The Proof Is in the Eating!

Greg Day


Category: CSO Perspective

It’s now been just over a year since I joined Palo Alto Networks. Like I’m sure all of us do, I did my due diligence on the company prior to joining and was taken back by the focus of the business to build capabilities that truly natively work together as a platform. The “platform” term, I would suggest, is used too widely by just about every vendor. However, whatever the term may be, the more critical aspect is the impact its capabilities can have.  Whether looking around RSA at the surplus of security technologies or talking with peers, we typically agree the biggest challenge today is the finite limit of skilled cybersecurity practitioners available and businesses are able to find. Being able to, therefore, better automate to reduce people skills should mean that we can either detect faster, so potentially moving to prevention, or indeed reduce the costs of detection; typically, I would suggest a mix of the two.

Now, like many, I have been in the cybersecurity industry long enough to know that theory and reality can align, but also be opposed; so I was keen, during my first year, to validate for myself if the theory of a native integrated platform approach would live up in real-world practice.

How Did We Gather the Data?

To achieve this, I created a survey that went out to English language customers (multi-language surveying added unnecessary complexity, where I had a significant customer base that spoke English across differing regions to give me a fair representation). We reached out to 3,854 English-speaking customers, asking them to take five minutes to complete the anonymous online survey, which asked them to categorize in different percentage brackets the savings or additional overhead that came from leveraging the Palo Alto Networks next-generation firewall (NGFW), with the associated cybersecurity services we offered.

We had nearly 4 percent complete the survey (149 respondents), which was enough to give a sample representation and a good level of response. There were no prizes, rewards or any other motivations to complete the anonymous survey.

The Results

We recently released initial results of our findings, which you can find in the Resources Centre on the Palo Alto Networks website, should you want more insight.

These customers have consolidated their cybersecurity technologies with the next-generation firewall and, on average, 3.2 subscriptions (WildFire, Threat Prevention, URL Filtering and Global Protect).  More information on these can be found on our website.

Faced with the operational challenges of unwieldy environments of multiple products from a variety of vendors, organisations are seeking to consolidate their security technologies for two business goals:

  1. Improve security posture.
  2. Reduce total cost of ownership.

To measure our effectiveness against the first goal, improved security postures, we asked customers to share data related to the volume of incidents requiring human intervention, as well as to describe how much faster they were able to investigate incidents and take preventive actions. While I encourage you to delve more fully into our findings, a full 65 percent of respondents reported a decline in the quantity of security events requiring human intervention. Additionally, customers reported, on average, saving 30 percent of the time necessary to investigate incidents to drive a technical action to prevent or block an incident.

To measure our effectiveness against the second, reduced total cost of ownership, we solicited data related to both key capital and operating expenditure metrics. With regard to capex, customers who have consolidated their security technologies with Palo Alto Networks Next-Generation Security Platform reported average reduced hardware savings of 20 percent. Interestingly, the reported savings doubled between the first, second and third subscriptions deployed with the next-generation firewall. Customers reported similar declines in support costs, with average savings of 19 percent.

With regard to opex, customers reported substantially more efficient operations. On the management side, after adopting the next-generation firewall, customers reported a 26 percent average reduction in the time needed to add new and manage existing firewall rules. When analysing threats, aside from the aforementioned reduction in the volume of attacks needing human attention, 60 percent of customers observed a decline in the time necessary to complete the investigation of attacks requiring intervention from an analyst.

Interestingly, customers with four subscriptions deployed in conjunction with the next-generation firewall noted savings in excess of 40 percent in the time to analyse such events.

For me, the data validated that the practical reality lived up to the theory: consolidating cybersecurity technologies with the Next-Generation Security Platform does improve security posture and decreases the total cost of ownership. This was still a small cross section to analyse, especially when you consider that the Palo Alto Networks capabilities span much wider than just the next-gen firewall. Adding the endpoint capabilities and cloud solutions to the mix, I can only anticipate, will further multiple the returns from this more limited analysis; however, qualifying these results will be more complex as typically I will need to survey across different teams in a business.

You might finish reading this and think: So how should I leverage this insight? My guidance would be to complete a similar exercise in your own organisation. All too often I see businesses negotiating hard on the capex investments into cybersecurity, yet much less attention is given to the opex costs required to gain the value from cybersecurity investments. Critically we should continue to look for leading indicators in our cybersecurity rather than relying too much on the lagging indicators, such as the number of incidents or levels of compliance. Being able to quantify how much time and effort is required to implement and detect is critical if we are to get better at prevention. You should be able to define time-based metrics and continue to challenge your business’s ability to meet these.  Be it the broader data in this research or discussions with your peers, we should benchmark ourselves against our peers as we continue to strive for state-of-the-art cybersecurity.

I’m extremely grateful to our customers who shared their insights with us.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS