0:01 Please welcome Chief Marketing Officer
0:03 Kelly
0:05 [Music]
0:11 Walder. Well, good afternoon everyone
0:13 and welcome. I'm Kelly Walder, CMO of
0:16 Palo Alto Networks and we're thrilled
0:18 that you're here with us during one of
0:19 the busiest, boldest, and noisiest weeks
0:22 in cyber security. It's a week that's
0:24 packed with big announcements, new
0:26 buzzwords, ambitious promises, but let's
0:30 be honest, sometimes it's hard to tell
0:32 the signal from the noise. And that's
0:34 why it means so much to us that you've
0:36 chosen to be here
0:38 today. But we know you're not here just
0:40 for the latest trends. You're here for
0:43 real innovation, for solutions that
0:45 aren't just louder, but smarter. Not
0:48 just flashy, but genuinely
0:50 transformative. At Palo Alto Networks,
0:52 we believe cyber security isn't just
0:55 about staying ahead of threats. It's
0:57 about delivering clarity where others
0:59 deliver complexity. It's about building
1:01 trust, reliance, and true operational
1:04 impact, not just another headline. And
1:07 it's about anticipating what's next in
1:10 order to secure the future. Thank you
1:13 again for being here. We can't wait to
1:15 show you what's next.
1:28 There's an entirely new vector of attack
1:32 in a business through AI.
1:36 Some of the things that we're doing
1:38 together as partners are things that I
1:40 thought about and dreamed about as a kid
1:42 and now it's real. AI has emerged as a
1:46 really powerful and once in a generation
1:48 type of force since the invention of
1:50 electricity or discovery of fire. It
1:52 might be civilizationally one of the
1:55 most important paradigm changes for us.
1:58 We're very invested in the future of AI
2:01 and the technology that it is enabling.
2:04 So we need to make sure people are using
2:06 it in a safe way. We believe that the
2:09 next step of evolution in our
2:10 organization is artificial intelligence.
2:13 What this enables is us to be more
2:16 comprehensive in the responses that our
2:18 team members are able to give to our
2:20 customers. It's very important to know
2:22 how you're using these AI tools and what
2:24 data is being put into it because if
2:26 that data is misused, it will affect the
2:28 brand in a negative way which is
2:30 unacceptable for us.
2:35 What we want is every employee to
2:37 realize the full potential by adopting
2:40 all the AI tools that the enterprise has
2:43 to offer. You focus on the creative
2:45 aspect. You focus on the innovation.
2:47 That's what we mean. If their data
2:50 governance and auditing is not in a good
2:53 place and they allow AI applications to
2:56 consume this data, allow employees to
2:58 generate insights, they're basically
3:00 sitting on a ticking time bomb.
3:07 Please welcome chairman and CEO Nikesh
3:12 [Music]
3:13 [Applause]
3:13 [Music]
3:17 Aurora. All right, welcome everybody and
3:20 thank you for being here. As Kelly said,
3:22 you have a lot of options to look
3:24 around, see all kinds of different cyber
3:26 security solutions, and we're glad you
3:29 chose to come to the platform vendor of
3:32 the industry. We appreciate it.
3:35 Um, the good news is we're going to talk
3:38 about what everybody's talking about,
3:40 which is called AI. Uh, the bad news is
3:42 my team's told me they're going to do
3:44 all the demos and tell you all about the
3:45 cool stuff. So, I'm supposed to keep you
3:47 entertained for 15 minutes without
3:48 actually saying anything substantive.
3:50 Um, it's not hard to do. Um, but we're
3:54 going to talk about AI and talk about
3:56 AI. We're going to talk about data.
3:57 We're going to talk about uh the fact
3:59 that our platform vision is still alive.
4:02 A few years ago, about 18 24 months ago,
4:05 we told you that we felt the time for
4:09 best of breed was slowly going to
4:13 migrate towards the time for the
4:15 platform. And we're seeing that in
4:17 spades everywhere. We have come to a
4:20 point where we have two platforms. Our
4:22 network security platform and our cortex
4:27 platform which effectively is our
4:28 platform uh which in our mind
4:32 replices the next generation SIM or the
4:35 SIM of the future because that's kind of
4:36 where all the action is. Now what's
4:39 changed in the last 12 to 24 months is
4:43 that with this conversation about
4:47 AI, two major changes have happened.
4:51 One, AI is becoming a tool not just for
4:54 the good guys but also for the bad guys.
4:56 As a
4:57 consequence, the time from when a bad
5:00 actor decides to focus on you as one of
5:05 their people they want to go after, the
5:08 time from when they decide that the time
5:09 when they can get in and excfiltrate
5:11 your data has compressed under an hour.
5:14 Which means we're getting more and more
5:16 close to real time and real time
5:18 protection as you need to be. As a
5:20 consequence, the entire industry has to
5:22 pay attention to how do we go from the
5:24 traditional mechanism of protect what
5:26 you can send everything else somewhere
5:28 else and have that get have that
5:30 analyzed and eventually take some time
5:32 to figure out what actually happened or
5:34 remediate it. You don't have the luxury
5:36 of time anymore. So what you're going to
5:38 see is a recurring theme not just today
5:40 but over the next few years is how the
5:42 industry has to pivot and go towards
5:45 more and more real time as possible.
5:48 what he will what he will experience is
5:50 that we have been on this journey of
5:52 what we cannot stop at the edge. Let's
5:55 make sure we can analyze and go back and
5:58 protect as quickly as we can. We can
6:00 remediate, we detect, remediate and
6:01 protect as quickly as we can. So one
6:03 theme which I expect you're going to
6:05 constantly see is the idea of getting as
6:08 close to real time as possible.
6:11 The second thing which you're going to
6:12 hear about which I think you already
6:13 know but you'll keep hearing about more
6:15 and more and that's in the broader
6:16 context of AI. You know all of us in
6:19 cyber security exist to go deliver AI
6:22 solutions to our customers because we
6:24 hear the big thundering noise of people
6:27 wanting to spend $350 billion to build
6:30 infrastructure faster than any piece of
6:32 infrastructure has ever been built in
6:34 technology. Think about it 24 months
6:36 ago. We're all wondering what are we
6:38 going to do with chips? What is going to
6:39 happen with the supply chain crisis?
6:41 What's going to happen in the pandemic?
6:43 And today we're talking about where most
6:45 large tech companies are boldly claiming
6:47 they're going to spend 70 $150 billion
6:50 dollars building data centers where
6:52 there was no inkling that this was going
6:53 to be something that was going to be
6:55 relevant about an year or two years ago.
6:58 What's going to happen? What is going to
7:00 happen when $350 billion of AI
7:03 infrastructures built? Well, I get it.
7:05 They're going to build some amazing
7:06 models. these models going to get
7:07 smarter and smarter and smarter and
7:09 they'll you know we'll achieve AGI at
7:11 some point in time. It's not my job to
7:14 figure out when that's what they will
7:15 do. But our job as cyber security
7:17 professionals to figure out when those
7:19 models when that AI that's being built
7:23 starts getting used on a more sort of
7:27 ubiquitous basis. I'm pretty sure that
7:29 every one of you, whether you work in
7:31 cyber security, outside of cyber
7:32 security, you work in traditional
7:34 enterprise, you have some experiments
7:37 going on in AI. How do I take what's
7:40 being built by these amazing companies,
7:41 these models, how do I translate that
7:44 into something useful for our
7:46 enterprise? And we've all heard the use
7:48 cases. There's a whole bunch of work
7:49 going on. I predict the next three to
7:52 five years almost every SAS application
7:55 that we know today is going to have a
7:57 different
7:59 manifestation. Some of them will have AI
8:02 assistant. Some of them will have AI
8:04 agents that will talk to other agents. A
8:06 lot of the UI that we know today as our
8:08 UI or front end for SAS is going to have
8:10 to
8:12 morph. Now, when that begins to happen,
8:15 that means we're all going through a
8:16 large transformation. Whether we're a
8:18 tech company or we're not a tech
8:19 company, whether we're a traditional
8:21 company, in that transition, we're going
8:23 to be looking to see how do we take the
8:26 fundamental building blocks of AI and
8:28 embed them in everything we
8:30 do. When you embed them in everything
8:32 you do, then makes all of us in security
8:35 wonder, well, what's different about AI?
