THE VALUE OF THE

NEXT-GENERATION
SECURITY PLATFORM:
REAL-WORLD ANALYSIS
Greg Day
VP & Chief Security Officer, EMEA
Palo Alto Networks

Executive Overview
The combination of complex, modern IT environments and a rapidly evolving threat landscape has left many businesses
challenged to control costs while effectively protecting the systems on which their operations depend. In many cases, the chal-
lenges are brought about by the combination of too many disparate security solutions that do not share context and insufficient
time and/or expertise. To address these challenges, organisations are looking at ways to consolidate their security infrastructure
to (1) improve their security posture and (2) reduce their total cost of ownership.

Introducing Our Security Platform

Palo Alto Networks Next-Generation Security Platform enables you to empower your business using a single-pass software
engine that provides full contextual awareness for the application, content within, and the user. When our platform first sees
network traffic, the single-pass software immediately determines three critical elements that drive your security policy: the
application identity, regardless of port; the content, malicious or otherwise; and the user identity. With these three elements as
the basis for your security policy, you can reduce your threat footprint, prevent attacks, and map policies to users. Complement-
ing the single-pass architecture, and further enabling security functionality consolidation, is a zone-based policy methodology.
Rather than adhere to the strict trust/untrust DMZ boundaries, Security Zones allow the creation of logical groupings of
physical interfaces, VLANs and IP addresses. Once created, each zone is then protected by positive control model firewall
policies that dictate what you will, or will not, allow. The Next-Generation Security Platform enables organizations to:
Reduce the threat footprint. Classify all traffic, across all ports, all the time. Today, applications and their associated
content can easily bypass a port-based firewall using a variety of techniques. Our security platform natively applies mul-
tiple classification mechanisms to the traffic stream to identify applications, threats and malware. All traffic is classified,
regardless of port, encryption (SSL or SSH), or evasive techniques employed. Unidentified applications typically a small
percentage of traffic, yet high in potential risk are automatically categorized for systematic management. Using a positive
control model, a design unique to our platform, you can set policies based on applications or functions and block all others
(implicitly or explicitly), thereby reducing the threat footprint.
Prevent known and unknown attacks. Once the threat footprint is reduced by allowing specific applications and denying
all others, coordinated cyberattack prevention can then be applied to block known malware sites and prevent vulnerability
exploits, viruses, spyware and malicious DNS queries. Any custom or unknown malware is analysed and identified by exe-
cuting the files and directly observing their malicious behaviour in a virtualized sandbox environment. When new malware
is discovered, a signature for the infecting file and related malware traffic is automatically generated and delivered to you.
Threat prevention policies are uniquely applied to specific application flows, not globally to specific ports.
Tie policies to users. To improve your security posture and reduce incident response times, its critical to map application us-
age to user and device type and be able to apply that context to your security policies. Integration with a wide range of en-
terprise user repositories provides the identity of the Microsoft Windows, Mac OS X, Linux, Android or iOS user and
device accessing the application. The combined visibility and control over both users and devices means you can safely enable
the use of any application traversing your network, no matter where the user is or the type of device being used. Establishing
the context of the specific applications in use, the content or threat they may carry, and the associated user or device helps
you streamline policy management, improve your security posture, and accelerate incident investigation.

Palo Alto Networks | The Value of the Next-Generation Security Platform Datasheet 1
Reducing TCO With a Platform Approach
There currently exist a number of tools that generate speculative return on investment figures based on different approaches to
consolidation. However, in an effort to elevate this discussion from speculation to observed reality, we reached out to existing
customers of Palo Alto Networks to test the consolidation cost-savings hypothesis based on their real-world experience.
Over the course of May and June 2016, nearly 150 customers shared data that demonstrated both capital and operating
expenditure reductions as a result of consolidating their cybersecurity technologies with Palo Alto Networks. On average, these
customers have 3.2 subscriptions deployed with our next-generation firewall. This paper summarizes the results of the survey
and lists the reasons why customers are able to achieve these results with the Palo Alto Networks platform.

Survey Results: Summary

CAPEX: Hardware & Support
Customers reporting reduced hardware spending saved an average of 20%, and the percentage of organisations that
made savings doubled between the first, second and third subscription deployed.
A similar trend presented itself when analysing support costs. Of those reporting reduced support spending, the average
savings was 19%.
OPEX: Firewall Management
After adopting our next-generation firewall, customers reported an average reduction of 26% in the amount of time re-
quired to add new rules to manage their firewalls, including time to ensure new rules did not conflict with existing ones.
OPEX: Attack Analysis
65% of respondents reported a decline in the quantity of security events requiring human intervention.
Customers reporting reduced quantity of alerts requiring human intervention noted average declines of 25%.
60% of customers observed a decrease in time necessary to complete the analysis of attacks requiring human intervention.
On average, customers reporting reduced time necessary for an analyst to investigate an event to drive a technical
action to prevent or block an incident saw declines of 30%.
Customers who deployed all four services with the next-generation firewall were able to gain the most time savings,
with 23% seeing a 40+% savings in the time to analyse events requiring human intervention.
These results demonstrate that, by consolidating their cybersecurity technologies with the Palo Alto Networks Next-Generation
Security Platform, customers are making significant progress towards reducing security total cost of ownership while achieving
greater operational effectiveness and efficiency.
Is consolidation of technologies the sole reason that customers were able to achieve these results? If that were true, UTM
appliances would be able to offer the same results. But they cannot, because consolidation is not the only a factor at play.
Specifically, customers achieved these results thanks to a natively integrated platform, not a bunch of disparate software
technologies sold together, and an unwavering focus on cybersecurity breach prevention, instead of accepting breaches as an
unavoidable reality.

4401 Great America Parkway 2016 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark
Santa Clara, CA 95054 of Palo Alto Networks. A list of our trademarks can be found at http://www.
Main: +1.408.753.4000 paloaltonetworks.com/company/trademarks.html. All other marks mentioned
Sales: +1.866.320.4788 herein may be trademarks of their respective companies. value-next-generation
Support: +1.866.898.9087 -security-platform-ds-081616

www.paloaltonetworks.com