Interested in being a guest? Email us at admin@evankirstel.com
Cybersecurity is undergoing a fundamental transformation as organizations navigate the complex relationship between zero-trust architectures and the realities of hybrid work environments with Anupam Upadhyaya VP of Products for Prisma SASE at Palo Alto Networks, sheds light on how SASE has evolved beyond its initial promise to become the cornerstone of modern security frameworks.
With browsers becoming the primary workspace for professionals – hosting everything from email and documentation to AI interactions – they've simultaneously become prime targets for cyber attackers. A staggering 95% of organizations have experienced browser-based attacks, highlighting a critical vulnerability in our digital infrastructure. Prisma Access Browser represents a paradigm shift in addressing this challenge, offering both a hardened browser environment and sophisticated last-mile protection against emerging threats.
Perhaps most revolutionary is the solution's approach to encrypted traffic inspection – a longstanding challenge for security teams. By examining traffic before encryption or after decryption, Prisma Access Browser overcomes traditional limitations with protocols like QUIC or certificate-pinned applications. This capability provides comprehensive security across all traffic types without compromising performance or privacy requirements.
As AI adoption accelerates within enterprises, security considerations must evolve accordingly. Palo Alto Networks' newly announced Prisma AIRS framework establishes five essential pillars of AI security: model scanning, posture management, red teaming tools, runtime protection, and agent security. This holistic approach ensures organizations can embrace AI innovation without introducing unacceptable risks.
For organizations struggling with legacy VDI infrastructure while wanting to embrace cloud innovations, Prisma Access Browser offers a compelling path forward – delivering consistent security and superior user experience across internet, SaaS, cloud, and legacy applications without forcing everything through VDI chokepoints. Join us to discover how these technologies are reshaping the cybersecurity landscape and enabling secure digital transformation even in the most complex environments.
#sponsored
More at https://linktr.ee/EvanKirstel
Episode Transcript
And it's Evan Kerstel here.
I'm at the big Palo AltoNetworks event in San Francisco
and I'm really excited to sitdown with one of the true
industry insiders and VP productmanagement leaders at Palo Alto
Networks, Arupam Upadhyaya.
How are you, sir?
Speaker 2 (00:19):
Evan, I am great.
Thank you for asking what anexciting week for us.
Speaker 1 (00:23):
Yeah, you have so much news, so many announcements
, demos, hands-on.
Everything is going on here inSan Francisco.
Before that, maybe introduceyourself your role and mission
team within Palo Alto Networks.
What are you focused on?
Speaker 2 (00:36):
Yeah, so, evan, I've been at Palo Alto Networks for
almost five years.
I am VP of products for PrismaSASE.
Five years I am VP of productsfor Prisma SASE.
Prisma SASE has Prisma Access,which is our secure services
edge, our secure access stack inthe cloud.
Second part is Prisma SD-WAN,which is our SD-WAN component.
(00:56):
Global Protect, our PrismaAccess agent, which is our agent
that connects us to the PrismaSSE or Prisma Access, and then,
last but not the least, prismaAccess Browser, which extends
our SASE to unmanaged devicesand provides that last mile of
data protection on all devices.
Speaker 1 (01:16):
Fantastic.
So let's, look at the bigpicture.
Sase has been around for awhile now.
It's been embraced by theindustry, but requirements are
changing.
Customer needs and expectationsare changing.
What are some of the mostcritical capabilities you're
seeing right now in regards toSASE?
Speaker 2 (01:33):
Yeah.
So, Evan, if we really take astep back, SASE is a fundamental
pillar of zero-trustarchitecture.
And what does zero trust mean?
Zero trust means there is notrust between users,
applications, devices and data.
Applications could be owned byenterprise or could be
(01:57):
non-enterprise.
Every trust has to be explicitand has to be dictated.
That's what Zero Trust is, andSASE is manifestation of Zero
Trust in the cloud.
If you think about SASE, it'scloud-delivered secure access.
Our Prisma SASE runs on top ofGoogle Cloud and AWS and, Evan,
(02:20):
we recently announced that nowit extends to Oracle Cloud as
well.
The multi-cloud presence allowsus to build a highly resilient
secure services edgearchitecture which gives you
five nights of high availabilityand, beyond that, the few new
things that we are seeing,because that was your next
question we're definitely seeingan increased buzz around Prisma
(02:43):
Access Browser because itextends security to unmanaged
devices, provides last mile dataprotection and, more
importantly, gives you fullvisibility into all traffic.
