CloudGenix key to Palo Alto Networks SASE play

The acquisition of SD-WAN vendor CloudGenix has solidified Palo Alto Networks’ position as a secure access service edge (SASE) provider, while also serving to address the needs of branch and retail customers.

Palo Alto Networks purchased CloudGenix at the end of March for $420 million in a bid to bolster its Prisma Access offering and accelerate its transition from managed security to full-blown SASE vendor.

“The acquisition will really accelerate our vision for secure, cloud-delivered SD-WAN via a secure access service edge model,” said Anand Oswal, VP and GM at Palo Alto Networks, in an interview with SDxCentral.

Coined by Gartner Research in its 2019 Hype Cycle report, SASE stitches together elements of edge computing, security, and wide-area networking (WAN) into a single cloud-managed package. Palo Alto was among the first to take up the SASE sigil in early November with the launch of Prisma Access.

Oswal explained that rather than relying on a dedicated SD-WAN appliance, Prisma Access used a mobile agent running on the user’s computer or mobile device, allowing the heavy lifting to be handled in the cloud.

“I can get the same security policies, whether I’m in my branch office, whether I’m at home, or I’m outside in my car on a mobile device,” he said. “That consistent mechanism, that consistent application experience can only happen if you have a cloud-delivered, cloud-managed network security.”

While ideally suited to address the needs of a workforce suddenly forced to telecommute, Oswal said it didn’t address the all-too-common branch and retail use case.

“Now with the addition of SD-WAN from CloudGenix, we have the branch and the retail use cases completely covered because now we have the CloudGenix devices,” he said.

A Changing WAN Landscape

According to Oswal, the WAN landscape has changed. Users want to access applications from anywhere, regardless of whether they are working from the branch, home, the car, coffee shops, or headquarters.

At the same time, he says those applications aren’t just running in the data center anymore, they’re in multiple clouds and often delivered as software-as-a-service (SaaS) applications.

“As a user you want a safe application experience wherever you are and no matter what application you access. As an IT administrator you want to ensure that you have the same security posture and security treatment no matter where you are or where you come from,” he said.

The problem with traditional SD-WAN platforms, Oswal claims, is they are overly complex, relying on multiple point solutions that leave security gaps, and because of this they can’t deliver a consistent experience for users.

“The problem with those [SD-WAN vendors] is you have to manage the network yourself, your security is bolted on,” he said. “We think that cloud-delivered networking and security delivered as a service will really help accelerate the pain points for our customers and help them accelerate on their journey.”

Palo Alto’s Race to Integrate

And while the acquisition is less than a month old, Oswal says that thanks to an existing partnership and the cloud-native architecture that underpins both platforms, the company aims to complete the first phase of the integration in the next 90 days.

“In the next 90 days we’ll have even tighter integration of Prisma Access with CloudGenix SD-WAN to make intelligent onboarding of branch and retail devices onto Prisma Access easier,” he said.

However, the second phase of integration could prove a little more challenging. This phase aims to unify management, analytics, visualization, and reporting across both security and WAN constructs.

Oswal didn’t seem to think this would take long either.

“The advantage is CloudGenix is a modern SD-WAN — or SD-WAN 2.0 — they are fully app-based,” he said, adding that because both platforms are cloud native it will be much easier to integrate the services into a single unified offering.

Standing Out in a Competitive New Market

While Palo Alto was among the first vendors to latch on to the SASE architecture, the market has quickly expanded with a growing number of security and SD-WAN vendors throwing their name in the hat.

Earlier this year, Akamai rolled out secure web gateways to its security platform in preparation to adopt a SASE architecture, and security vendors Perimeter 81 and McAfee each announced their entrance into the emerging market, joining early entrants VMware, Cato, and Open Systems.

And Oswal expects this to continue with SASE eventually subsuming the entire SD-WAN market as the dominant architecture.

―SDX Central