LAS VEGAS – PALO ALTO IGNITE 22 – The average time for Palo Alto Networks to remediate a customer's security threat is under one minute, but that's not fast enough for CEO Nikesh Arora.

"One minute is still a long time and that allows the bad actors to go ahead and extract some data from [the customer's] infrastructure and go exploit that," he said. "That's the reason we're an industry where it's primarily reactive, not proactive."

Figure 1: Palo Alto Networks CEO Nikesh Arora delivers a keynote at the Ignite 22 event in Las Vegas.
(Image source: Kelsey Ziser, Light Reading.)

Arora not only wants Palo Alto to continue accelerating how quickly threats are thwarted, he also wants the security industry to take a more proactive versus reactive approach to breaches. Utilizing AI and automation will be a key way to deliver proactive security capabilities to customers, he said.

"The reason AI for security is important is to solve the biggest [security industry] problem, which is going from reactive to proactive security … I think the next big revolution is going to be around AI and data and natural interfaces," Arora said.

AI will improve security providers' ability to analyze data from enterprise customers and determine which data is anomalous and which requires action, he added.

Yesterday, Palo Alto launched a new platform to further automate threat response: Xpanse Active Attack Surface Management (ASM), which can automatically find and fix exposures before attackers can exploit them, said the security provider.

Chief Product Officer Lee Klarich echoed Arora's emphasis on increasing the use of AI for cybersecurity. Klarich said if the security industry can address three core principles correctly – deploying incredible tech, using AI and automation, and utilizing native integration (where applications use common APIs) – it can gain an advantage over bad actors.

Figure 2: Palo Alto Networks Chief Product Officer Lee Klarich.
(Image source: Kelsey Ziser, Light Reading.)

These principles are critical at a time when it feels like attackers have the upper hand and are collaborating more on threats such as ransomware-as-a-service, explained Klarich.

"[Bad actors] only have to be right once, yet we have to be right every single time," he said.

Since launching Advanced Threat Protection earlier this year, "already, we're seeing in the last month, close to 6 million unique attacks that were detected and prevented only because they're able to do this machine learning capability in mind on real user traffic," said Klarich.

Ultimately, successfully transforming security operations centers (SOCs) requires a revamped approach to data analytics, letting machines do the work (overseen by humans) and being more proactive than reactive, said Klarich.

"In a typical day, in the life of our SOC, we ingest about 36 billion events in a day," said Klarich. "And out of those 36 billion events, we use data analytics and automation to bring that down to about 130 possible incidents that have to be looked at. And even then, we apply further automation."

— Kelsey Kusterer Ziser, Senior Editor, Light Reading