Palo Alto Networks

Palo Alto Networks, Inc.
TypePublic company
IndustryNetwork security
Cybersecurity
Cloud Computing
Founded2005; 18 years ago (2005)
FounderNir Zuk
Headquarters,
U.S.
Area served
Worldwide
Key people
Nikesh Arora (CEO)
ProductsPA 220, 4x0, 8x0, 32x0, 34x0, 54x0, 70x0, VM, CN firewall series
Prisma SASE Prisma Cloud, Cortex XDR, Cortex Xpanse, Cortex XSOAR, Cortex XSIAM
RevenueIncrease US$6.89 billion (2023)
Increase US$387 million (2023)
Increase US$440 million (2023)
Total assetsIncrease US$14.5 billion (2023)
Total equityIncrease US$1.75 billion (2023)
Number of employees
13,948 (2023)
Websitepaloaltonetworks.com
Footnotes / references
Financials as of July 31, 2023

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

In 2018, Palo Alto Networks was listed 8th in the Forbes Digital 100. In June 2018, former Google and SoftBank executive Nikesh Arora joined the company as Chairman and CEO.

History

Palo Alto Networks was founded in 2005 by Israeli-American Nir Zuk, a former engineer from Check Point and NetScreen Technologies, and was the principal developer of the first stateful inspection firewall and the first intrusion prevention system. Zuk created Palo Alto Networks with the intention of solving problems enterprises faced with existing network security solutions, namely: the inability to allow employees to use modern applications safely, which entailed developing a firewall capable of identifying and providing fine-grained control of applications.

In 2007, the company produced and shipped its first product, an enterprise firewall. In 2009, Gartner released a publication defining a next-generation firewall. In contrast to traditional firewalls, which at the time relied on simple rules such as port numbers and protocol to block traffic, the authors stated that next-generation firewalls should operate on and inspect all layers of the network stack and be intelligent enough to block threats independently of port numbers or protocols used. In particular, the publication defined this next-generation firewall as containing (in addition to the full capabilities of both traditional firewalls and intrusion prevention systems): Support for in-line deployment without disrupting network operations, application awareness, and full stack visibility allowing for fine-grained detection and control of applications, extra-firewall intelligence, and upgrade paths.

Starting in 2011, Gartner began listing Palo Alto Networks as a leader on its enterprise firewall, Magic Quadrant. In 2019, they were named a leader in the Gartner Magic Quadrant for Network Firewalls for the 8th year in a row. The company debuted on the NYSE on July 20, 2012, raising $260 million with its initial public offering, which was the 4th-largest tech IPO of 2012. It remained on the NYSE until October 2021 when the company transferred its listing to Nasdaq.

In 2014, Palo Alto Networks founded the Cyber Threat Alliance with Fortinet, McAfee, and NortonLifeLock (formerly known as Symantec), a not-for-profit organization with the goal of improving cybersecurity "for the greater good" by encouraging collaboration between cybersecurity organizations by sharing cyber threat intelligence amongst members. By 2018, the organization had 20 members including Cisco, Check Point, Juniper Networks, and Sophos.

The company expanded over the years, offering a wide selection of enterprise cybersecurity services beyond its original next-generation firewall offering, such as Traps endpoint protection and Wildfire malware prevention. In 2017, Palo Alto Networks announced Logging Service, a cloud-based service allowing customers to amass their own data for machine learning and data analytics.

In 2018, the company began opening dedicated cybersecurity training facilities around the world as part of the Global Cyber Range Initiative.

In May 2018, the company announced Application Framework, an open cloud-delivered ecosystem where developers can publish security services as SaaS applications that can be instantly delivered to the company's network of customers.