There is some traffic, kevin,that is hard to decrypt, so it
gives you full visibility to theentire stack.
Then the second part that isexciting, apart from Prisma
(03:06):
Access Browser, is our AI andlarge language power data
classification, which gives usunparalleled visibility to
shadow data and provide theright data protection policies.
Our extension of AI appscatalog to more than 2,000.
That's available on our SASEplatform, including Prisma
(03:29):
Access Browser.
And, last but not the least,like I said, we also extended
our cloud infrastructure toOracle Cloud.
So that's the most excitingpart, evan, as we think about
SASE.
So much news, really exciting.
Speaker 1 (03:40):
Let's talk about the secure browser.
I mean, the browser has beenthe focus of our personal lives
forever, but it's now reallyimportant to our professional
lives for hybrid work, remotework and work from anywhere.
In particular, Tell us whatmakes your approach to browsing
secure and the specificchallenges it solves.
Speaker 2 (04:02):
Yeah, I mean, if I look at myself, I live my life
inside the browser.
Whether it's checking emails,looking at documents, looking at
spreadsheets or eveninteracting with my favorite
large language model or chatbotor extensions all that is in the
browser.
So when you're living your lifeinside the browser, the hackers
(04:23):
are also taking notice.
In fact, there was a recentsurvey that said 95% of
organizations have experienced abrowser-based attack.
So browser is becoming the newvenue where we are interacting
with applications, but hackersare also coming in.
So when you think about browser, when you think about
(04:46):
commercial browsers, they're notreally equipped to handle that
secure infrastructure or providethat security.
When you think about security,it's two pillars.
One is make part in the browser, so the browser is protected,
and the second is, as bad guyscome in to implant malware or
(05:06):
steal your data from the browser, the ability to protect against
that as well.
And that's what Prisma AccessBrowser provides giving you a
harder browser and giving youthat last-minute protection
against all kinds of attacksthat are happening in the
browser.
Speaker 1 (05:21):
Interesting.
So let's talk.
You know, usual big picturechallenge, encrypted traffic.
It's always been a challengefor this industry, and yet a
secure browser, you know, offersanother way to do threat
inspection.
How does that work exactly?
Speaker 2 (05:36):
Yeah, look, a lot of times traffic is hard to decrypt
because of technology orbusiness reasons.
Let's start with businessreasons.
Right, you might have a validbusiness reason that you don't
want to decrypt specific trafficlike Microsoft Office, because
you want to honor their SLAs.
That could be one part.
Or it could be a technologyreason where there are protocols
(05:58):
like QUIC that are propagatedby Google or championed by
Google.
Or think about applicationsthat require certificate pinning
.
They are very hard to decrypt,evan, and when they become hard
to decrypt, traditional networksecurity inspection mechanisms
will find it very hard to detectmalware.
That's happening inside that.
(06:19):
There's one more aspect, evan.
It's just not the lack ofdecryption or the ability to
decrypt.
A lot of attacks are actuallybeing assembled in the browser
and those attacks get delivered,or malware gets delivered in
chunks to the browser.
And this is where I thinkPrisma Access Browser shines,
because it sees all the databefore that gets decrypted or
(06:42):
encrypted.
So I have the ability to figureout whether the protocol is
quick or whether the businessapplication does not allow for
decryption to happen.
I can run my security, whetherit's DNS, whether it's URL
filtering, malware or sandboxing, and that is how I can extend
security to traffic.
That was how to decrypt andthat's actually, in a way,
(07:06):
game-changing, because weanticipate more and more
protocols becoming harder todecrypt in the network and for
business and technology reasons,and this is where Prisma Access
Browser allows us to serve ourcustomers in a better fashion.
Speaker 1 (07:22):
Fantastic, well done.
So we're all participating inthe incitement around Gen AI and
LLMs and agentic AI, but up tonow security has been a bit of
an afterthought, maybe by some.
But you're building a kind ofbodyguard for the AI and Gen AI
world.
Maybe describe yourannouncement around Prisma and
(07:43):
some of the new capabilitiesyou're rolling out.
Speaker 2 (07:45):
Yeah, so Prisma AIRS is the new thing that they have
announced, and look what'shappening.
Evan is, almost all of ourcustomers are dealing with AI
tools right, whether they'redevelop applications or
interaction with AI agents, andwhen that happens, you've got to
really first start with AImodel scanning making sure that
(08:09):
you scan the model to make surethere are no vulnerabilities.
That's the first part you wantto do, that you have the right
model with no vulnerabilities.
