Palo Alto Networks Execs See Big Partner Opportunity In XSIAM, Prisma And More

'As the scale of these transformations has increased, the SIs, the community and the partners have become even more important,' Palo Alto Networks Chief Product Officer Lee Klarich tells CRN.

Palo Alto Networks CEO Nikesh Arora is setting the tone on the importance of solution providers for the security platform vendor’s go-to-market, with executives across the vendor’s product portfolio looking to grow the partner opportunity.

CRN recently spoke with top Palo Alto Networks executives during a press-and-analyst event at the vendor’s Santa Clara, Calif., headquarters, all of whom echoed Arora’s view that solution providers help achieve positive outcomes with customers and that, to be an effective channel partner today, one needs to robust advisory and consulting practices.

System integrator partners, in one example, are “able to help take a large enterprise through a platformization project,” Palo Alto Networks Chief Product Officer Lee Klarich (pictured) told CRN. “These are bigger projects. They're more multi-faceted in nature. They have more of a consultative aspect to them. As the scale of these transformations has increased, the SIs, the community and the partners have become even more important in terms of how we help our customers go through this and give them the resources and expertise to supplement their own capabilities on a global basis.”

Palo Alto Networks Partners

Palo Alto Networks has about 15,000 channel partners worldwide, according to CRN’s 2024 Channel Chiefs.

In another example of the importance of Palo Alto Networks partners, Amol Mathur, the vendor’s senior vice president and general manager for its cloud security platform Prisma Cloud, told CRN that cloud usage growth and growing adoption of artificial intelligence (AI) have given customers more assets that need securing.

“If I have a big cloud footprint, that's where all the attackers are now pivoting to essentially with ransomware and so on,” Mathur said. “So in terms of demand, it's off the charts.”

Here is a look at where five top Palo Alto Networks executives see the business opportunity for the vendor’s partner ecosystem.

The Power Of Partners In Platformization

Lee Klarich

Chief Product Officer

What I would call out is, in particular, the value of the larger, more system integrator scale partners, where they're able to help take a large enterprise through a platformization project.

These are bigger projects. They're more multi-faceted in nature. They have more of a consultative aspect to them. As the scale of these transformations has increased, the SIs, the community and the partners have become even more important in terms of how we help our customers go through this and give them the resources and expertise to supplement their own capabilities on a global basis.

There are some partners that can scale worldwide. But in many cases, there are specialists across different parts of EMEA (Europe, the Middle East and Africa). Even regionalization within EMEA. And Asia is sort of the same way. We have spent a lot of energy building out that broader ecosystem of partners to help with their customers. I’ll call that the transformation category.

Then there's the category of, OK, even once that's done, do you have all the expertise needed to then run and operate it? And so that's more of the MSSP category that sits on top of it. We've been, at least from my perspective, starting to do a better job of making sure that we're strategically aligned with our partners in that category.

Take XSIAM (extended security intelligence and automation management) as an example. It enables the SOC (security operations center) to be run very differently. And so it's important that as we approach our MSSP partners relative to managed SOC services that they've strategically aligned with our approach.

It doesn't really work super well to take a managed SOC service designed for legacy technology, put them on top of XSIAM, and take that to a customer. Customer gets confused. … In a way, we’ve sort of gotten picky as to who best aligns with how our products work and therefore adds the most value when running on top of and/or integrated with our products.

(As for future product iteration, we’re) starting to get more prescriptive around–what does ‘great’ look like. What do we believe a really good security architecture looks like? What is a really good security outcome? And then how do we align everything we do toward those outcomes, whether it is what we as Palo Alto Networks do or our partners, managed service provider partners and everyone else, are they aligned with helping our customers achieve those outcomes as well?

Obviously with customization and other things like that. But it's basically getting more opinionated on what a good outcome is and how to accomplish it, as opposed to saying, ‘Yeah, you can do whatever you want to.’ Technically they can. But in most cases, our customers actually want us to help them on how to achieve the right outcome and how to solve some of these problems that maybe they’ve been stuck on for quite awhile.

The AI Security Opportunity

Amol Mathur

SVP, GM, Prisma Cloud

We work with a lot of GSIs. We have a lot of partners who resell, who service a whole suite of products–not just cloud, but our soft products as well and so on.

When you look at cloud security, specifically, a number of stats will tell you the growth has been phenomenal of the underlying consumption. The pandemic hyper accelerated it. And now, with AI largely being available only in public cloud with GPUs (graphics processing units), even people who are not very cloud forward, they are moving faster than they would have because if they want to experiment and do something it's always in the cloud.

So we are seeing a tremendous amount of need for security–everything from foundational cloud posture all the way to understanding in deep what data and AI assets are being used, all the way to ‘give me runtime threat prevention, detection and response capabilities.’

Because if I have a big cloud footprint, that's where all the attackers are now pivoting to essentially with ransomware and so on. So in terms of demand, it's off the charts. In terms of just the market growth.

The second thing is that, while cloud security (has) been around for five, six years, it's still a market where a lot of customers don't have the maturity. And when I say maturity, I mean everything from getting a cloud security program up and running and operational all the way to … monitoring, triaging attacks, helping with remediation at scale, putting architectures where you're trying to prevent as many things and do secure by design and so on.