In 2018, several high-profile tech executives joined Palo Alto Networks. In June 2018, former Google Chief Business Officer and SoftBank President Nikesh Arora joined the company as chairman and CEO. His predecessor, Mark McLaughlin, became vice chairman of the board of directors. Arora received a pay package worth about $128 million, making him one of the highest-paid executives in the United States. In September 2018 Liane Hornsey, formerly Chief People Officer at Uber, joined Palo Alto Networks as Chief People Officer. In October 2018, Amit Singh, formerly President of Google Cloud, succeeded Mark Anderson as President of Palo Alto Networks. In August 2021, William (BJ) Jenkins succeeded Singh as president, with Singh assuming the role of Chief Business Officer.

In 2019, the company announced the K2-Series, a 5G-ready next-generation firewall developed for service providers with 5G and IoT requirements. In February 2019, the company announced Cortex, an AI-based continuous security platform. CEO Nikesh Arora described Cortex as an "Application Framework 2.0".

Acquisitions

  • Morta Security was acquired for an undisclosed sum in January 2014.
  • Cyvera was acquired for approximately $200 million in April 2014.
  • CirroSecure was acquired for an undisclosed sum in May 2015.
  • LightCyber was acquired for approximately $100 million in March 2017.
  • Cloud Security company Evident.io was acquired for $300 million in cash in March 2018, creating the Prisma Cloud division.
  • Secdo was acquired for an undisclosed sum in April 2018.
  • Cloud security company RedLock was acquired for $173 million in October 2018.
  • In February 2019, Palo Alto Networks acquired security orchestration company Demisto for $560 million.
  • In May 2019, Palo Alto Networks acquired container security startup Twistlock for $410 million.
  • In June 2019, Palo Alto Networks acquired serverless security startup PureSec for $47 million.
  • In September 2019, Palo Alto Networks announced its intent to acquire IoT startup Zingbox for $75 million.
  • In November 2019, Palo Alto Networks announced its intent to acquire machine identity-based micro-segmentation company Aporeto, Inc. for $150 million.
  • In March 2020, Palo Alto Networks announced its intent to acquire SD-WAN company CloudGenix, Inc. for $420 million. This acquisition was completed in April 2020.
  • In August 2020, Palo Alto Networks announced its intent to acquire Crypsis Group for $265 million.
  • In November 2020, Palo Alto Networks announced its intent to acquire Expanse for $800 million.
  • In February 2021, Palo Alto Networks announced it acquired Bridgecrew for around $156 million.
  • In November 2022, Palo Alto Networks announced its intent to acquire Cider Security for an enterprise value of around $300 million.

Products

Enterprise products

Palo Alto Networks offers an enterprise cybersecurity platform that provides network security, cloud security, endpoint protection, and various cloud-delivered security. Components of the security platform listed on the Palo Alto Networks website include:

  • Next-generation firewalls, running PAN-OS, offered in multiple forms including:
    • As a physical appliance through the PA series, which includes small form-factor firewalls such as the PA-220 for small businesses and offices, to the PA-7000 series built for large enterprises and service providers.
    • As a virtualized appliance through the VM series, allowing the firewall to be run as a virtual machine to secure virtualized data centers and private clouds. It is also compatible with public cloud environments such as Amazon Web Services, Microsoft Azure, Google Cloud, and Oracle Cloud Infrastructure.
    • As a streamlined cloud service provided by Palo Alto Networks through GlobalProtect Cloud Service.
  • Panorama, a network security control center that allows customers to manage a fleet of firewalls at an enterprise scale from a single console.
  • Traps, advanced endpoint protection. Unlike traditional antivirus, Traps does not rely on signatures to detect malware. Instead, it focuses on analyzing the behavior of programs to detect zero-day exploits. Threat intelligence is shared with and obtained from Wildfire.
  • Wildfire, a cloud-based threat-analysis service that uses dynamic analysis, static analysis, machine learning, and bare-metal analysis to discover and prevent unknown threats.

Cloud storage and analysis products

In 2019, Palo Alto Networks reorganized its SaaS offerings under the Cortex branding.

