A zero-trust-based platform-centric approach, which brings together best-of-breed components for unified management and consistent security, is the future of network security, argues Anand Oswal, senior VP and GM of network security at Palo Alto Networks.

“It is next to impossible to have a consistent security architecture if you don't have a platform-centric approach. That's why zero trust and platform are intertwined. If you want to have an enterprise zero trust, you need to go to a platform-centric approach,” Oswal told SDxCentral.

He highlighted the increasing need for consolidation and simplification in the network security space. “When we talk to CISOs and CIOs, consolidation, best of breed and zero trust are topics that are on their mind. They're also worried about too many tools, too many vendors, fragmentation of their security constructs.”

And when organizations navigate the current landscape, this security complexity combined with the talent and training shortage makes the situation worse. On the other hand, attacks are getting increasingly sophisticated. That's why customers are demanding a consistent, end-to-end, zero-trust security architecture, Oswal noted.

“If you think about the journey over the last many years, security is always the best-of-breed play, but it also needs to be a platform play,” he said.

In the keynote of Palo Alto Networks’ Intersect '23 event, Oswal listed the components of a network security platform, which include artificial intelligence (AI) powered, centralized management and operations; cloud-delivered security functions like advanced intrusion prevention, URL filtering, sandbox, domain name system (DNS) security, data loss prevention, software-as-a-service security and IoT security; hardware and software next-generation firewalls and secure access service edge (SASE) capabilities.

The differentiation is the intelligence and data behind the platform, he noted. “What sets our architecture apart is the power of AI-driven, day-zero detection capabilities,” he touted. “Each day, we collect and analyze a vast amount of data, allowing us to identify approximately 1.5 million new attacks that we have not encountered before. By applying artificial intelligence and machine learning models to 750 million events, we blocked over 8.6 billion attacks every single day.”

This platform should be able to seamlessly integrate each service, share intelligence to protect all scenarios, offer a unified management dashboard, provide visibility of the entire threat landscape across all control and enforcement points, and deliver consistent security across all form factors. “That's the future. That's the Holy Grail. That's where we want to get to,” he said during the pre-event interview.

The network security platform approach should be based on zero-trust principles. And the core requirements of enterprise-wide zero trust are centralized management, operations and enforcement at scale; least-privilege access across all users, apps and devices; continuous security inspection and any form factor, Oswal noted.

“It's an idea that for every connection, we should identify the user, the device, the application being accessed and make an informed decision to allow or deny access. By default, access is denied, and only granted based on [least privilege access principles]. And once the connection is allowed, it secures the connection continuously,” he explained.

Oswal said the network security platform can simplify the zero-trust journey. "A typical approach relies on numerous point products to achieve zero trust and that is simply not viable. It leads to operational complexities and a subpar user experience."

He gave an example of an inconsistent security experience when a user accesses an application from different locations through different security stacks.

“I'm in the office and I'm accessing an application that sits in my private data center. So I'm going from my office to my firewall, which protects my applications and data center ... Now, let's say in the afternoon or evening, I go back home and I'm trying to access salesforce.com or [other apps]. And if I go through my SASE stack, which is different from my stack protecting my data center, I'm having a different security experience. So how do I have a consistent policy? It can only happen when I have a platform-centric approach, where I have the same policy constructs no matter where I am, or what application I access from there.”

Photo: Anand Oswal. Source: Palo Alto Networks