017,” said Matt De Vincentis, VP for SASE Marketing at Palo Alto Networks. “These two products are complementary ones which resolve different challenges in the environments. Both are mature and robust product offerings that let us provide a massively distributed service, and is another step that deepens our partnership with Google.”

De Vincentis said that the Prisma Access solution, being a second generation Zero Trust Network Access offering, overcomes the limitations of both traditional VPNs and the first generation of Zero Trust products. It combines threat intelligence and machine learning, and automatically detects and remediates threats to users, applications or enterprise data.

“Zero Trust Network Access is replacement for these earlier forms of remote access solutions which provided too much access,” he stated. “This solves that problem and reduces the attack surface, which is particularly useful in hybrid work environments. What is new and which this partnership specifically provides is adding the ability for users on unmanaged devices to secure access through a Chrome Browser. BeyondCorp Enterprise has some unique technology that enables users on unmanaged devices to gain access through a Chrome Browser. Our joint customers will now have an option for bringing the two together. Large enterprises in particular often tend to use us both, and will get the benefit of both of us working together in this way.

De Vincentis said that this strengthened solution will be a major asset for channel partners.

“By bringing these together into this joint solution, partners will be able to drive a more robust solution to their end customers,” he stated.

The other major announcement from the event was the introduction of a new  capability for the Cortex platform: Xpanse Active Attack Surface Management [Xpanse Active ASM]. This adds the capability to proactively fix their known and unknown internet-connected risks as well as find them.

“Xpanse was acquired almost two years ago, and remains Palo Alto Networks’ largest acquisition to date,” said Matt Kraning, who was the CTO at Xpanse and is now the CTO of Cortex.

“Going back over 20 years, there was a knee jerk reaction in the industry that users were the primary weakness in security, with attackers using phishing and similar techniques to trick employees into giving them access,” Kraning commented. “Cortex XDR protects against those threats – and you still need to protect against them – but the worst breaches today are not from phishing,  but in IT systems on the internet that were left unmonitored or unmanaged by the organization. That’s what happened with Equifax, as well as everything associated with WannaCry. People got in through unknown Internet assets.”

Kraning said large companies are particularly susceptible to this weakness.

“The root cause is the lack of a central repository for everything they have online,” he noted. “30-40% of IT is unmanaged and unmonitored and is on the public internet. They often haven’t had their security updated for years. The move to the cloud, the increase in remote work, and M&As have all enhanced this problem.”

Xpanse Active ASM has not had this proactive remediation ability in the past.

“In the past ASM has been about finding and inventorying, and our technology has focused on being the most accurate and complete,” Kraning said. “Now the active response module natively embeds automation inside ASM, so you can fix a problem automatically. About 2/3 of all ransomware’s origin is remote desktop protocols insecurely exposed and on the public internet, and it might take an analyst five hours or more per incident to track it down. Now the automation identifies the service owner and instead of filling out a ticket, you can email the person who owns the service, and block things until they are changed. The overall time to resolve is significantly reduced, as it can go from multiple weeks to five minutes for full resolution.”

Kraning said this all took an enormous amount of work.

“Building the response capability was a substantial effort, tying together a signal on the internet, bringing it together with a huge amount of technology needed to trace that external source, and link it up to the internet assets, and then push a button to stitch it all together,” he said. “It was hard problem by itself just to get to full visibility, and now we are the first to introduce real-time response capabilities.”

Kraning also noted that these capabilities will also take the solution downmarket from very large organizations.

“Now, to full get the solution’s capabilities, you have needed to be very large,” he said. “This democratizes things down to where you don’t need crack teams or a large SOC. It improves efficiency for large customers and opens to it up to mid market ones, where companies with 5000-25,000 seats can make use of ASM.”