So that's the first pillar thatwe reduce AI model scanning.
The second is AI posturemanagement making sure that the
posture and the security aroundthe posture for your entire
ecosystem is not compromised.
(08:30):
There are no over permissionsin that entire AI ecosystem,
because that can lead intosecurity issues.
Third thing, when you startthinking about this is okay,
that's great, I got my modelsecured, I got my permission
secured.
Now, when you start thinkingabout attackers trying to create
(08:54):
vulnerabilities or exposevulnerabilities, that is where
red teaming comes in, where wecan provide automated AI tools
that can do penetration testingagainst your model to figure out
where the weak cracks are orwhere the weak spots are, so you
can go and patch those up, soyour model is secure.
So now we are done withbuilding, now you deploy the
model.
Now there'll be runtime issuesright, there could be.
(09:17):
How do you provide runtimesecurity?
So that becomes the fourthpillar giving you runtime, large
language model security.
And, last but not the least,when you think about AI agents
giving them security whetherit's about identity
impersonation or memory hijacksYou've got to make sure your
agent is secure as well.
(09:37):
So I've been really fivepillars right Agent, securing
the agent.
Second part is making sure thatyou have the right permissions.
Third is making sure that youhave the right AI red teaming
tools.
Fourth is the right runtimesecurity and, last but not the
least, securing your AI agent.
Fantastic, well, it's quite afoundation you've built.
Speaker 1 (10:02):
One of the challenges as we head into this next phase
, I think, is balancing all ofthe innovation and opportunities
with these new SaaSapplications and Gen AI tools
with legacy technical debt,older networks, older VDI, et
cetera, et cetera, et cetera.
How do you see navigating thesetwo worlds of modern, new
(10:23):
innovations with the legacy thatwe're kind of tied to at the
moment?
Speaker 2 (10:27):
Yeah, even if you think about VDI, that was a
great concept.
When applications are sittinginside the data center and you
wanted to provide access tothose applications while
maintaining the confidentialityof your data and making sure
applications are not compromised.
Speaker 1 (10:46):
But the world has changed on us, evan.
Speaker 2 (10:48):
In the last 20 years, applications have become
decentralized.
A lot of apps have moved to thelast 20 years.
Applications have becomedecentralized.
A lot of apps have moved to thecloud.
Internet and SaaS have becomemore important, and that's where
and people are moving a lot oftheir workloads that
historically sat in data centerto clouds.
Then the question really becomesdo you want VDI to be the choke
point or do you want to makesure that you provide consistent
(11:09):
security and superiorexperience?
And that's the problem.
We want to make sure that youprovide consistent security and
superior experience, and that'sthe problem we want to tackle.
So with Prisma Access Browser,evan, we already can provide you
internet and SaaS security.
That is a need to go back tothe VDI infrastructure.
That frees you from the VDIinfrastructure superior
experience, better security anda better total cost of ownership
(11:33):
.
And then what we have nowrecently added to our portfolio
as part of this launch is wealso support Azure Virtual
Desktops.
So as customers do theirmigration from legacy VDI to DAS
, we can support that, and ifyou enable app streaming on your
legacy VDI infrastructure, wecan support those applications
(11:55):
as well.
So what?
happens now Prisma AccessBrowser becomes your window into
all applications, whetheryou're sitting in internet, saas
, vdi or in the cloud, whileproviding you a better
experience and consistentsecurity Fantastic approach.
Speaker 1 (12:14):
So one thing I've seen you have great demos here
in San Francisco at your bigevent and you're one of the few
vendors that really looks atuser experience, ui, ux, that
whole world.
What are some of the challengesthere?
Because you're clearly puttinga lot of effort into a next
generation user experience.
(12:35):
Cut for a second.
Popular Podcasts
True Crime Tonight
If you eat, sleep, and breathe true crime, TRUE CRIME TONIGHT is serving up your nightly fix. Five nights a week, KT STUDIOS & iHEART RADIO invite listeners to pull up a seat for an unfiltered look at the biggest cases making headlines, celebrity scandals, and the trials everyone is watching. With a mix of expert analysis, hot takes, and listener call-ins, TRUE CRIME TONIGHT goes beyond the headlines to uncover the twists, turns, and unanswered questions that keep us all obsessed—because, at TRUE CRIME TONIGHT, there’s a seat for everyone. Whether breaking down crime scene forensics, scrutinizing serial killers, or debating the most binge-worthy true crime docs, True Crime Tonight is the fresh, fast-paced, and slightly addictive home for true crime lovers.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.