8:39 What is it that is unique about it? And
8:42 how do we need to prepare for a future
8:44 where we as cyber security professionals
8:45 have to figure out how this is going to
8:48 impact our lives how it's going to
8:50 impact what we do and what's fascinating
8:52 think about it SAS application outcomes
8:55 are predictable you know what you
8:58 program you know the output you expect
9:00 in the case of AI it is going to be
9:02 constantly learning the answer tomorrow
9:05 will be different and the answer in two
9:07 weeks will be different perhaps better
9:08 perhaps even better more precise
9:11 But when you have something that has
9:13 quote unquote a mind of its own, if you
9:16 know how that works, it a mind of its
9:18 own, you got to inspect it as you go
9:20 talk to it. You got to inspect the
9:21 output it brings out. So the whole the
9:24 whole idea of security will change. You
9:25 have to constant constantly test those
9:27 models, test those applications, make
9:29 sure they're not going to go rogue on
9:31 you in some way, shape, or form. So it's
9:33 that kind of thinking that needs to be
9:35 deployed amongst the entire cyber
9:38 security industry to try and figure out
9:39 how AI is going to change a our
9:41 products. Our products will become very
9:43 different because we're also in some
9:45 version a SAS SAS business in cyber
9:47 security. Our products will have to
9:48 start dealing with natural language
9:50 interfaces and some version of co-pilots
9:52 or AI co-pilots or
9:55 autonomous AI drivers. At the same time,
9:57 we also have to make sure we understand
9:59 when our products start building a mind
10:01 of their own, a brain of their own, how
10:03 does that impact what we do? And that's
10:05 what our team is going to talk about
10:06 today in terms of how do we make sure
10:08 that these developments in AI can be
10:11 harnessed by our customers in a way that
10:13 they can go ahead and deploy bravely.
10:16 So, we're going to talk about that. Um,
10:19 the other thing
10:20 which we're going to talk about is over
10:23 the last two years, we've been building
10:25 a platform
10:27 both on the network security side as
10:29 well as on the cortex
10:32 side. What we started to talk to
10:34 ourselves about is that the industry has
10:37 spent a lot of time building analytical
10:39 capabilities and saying here's what I
10:41 found. Dear customer, dear sock analyst,
10:43 dear network analyst, dear cloud
10:45 security analyst, look what I found. And
10:48 they say good
10:50 luck. Now it's your job. I did my job. I
10:53 found all these amazing things for you
10:55 with your problems and good luck. And
10:58 the analyst wakes up in the morning,
10:59 starts going through list solving the
11:01 problem and the analyst goes to sleep.
11:03 The analyst wakes up in the morning next
11:05 day and says, "Good morning. Look what I
11:07 found and you start playing guacamole
11:10 again and the next morning and so and so
11:12 and so forth." Well, we've decided we
11:16 can't do that anymore. If you want to
11:18 get to real time, we have to get in the
11:20 business of not just identifying
11:21 problems but solving problems. So what
11:23 you will see is we flipped our bit
11:26 internally. Our products are now more
11:28 inclined to say here's what I found and
11:30 here's how I can help you solve
11:33 it. It is sounds very
11:36 simple. It is a fundamental shift in the
11:38 way we're thinking about the future from
11:40 a cyber security perspective. You will
11:42 see over time all of our products will
11:44 come with recommendations how to solve
11:46 the problem and over time allow you an
11:49 embedded automation that's going to help
11:51 you solve the problem. That embedded
11:53 automation the best way to think about
11:55 is if you remember the early
11:57 self-driving cars or which are not
11:58 self-driving you started to see some
12:00 elements of technology. The car would
12:02 tell you when you're about to bang into
12:04 somebody in the back. The car would tell
12:05 you when you should apply braking
12:08 because you're about to hit something in
12:09 the front. What is that? There's a
12:11 little bit of assist, right? It wasn't
12:13 called a co-pilot. It wasn't called a
12:15 autopilot. It just called a little bit
12:16 of help from technology. That's kind of
12:19 phase one. What did that turn into? It
12:21 turned to a bit of a co-pilot. Say, "Oh,
12:23 let me take the car over for you for
12:24 this stretch because I know this road. I
12:26 can drive straight at 65 miles an hour."
12:28 And that was called a co-pilot. Then he
12:30 got to a bit of an autopilot. Then he
12:32 got to full service driving. So I think
12:35 if you think about autonomous cars,
12:37 they're showing us the blueprint on how
12:39 automation and AI is going to manifest
12:41 itself in our products. And what you
12:44 will see from Palato networks across our
12:45 platform is we are beginning to embark
12:48 on that journey. You're going to see us
12:49 start recommending solutions to you.
12:52 We're going to learn with our customers,
12:53 our analyst friends as to how those
12:55 recommendations manifest themselves into
12:58 continued automation. From there, we
13:00 will see. But you've done it so many
13:02 times the same way. Do you mind if I
13:03 take over? Not for a point in time.
13:05 It'll be 70% automated and be spin up
13:07 spinning up sock agents and network
13:09 security agent. But it's going to have
13:10 to take that journey in industry for
13:12 that to happen. All the people out on
13:14 the floor talking about agentic AI. We
13:16 have to go to that journey. There is no
13:18 shortcut.
13:20 If you flip over to the cortex side, you
13:23 obviously see all of this capability
13:25 I've just talked about from the platform
13:27 perspective and recommendations and you
13:29 know this self-driving going to help you
13:30 do in security. But what we also
13:33 discovered is as we have now deployed
13:36 and I'm going to say one statistic in
13:38 your slide, Lee, but I'm going to tell
13:39 them anyway. We've start now we're
13:41 ingesting 11 pabytes of data a day for
13:44 our customers and we've barely gotten
13:47 started in deploying XIM. We have
13:48 deployed north of 100 XM solutions to
13:51 our customers. We have sold close to 300
13:53 of them. So we're on a solid journey
13:55 with Fortune50 customers who are
13:56 actually deploying our XM technology.
13:59 But we've discovered something very
14:01 interesting. We've discovered that all
14:03 this data we've collected for our
14:05 customers to help them solve the breach
14:08 incident scenario is actually very
14:10 useful data. This useful data can be
14:13 used to solve problems when you're not
14:15 in a breach. and Lee and Gonen and
14:18 others and team are going to talk about
14:20 how do we solve peacetime security
14:23 problems using a wartime
14:26 sock and what that is going to show you
14:29 is the idea that over time there is
14:31 going to be intelligent consolidation or
14:33 intelligent integration across the cyber
14:36 security industry.
14:38 You're going to get a glimpse into how
14:40 over time with collecting all the
14:42 security data in one place for an
14:43 enterprise. Not only can you use it for
14:46 investigations, for breach response, for
14:48 real-time response in an incident, you
14:51 can also use it to clean up your cyber
14:53 security posture, your cyber security
14:55 estate, and not just highlight, oh my
14:57 god, we've got a problem, but also say,
15:00 how do you think I should solve that
15:02 problem? So, our team's going to talk
15:04 about that.
15:06 This is a fundamental shift. This is a
15:08 three to five year journey that is going
15:11 to to allow us to continue to automate
15:15 and effectively create cyber security
15:17 agents whether they are network agents,
15:20 cloud agents, sock agents, threat agents
15:23 over time working with our customers.