  • Cortex Data Lake – Cortex data lake is a cloud-delivered log aggregation service for Palo Alto Networks devices located in on-premise networks, directly from endpoints, or cloud-based products such as Prisma Access. This data lake information is then fed into the Hub apps that provide analysis, response, and other added services.
  • Hub – Hub is an open cloud-delivered ecosystem where customers can subscribe to security applications developed by 3rd-party developers or Palo Alto Networks. Some applications from Palo Alto Networks such as XDR (analytics) and Auto Focus (threat intelligence) are Cortex-branded apps on Hub.
  • Cortex XDRXDR is the primary tool for data analysis from Palo Alto Networks that leverages modern threat detection and response capabilities on the centralized data collected in the Cortex Data Lake.
  • AutoFocus – This service provides threat intelligence to enhance the analytic capabilities of the hub applications as an external source of relevant security information.
  • Cortex XSOAR – Integrating its acquisition of Demisto into the Cortex cloud suite, XSOAR is the Security Orchestration And Response component responsible for automation and integration with other security and network systems for the automation of incident response and intelligence gathering processes.
  • Prisma Access – Prisma Access is the Palo Alto Networks offering for moving the enterprise network monitoring and analysis functions into the cloud. It is the most comprehensive SASE solution of its kind, secures access, protects users and applications, and controls data for remote users and locations.
  • Prisma Cloud – Prisma Cloud secures any cloud environment and all compute form factors used to build and run cloud-native applications, including multi- and hybrid-clouds environments. It addresses the majority of cloud security use cases a customer might have, such as CSPM, containers, serverless, and identity-based micro-segmentation. It is Palo Alto Networks cloud-native security solution that integrates with DevOps continuous integration and continuous development (CI/CD) processes for a more holistic control of the security life-cycle of cloud assets.

Threat research

Unit 42 is the Palo Alto Networks threat intelligence and security consulting team. They are a group of cybersecurity researchers and industry experts who use data collected by the company's security platform to discover new cyber threats, such as new forms of malware and malicious actors operating across the world. The group runs a popular blog where they post technical reports analyzing active threats and adversaries. Multiple Unit 42 researchers have been named in the MSRC Top 100, Microsoft's annual ranking of top 100 security researchers. In April 2020, the business unit consisting of Crypsis Group which provided digital forensics, incident response, risk assessment, and other consulting services merged with the Unit 42 threat intelligence team.

According to the FBI, Palo Alto Networks Unit 42 has helped solve multiple cybercrime cases, such as the Mirai Botnet and Clickfraud Botnet cases, the LuminosityLink RAT case, and assisted with "Operation Wire-Wire".

In 2018, Unit 42 discovered Gorgon, a hacking group believed to be operating out of Pakistan and targeting government organizations in the United Kingdom, Spain, Russia, and the United States. The group was detected sending spear-phishing emails attached to infected Microsoft Word documents using an exploit commonly used by cybercriminals and cyber-espionage campaigns.

In September 2018, Unit 42 discovered Xbash, a ransomware that also performs cryptomining, believed to be tied to the Chinese threat actor "Iron". Xbash is able to propagate like a worm and deletes databases stored on victim hosts. In October, Unit 42 warned of a new crypto mining malware, XMRig, that comes bundled with infected Adobe Flash updates. The malware uses the victim's computer's resources to mine Monero cryptocurrency.

In November 2018, Palo Alto Networks announced the discovery of "Cannon," a trojan being used to target United States and European government entities. The hackers behind the malware are believed to be Fancy Bear, the Russian hacking group believed to be responsible for hacking the Democratic National Committee in 2016. The malware communicates with its command and control server with email and uses encryption to evade detection.


This page was last updated at 2023-09-24 01:49 UTC. Update now. View original page.

All our content comes from Wikipedia and under the Creative Commons Attribution-ShareAlike License.


Top

If mathematical, chemical, physical and other formulas are not displayed correctly on this page, please useFirefox or Safari