Transcript
Francisco. I'm on top of the Canopy Hotel, which Palo Alto Networks every year graciously buys out and has a whole bunch of customer and media activities here. I'm with Anupam Aparahaya, Senior Vice President of SASE for Palo. Anupam, how are you doing? Nice being here, ZS. Great to be here. Great weather. So, we're going to talk a little bit of SASE, how it relates to agentic AI. Before we get into that though, I know part of your job, you talk to a lot of customers, right? And if there's a theme at the show, I think it's a lot of, in fact, I've been to a lot of trade shows this year, NVIDIA GTC last week, Davos earlier, right? It seems like we moved out of the talking about AI phase into the trying, at least trying to do things with AI phase. Where are customers at? What do you see them doing with AI? Yeah, it's interesting, ZS. If you look at AI, AI in the last six months has really evolved. You had people using tools like Gemini, Chad GPD, or what have you, to get information. And that was great. Now, as people got more comfortable with synthesizing information, now they are moving to this phase called agentics, where they want these tools to do things on your behalf. And that, in my customer conversations, is creating a lot of anxiousness with the CISOs and CIOs of the world, right? They are really doing that trade-off between autonomy and security, and that's where the conversation starts, ZS. Yeah. In fact, a couple of months ago, I was talking with the CEO of Worldwide Technologies, Systems Grand, another Palo Alto partner as well, Jim Cavanaugh, and I asked him, is the FOMO of the fear of missing out for enterprises stronger? Is that pull stronger than the push of, oh my God, I'm scared of doing AI, which is holding them back? And he said, both are true, actually, that companies do know that if they don't get moving to AI soon, they're going to fall behind, but they also are worried about the security. And so, what are the big friction points that you see right now when it comes to doing more in the way of agentic? Yeah. First of all, the FOMO part, six months back, there were CISOs which were saying, agentic or my dead body. And now, here we are, where everything is, I got to get moving. Yeah. I'm not dead yet, so that's good. The good point is, the impediments. The impediments to agentic adoption really are, if you think about agents, they're actually assuming your role and doing things on your behalf, right? And that is where the friction comes in. There are a lot of things that can potentially go wrong from a security standpoint. Are they accessing the right data? What are they doing with your data? Do they have the right permissions? Are things happening that they should not be doing? And there are certain examples, Zeesh. Claude was used by a Spanish hacker, and he worked, he conversed with Claude in Spanish and convinced it to become an ethical hacker and participate in a bounty program to steal government data from Mexico. And those are the kind of things that worry people, right? Poisoning. Or doing things that the agent should not be doing. That's one aspect. The second is just security. Sometime back, Unit 42, which is our research arm, published a report which talked about how there was a vulnerability in Gemini, which allowed any other extension to actually take over Gemini and take over the camera and take over the microphone and actually get access to your data, take screenshots. So those are the things, right? One is, at the end of the day, agent is software. Has it been done the right way? And the second thing is, is agent doing things the right way? And those are the two things that are becoming impediments or things that people are thinking through as they balance autonomy versus security. All right. Since you're SVP of SASE, I think it's logical for me to ask you, what's the role of SASE in helping protect? Yeah, that's a great question, Zeesh. SASE was meant to protect user to applications, which is great, right? But now that user has morphed from being an agent, from being a human, to being an agent as well. And a very ephemeral agent, right? Exactly. They can spin up very quickly. Exactly. You can spin up very quickly with your RBAC, with your role and identity, right? And that's where SASE has really evolved, making sure that we are able to secure the flow between the agent and the application. And that really is three things. One is the ability to distinguish between the agent identity and the human identity, right? The second thing is creating the right guardrails between what the agent can do. The second topic is the interaction between the human and the agent, understanding that. Like let's take an example, Zeesh, right? Let's say I'm in a company and I ask for legal advice from the agent. Should that give it to me? Probably not, because then the company is liable. So sort of, or should I engage in things like violence? So creating the right topic guardrails becomes the second thing. And the third thing is data. How do you ensure that the agent is not really compromising your data? And as you move from humans to autonomy with agents, guardrails also having human intervention where you need it. Now, in conjunction with your other RSA activities, you also announced the new Prisma browser, which is, I don't know if anybody's, people have thought about it historically as part of a SASE suite, but it is with Palo. In fact, I think Palo was called the most secure browser for the agentic era. So talk about why the connectivity between the browser and SASE, and then how this browser in particular helps companies move forward with agentic more securely. Zeesh, I spent most of my time on a browser. I do mail, I do documents, I look at slides, and all of those exist in browsers. So browser has become the new workspace. And that's why, and when you think about user to app interaction, the first interaction point for users is the browser. So that's why browser is a part of SASE. Before we talk about agentic, there are a lot of benefits that when you bring browser into the SASE suite, first benefit is the ability to stop attacks that get assembled in the browser. And there's a lot of malware that today gets assembled in the browser. Now if you could look at that malware and stop it before it executes, that's a great story. Second is, you know, a lot of new protocols are hard to decrypt. Things like QUIC and HTTP3, or for business decisions, you might choose not to decrypt things. Browser does not need to worry about that because you're looking at things before it gets encrypted. So browser just adds a lot of security at the right place where users interact with applications and data. So that's a great story. Now let's talk about agentic. If you think about your favorite LLM of choice, where you are trying to get information that you want, or think about the specific LLM of choice where