15:25 These these agents will be out of the
15:27 box or perhaps bespoke as our customers
15:29 build their own version of these agents,
15:31 but they will come with full security
15:32 capability. Not just that, you will hear
15:36 from
15:37 Lee what we are going to do uh from an
15:40 agent perspective since you can't leave
15:42 RSA without having talked about AI or
15:44 agentic AI. God forbid uh that we don't
15:47 talk about it. Uh I think agents are
15:50 still early. Uh I heard that uh the best
15:53 line in RSA is the S in MCP stands for
15:56 security. U think about that for a
15:59 second. Oh, you guys are tough crowd. Uh
16:03 there's 50,000 people who are online
16:05 watching this. They're laughing off
16:06 their chairs and this room has 200
16:08 people and they don't they don't get a
16:09 tickle out of them. All right. So the
16:13 point though is I think what what the
16:14 industry is saying is that it's very
16:16 hard to think about agents having
16:18 permissions having ability to get
16:20 something done without having a full
16:22 conversation around security. And we
16:24 agree with that. We think a lot more
16:25 work has to happen from a security from
16:27 a permission perspective and how agents
16:29 will talk to each other before agents
16:31 become a reality. We also think to make
16:34 agents a reality, we're going to have to
16:36 go through that journey of working with
16:38 our customers on automation, working
16:39 with our customers on assisting them,
16:41 working with our customers on taking
16:43 partial control to saying I trust you
16:46 now. You can act on my behalf because
16:48 the fundamental premise of an agent has
16:49 to be I give you
16:52 agency and you can't give me agency
16:54 until you fully trust me. And for those
16:57 of you here in San Francisco, if you go
16:59 out and get your Subway Whimo, somehow
17:02 you gave that car agency to drive the
17:05 car. Think how long and how much
17:07 investment it took for you to trust the
17:09 idea that this car can drive itself. It
17:11 is going to take the same amount of
17:12 diligence, hard work, automation to
17:15 actually build very useful agents which
17:17 can take over and do task on autonomous
17:20 basis. So you'll see the beginning of
17:21 that. We are going to give you a sneak
17:24 peek into the idea of agentics. a
17:27 platform that allows you to build
17:28 security agents for
17:30 yourself. Now, if I say anymore, uh,
17:33 they're going to come drag me off of
17:34 here because I probably destroyed about
17:37 15 minutes of speeches from all the
17:39 other people following me. If I stay
17:40 here any longer, they won't be needed on
17:42 stage. So, I just want to say since many
17:44 of your customers, many of your
17:45 partners, many of you are design
17:48 partners who helped us think so many of
17:49 these things, you know, it takes a
17:51 village to get these things done. and a
17:53 village not just of Palo Alto people, a
17:55 village of our partners. Takes a village
17:57 of our customers for us to constantly
17:58 get feedback. So, please keep the
18:00 feedback coming. Uh all feedback goes to
18:02 BJ Jenkins, uh who's our president. Uh I
18:05 just do the other stuff. He gets a lot
18:07 of feedback. He likes feedback. Please
18:09 send it to him. Um all the good stuff
18:11 you can tell me. I'll make sure the team
18:12 gets the compliments. Um but honestly,
18:15 seriously, we thank you for your
18:16 partnership. We thank you for being
18:17 here. And with that, have a great RSA.
18:20 [Music]
18:21 Please welcome Chief Product Officer Lee
18:25 Clarage.
18:26 [Music]
18:31 Hello. Hello. How you doing? Uh thank
18:35 you so much for joining us. Yeah, we're
18:37 just going to skip through the next uh
18:39 however much Nikesh
18:41 covered. Don't worry, all good.
18:44 Uh look uh I have a recollection very
18:49 pretty clear recollection of the first
18:50 time I interacted with generative AI. Do
18:53 all of you typed in your your first
18:56 prompt. Do you still remember what it
18:57 was? Was it right? Whatever it came back
19:00 with. So for me it took maybe I don't
19:05 know an hour after that experience when
19:08 I started thinking hm how are attackers
19:12 going to use this cool new
19:14 technology and that led to the next
19:17 question which was who is going to
19:19 benefit more attackers or
19:23 defenders and it's not that crazy of a
19:26 question and my guess is many of you are
19:28 cyber security folks and you probably
19:29 had similar
19:31 uh questions in your mind and the
19:33 reality is most new technologies benefit
19:36 attackers more than defenders. It's just
19:38 more work for all of us and attackers
19:40 get to take advantage of it. Right? And
19:44 if I asked this question to all of you
19:45 and I took a vote, my guess is the and
19:47 I've I've had this conversation with
19:49 many people since then. The prevalent
19:53 assumption is that AI will benefit
19:55 attackers more than
19:57 defenders. I have a different point of
19:59 view. I actually believe that this is
20:01 one of those technology inflections that
20:04 can benefit defenders
20:07 more, far more, but it takes a different
20:12 approach and a different architecture.
20:14 And so a lot of what I want to share
20:15 with you today is my view on how it
20:18 needs to be architected and how we can
20:20 achieve these outcomes. Now, I'm going
20:23 to start with a stat that's going to
20:25 question my optimism quickly. Um, and
20:28 that is we are very clearly seeing the
20:32 effects of AI from attackers. Volume up
20:35 300% year-over-year. That doesn't happen
20:38 by accident, right? And interestingly,
20:41 that is not even the most important stat
20:43 by far. What is far more important is
20:46 the speed of attacks. The time it takes
20:48 an attack uh life cycle go from the
20:51 first step to the final step. as that
20:53 compresses that is what Nikesha was
20:56 referring to in terms of the need for
20:58 security and all forms of security to
21:00 become as close to real time as
21:02 possible. But in order to achieve that
21:05 we need a different architecture. You
21:08 see the the the sock and security
21:09 operations more broadly this this is
21:12 where attacks are detected, investigated
21:15 and responded to. But the architecture
21:19 uh of the tech of the tech stacks that
21:21 that all of you have access to, you're
21:24 doing the best you can with them. But
21:26 most of these architectures were built
21:28 10, 15, 20 years
21:29 ago. These architectures were designed
21:32 for a very different world and they were
21:34 not designed for real time. And so as we
21:38 looked at this and we thought about what
21:40 is needed, it was very clear we needed
21:43 to start from the ground up.
21:46 And that became the first generation of
21:48 Cortex XIM. And
21:51 so the before we even get to features
21:54 and anything else that architecture and
21:57 the principles of it are really
21:59 three-fold. It's about data, AI and
22:03 automation, right? And and AI perhaps
22:07 being maybe the most important followed
22:09 closely by automation. But AI works and
22:13 by being fed data. And so an
22:17 architecture that favors silo data,
22:20 endpoint analytics for endpoint data,
22:23 network analytics for network data,
22:25 identity analytics for identity data,
22:26 and cloud analytics. This doesn't work.
22:28 You can't get the best from AI if you're
22:31 siloing data and you're filtering data
22:33 and you're not collecting to the right
22:35 place. And so the data and AI
22:36 integration becomes super super
22:39 important. And then everywhere that we
22:41 can we bring in automation and and
22:43 ultimately this is what turned into XIM
22:46 that data AI foundation driving nextG
22:50 SIM replacements and EDR and NDR and
22:52 ITDR and CDR and all the different kinds
22:54 of analytics that are needed for the
22:56 sock and of course soore and all the
22:58 automation needed but not as separate
23:00 products but as in integrated
23:03 capabilities on the same
23:05 platform and Nesh mentioned the scaling
23:08 factor of this I'll meion one other
23:10 factor which is since we've launched
23:12 this we just reached a really exciting
23:15 milestone which is every XAM customer
23:18 has in has embedded in the product over
23:21 10,000 different detection models. These
23:25 are what our security researchers teams
23:27 are building and delivering inside the
23:29 product. 2600 of these are machine
23:31 learning model based uh for how to
23:34 detect, prioritize and respond to
23:37 attacks. To put this in
23:39 context, I think the most number of
23:42 correlation rules, which is the old way
23:44 of doing detections, the most number
23:46 that I've seen for any company, any
23:48 stock, is
23:50 800. And those were built over the
23:52 course of probably 20
23:54 years. Imagine having 10,000 at your
23:57 fingertips largely based on machine
23:59 learning and AI. It changes the game
24:02 completely.
24:04 And perhaps most exciting and rewarding
24:07 for me is when we see our customers get
24:09 these benefits. And what we have seen is
24:13 nothing short of
24:14 transformational. We have been able to
24:16 prove over and over again in companies
24:18 in every different industry, every part
24:20 of the world that we can go from
24:22 meantime remediation from days to hours
24:26 to minutes. And we can do that journey
24:30 very quickly because of the power of
24:33 XIM.
24:35 Now we don't tend to rest on our laurels
24:39 very often. My team is always excited
24:42 about innovating and this was no
24:44 different. We were seeing that success
24:45 and we started thinking about what is
24:48 the next big area of expansion and that
24:51 became the second generation of XIM.
24:54 And what we focused on is the u
24:58 realization that everything happening in
25:01 the cloud is where the actions at.
