Palo Alto CEO Mark McLaughlin sat down recently to talk about a range of security issues with Network World Senior Editor Tim Greene. They discussed McLaughlin optimism about turning the tide on attackers, the evolution of his company’s next-generation firewall and how to secure the Internet of Things. Here is an edited transcript.
Can you talk a bit about why it is that you should not give up on being able to stop attackers, why it is possible to win?
If you start to think about what that means, we would have to be willing to assume that the banking system could be brought down to its knees at any time or the electric grid system or you can go through a host of chaotic outcomes, and that’s okay. … Look, if we’re unable to get to the point where we can do a high degree of prevention, it’s as if you and I would go home tonight and say to our families, ‘Somebody is going to break into the house probably every night. They’re going to walk around, they may take stuff, take whatever they want but they’re coming in any time they want to every day of the week and there’s really nothing we can do about that, so we just have to be OK with that.’ Nobody’s OK with that. So the point I’m trying to make is we’ll figure this out. We have to, because if we don’t the implications are unacceptable about how we choose to live.
+ ALSO ON NETWORK WORLD Dos and don’ts for next-gen firewalls +
The second point is historically when there have been large-scale threats to our way of life, we have figured it out. We haven’t eliminated them, but we’ve figured out how to take a risk and minimize it to something that is not going to go away completely but is acceptable in how we live our lives. And I’m very confident that’s what’s going to happen here. The problem right now is that that may take a decade or something but we’re in the midst of that. It’s easy to not be able to see the light at the end of the end of the tunnel.
What does that look like, that light, when you get there and also what’s the tunnel like in between? What do we have to go through to get there?
I think what the outcome will look like is that the number of successful attacks would decline dramatically and those capable of performing those attacks would be a much, much smaller set than it is today. If we get to that point, a few things are possibly likely. The first would be that limited set of actors who can perform those successful attacks are more visible by definition because they’re more resourced, bigger organizations. Because they’re limited [in number] and more visible, the ability to do things about them that are not even technical in nature – they could be international treaties, things that are being worked on, policing efforts. Over time, countries are going to establish new paradigms for how we deal with each other on cybersecurity just like we’ve done with biological weapons and chemical weapons and nuclear weapons, and there will be accepted behavior on that. Those who choose to act outside the accepted behavior will be pariahs from a diplomatic perspective.
Palo Alto has a lot of partners. What’s the philosophy behind that?
What I think you’re asking about is what we would consider strategic technology partnerships, and there we actually don’t have a lot. VMware with NSX, Aruba, Citrix, Splunk are some of the better known ones and one we just announced here is an extension with VMware but it’s with AirWatch, mobility. In all of those cases the reason is the idea that security has to be consistent. Just assume for a second if you had great security – prevention at every point in the network. If you have that, it has to be consistently applied and it has to be the same wherever it gets touched by the bad guys. That could be at your data center, it could be at your perimeter, more and more it could be on your mobile phone or your distributed devices, or it could be the public cloud environment now. A lot of what we’re doing from those strategic partnerships is ensuring the consistency of what our platform delivers today. Those are why we do those things and those are the ones that we put a lot of time and effort in from an engineering perspective.
Palo Alto CTO Nir Zuk was talking about how you need a platform to include integration of the information that’s being gathered in various places, which makes it seem you are trying to do everything. Is that what you’re trying to do and how can you differentiate between what you’re doing and just trying to do everything?
What Nir is talking about from a [next-generation firewall] platform perspective is you want to have as high degree of prevention as possible. If you’re trying to have a prevention capability everywhere where the attack has to be successful it all has to work together seamlessly so that you could, based on any data that came into any of those points, reprogram everything else very quickly to [prevent attacks].
Nir’s genius in all this was to say that idea has manifested itself with a bunch of point products being deployed in the network, none of which worked together, some of which have better intelligence capabilities than others. Because they don’t work together, it’s very manually intensive to try to get the outcome that we’re delivering on an automated basis. Those are the things that have been elegantly subsumed into [our] platform. Those are our real targets about what we’re subsuming in the platform; IPS capabilities, filtering capabilities, APT capabilities, so that’s why that list looks like it does today. We’re not trying to be the God box.
What should corporate IT security’s concerns be for the Internet of Things?
You have to have a prevention mindset, you have to be present everywhere, you have to have the capabilities to get better and better and better, [security systems] have to talk to each other to get highly automated outcomes. And that’s complicated already. On top of that, our concepts of networks are changing dramatically. Things like mobile phones are changing dramatically. The idea of the cloud has basically destroyed the concept of perimeter from a security perspective.
But wait, it’s not complicated enough yet. Let’s have a billion more endpoints attached to this thing that we’re already worried about. Now we’re really talking. That’s one of the reasons why [Palo Alto] jumped headfirst into the endpoint space. That was a matter of necessity for us because you can’t fulfill the prevention vision that I just talked about anymore unless you’re doing prevention on the endpoints. Before you even get to the Internet of Things, the existing legacy endpoint technology is so porous right now it’s not even taking care of the job.
When we get the Internet of Things, you’d better be able to actually do prevention at the endpoint because there’s going to be a lot more of them. That’s how a lot of these threats are coming into the networks today, on the endpoints. If you’re prevention oriented, say you want to be everywhere to stop [attacks] every time and you’re not physically present at that point, you just missed a massive opportunity to prevent something before it ever gets in in the first place. If you miss it there, your next shot to get it is lateral movement, just trying to move through the network to get to the data center to steal the credit card data. That’s much harder. It’s possible but it’s much harder because lateral movement is harder to pick up.
So what’s your advice for corporate guys?
You need to be completely rethinking endpoint security and you need to be seeking out technology that will actually prevent things at endpoints before it lands. Our commercial net, of course, is Traps. [Traps is Palo Alto’s advanced endpoint protection product] Our technology does that.
Are you going to put Traps on our refrigerators?
I don’t think so. You could. The way to think about endpoint security is what’s the value of what you’re trying to protect? If my refrigerator is talking to Safeway automatically to say — On your next Peapod or I can’t remember what those services are called anymore, bring some more milk because I’m out of milk and you’re the bad guy and you knew that, I’m not sure that I really care about that. If you were into the payment system of using the pay-per-month then I care. But that’s a separate system so you have to think about — How do you prioritize what the data is?
You’re definitely going to want it on the car you buy in three years from today, which is more and more just a computer wrapped around wheels. You want them on ATM machines. Most retailers in the world right now would like to have it on their point-of-sale devices right now. That would be a really good idea because that’s how some of these attacks are occurring. They’re attacking cash registers. Those are endpoints. It just depends on what the value of the data flowing through the endpoint is as to where you’re going to invest your money.




