Why Cisco-Splunk, Palo Alto Networks Are Targeting ‘Real-Time’ Security
The arrival of new AI-powered capabilities and technologies such as XDR have the potential to enable faster detection of threats than was previously possible, according to executives from both companies.
Cisco and Palo Alto Networks may have an intensifying rivalry in the market for security operations tools, but executives from both companies agree on this: The future is real-time security.
The arrival of new AI-powered capabilities and technologies such as extended detection and response (XDR) have the potential to enable faster detection of threats than was previously possible, executives from both companies have told CRN recently.
[Related: As Palo Alto Networks Absorbs IBM QRadar, Traditional SIEM Is Fading: Analysis]
Among the many industry-wide security issues right now, a key focus should be on “the need for cybersecurity to be real time,” Palo Alto Networks Chief Product Officer Lee Klarich said in an interview earlier this month. “There are too many places where technology has not kept up with the pace of attackers.”
The timespan between initial attack and breach has dropped to an average of about five days, a fraction of what it was even just a few years ago, Klarich told CRN.
“But we’ve seen attacks that have been in hours. And so that time window is the amount of time that companies have to be able to detect and remediate, in order to disrupt the attack before it completes,” he said. “We believe that that will continue to narrow, requiring security to be as close to real time as possible.”
Palo Alto Networks is working toward delivering on the vision of “real-time security” with its recently debuted Precision AI capabilities, which include both generative AI and machine learning functionality — and are now embedded throughout the company’s portfolio.
By leveraging Precision AI, “based on our rough analysis, it's about a 60X improvement in speed of knowing about new attacks,” Klarich said.
Meanwhile, Palo Alto Networks is set to become a bigger player in the security operations tools market with its planned acquisition of IBM’s QRadar SaaS business for $500 million, announced last week. The move is aimed at migrating QRadar SaaS customers onto Palo Alto Networks’ Cortex XSIAM (extended security intelligence and automation management) platform, an AI-powered offering that competes with SIEM (security information and event management).
That will make Palo Alto Networks a more serious competitor to the alliance of Cisco and Splunk. In March, Cisco closed its $28 billion acquisition of Splunk, a massive force in SIEM whose technology was recently integrated with Cisco’s XDR platform.
“SIEM doesn't replace XDR. XDR doesn't replace SIEM,” said Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group, in an interview with CRN. But putting the two together is a “powerful” combination for enabling real-time security, he said.
“XDR is a much more narrow, much more focused, much more real-time solution. We're trying to see exactly what you're doing at the time that you're doing it — to know, should we take action?” Gillis said.
Splunk, meanwhile, brings “the broadest context of any security tool in [our] inventory. It's sort of all-seeing and all knowing,” he said. “Splunk sees systems that XDR will not see.”
As a result, when Splunk provides that context into XDR, the combined capabilities can become far more effective at detecting and stopping threats in real time, according to Gillis.
There’s no question that capabilities for detection of threats have accelerated, said Bill Young, managing partner at Optiv, a Denver-based cybersecurity powerhouse and No. 24 on CRN’s Solution Provider 500.
“The discovery that's going on — and the speed and the depth of it — is great. It is a big shift from years prior,” Young said.
The challenge, however, is that it often takes significant work to ensure that customers don’t end up with a lot of false positives, he noted. For most customers, achieving true real-time security “requires a much better alignment between the client and the product than I feel exists today,” Young said.
Still, going forward, “I do think we'll get faster with it,” he said.
As for the IBM QRadar announcement, the deal undoubtedly highlights the rise of XDR as a newer — and potentially, higher-quality — method for detecting cyberthreats than traditional SIEM, according to Allie Mellen, principal analyst at Forrester.
Prior to XDR, the security industry had never seen a market that could "potentially take on some of the more-established SIEM vendors,” Mellen said.