25:03 Application moving to the cloud, as
25:04 application move to the cloud, data
25:06 moves to the cloud, as data moves to the
25:07 cloud, attackers move to the cloud. How
25:09 do we deliver the best security solution
25:12 for everything that's going on in the
25:14 cloud? And what we what we realized as
25:18 we started thinking about that is the
25:20 cloud is also despite our best
25:23 efforts unfortunately has turned into a
25:26 somewhat fragmented space and and where
25:28 shift left is one piece and cloud
25:30 posture is another and cloud runtime's
25:32 another and then the sock is sometimes
25:34 and oftentimes not getting all the data
25:36 they need to be able to do in detection,
25:37 investigation, response and and in
25:40 reality those four components of the
25:42 cloud actually need to come
25:45 together. And so the the second
25:47 generation of XIM was when we earlier
25:51 this year launched Cortex Cloud where
25:54 we're able to extend the Cortex platform
25:57 to every aspect of cloud security
26:00 starting with as applications are
26:02 developed and everything going with apps
26:05 to connecting that to cloud posture and
26:07 connecting that to runtime and
26:08 connecting all that data to the sock and
26:10 and out of this we're able to do some
26:12 really amazing things. First um by
26:14 leveraging the openness of the cortex
26:17 platform, it allows us to integrate not
26:18 only with firstparty but third party uh
26:21 security tools. So this allows us to
26:23 make sure that in a heterogeneous
26:24 environment, a multi- cloud environment,
26:26 we're able to see and collect all of the
26:29 necessary data to perform the security
26:30 analytics that we need to. Second, we're
26:33 able to apply all of the AI and
26:34 automation capabilities to the cloud.
26:37 What's important? What needs to be
26:38 prioritized? How do we remediate it? Can
26:40 we do that automatically?
26:43 And third, as attackers are now focusing
26:46 the more sophisticated attacks toward
26:48 the cloud, how do we make sure that we
26:49 bring the absolute best-in-class runtime
26:52 capabilities and sock capabilities to
26:54 the cloud? Now, you don't this doesn't
26:57 mean you have to adopt all of this at
26:59 once. What it shows you is how a
27:01 platform approach can completely change
27:03 the game designed in a modular way that
27:06 allows you to on-ramp depending on where
27:08 you need to start. So that was the
27:10 second
27:13 generation. So what are we here today to
27:15 talk about? XIM 3.0 effectively our
27:18 third generation of XIM.
27:21 And um here the the the really
27:26 interesting aspect of this is how do we
27:29 take all of the data and insights and
27:32 intelligence we get from the reactive
27:34 side of cyber security or the wartime
27:36 side and connect it to the proactive or
27:39 the peace time side. um very much like
27:41 we did with cloud but can we now extend
27:43 this across other areas of cyber
27:45 security leveraging all the data that we
27:47 are already collecting and analyzing but
27:49 now applying it for additional use
27:52 cases and so similarly one of the first
27:55 places we looked at was everything going
27:58 on with vulnerability management this is
27:59 a hard space it is an important space
28:03 and is a a space that is going through
28:05 an inflection very much like the sock
28:07 which is vulnerabilities are becoming
28:10 more uh relevant. The attackers are fig
28:14 how to exploit them faster and faster.
28:16 Data published just last week shows that
28:19 about a third of new vulnerabilities
28:21 that were exploited in the first quarter
28:23 this year were exploited in less than 24
28:28 hours. This can no longer be a manual
28:32 human- centric process. We have to bring
28:35 AI and automation to vulnerability
28:37 management and more broadly exposure
28:39 management. And so that is what we have
28:41 done. We've designed this around first
28:44 understanding all of the context first
28:46 party third party all context. How do we
28:49 take that visibility apply a set of
28:50 analytics to it specifically AIdriven
28:53 analytics to understand what actually
28:54 matters. How do we then connect that
28:56 with opportunities to provide
28:58 mitigations or compensating controls in
29:00 order to buy time to use automation to
29:03 then drive full remediation? That is the
29:05 cycle and that is a cycle that requires
29:08 AI and automation to facilitate
29:12 um all of this happening in near real
29:14 time. That will be the
29:16 requirement. Okay.
29:19 Now, hopefully you believe all of that.
29:21 We're going to show you what that looks
29:24 like. And for that I've asked my friend
29:26 Alad Corin to join me and he's going to
29:28 walk you through how exposure management
29:30 and cortex actually would show up for
29:32 all of you. Thank you very much. Thanks.
29:36 Hey everyone. So thanks Lee. Uh I think
29:40 the uh the first thing that you can see
29:42 from the first screen is how XIM 3.0 is
29:46 essentially bringing into manifestation
29:49 the data, the AI and the automation
29:52 pieces in XIM. Right. So the data the
29:56 data piece
29:58 itself is where you can see all the
30:00 sources that we built in the palto
30:02 network sources along with any external
30:04 sources that we can consume. This is a
30:07 single pane of glass but this is just
30:09 the data. The data itself allows us to
30:12 then do many very interesting things
30:16 because this is where the AI magic
30:18 happens. This is where we take 1.2 2
30:21 million vulnerabilities or exposures and
30:24 we extract the most important ones less
30:26 than 500. Let's understand a bit more
30:29 about what happens there. This is where
30:31 we ddup. We stitch the assets together
30:34 as part of the XIM platform. We identify
30:37 those that really require the actions
30:41 from the analysts or through the
30:43 automation. This is where we take only
30:46 those high severity or exploitable. We
30:49 clean up all the noise. Show me one
30:52 organization that could address all of
30:55 the things that they were handed
30:57 with. No one. This is where we want to
31:00 take the most important
31:03 pieces, identify those, clean them up,
31:07 and make sure that we can then take only
31:10 less than
31:13 2% 17k out of 1.2 million
31:17 vulnerabilities.
31:20 Taking that into account, we're not
31:23 stopping there. We're not stopping at
31:24 the 479 cases created. We actually take
31:28 it to the next level. Many of those were
31:30 handed to the automation piece in Cortex
31:35 XIM. Many of the 479 cases were hand
31:39 handled in probably less than minutes.
31:43 The automations, the playbooks kicked in
31:45 and everything was sorted. You can see
31:47 there more than half were actually
31:49 handled and mitigated automatically. We
31:52 have 13 to
31:54 address. 13 out of 1.2
31:59 million. At that point, why don't we
32:02 take a look at one of them? This one we
32:05 didn't have permissions. As uh Nikesh
32:07 said earlier, permissions, trust, we
32:09 understand that. This is where you can
32:11 see a case, one case that the analyst
32:14 needed to to look at where we were able
32:16 to even show the entire cruisality chain
32:19 and identify that there is actually a
32:22 vulnerability a firewall in the
32:25 middle but the firewall doesn't have the
32:29 content the content required to address
32:31 the actual vulnerability and exposure
32:33 that we have there. This is where the
32:35 system itself will identify the right
32:38 recommendation to the analyst. All they
32:41 need to do is take the content, install
32:44 that. Once that
32:47 happens, the magic
32:49 happens. We had a vulnerability, we had
32:52 an exposure, we had the right tool in
32:53 place, it didn't have the right content.
32:56 The system identified all of that, had
32:58 the full context.
33:00 Next time by the way it will also
33:01 suggest that this entire automation
33:05 happens on its own without any
33:07 intervention from any analyst and this
33:09 is how more than half and later all of
33:12 them will be addressed automatically.
33:14 This is what we've built here and this
33:16 I'm very excited about what's coming up
33:19 across the enterprise. Back to you Lee.
33:22 Thank you very much. Thank you a lot.
33:27 Um so we're not only thinking about
33:32 peace time and what we can do
33:34 proactively. There is always more
33:36 opportunities for the reactive side. How
33:38 do we detect, investigate, respond
33:40 faster and faster and how do we leverage
33:43 AI and automation for this? And um on
33:46 that regard, the the next big thing that
33:48 we are adding to XIM is the ability to
33:51 apply all of our analytical capabilities
33:53 and detection capabilities to
33:55 email. And you know, for a while,
33:59 uh email didn't I mean it was always
34:01 important. It's probably one of the most
34:03 you know, common uh commonly used
34:05 communication vehicles in every
34:07 enterprise. There's always lots of
34:09 attacks. A lot of the attacks are more
34:11 commonplace fishing and malware and
34:12 things like that. But over the last few
34:14 years, we started to see this rise in
34:16 more and more sophisticated attacks. And
34:18 as we've seen that rise, part of what we
34:21 have realized is this requires a
34:23 different approach. Not only do we have
34:25 to bring AI to email, which we
34:27 absolutely do, and how do we leverage
34:29 generative AI to analyze emails,
34:30 understand intent and all of that
34:32 context, but we have to marry that up
34:34 with other content context. We have to
34:37 understand what that same user looks
34:39 like from an identity perspective on the
34:41 endpoint from a network connectivity
34:43 perspective. The other data sources
34:45 become critical context for
34:47 understanding the most uh sophisticated
34:50 attacks and we bring all of the network
34:52 effect and thread intelligence data that
34:54 we have from URLs and links and malware
34:56 and files and everything else. All of
34:58 that has to come together into a new
35:00 analytics engine that forms the basis
35:03 for detecting, for prioritizing, and
35:07 importantly for investigating responding
35:10 in near real time just like we do in all
35:13 the other attack vectors. And so again,
35:15 let's take a look at what this looks
35:17 like. Eli, why don't you walk me through
35:19 this real quick? Yeah. Thank you. All
35:22 right, perfect.