So there's a lot of opportunity for experts to come in and advise customers on how to do this. … That's a big trend that we are seeing, that there's just not enough skill set. And a lot of the constructs that people use in cloud, they are very different.

When we think of, in the enterprise world, single-sign-on user identities–in the cloud world, there is a huge portion of non-user machine identities.

And how they get assumed and exploited and abused to gain access and breaches happen–that expertise needed is quite different. That's where organizations that know how to do this can provide everything from basic deployment services, ongoing fine-tuning, all the way to fully managed cloud SOC, cloud posture, vulnerability management, et cetera.

Data and AI is a big area for us (looking ahead for product innovation). We have released solutions for data security posture management, AI security posture management. And with AI security posture management, related to that, very complimentary to that, our peers in the network security team have released AI access security and AI runtime security.

In most cases, even the companies don't know how the data is being used by the AI model, because it's kind of a black box.

(Another area is remediation at scale.) You need a strategy using AI to be able to remediate those issues in fewer steps. If you just go one by one, from top to bottom, you'll never be able to resolve your issues.

The SASE And Prisma Access Opportunity

Anand Oswal

SVP, GM, Network Security

We’re seeing great activity from them (MSSPs) on all things SASE. We're seeing great activity on GSIs (global system integrators) wanting to sell a unified SASE.

The GSIs, MSPs, MSSPs, all of them (are choosing Palo Alto Networks) because it allows them to differentiate their offerings. Networking is really coming together.

You think about just remote access, for the most part–(when) companies allow any remote access solution, Prisma Access or somebody else … they’re actually outsourcing a network because you're no longer running a network like you did in the old days.

Some providers will use the cloud like we use–combination of different cloud providers for redundancy. Some will build their own through Equinix and leasing through things at scale.

Then you want to have combined visibility across networking and security and common logic to identify applications on your SD-WAN device and your Prisma Access device and be allowed to then add more services on top–like visibility from user applications. … The value add for the GSIs, MSSPs, MSPs is when you can unify. It also differentiates them.

Transforming The SOC With XSIAM

Scott Simkin

VP, Marketing, Next-Generation Security

(I think about) how am I going to provide an amazing platform, a set of products that we can give to a partner to deploy, operate, manage, and run 24 by seven on behalf of their customers.

The days of a VAR pushing paper, that's not how you're going to differentiate yourself. You have to build in value-added services.

When I'm talking to our partners in the big consulting firms, one of the things they always say is, ‘Every single company is asking the question of how do I transform my SOC?’ And that question is predicated on a few different things. The customer is sitting there going, ‘I have a mess of technology. I have far too much data and alerts than I can possibly deal with. And of course, I don't have enough people. I need a better path.’

And when they look at everything, they need a third-party, trusted partner who says, ‘I can look at your environment. I can understand your challenges. I can understand your needs. And I can help you get from point A to B for transforming your SOC.’

They help them modernize and standardize on XSIAM so not only are they deploying a few different things. How do we stop the most possible–get to as close to 99.9999 percent–of attacks as possible? Then we say, ‘How do we prioritize the small few that get through with AI and analytics?’

And how do we give them full context, full visibility, understanding of what is occurring so they can paint the picture in their own SOC of what occurred–connecting the dots, so to speak–and then take an action. So when you talk to an MSSP or GSI, they're doing all the hard work of architecting, designing and maybe even through deployment. But our play and a win-win for us–the customer and the GSI–is having the best AI-driven platform in the market.

How do we help build out the right systems, the right processes, and help them build their business on top of XSIAM? Partners out there are making more money, signing bigger deals and helping customers do significant transformations with XSIAM than a legacy SIEM could possibly get them in business.

Nearly every single customer we talk to and they will talk to is using a legacy SIEM. Whether it's anyone who's been around for 10, 15, 20 years. So the market is ripe for disruption. And what I want all the partners to think about is, hey, they can work with a best-in-class platform. They can work with a partner that they know is channel-led–unlike some of our competitors, who like to take things, perhaps, direct and not give them an at bat, which hurts their business, ultimately, at the end of the day.

And how do we deliver something that is truly, truly transformative? I was just talking to a customer … what they told me is, we're in a situation where it is untenable for us in our security team. It's untenable because the risk of a breach is so high, because of that underpinning of where's the data coming from, what's the system it's going into? And then how do I throw dozens and dozens of people at a tool that ultimately doesn't get them to an outcome that they want, which is, stop the adversary? Then I showed them XSIAM. … The second you show them a demo, their eyes light up.

Seeing is believing for XSIAM. And any customer who sees it, who has experience with a legacy SIEM, a first generation EDR or the other tools that sit within that SOC, they will absolutely fall in love. And it will be an outcome that they can count on.

The Cortex Opportunity

Elad Koren

VP, Products, Cortex

We've seen a lot of traction from partners. (Cortex, Palo Alto Networks’ XDR product) is something that is constantly getting improved, and we are seeing the motion with what they can do with the system, because of its flexibility, the scalability of the system–it's huge.

We launched earlier this year the MSSP set of capabilities. And this was a result of the fact that a lot of the partners were asking for something like that so that they can actually operate based on that.

And we do see this being taken to the market with great results so far. So very exciting.