‘Ransomware will continue to be one of the biggest threats’

25 Jun 2021

Niall Browne. Image: Palo Alto Networks

Palo Alto Networks CISO Niall Browne discusses the biggest infosec trends and why security teams are becoming burned out.

Click here to view the full Infosec Week series.

Niall Browne is senior vice-president and chief information security officer (CISO) at multinational cybersecurity company Palo Alto Networks.

Based in Santa Clara, California, Palo Alto Networks is a network and enterprise security company. Its core products include advanced firewalls designed to provide security and granular control of network activity based on apps, users and content.

Last year, the company announced plans to acquire digital forensics consulting firm the Crypsis Group in a deal worth $265m. It also partnered with PwC Ireland to help deliver enhanced cybersecurity services to PwC’s clients.

In his role, Browne leads the security team that is responsible for helping secure the company’s products and enterprise.

‘If customers do not trust you with their data, they will not do business with you’

Describe your role and your responsibilities in driving tech strategy.

As CISO of Palo Alto Networks, I’m excited to lead a world-class, diverse security team, where our most important responsibility is ensuring the security of our products, our employees and our customers’ data.

We have more than 80,000 customers around the world, each at different stages of the digital transformation journey. My team is in a unique position to help our customers innovate and implement new security strategies as part of their secure digital transformation.

Are you spearheading any major product or IT initiatives you can tell us about?

We have taken a three-pronged approach to help secure our products and data. First, we follow a ‘shift left’ model. Shift left is a practice intended to find and prevent defects early in the delivery process. Finding and fixing issues early on is exponentially more effective than doing so after they have occurred.

Second, we follow a ‘one to many’ model. This means that we build a service once, based on all our products’ business needs. All our product teams then leverage the same service many times. This model ensures the highest level of security, and all products collectively benefit from continuous improvements.

Third, we take a data-driven approach. We gather real-time data from our products and use this to make business decisions based on facts not hypotheses.

How big is your team?

Our customers are global, and so too are our security teams. This has allowed us to truly understand the individual security requirements of our customers and continue to meet these.

As a cloud company, we leverage the key characteristics of this technology. One of these is the ability to scale up resources based on business needs. This approach has enabled us to quickly onboard some of the best outsourced security talent that can be found around the globe, when we have specific security requirements.

What are your thoughts on digital transformation?

Innovate or die. Any company that is not on a digital transformation journey will be surpassed by its competitors. The vast majority of companies have realised this, have already started the journey and are already reaping the rewards.

Security is a key component of transformation. If customers do not trust you with their data, they will not do business with you. As well as keeping our products and enterprise secure, I work with our customers on how they can best incorporate security into every step of their digital transformation to win customers’ trust and business.

What big tech trends do you believe are changing the world?

It’s a new world out there! Here are just some predictions.

  • Hybrid work models will introduce huge business benefits, but also numerous security challenges if not implemented correctly
  • Ransomware will continue to be one of the biggest threats
  • IoT device usage will continue to explode, much of which is currently unmanaged and insecure
  • Businesses will continue to accelerate the digital transformation journey and move to the cloud
In terms of security, what are your thoughts on how we can better protect data?

Security teams must think strategically. The current approach of buying yet another security product has led to most enterprise companies having on average more than 75 tools that can’t communicate with each other, resulting in little or no automation and response times that are days, weeks or months too late in detecting security incidents.

As a result, security teams are becoming burned out, as they are forced to repeat the same manual steps every day, against adversaries that are relying on automation. It’s like bringing a knife to a gunfight.

Progressive security leaders have noted how engineering and operations teams have already moved to platforms to solve the issues of efficiency and scale. Innovative security leaders now realise that the only way they can prevent themselves from falling further behind is to pivot to security platforms.

This security platform approach allows for all these security technologies (endpoint, server, network) to communicate with each other on the platform and embrace the desperately needed automation.

This now enables thousands of security decisions to be made in real time, to now protect the business against adversaries that are relentless and ever evolving.

Deploying a zero trust model is key to help prevent criminal hackers gaining a foothold in your organisation.

Rooted in the principle of ‘never trust, always verify’, zero trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.