Analyst(s): Fernando Montenegro
Publication Date: April 7, 2025
What is Covered in this Article:
- Palo Alto Networks’ continued emphasis on a “platformization” strategy, with AI as a central component.
- A spotlight on its Prisma Access Browser (from the Talon acquisition) as a key technology enabling better visibility.
- A glimpse into the future steps and possible challenges, including market positioning and feature evolution.
The News: Ignite OnTour is the new format for Palo Alto Networks’ Ignite customer-focused event. Instead of a single, large event, the company now hosts dozens of smaller events worldwide at different times. This report focuses on the topics and conversations at the New York City event held in late March. The event – hosted at the Glasshouse center – saw hundreds of customers and prospects come together for messages from Palo Alto Networks and key partners, including but not limited to Google Cloud, AWS, Okta, Cribl, LevelBlue, Red Canary, Tufin, and others.
At the event, the key messages from Palo Alto Networks centered on the benefits of its “platformization” approach, which was accelerated in multiple ways by everything surrounding AI and cybersecurity. According to the company, AI permeates nearly all areas of cybersecurity, including but not limited to network security, security operations, end-to-end cloud security, threat intelligence, and more. The combination of its large – and growing – platform with the massive volumes of data being processed and the thousands of detections (many of them AI-enabled) are aimed at reducing complexity for security teams, be it in reducing integration efforts and/or simplifying the alerts that need to be processed.
The other key technology discussed at Ignite OnTour was the relatively new Prisma Access Browser, which came from the acquisition of Talon in late 2023 and was mentioned as having significant growth in usage. Here, the focus is on how the browser environment offers visibility into elements that would not be available at the network layer and how the secure browser offering can tap into services already used by other Palo Alto Networks products.
In the context of AI and the threat landscape, Palo Alto Networks offered that AI continues to enable attackers with new capabilities. Of note, Unit 42’s research points to an acceleration in campaigns, plus attacker improvements to phishing campaigns and deepfakes. These can be deployed not for typical financial scams against individuals but as elements in a targeted attack against an organization.
Lastly, we had an opportunity to sit down with key Palo Alto Networks executives, notably Nikesh Arora, CEO and chairman. Key elements that emerged from those conversations included, provocatively, a claim about “the end of best of breed” when compared to platforms, comments about the massive scale that the company has deployed, and improvements on internal data structures for faster responses. The company continues to explore how its platform can be used for additional use cases and where it can benefit from economies of scale and key partnerships such as Google Cloud for its massive compute needs.
At Ignite OnTour, Palo Alto Networks Makes its Case for Platformization
Analyst Take: Palo Alto Networks continues to build on its platform message – the company refers to as “platformization” – and now has AI as a key component of that message. Indeed, a global-scale security platform is well-suited as both a source of meaningful security data and an environment where AI, if appropriately deployed, can bring value in scale, responsiveness, and more. The company showed numerous examples of massive scales – measuring things in petabytes and thousands of AI-enabled detections – and improvements in security metrics. Results will vary for each organization, of course, but the potential for improvement is there.
The message will likely resonate, particularly with enterprises with more complex environments. Informal on-site conversations with partners and customers were positive, and trends with numbers show a preference to work with more strategic vendors.
Still, “platformization” is a nontrivial strategy that requires the right combination of features, execution, pricing, and messaging to reach prospects. Palo Alto Networks needs to consider how it navigates a few topics here.
First, the company’s vision is centered on the security operations center (SOC) as the central hub for all things security. The recent move of cloud security functionality from Prisma Cloud into Cortex Cloud is evidence of that. The question that stands out is how it can help customers ensure seamless integration between technologies and teams – how well does the SOC cooperate with cloud engineering, for example?
The other key point is how the company can grow beyond what it calls “wartime” activities (focused on incident detection, response, and containment) to support customers’ “peacetime” activities—closing backlogs of vulnerabilities, improving compliance, and, among many other things, helping customers innovate securely in other areas (hello, “agentic AI”).
What to Watch:
- What is the “rubber-meets-the-road” path for XSIAM and Cortex Cloud? How will customers navigate the adoption of Palo Alto Networks’ overall security platform – above and beyond its network security portfolio – and incorporate cloud security workflows in the SOC? This includes questions regarding procurement – how do the sales cycles change? – as well as operational aspects of triage and remediations.
- What’s next in terms of functionality and/or adjacencies? With a strong position in network security and a growing role in security operations, how will Palo Alto Networks handle adjacent areas with more business-centric concepts such as identity and data protection? Similarly, how does the company extend its “wartime” capabilities to support “peacetime” activities?
- Where will the company seek differentiation at a more strategic level? The security platform approach is compelling in many cases, but prospects are hearing similar messages from other vendors, notably Microsoft, CrowdStrike, SentinelOne, Fortinet, Cisco, Trend Micro, and others.
- Will more focused competitors respond with deeper partnerships? Will security operations and cloud security vendors – a representative but not comprehensive list includes Cisco/Splunk, Exabeam, Securonix, Elastic, Fortinet/Lacework, Orca Security, Wiz (the company is still independent until the transaction with Alphabet/Google closes), Sysdig, Trend Micro, and more – extoll the benefits of more dynamic partnerships as an alternative to the security platform?
More information about the event series is available here.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
The Clash of Two Competing Visions for Cloud Security – Report Summary
Cybersecurity 2025: AI-Powered Threats, Quantum Risks, and the Rise of Zero Trust
Alphabet’s Proposed Acquisition of Wiz Shifts Cloud Security Landscape
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