35:24 Okay. Email security. First of all, why
35:28 email? Why now?
35:30 Um, if you ask somebody 60 to 80 years
35:32 ago or even more than that, what about
35:35 email security? They'd probably tell
35:36 you, yeah, in like a decade, uh, there
35:38 won't be even emails, right? The
35:40 different channels of communications.
35:42 Actually, they're not not only they're
35:43 here, they're actually the number one
35:46 used attack vector for many of our
35:49 adversaries out there due to and thank
35:51 for AI. um which is why we decided to
35:55 take that as an integral part of front
35:57 row seat in our XIM platform combining
36:00 the um the identity the agent the
36:04 endpoint the network taking the email
36:08 context into our uh email analytics
36:11 engine that in
36:13 itself can provide us the entire context
36:16 to everything that happens in the
36:17 organization. So if we just take a look
36:20 at the cases or you know what why don't
36:22 we if just looking at everything that we
36:25 have there looking at a a bird's eye
36:28 view you can see even the automation
36:30 kicked in here and more than probably
36:34 80% of the cases were addressed
36:36 automatically this is the point where
36:38 we're bringing together the entire again
36:41 data AI and
36:43 automation but with those 16 manual
36:45 cases right those are the more complex
36:48 one. The basics will be addressed
36:50 automatically by the system. It's a
36:52 standard, right? This is this is the way
36:54 to do
36:55 it. This is where we can take a look at
36:58 the cases, the different cases that the
37:00 system will flag. These are the more
37:02 complicated ones. What we've built here
37:04 is that email analytics engine that can
37:06 take all of the context, combine it
37:08 together, identify the intent of the
37:11 email, and then output a full
37:14 investigation within XIM. Let's let's
37:16 take a look at one example case, right?
37:19 In that one example case that we have,
37:21 we have all the information available.
37:22 So the analysts coming in, they can see
37:24 all the context, everything that they
37:26 need. They can see all the causality
37:28 issues, everything that led the system
37:30 to believe that this is something that
37:33 needs to be looked at. Granted, ideally
37:36 the system would address everything with
37:38 automation, but then I wouldn't have an
37:40 interesting demo to show you today. So
37:42 we chose something. Um, and in this
37:45 case, the email was flagged because of a
37:49 sender that was poofed. But it's not
37:51 just that. The email got to three
37:53 different
37:54 employees. The analyst now can take a
37:56 look at all the
37:58 information. They can even click through
38:00 and see the full causality chain of
38:03 everything that happened along the way,
38:05 including the actual email. This is
38:09 where the system itself will show the
38:11 analyst the entire analysis of the email
38:14 intent including the links that were uh
38:16 that were looked at and the emails
38:18 specific urgent terms everything in the
38:22 email itself that led the employee to
38:25 then click the link do a mistake true if
38:29 I go back to the casality chain what we
38:31 can see is that it actually resulted for
38:34 this specific
38:35 demo in a malware
38:38 being installed on the machine. But this
38:42 is again where automation kicks in. This
38:45 is where we can through playbooks
38:47 identify any potential SSO
38:49 authentication triggered after this
38:52 happened and through the playbook
38:55 address that immediately before there is
38:57 any potential breach. Now this
39:00 automation is a recommendation. It can
39:02 be triggered automatically. The
39:04 assumption is that next time it will
39:07 join this entire flow. So it'll be fully
39:10 automated in a way that can ultimately
39:14 provide that highest level of security
39:17 across the enterprise with email as a
39:20 front row seat of the entire enterprise
39:24 including XDR and everything. Thank you,
39:25 Lee. Thanks a lot. uh one
39:29 more area to to share um before I turn
39:33 you over to Anan who's going to walk you
39:34 through a bunch of things around AI
39:36 security and um you know for those of
39:39 you here at RSA you probably can't walk
39:41 around any corner without um someone
39:44 talking to you about agents and agentic
39:47 AI is the future yes
39:50 u I have a perspective and you know if
39:55 you think about this in the context and
39:57 Nikesh used the the this notion of
39:59 co-pilots and autopilot and um it's a
40:02 it's a it's a good sort of way of
40:03 thinking about I think and because this
40:05 it's this idea of a lot of uses of AI
40:08 started off with can I help you can AI
40:10 help you here's a prompt in a question
40:13 get an answer um the notion of agentic
40:16 AI though is that we're actually going
40:18 to turn AI loose to take autonomous
40:21 actions on our behalf and so there is a
40:25 tremendous amount ount of trust that we
40:28 have to build in order to actually allow
40:31 that to happen. And as we've been
40:35 experimenting with this, we've been
40:36 building proof of concepts of this.
40:38 We've even been building this into a
40:39 number of capabilities internal to PAL
40:42 networks. We've had lots of learnings
40:45 about how to actually make this work.
40:48 Most notably though would be that
40:52 agentic AI is going to require a fusion
40:55 of AI and
40:57 automation. And if you think about this,
41:00 the the reason is the AI is probably
41:04 like we all understand that the the
41:06 benefits of AI, the the the creativity
41:08 side of it, the creation, the ability to
41:11 sort of reason as as at least as far as
41:14 machines
41:14 can. But the challenge tends to be in
41:17 the deterministic nature or the lack of
41:20 deterministicness in terms of its
41:21 outcomes, the
41:23 predictability. But that is where
41:25 automation actually uh is amazing. It
41:28 can be incredibly deterministic and
41:30 predictable in terms of what it can do.
41:33 What it lacks is the ability to create
41:34 anything new. And so by fusing these
41:38 together, we believe this is how we're
41:41 going to be able to solve some of the
41:42 most uh challenging aspects of Agentic
41:46 AI. And this isn't just theory. We are
41:50 very deep into development right now.
41:52 and I get to give you a sneak peek, not
41:54 quite a full announcement yet, but a
41:56 sneak peek into
41:58 Agentics, which is our approach to a
42:02 Gentic AI for security. And so, let me
42:06 just give you a very quick look at this.
42:09 Again, we're we're in development, but
42:11 there's some some very cool aspects
42:12 we're building. Imagine um having these
42:15 these uh AI agents that are constantly
42:19 listening to different inputs in order
42:22 to understand when it needs to take
42:24 action. And as it needs to take action,
42:27 its ability to not only run existing
42:29 plans, but to actually generate new
42:31 plans of action. And as it generates
42:34 those new plans of action to be able to
42:36 then execute a series of
42:40 tasks in order to accomplish an outcome.
42:44 Now it won't be a single agent. There'll
42:45 be specialized agents. Different agents
42:47 will be specialized for different tasks
42:48 and different use cases. um allowing
42:51 them to to learn and improve over time
42:53 and even possibly being driven by
42:55 different uh generative AI models
42:56 because some models will be better at
42:58 different
43:00 things and then where they are not able
43:03 to fully carry out these tasks there
43:05 will be an ability to review sometimes
43:06 it might be a new plan needs to be
43:08 reviewed by a human and approved before
43:09 it's allowed to run in other cases it
43:11 might be the permissions uh aren't fully
43:13 uh provided in order to complete the
43:15 task and which could be reviewed so it's
43:16 not independent of a a person or human
43:20 overseeing it. It's just that more and
43:22 more is able to act autonomously and
43:25 over time as more trust builds more
43:28 autonomy will be
43:29 given. So there'll be multiple agents.
