Even today, Palo Alto continues to set the pace in the market. It is the first supplier of next-generation firewalls to have combined artificial intelligence with both a firewall and its own endpoint product, most notably the anti-malware platform Cortex XDR. This detects suspicious behaviour, such as the injection of executable code into memory segments. It also collects all potential security breaches from the company’s firewall platforms and endpoint agents and brings them together. A statistical analysis of events and mechanisms that enrich the data allows us to send out relevant alerts based on user behaviour. At the same time, this enables us to exclude most false positives, which are an absolute nightmare for security administrators. The alerts themselves are also contextualised: We know the username and process ID of whomever is behind the suspicious action; we know when it happened thanks to a time stamp; we know the exact machine, the IP address and also the location; and we know the sequence and description of the suspicious incidents. This means that we can make a more targeted diagnosis and also propose more targeted recovery operations. We do not need to rely as much on decrypting traffic to detect attacks and malware.
Thanks to Palo Alto, the future looks a lot less frightening for security engineers. Obviously, the arms race is far from over, but the wall is higher and thicker, for the foreseeable future at least.