you want to do agentic actions, that is where you need to provide the right security. In terms of security, you should not willingly or unwillingly share data that is confidential. So that's the first guardrail that the browser provides. If for some reason you are putting data that it should not be, it stops it right there. The second is compliance. A lot of times, a lot of things, you need to adhere to compliance. If you look at healthcare, HIPAA, you look at retail, PCI compliance. Browser provides you the right compliance framework when you interact with these large language models. So that's the first part. The second thing is when you think about security, people in their zeal or in their enthusiasm to embrace technology might be dealing with AI tools, which might not be the most reputable. So the ability to provide security for interaction with AI tools, that's the second part. And the third part becomes ultimately AI is just another piece of software. It has its own vulnerabilities. So the ability to protect against that. And last but not the least is the ability to distinguish between human versus agent identity. So you can understand what the agent actions are and provide the right guardrails in form of data, security, and human oversight if required. On the data theme, DLP is a part of SASE. And DLP kind of assumes that you know where your data is, right? And in the world of agentic, I think people are expecting data sprawl because we're going to have agents creating more data. We're going to certainly put data in more places. And when you think about the evolution of DLP, how are you thinking about how it's going to work in this agentic world where your traditional gates, if you will, just don't work anymore? Yeah. Yes, you said it. In the old world, which was not so, like literally a year back, everything was structured, right? You had data sitting in places where it should. You need confidential data. But in this world of AI, data is being shared with all kinds of tools. SaaS applications, AI, data could be sitting on the endpoint, could be sitting in the network, could be sitting in the cloud, could be sitting with the AI agents. When you think about DLP in this world, before DLP, you got to first understand what AI applications are in your ecosystem. So having visibility into all AI applications, whether they are sanctioned, unsanctioned or tolerated is the first pillar, visibility into applications. The second is the ability to work across all channels, local, which is endpoint, network, cloud, browser, and applications to understand what data is, what data is important for you, what data should not be shared, which is sort of privilege and what is common. And then putting the right access policies. And that's where I see the evolution of DSP, right? Really a multi-channel data security, which looks at all channels, and then has the ability to look at data across all of these channels and provide the right markings. Is it confidential data? Whether it's not. And that's what we call shadow data. That we can look at all shadow data and have the right tools or technology to distinguish sensitive versus non-sensitive. So agents being created by shadow AI created shadow data. Data. Exactly. Yeah. That's not a good scenario. Now, typically with SASE also, a lot of the IT and security operations processes to configure these things are very manual in nature, right? Now, as we talked about, AI agents are ephemeral in nature, and so there's no time for an IT to go configure a SASE rule when the agents pop up. So how are you helping automate a lot of that so you take the heavy lifting off the security professionals and allow these agents to work, be secured, but not overwhelm a security team that frankly is already overwhelmed? Yeah. And like you said, they're ephemeral and they don't sleep. We shut down and go home. The agents are working 24 by 7. Yeah. We just hire more people. So first of all, these agents never sleep. You could spin up cloud agents. They are working on your behalf. First of all, before you even talk about automation, you need a SASE infrastructure that is always on. That's resilient. And that's why we built our SASE infrastructure on a multi-cloud. We run on top of Google, AWS, and Oracle. We also have now support for SASE private location where you can run SASE in your customer premise. So we built the right resiliency story with our SASE solution. And for some reason, if the end device goes down, you can also move to an unmanaged device, reuse the browser to keep on doing things that you want. But that's just a reliable resiliency part. The part you talked about is, okay, that's great. Agents work and you've got a beautiful, resilient infrastructure. How do you make sure you're lessening the workload on the administrators? This is where, because we have visibility in all interactions, we are an inline service. With ADEM, we got visibility for the endpoint, Wi-Fi, network, cloud, and application. We've got telemetry from multiple places coming in from the endpoint, from browser, from cloud, from the network. We are putting all that into one common data lake and running AI on top of it to actually automate operations. First of all, we just don't tell you issues. We give you playbooks to fix it. And the way it is done is we give you automated playbooks where you can execute it with human intervention or human supervision. And as you get comfortable, you can totally automate it and say, hey, I'm comfortable with this playbook. This makes sense to me. Next time, just when you see this problem, automate it. And that's how we're using the power of data and AI to start automating operations for a SASE that needs to be awake 24 by 7 to serve the agents 24 by 7. All right. No problem. So, last question for the security practitioners watching this. As we said, FOMO is real, but the security implications are real. Just a couple of pieces of advice on how to get moving with AI, but safely. Yeah. You first got to figure out what's the AI strategy for you. Are you looking at starting with a better assimilation of information or are you going all in and going towards agentic? Whichever way you go, make sure you're putting the right guardrails in terms of what AI can do, what AI cannot do. Are you putting the right guardrails for data that AI can interact with? And the third is, please remember, AI is a piece of software at the end of it. Make sure you have the right security for that software, as you would do for everything else. All right. Thanks. That was a great update on Prisma SASE. Clearly, the pressure to do AI is there, and Palo Alto Networks is here to help you. Thanks, Zias, for having me. So, on behalf of Anupam Mappadhyaya, I'm Zias Karaval from ZK Research, and thanks for watching. Give us a like. Don't forget to hit the subscribe button. I'll see you next time on the next episode of ZCast.