43:32 Let's let's take an example. Imagine the
43:34 a thread intel agent, right? Not too
43:36 hard to imagine and has 17 actions
43:40 enabled. Possibly more actions to be
43:41 enabled in the future, but 17's a pretty
43:43 good start for what is able to do. And
43:46 imagine that this this thread intel
43:48 agent has been tasked with uh analyzing
43:52 security research blogs in real time. So
43:54 anytime a new security research blog is
43:56 posted, its job as an AI agent is to go
43:59 analyze it and figure out first, what
44:01 does it mean? Second, is it relevant to
44:04 me? Third, have I seen
44:06 it? Right? Someone just posted an
44:09 article about some new attack and
44:10 attacker and what it did. Was I
44:13 affected? Because this is new. I don't
44:15 know. I want to look
44:17 retrospectively. So imagine being able
44:19 to go do all of that analysis. This
44:21 agent is doing it autonomously using a
44:24 combination of AI and automation and
44:27 even possibly arriving a conclusion that
44:30 I have found a user that was
44:33 compromised by this attack. I'm going to
44:36 quarantine their device and reset their
44:39 password. All of that I can actually do
44:41 autonomously.
44:43 Now, at the end of it, I might tell
44:45 somebody, "Hey, I just did this. You
44:48 should go with the next steps of
44:49 investigation, forensics and things like
44:51 that." Or that might be handing off to
44:52 another AI agent that's a forensic
44:56 specialist,
44:58 right? It's not that hard to imagine
45:01 just how powerful this would be because
45:03 all of a sudden this can be running
45:07 continuously as opposed to requiring
45:09 human interaction at every stage of the
45:12 work. And
45:14 so very very cool stuff going on. I hope
45:17 I hope you agree. I get really excited
45:18 about all the things we build. Um how we
45:21 are leveraging AI to uh embed in our
45:25 security products to make the world
45:28 safer and better for all of you. That is
45:30 what we do every day. That is what gets
45:31 us excited. Um thank you all very much
45:34 for joining us.
45:37 [Music]
45:39 The XIM platform has been hugely
45:42 efficient for our
45:44 organization. We have over 6 billion
45:46 events uh that come into the platform.
45:49 We've got a thousand alerts that get
45:51 boiled down to a handful of incidents a
45:53 day. Every single one of those incidents
45:54 gets touched by automation and it gets
45:56 triaged and closed usually within 30
45:59 seconds. We look at the promise of what
46:02 we're seeking for XIM and where we're
46:04 seeing the benefits. is the ability to
46:06 more effectively consolidate the
46:08 visibility through all that data to make
46:10 sense of it in terms of distilling it,
46:13 processing what matters out of it to
46:15 really detect and prevent threats in our
46:18 environment. Using a platform like XIM
46:21 and the AI tools available with it will
46:23 allow us to consolidate that
46:24 information, identify it, respond to it
46:26 much quicker. What I love about Palo
46:28 Alto Networks is they're always
46:30 constantly innovating and I know that
46:32 with the 3.0 version for XIM will have
46:35 some great enhancements like email
46:38 security and exposure
46:41 [Music]
46:46 management. Please welcome senior vice
46:49 president and GM Anan Oswald.
46:53 [Music]
46:56 All
46:57 right. Good afternoon. It's great to be
47:00 here today. Look, a year ago, we talked
47:02 to you about how there's shift happening
47:05 with AI transforming businesses. And we
47:08 didn't just talk about the potential. We
47:10 showed you we launched our secure AI by
47:12 design
47:13 portfolio. So, we really solving two
47:15 broad use cases. How employees can
47:18 safely access Genai
47:20 applications and how builders can build
47:22 these applications and deploy it
47:25 securely. But a year is a lifetime in
47:27 the world of AI. And today I'm excited
47:30 I'm super excited to talk to you about
47:32 all the amazing innovations that we've
47:34 been working to secure your AI
47:37 journey. Now AI usages are dropping very
47:41 rapidly. Majority of employees and
47:43 organizations are using AI applications
47:47 to get their work done more effectively,
47:50 more
47:51 efficiently. Now organizations would
47:53 like to have complete visibility into
47:55 their usage of AI applications. But most
47:58 important they want to protect their
48:00 most important crown jewels their data
48:03 from leaking out. Now majority of these
48:06 AI powered applications are getting
48:08 access from the browser. The browser is
48:11 your new workspace and it is the primary
48:14 attack
48:15 vector. The existing consumer browsers
48:18 are not well equipped to handle these
48:19 advanced threats. You need a secure
48:22 browser for this new era. And Pismax's
48:26 browser is a secure chromium based
48:29 browser. You can browse, you can work,
48:31 shop, chat just like you do with your
48:34 favorite browser, but with security
48:36 built right into it. It's natively
48:39 integrated into the Sassy architecture,
48:42 allowing you to have safe and compliant
48:44 usage of Genai applications. It's also
48:47 able to prevent advanced threats.
48:50 Threats in traffic that you can't
48:51 decrypt due to business reasons or
48:54 technology reasons. Threats in traffic
48:57 that only get reassembled in the browser
48:58 and are browser
49:00 native. Ensuring that you do not
49:02 compromise on your user experience,
49:05 untethering your web and SAS
49:07 applications for that maximum
49:09 performance, reducing your reliance on
49:12 legacy VDI infrastructure, at the same
49:15 time ensuring that every application is
49:18 consistently
49:19 secured. Let's now shift gears. Let's
49:22 talk about applications your developers
49:24 are building to transform your business
49:27 to give newer and better experiences to
49:30 your end customers. In the last 12
49:32 months, we've seen LLM go from lab
49:35 prototypes to your core tools your
49:37 developers are using customer support
49:39 applications, core business
49:42 applications. This transformation is now
49:44 full-blown. It's super exciting if it's
49:46 adopted securely. Let's talk a little
49:50 bit about how the app architectures have
49:51 evolved. In the last decade or so, app
49:54 architecture has significantly evolved.
49:57 The way we write applications are very
49:58 different and the way we secure them are
50:01 also very different. If you rewind the
50:03 clock, traditionally applications were
50:05 built using a three- tier architecture
50:07 with a front end with a database and you
50:10 had the back end or the application.
50:12 along came in the cloud giving the
50:14 opportunity to organizations to
50:16 modernize their application using
50:18 microservices and leveraging the
50:20 cloud. AI pod applications represents
50:23 the third wave of application
50:25 transformation. It's not just taking an
50:27 application, plugging in a model and
50:29 you're done. You're bringing along an
50:31 entire AI ecosystem, infrastructure,
50:35 models,
50:36 databases, all of these various
50:38 components, they talk to each other.
50:40 They talk to the outside world because
50:42 AI systems give you the best answer when
50:44 they behave as compounding systems
50:47 combining and transcribing the output of
50:49 various sources, models, tools, plug-in,
50:52 data sets to give you the most optimal
50:54 answer. Now, as all of these new
50:56 ecosystem components come in, the attack
50:59 surface increases and you're seeing new
51:01 supply chain risks, new configuration
51:03 risks, and new runtime risks. So, let's
51:06 talk through it. If you look at your AI
51:08 infrastructure, it's susceptible to
51:10 supply chain risks. Your developers,
51:12 they could use um incorrupt corrupt
51:15 machine learning libraries. They could
51:16 use insecure prompt templates. Your
51:19 models, they're susceptible to
51:21 misconfigurations or vulnerabilities.
51:23 And as you roll these applications into
51:25 production and these various components
51:28 talk to each other and they talk to the
51:30 outside world, you have runtime risks.
51:33 Now AI applications also accept
51:35 unstructured data as input increasing
51:37 some of these
51:38 risks. Then you have your tools, your
51:40 plugins, the so-called helper functions
51:42 for developers. They do amazing work
51:45 from translation, search, text to XQL
51:47 queries, but many of times they have
51:50 excessive permissions on various parts
51:52 of your ecosystem. And last but not the
51:55 least, data. You take your sensitive
51:57 data to train these models. Now you want
51:59 to ensure that this data doesn't leave
52:01 the organization, doesn't get leaked
52:03 out. Now AI um is getting more and more
52:08 accelerated adoption with the
52:10 introduction of agents. Unlike LMS, LM
52:13 give you answers. Agents will give you
52:16 action and they plan, they act, they
52:20 adapt, come back. Like Nik said, they
52:22 have a mind of their own. The
52:24 introduction of new protocols, model
52:26 context protocol makes it easier for
52:28 models to talk to external databases,
52:30 tools, plugins. The agent to agent
52:33 protocols will make it easier to
52:35 coordinate across these agents. And all
52:38 of this is going to fuel the growth of
52:40 AI agents. AI agents can also be built
52:42 on a plethora of platforms. SAS
52:44 platforms, the S cloud service
52:45 providers, low code, no code platforms.
52:48 All of this is also affecting the app
52:50 architecture. adding new capabilities
52:53 for memory because agents can retrieve
52:55 answers but they can also be
52:57 personalized over the long term. By
52:59 nature, agents will act autonomously. So
53:01 they need to have access to internal
53:03 data and systems to perform those
53:05 actions. All of this again significantly
53:08 will increase your attack surface adding
53:11 newer risks. Let's talk about a few.
53:14 First, excessive permissions. To act
53:16 autonomously, agents need permissions to
53:19 many of your data, to many of our
53:20 systems. And in many cases, you have to
53:23 solve the problem of them having
53:24 excessive permissions. Or you take
53:27 memory. Attackers can poison memory to
53:30 alter the behavior of
53:32 agents. And agents are using variety of
53:34 tools. They're connected to APIs, third
53:36 party plugins, databases. You have the
53:38 risk of tool misuse. And you also have
53:41 the risk of identity
53:43 impersonation. So what's needed? You see
53:46 all these things happening. The attack
53:47 surface is increasing. You have new
53:49 types of threats coming in. When I talk
53:51 to leaders, the first thing they want to
53:53 understand is visibility because you can
53:55 only secure something when you see it.
53:57 Every app, every agent in the system,
54:00 what model is used by the application
54:02 agent, what data is used to train the
54:04 models, what other data sources the
54:07 application and agent is connected to,
54:09 the permissions, all of these need to be
54:11 solved holistically. Absolutely right.
54:14 I'll talk about five key pillars that's
54:16 needed for comprehensive AI security.
54:19 First, let's talk about model scanning.
54:21 Now, in traditional security, we scan
54:23 code, we scan infrastructure. So, what's
54:25 different in models? The difference is
54:27 that the inherent risks are in the
54:29 training data being used in the model
54:31 architecture, in the model behavior. So,
54:34 we need to make sure we do comprehensive
54:35 model scanning before we can roll these
54:38 applications into
54:39 production. Second, posture management.
54:42 Now we must absolutely lock down
54:44 misconfigurations, lock down excessive
54:47 permissions and all those data exposures
54:50 holistically. Third AR teaming AI
54:54 systems especially agents they don't
54:56 just run code they adapt they reason
54:59 they learn they react. Traditional
55:02 security misses these emergent behaviors
55:05 where you have to understand the model
55:07 intent the model interaction the model
55:09 behavior. So we need to make sure that
55:11 we are able to mimic how adversities
55:13 will think when we do AI red
55:15 teaming. Next runtime
55:18 security lms are the intelligence layer
55:21 and you must defend your models and your
55:23 data from all the runtime risks. Prompt
55:26 injection attacks attackers are using
55:28 that to steal sensitive information.
55:30 Malicious code generation, model DOSs
55:32 attacks or your data leaks. All of this
55:35 needs to be solved comprehensively.
55:37 And last but not the least AI agent
55:39 security. Now here you think of two key
55:42 aspects. One is around what identities
55:44 and permissions the agent have and what
55:46 it can do. And second when the agents
55:49 are in action, what are the real-time
55:51 behaviors and the runtime risks
55:53 associated with that. Now the industry
55:56 has responded to all of these uh AI
56:00 security which are bunch of point
56:01 products, a bunch of point solutions.
56:03 For each of the pillars I talked about,
56:05 there are multiple point products,
56:07 different management planes, different
56:09 UIs. These tools and products don't talk
56:12 to each other. They don't share thread
56:14 intelligence. This cannot work. It's too
56:17 complicated. The good thing is that
56:19 there's a better answer. We launched
56:21 Prisma yesterday. The most complete, the
56:24 most comprehensive AI security platform
56:27 built with best-in-class security
56:29 technologies. a unified management for
56:32 all the layers I talked about giving you
56:34 complete visibility and control on what
56:36 you need to do ensuring that you can
56:38 discover your AI ecosystem assess the
56:41 risks and protect against threats and
56:44 each of the five components of the
56:46 platform are built with leading
56:48 best-in-class technologies let's take an
56:49 example model scanning we scan we have
56:52 we run the world's largest malware
56:54 detection engine we analyze close to 80
56:56 to 100 million files every single day
56:59 we're extending that to to scan models
57:02 to look at malicious code and other
57:04 behaviors in the model. Posture
57:06 management, it's not just posture of the
57:08 model. It's posture of the network,
57:10 application, agent, model, data set. All
57:14 of it done comprehensively alerting you
57:16 in real time. AI red teaming. Our AI red
57:19 teaming is done on a multi- aent
57:21 architecture where we learn, we act, we
57:24 react. We want to mimic exactly how an
57:27 adversary will think so that we're able
57:29 to mimic real-time behaviors to give you
57:31 the best
57:31 protection. Now, we have been pioneering
57:34 and working a lot on runtime security.
57:37 Now, uh last year we talked about the
57:39 amazing work that team did on all the
57:41 new detections for runtime and we've
57:43 extended that extended that to ensure
57:45 that we have the most comprehensive
57:47 runtime security across your
57:49 applications, your models, your data and
57:52 your agents. We have over 27 different
57:55 prompt injection techniques. We're
57:57 preventing for model a malicious code
57:59 generation for models. We have a
58:00 thousand plus data patterns that are
58:02 pre-built, programmable to be to make
58:05 sure that we can detect all of these uh
58:07 data leaks that can happen. For agent
58:09 security, we're making sure that we can
58:10 detect memory poisoning, tool misuse.
58:14 So, it's the most comprehensive runtime
58:16 security that we have. Now I've talked
58:19 to you about the various aspects of the
58:22 agent. I've talked to you about the
58:24 various aspect of the platform. Let's
58:26 take a look at how the platform works in
58:28 action in terms of how you discover, how
58:31 you assess the risk and how you protect.
58:34 So it starts with discovery. Now this is
58:37 an inside out view of your entire AI
58:40 ecosystem. every user connected to every
58:42 AI application AI agent, every model,
58:46 every tool, every plug-in, every data
58:48 data set. We see your foundational
58:50 models, your fine-tuned models. Now,
58:53 this is not just an inventory. It's how
58:55 AI is flowing through your system. But
58:58 discovery is just a start, right? It's
59:00 like me telling you, you have a leak in
59:01 the house. What do you do next? Let's
59:04 talk about the risks.
59:07 We have risks in posture and in runtime.
59:10 The screen shows you the risk associated
59:12 with posture. Now posture is a potential
59:14 risks attackers can exploit. So it's
59:17 important to understand what they are.
59:18 Let's take a look at the first
59:21 one. Now we have models that have not
59:24 been scanned. They're in pre-production
59:26 yet. The applications are in
59:27 pre-production. The platform recognizes
59:30 that and is asking us to scan these
59:32 models. Let's take a look and scan
59:34 it. Now I scan and u as we can see both
59:39 the models are getting scanned for any
59:41 vulnerabilities looking for malicious
59:42 code looking for model behaviors and one
59:45 of them shows red it's a des
59:48 serialization vulnerability now that
59:50 could be exploited by the attacker now
59:52 this is not just a misstep this is a
59:54 breach waiting to happen prisma has
59:57 determined that the best action is to
59:59 block this malicious model so let's take
60:01 a click and block it we block that
60:04 malicious model. Now let's go back to
60:06 our command center and see what other
60:08 risks we have for
60:11 posture. Now we have one more risk. It's
60:13 tied to agents. I mentioned earlier one
60:16 of the big risks with agents is around
60:18 excessive permissions. Let's take a look
60:20 at what happens with this
60:23 agent. Now this is a leads agent built
60:26 on Microsoft copilot studio. This
60:28 accesses salesforce.com.
60:31 Now the risk that it's showing you is
60:33 that this agent has excessive
60:35 permissions. It can update and delete
60:38 your Salesforce records. Now that's
60:40 obviously not what you want. The
60:42 platform understands the excessive
60:44 permissions and is giving you a
60:46 recommendation to fix those excessive
60:50 permissions. So with a single click,
60:52 we're able to click it. Let's go back to
60:53 the command
60:54 center. And now you can see all the
60:57 posture risks have been addressed. But
61:00 we're not done. Let's now look at the
61:01 runtime
61:03 risks. Now, in this case, it shows us 10
61:07 applications and two agents that we
61:10 haven't done AI red teaming or thread
61:11 simulation with. And it's is nudging us
61:14 to start this simulation. So, let's
61:16 click on it and
61:17 start. Now, it's doing this thread
61:20 modeling. In a typical scenario, this
61:22 could take hours. For the purpose of
61:24 this demo, I have shortcircuited that to
61:26 show you what it can do. Once the the
61:29 red teaming is done, we can view the
61:31 results. Now the results are very
61:34 comprehensive for every single
61:36 vulnerability can get details can look
61:38 at what happening to every single app,
61:40 every single agent and then it gives you
61:42 a list of recommendations. Let's take a
61:45 look at the
61:47 recommendations.
