The network is dead and future looks SASE

The network is dead, long live the secure network, says Anand Oswal SVP and GM at Palo Alto Networks. He, of course, is referring to secure access service edge (SASE), which not only combines SD-WAN with cloud-based security services, but also provides an alternative to breaking out traffic to the open internet.

“The internet was not built with security in mind,” Oswal said.

First coined by Gartner Research in 2019, the SASE product category was an instant hit that only became more valuable in the wake of the pandemic.

Palo Alto Networks was among the first big security vendors to throw its weight behind the concept, and in April 2020, announced the $420 million acquisition of CloudGenix to bolster its fledgling SASE offering. Since then, the company has been busy. Very busy, according to Oswal.

“We’ve doubled the research and development investment in CloudGenix,” he said, adding that in the same period, the company also doubled its SD-WAN customers.

While it might sound strange to invest in a branch-centric service like CloudGenix in the middle of a global pandemic that forced millions to work from home, Oswal argues it was the perfect time to do so. “The best time to increase investment in something is when people are not invested, because when people come back and the pandemic is over, I want to come back stronger,” he said.

Within six months of the acquisition, Palo Alto Networks integrated CloudGenix directly into its cloud-security product, Prisma Access. And unlike many competing SASE platforms, CloudGenix — now dubbed Prisma SD-WAN — and Prisma Access weren’t coupled together with duct tape and bubble gum, Oswal claimed.

“We really doubled down around how we smoothen the combination of networking and security, and ensure it’s delivered as a service, from the cloud seamlessly,” he said. “We really deepened that integration between the two.”

This tight integration enabled Palo Alto to provide a SASE offering that is less complex to deploy and manage than that of the competition, Oswal said. “This is not two products taken and made to look like one with a marketing label.“

He added that there’s only one other company that has the assets to compete with Palo Alto in this regard, and while he didn’t name the company directly, Oswal’s talking about Cisco. “Even the company that has all the assets, you have a different dashboard for SD-WAN, for your security umbrella, for your ThousandEyes, for your you name it X Y Z,” he said. “We have a single dashboard, a single-cloud delivered dashboard for all networking, CloudGenix SD-WAN, and all security.”

Oswal credited Palo Alto Networks’ decision not to silo CloudGenix into a separate product division, but rather treat it as an integral part of the company’s SASE strategy as key to allowing this level of integration.

Palo Alto Networks tightens integrations, opens platform
While integrating CloudGenix SD-WAN into the company’s SASE platform was a high priority, Oswal said the company isn’t turning its back on the broader market.

In fact, many competing SD-WAN vendors, including Aruba and Aryaka, have tapped Palo Alto Networks’ Prisma Access for cloud-based security.

“We’re an open platform. Will we allow integration of Prisma Access with other SD-WAN? Of course we do. Will we allow integration of other security into CloudGenix? Absolutely, we will,” Oswal said. “People want choice.”

This philosophy also extended to integrations with other services via the CloudGenix CloudBlades API platform, which integrates with Palo Alto Networks’ newly refreshed Instant-On Network (ION) CPE appliances and enables integration with third-party services including the major cloud providers. “We have cloud based integration with AWS, with GCP, with CradlePoint, with ServiceNow, with LiveAction, LiveAction, Plixir, Slack, Zoom, with Microsoft, and so on,” Oswal said.

One of the benefits of CloudBlades is the ability to use any WAN and/or orchestrate connections between workloads running in multiple clouds.

Combatting complexity with AIOps
CloudGenix’s SD-WAN functionality may have played a key role in filling out Palo Alto Networks’ SASE offering, the company’s artificial intelligence operations (AIOps) capabilities were another important area of development, Oswal said. “I truly believe that, over the years, networking has become very, very complex,” he said. “I think the way to solve it and simplified is analytics, machine learning, AIOps.”

CloudGenix was an early adopter of AIOps functionality and integrated it as part of its layer-7 SDN controller, which enables application-level policy enforcement as opposed to packet-based application identification.

This functionality was further bolstered by Palo Alto Networks’ Sinefa acquisition earlier this year. The digital experience monitoring platform provides customers with greater visibility into network challenges faced by remote workers.

Palo Alto Networks isn’t alone in the belief networking has become too complex. VMware acquired Nyansa in early 2020 for this very reason and quickly integrated it into its SASE platform. Likewise, Cisco is pursuing full-stack observability at both the application and network levels by integrating its AppDynamics and ThousandEyes divisions. And not to be left out, Juniper Networks has slowly rearchitected its product portfolio, including its newly unveiled SASE platform, around its Mist AIOps capabilities.

While Palo Alto Networks’ AIOps capabilities came from CloudGenix, they have since been integrated into Prisma Access to provide improved automation and root cause analysis, regardless of whether a user is connecting from a branch or their home. SDxCentral