We’re leading a paradigm shift in security, but it’s going to take a village to bring it to life. This paradigm is Zero Trust, and we’re helping pull together the village through a robust partner ecosystem.

Zero Trust is a cybersecurity framework that automates an organization’s security architecture and orchestrates a response as soon as systems are attacked. The challenge, however, lies in implementing a complete solution guided by the seven pillars of Zero Trust. No company can do this alone.

To help private and public sector organizations simplify adoption, Dell is building a Zero Trust ecosystem. It brings together more than 30 leading technology and security companies to create a unified solution across infrastructure platforms, applications, clouds and services.

Through this ecosystem, Dell and its partners are paving the way to adoption. Together with the Maryland Innovation Security Institute (MISI), we’re providing best-in-class technology at the Zero Trust Center of Excellence and constructing an advanced private cloud solution focused on integrating and orchestrating security for customers. This approach will help organizations implement the technology and tap the expertise needed to build and configure the architecture.

Leading the integration of the Zero Trust ecosystem, Dell brings together technology and capabilities from partners including Corsha, Gigamon, Intel, Juniper Networks, MISI, Nomad GCS, NVIDIA, Palo Alto Networks, VMware and others. By replicating the Department of Defense-approved architecture with technology from leading providers, we’re enabling organizations to defeat cyber criminals while meeting the U.S. government’s Zero Trust mandate.

The ecosystem will help execute the Department of Defense Zero Trust requirements, including capabilities such as:

• • Continuous authentication: Continuously authenticates user access using multifactor authentication.
  • Comply to connect, device detection and compliance: Any device attempting to connect to a network or access a resource is detected and assessed for compliance status.
  • Continuous monitoring and ongoing authorization: Automated tools and processes continuously monitor applications and assess their authorization to determine security control effectiveness.
  • Data encryption and rights management: Data rights management tooling encrypts data at rest and in transit to reduce the risk of unauthorized data access.
  • Software defined networking: Enables the control of packets to a centralized server, provides additional visibility into the network and enables integration requirements.
  • Policy decision point and policy orchestration: Collects and documents all rule-based policies to orchestrate across the security stack for effective automation.
  • Threat intelligence: Integration of threat intelligence data with other security information and event management (SIEM) data provides a consolidated view of threat activity.

Zero Trust is a journey, and the destination is a well-defined set of integrated and automated security activities validated by the U.S. government and recognized around the world. The partner ecosystem is a critical component of Dell’s project to scale an end-to-end validated Zero Trust solution for organizations worldwide.

We look forward to sharing more on our Zero Trust strategy at Dell Technologies World 2023 in Las Vegas, May 22-25, 2023.

Palo Alto Networks was the number one vendor in the quarter, growing 24.9% year on year and increasing its market share to 8.4%, up from 7.8% in Q3 2021. Cisco was the second-largest cybersecurity vendor, with growth of 16.7% and a flat market share of 6.9%. Fortinet placed third, achieving growth of 29.9% to reach a 6.7% market share, up from 6.0% a year ago.

Endpoint security was the fastest-growing category, up 18.7% year on year at US$2.7 billion. Network security was the largest category, representing US$5.1 billion and growing 14.8%.

The technology sector faces deteriorating economic conditions, increasing uncertainty and greater scrutiny of IT spending, factors that most vendors considered in their forecasts. Falls in new business, reductions in spending commitments and delays to subscription start dates were worse than expected, which will filter into future results.

“Many cybersecurity vendors have shifted toward subscription-led business models, which also helped to shield them from the immediate impact of the economic slowdown,” said Matthew Ball, Chief Analyst at Canalys. “The move to subscription-based platforms and increased focus on upselling existing accounts will sustain revenue growth for cybersecurity vendors over the next 12 months.”

Channel sales accounted for 90.6% of the overall market, with the other 9.4% of sales done directly with customers. Channel sales grew by 15.9% year on year, outpacing direct sales.

Channel partners remained optimistic about the opportunities in cybersecurity. 27% expected their cybersecurity revenue to grow by more than 20% in 2023, according to a Canalys poll of 393 respondents taken between 21 November 2022 and 9 December 2022. Another 27% anticipated growth of 11% to 20% next year. Only 10% of partners expected cybersecurity sales to decline.

US$9.6 billion of sales came from North America, which remained by far the largest cybersecurity market, representing 53.8% of global spending. It was also the fastest-growing market at 17.1%. EMEA sales reached US$5.2 billion, APAC US$2.4 billion and Latin America US$0.6 billion.

“The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps,” said Anand Oswal, senior vice president of products, network security at Palo Alto Networks. “This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk.”

While a Zero Trust approach is critical to help protect medical devices against today’s innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering.

The new Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable healthcare organizations to:

• Create device rules with automated security responses: Easily create rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted.
• Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile.
• Understand device vulnerabilities and risk posture: Access each medical device’s Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorized external website communication.
• Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.
• Verify network segmentation: Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems.
• Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, helps automate workflows.