61:48 Now this is unique. If you think of the
61:51 recommendations, it's twofold. Once it's
61:54 once first thing is recommending to you
61:56 is the form factor. that you need to
61:58 deploy and second it's also giving you
62:01 dynamic right security policy based on
62:04 best practices and based on results of
62:06 red teaming. Now if it's applications we
62:09 understand which cloud they're running
62:10 on we're able to spin up right instance
62:13 in the right cloud and make sure all the
62:15 systems are connected. If it's um your
62:18 no code low code platform your agents
62:20 then we have AI runtime API that can
62:22 that we can invoke runtime protection.
62:24 So now I can deploy air's
62:28 protection. As you can see with
62:30 protection live, your AI infrastructure
62:32 is no longer exposed. It's actively
62:35 defended. Traffic now flows through AI
62:37 runtime security, enforcing policies
62:40 tailor made to your environment and
62:42 aligned with the real world threats that
62:45 matter to your business. Let's go back
62:46 to the command center. As you can see
62:49 now, the system is working. It's
62:51 monitoring. It's enforcing. is adapting
62:54 to keep your AI ecosystem
62:58 secure. So as you've seen with Prisma,
63:02 we are the industry's most complete, the
63:04 most comprehensive AI security platform.
63:07 You've seen how the platform works. Now
63:10 with this, what developers can do is
63:12 deploy AI applications
63:15 bravely. Next, I would like to hear to
63:18 you to hear from a few customers who
63:19 have been at the forefront of this AI
63:21 journey. Please cue the video.
63:26 Agentic AI is really acting as an
63:30 autonomous AI agent and we want to make
63:32 sure that we provide additional controls
63:35 so that we can monitor what API calls
63:37 it's going to, how they are using
63:40 LLMs. What we're excited to see with AI
63:42 runtime security is the ability for us
63:45 to now look and see how API calls are
63:49 being made. We can look at malicious
63:51 detections that are being performed by
63:54 Agentic AI tools across the board. What
63:57 makes Palo Alto Network's AI runtime
63:59 stand out are data security, malware
64:04 security and AI security. All the three
64:06 functionality is packed into a SAS form
64:09 factor and there are thousands of models
64:11 powering the AI runtime. This models
64:14 keep on getting continuously updated as
64:17 new threads are detected. A product like
64:19 air runtime security is not just good
64:22 for move works. It's it's absolutely
64:24 essential for the
64:25 [Music]
64:29 industry. Please welcome Anan Oswald and
64:33 Ian Swanson.
64:34 [Music]
64:36 [Applause]
64:41 So, as you probably saw yesterday, uh,
64:44 Palto Networks announced the intent to
64:46 acquire Protect AI, a leading AI
64:48 security company in the world, and
64:49 excited to have Ian Swanson, co-founder
64:51 and CEO of Protect. Ian, thanks for
64:53 joining us. Yeah, thank you. So, Ian,
64:55 what parts of the current AI landscape
64:57 are creating the most urgent needs of
65:00 security challenges as you see it? We
65:02 talking to many customers. Yeah, talking
65:03 to many customers. AI is all the buzz.
65:06 Securing AI requires truly an end-to-end
65:09 approach. Model risk assessments, robust
65:11 posture management, continuous testing
65:14 and red teaming for adversarial attacks,
65:17 and add runtime protections for AI and
65:20 agentic threats. Add to that third party
65:23 risk assessment in let's say open
65:25 models. It's super clear that AI
65:28 security isn't just a one-time check.
65:30 It's an ongoing process and on Yeah.
65:33 uh there's a lot of buzz on agents as as
65:36 uh we talked about earlier as well and
65:37 as agents get deeply embedded in
65:39 business processes what are the unique
65:41 challenges to make sure agents are um
65:44 easy to secure along with the
65:46 applications we have we talked about new
65:47 risks coming with
65:49 agents so first off AI agents are harder
65:53 to secure than traditional AI
65:56 applications why is that well first
65:58 they're autonomous they're dynamic
66:01 they're deeply embedded in business
66:03 processes, fragmented ecosystems with
66:05 expanding attack surfaces. Agents can
66:08 initiate actions, evolve over time, and
66:10 even operate without visibility or
66:13 control. As AI agents move towards mass
66:16 adoption, and they will, we must secure
66:18 them with the same urgency as the value
66:21 that they're going to deliver. Yeah,
66:22 understand. So, um, a lot of discussion,
66:26 a lot of excitement on protect. What's
66:28 the combination like when we when we
66:30 talk to customers between what we're
66:31 doing between protecti and pand what do
66:33 we bring to our customers this is the
66:35 really exciting part uh for me the
66:37 combination of protecti and paloalto
66:39 networks it's going to create a powerful
66:41 better together opportunity for our
66:43 customers and deliver a comprehensive
66:45 platform for endtoend AI security from
66:48 data model artifact security to what we
66:51 talked about today runtime and agentic
66:53 AI system defenses as enterprises scale
66:56 AI it must safe. It must be trusted. It
66:59 must be secure. There should be no AI in
67:02 any enterprise without security of AI.
67:05 And I truly feel that Palo Alto Networks
67:07 is going to be the trusted partner to
67:09 secure AI at scale. All right. Thank
67:11 you, Ian. Appreciate it. Thank you.
67:17 To wrap up, we're delivering some
67:18 gamechanging innovations to ensure your
67:21 enterprises can securely embrace AI.
67:24 Prisma access browser allows your
67:26 employees to browse bravely with
67:29 security against the most sophisticated
67:31 web threats. And Prisma allows your
67:35 developers to build and deploy bravely
67:38 knowing that every model, every agent,
67:41 every data, every app is protected. No
67:44 matter where you are in your AI
67:46 business, we're here to protect you.
67:48 Thank you.
67:54 People expect us to be a leader in
67:57 security. They just think that we're
67:59 smart and we're at the forefront of
68:01 security so they can sleep at night. I
68:03 trust Palo Alto Networks to be smart so
68:06 I can sleep at night.
68:09 AI introduces an entirely new threat
68:11 vector when it comes to securing our
68:13 products through prompt injection
68:14 attacks, through content moderation,
68:16 through hallucinations and a bunch of
68:18 these other things that did not exist in
68:19 a war preai. Customers are excited that
68:23 Palo Alto is leading the way in AI
68:26 security because it protects both the
68:28 ends of the spectrum. The user
68:30 interacting with the JAI application and
68:32 the JAI application interacting with the
68:35 LLMs. Not only do we need a new
68:37 generation of tools, what's really
68:40 important is unification of data and a
68:42 single pane of glass. Having a partner
68:44 like Palo Alto Networks allows us to
68:46 grow with the business, allows us to
68:48 deliver tools to the business that will
68:51 enable them and help them to use the
68:53 latest technologies but use it safely
68:54 and
68:57 [Music]
69:00 securely. Please welcome back Kelly
69:05 Walder.
69:07 Oo. Well, the innovations that we've
69:09 shared today were forged through deep
69:11 conversations with customers like you
69:13 and the relentless curiosity about where
69:16 the future is headed. And we're excited
69:18 for you to be part of this journey. So,
69:20 we invite you to dig deeper with our
69:22 team, ask the hard questions, and
69:25 envision how PaloAlto Networks can
69:27 become your cyber security partner of
69:29 choice. Because innovation isn't just
69:32 about a moment, it's about momentum. And
69:35 today is just the beginning as we set
69:36 our sights on tomorrow. So, I want to
69:39 thank you all so much for being here. If
69:41 you're one of the 50,000 plus people
69:43 that are joining us virtually, uh please
69:46 snap the QR code behind me here and
69:48 connect with us so we can go deeper. And
69:50 if you're here in San Francisco, we look
69:52 forward to continuing the conversation
69:54 this week at the hotel uh canopy where
69:56 you can see working demos in action,
69:58 talk with our team, and experience what
70:00 we have in store today and tomorrow.
70:03 Thank you all again and we hope to see
70:05 you soon.
Chrome Extension