Palo Alto Ignite 2016

I am blogging live from Las Vegas Nevada at Palo Alto Ignite! This has been an amazing year – to be able to go to two Security Conferences so close to one another.

The Palo Alto Ignite Conference is much, much smaller than RSA, only 3000+ people, instead of the 45,000 at RSA. That is really great – so much better. I’ve been able to get into every session!

The main themes here I am gleaning ( aside heavy Palo Alto Marketing ) are Automation and Integration. Palo Alto had many technical breakout sessions that touched on these topics in one way or another. If you stray off the path from the common Security Architecture and go with a single vendor strategy; there do appear to be benefits  [ Disclaimer – I don’t like handing the keys to the castle to a single vendor, and I don’t believe in ‘Silver Bullet’ Security. ]  Presenters at Ignite showed technically how the entire Palo Alto product suite; NGFW + WildFire subscription, AutoFocus +  TRAPs endpoint and Global Protect all heavily compliment one another and leverage one another to stop advanced and targeted threats. Really, it is truly amazing what Palo Alto can do – I’ve use Palo Alto NGFW ( AppID, UserID, URL filtering ] at my current shop + other shops, and I do believe in their products I’ve used and seen first hand. I have not used Global Protect, TRAPS, WildFire, or AutoFocus, although I like what I have seen here!

As an Engineer / my brain has to decode marketing hype from what the products will do when rubber meets road; and for that – you can only learn by doing, by getting your hands dirty.  What was taught and demonstrated here is truly intriguing, it just seems that it would cost an organization a fortune to implement the entire product suite, and you’d be trusting a single vendor with your Defense, and I just can’t buy in into that. ( Or you buy the whole Product suite + other overlapping solutions from another vendor, which is more Architecturally sound, but the cost would be through the roof! )

Other vendors do the same – The Cisco / Sourcefire product suite is a also fine example of getting IoCs from different parts of the org and putting them together to paint a picture, endpoint, IPS and Firewall; and those devices all talk to one another  and then give a single pane of glass to help you recreate a kill chain for your investigation / forensics / finding ‘patient zero’. Pretty neat stuff, but again, you have to get on the Cisco train.

This may be a pie-in-the-sky vision . . .but I hope for a day when the all the Security vendors will inter-operate  and work as well with each other as they do with themselves through some secure standard framework. Right now, its vendors – within each vendor’s Framework.  Doug Burks has done some great work merging stand-alone open source Security tools into the Security Onion to leveraging one another for getting context around the data and the ability to pivot between the tools. So Integration is already happening in the open source world; which means this is where we will see automation first! ( outside of single vendor solutions ). This is supposed to be about Ignite . .I digress.

Ignite has been very technical – also a positive divergence from RSA -. The Ignite sessions were lead by both individuals from within the Palo Alto org Engineers, Product Managers, etc; and some sessions were led by people from other companies, such as Steve Donald from Hexis. I’ll be translating my caffeine fueled writing in my notebook to this blog over the coming weeks to share what I’ve learned with you!  Stay tuned for more.