Healthcare organizations are using Palo Alto Networks products to secure the devices that deliver cutting-edge care to millions of patients all over the world.

“Establishing and maintaining acute situational awareness of the Internet of Medical Things (IoMT) environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect, identify and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event,” said Tony Lakin, CISO, Moffitt Cancer Center. “Palo Alto Networks IoT capability seamlessly integrates with our continuous monitoring processes and threat-hunting operations. The platform consistently provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio.”

“With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage,” said Bob Laliberte, principal analyst, ESG.

“Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives,” said Ed Lee, research director, IoT and Intelligent Edge Security, IDC.

The effects of cybersecurity incidents are far reaching in the digital age, but navigating rapidly evolving risks can pose a challenge for organizations. To solve this challenge, many turn to managed security service providers (MSSPs) for help strengthening their security outcomes. The NextWave Program now provides the tools, training and resources to address customer demand for IR services and aligns with the expansion of the Palo Alto Networks Cortex MSSP ecosystem, which grew 146% year over year. Leveraging a partner specializing in IR services can accelerate response and remediation across the incident lifecycle for holistic response to an incident.

“The 2022 Unit 42 Incident Response Report found that in 44% of cases, organizations did not have an extended detection and response (XDR) security solution, or it was not fully deployed on the initially impacted systems. Palo Alto Networks Cortex XDR is designed to provide more comprehensive visibility so threats are identified early along with better context for accelerated investigation and tighter containment,” said Tom Barsi, vice president, WW Cortex Ecosystems, Palo Alto Networks. “We are investing in our MSSP partner ecosystem more than ever before with the expansion of the NextWave Partner Program to encompass Threat Response. Partners that achieve this designation are highly skilled and have met stringent requirements with demonstrated deep experience in delivering Threat Hunting and IR services leveraging Cortex XDR. They are able to support customers through Incident Response, during their greatest time of need.”

The Palo Alto Networks NextWave Program for Threat Response offers partners:

• Leading IR XDR technology built utilizing proactive and reactive use cases to reduce time and resources spent on delivering services, including collecting data, aggregating data, analyzing data and remediating; a purpose-built platform and program that is designed for true IR in addition to endpoint detection and response (EDR).
• Expert technical and deployment support 24/7 for online access to XDR tenants within minutes and around-the-clock technical support.
• Expanded routes to market with more ways to offer proactive services to clients pre- or post-IR engagement, including advanced threat analytics, proactive assessments and attack surface management.

NextWave Partner Quotes

Deloitte India and Palo Alto Networks recently announced an expansion of their collaboration to offer complete, end-to-end technology-based cyber incident response services to businesses in India. “We are pleased to have earned the Palo Alto Networks NextWave designation for Threat Response to help transform the cyber incident response space together. With cybersecurity incidents becoming increasingly prevalent and sophisticated, along with added regulatory pressure, we foresaw the need for a smarter, faster, and more extensive suite of services that would provide our clients with next-generation security technology and services. Our partnership with Palo Alto Networks affirms that commitment to our clients,” said Aloke Kumar Dani, partner — Risk Advisory, Deloitte India.

“Earning the Palo Alto Networks NextWave designation for Threat Response helps further our security team’s expertise in delivering a holistic security operations platform to our customers,” said Kevin Kilgo, vice president of Managed Services, Fulcrum. “Combining Fulcrum’s managed security services, our 24x7x365 security operations center, SIEM as a service, and SOAR capabilities with the best-in-class power of Cortex XDR has helped our SOC team significantly in addressing the ever-growing burden of our customer’s detection & response operations.”

“We continue to see our enterprise clients divesting internal Digital Forensics and Incident Response (DFIR) capabilities. Instead, they are outsourcing this work to chosen partners like PwC,” said Ross Foley, director, Managed Cyber Defense Lead, PwC UK. “We are proud to have achieved the Palo Alto Networks NextWave designation for Threat Response to help clients respond to, contain, and remediate cyberthreats and vulnerabilities so they can focus on their business. Our solutions powered by Palo Alto Networks Cortex XDR deliver trusted offerings to clients, combining the recognized cyber expertise of both organizations to reduce the probability of a breach as well as the impact should an incident occur.”

“We required a technology that checked the boxes for IR capabilities while simultaneously meeting the needs and use cases of an incident responder. The Cortex XDR platform has been built with our biggest daily pain points in mind, and it is designed to be deployed in fragile incident response situations,” said Imelda Flores, head of SCILabs, Scitum TELMEX. “By receiving the Palo Alto Networks NextWave designation for Threat Response and adopting Cortex into our service delivery portfolio, we have multiplied our capabilities and offerings without investing in additional resources.”

Misconfigurations in SaaS apps are a common problem. To address this, Palo Alto Networks announced new innovations in Prisma SASE that enable customers to identify and remediate misconfigurations in SaaS apps using SaaS Security Posture Management (SSPM) capabilities.

“SaaS apps have given organizations the freedom to have their workforce work from wherever they are most productive. The vast amounts of sensitive data being created, held, and shared via SaaS applications, however, expose a serious risk of data breach due to SaaS misconfiguration. Simply put, the world needs a SASE solution that can manage the configuration and security of SaaS applications,” said Anand Oswal, senior vice president, Network Security at Palo Alto Networks. “With today’s Prisma SASE updates, we are significantly strengthening the security posture of SaaS apps through the Palo Alto Networks Next-Gen CASB, which allows customers to easily view and configure security settings for multiple SaaS apps in a single place.”

In addition to SSPM, the company announced new ZTNA 2.0 security inspection capabilities, including ML-powered Advanced URL Filtering and Advanced Threat Prevention as well as the industry’s first natively integrated artificial intelligence for IT operations (AIOps) solution for SASE, simplifying networking and security operations for customers.

The full set of product announcements are:

• SaaS Security Posture Management (SSPM): Powered by Palo Alto Networks Next-Gen CASB, the SaaS Security Posture Management capabilities go beyond CIS and NIST compliance checks and move to comprehensive security, allowing customers to configure security settings for multiple SaaS apps in one location. In an effort to reduce remediation time, SSPM can help fix misconfigurations with a single click and helps prevent configuration drift by allowing users to lock critical security settings in place.
• Advanced URL Filtering: Prevents new, highly evasive phishing attacks, ransomware and other web-based attacks through the use of inline deep learning, rather than a URL database — preventing 40% more threats and detecting 76% of malicious URLs up to a full day before traditional web filtering solutions.
• Advanced Threat Prevention: Provides the only intrusion prevention system (IPS) solution that can stop unknown command-and-control (C2) attacks in real time — 48% more than other IPS solutions. New capabilities bring security analysis from “offline” to “inline” using machine learning techniques — improving detection rates for zero-day threats without sacrificing performance.
• AIOps for SASE: Palo Alto Networks natively integrated AIOps into its secure access service edge to significantly reduce manual operations and enable faster troubleshooting. AIOps for SASE provides automated root cause analysis, rapid problem remediation and guided best practice adoption. Predictive analytics enable more efficient capacity planning and anomaly detection, preventing business disruptions. A simple query-based interface empowers the IT service desk with automated troubleshooting and change analysis.

In addition to these software enhancements, Palo Alto Networks is introducing new hardware appliances — ION 1200-S and ION 3200 — to help organizations modernize their small to midsize branches. These new appliances include a fully integrated switch and Power over Ethernet (PoE) ports to connect and power endpoints within the local area network. Additionally, integrated WAN capabilities like 5G and LTE on the ION 1200-S and fiber ports on the ION 3200 allow customers to improve WAN availability, performance and speed. ION 1200-S and ION 3200 can help significantly reduce operational complexity by eliminating multiple point products while providing power redundancy with a built-in dual power supply that ensures network uptime and consistent connectivity.

“As one of the largest cinema chains and theme park operators in Australia, we started our journey with Palo Alto Networks by deploying Prisma SD-WAN to improve the reliability and throughput of our WAN connections,” said Michael Fagan, chief transformation officer, Village Roadshow. “Since then, we have added Prisma Access to complete our SASE architecture and secure both our remote locations and our hybrid employees. We are pleased to see the introduction of 5G and PoE switching into the Prisma SD-WAN appliances to help us further consolidate our branch infrastructure, and simplify our operations with AIOps for SASE. Our team loves the fact that they no longer need to remember usernames, pins, passcodes, tokens and have different multi-factor authentication apps. Performance and uptime has improved to allow our staff to continue working without disruption to services, thereby reducing the amount of calls through to our service desk team.”

“Protecting sensitive data, especially data in SaaS applications, is paramount for us. As we continued to utilise more cloud services we knew we needed to implement a SASE framework and provide Zero Trust Network Access to protect our users and applications,” said Simon Hibbert, general manager of IT, Chemist Warehouse Group. Implementing Prisma SASE has enabled our employees to do their jobs more efficiently, and enabled new ways for us to engage with our customers. Not only has it improved our security posture, but it also provides highly reliable and smooth connectivity.”

“The usage of SaaS applications continues to expand at a faster rate than security teams can keep pace with. As more applications are introduced and ownership becomes distributed across organizations, the risk of misconfigurations grows, which increases the likelihood for security incidents to occur. A SASE solution like Prisma SASE by Palo Alto Networks provides a logical consolidation point for all the capabilities needed for complete SaaS security, including SSPM. However, functionality cannot be sacrificed for efficiency,” said John Grady, ESG senior analyst. “Palo Alto Networks provides comprehensive SaaS security through its security-focused SSPM capabilities coupled with comprehensive application coverage and a history of analytics-led threat prevention.”