Palo Alto Ignite Conference Summary
A month ago, I attended the Palo Alto Ignite Conference after an invitation from some of the team there. I learned quite a lot and thought it would be good to summarise some of the key messages, as I thought they might be useful to others.
AI Innovation & No Guardrails
Companies want innovation, but they don't want the risk that comes with it. However, AI innovation is taking place with little regard for its security, which goes against most companies' risk appetite. According to BigID's AI Risk & Readiness in the Enterprise, 6% of organisations that have adopted AI have an advanced AI security strategy.
Platformisation and Its Bad Reputation
Platformisation typically gets a bad reputation, but that bias can influence you into making the wrong decision. In many aspects of our lives, we put our eggs into one basket (sending children to one school, buying one phone and storing everything on it, using Microsoft OR Google). Sometimes the benefits of platformisation are too great to overlook, even if it could introduce vendor lock-in.
Therefore, to mitigate this, choose reputable companies and do an in-depth test of everything the platform has to offer and compare that to the market.
Security is a Data Problem
Like most things nowadays, AI is being used in security. For example:
- In triaging and correlating data
- Identifying new threats and 0-Days
- Identifying and preventing runtime drift
You get my point, it's everywhere.
However, the companies that can do this best are those with the largest number of clients, as they can collect a wide range of data and use that to train their AI system. In turn, their products become better.
AI has been benefiting Attackers
- 1/3 of new vulnerabilities are exploited in less than 24 hours.
- Ransomware used to take 48 hours to create, but can now be created in 25 minutes.
- In 2024, 2.3 million attacks were carried out per day, vs. in 2025, where 8.95 million attacks were carried out per day, a nearly 4x increase in daily attacks within one year. [Source Palo Alto Networks Data]
Security Tool Sprawl
An IBM study showed that on average, organisations juggle 83 security solutions from 29 vendors. Not having a single platform for all your security solutions could lead to:
- Less integration, therefore, possibly worse security.
- Higher total cost.
- Slow down in innovation.
Security Teams and Automation
Automation is key to security. Security teams are typically on the smaller side, and therefore must find ways to automate their work efficiently and securely to ensure they are able to combat the increase in cyber threats.
Quauntum Cryptography
Gartner, a large research and advisory firm, has predicted that modern-day cryptography will be unsafe by 2029. Whether or not this will be Q-Day is up in the air; however, it is important to note that your organisation may still be at threat of HNDL attacks. Therefore, you must migrate to post-quantum encryption, especially for long-lasting sensitive data.
Web Browsers: The Normalised Attack Vector
An estimated 85% of work happens in a web browser. 95% of organisations report a browser-based attack.
Security for browsers is something taken very lightly in most organisations. There are a few reasons for this, such as worker privacy concerns, inconvenience, migration efforts, cost, etc.
However, as the power of our web browsers becomes more and more powerful, with organisations at the peril of LLM's and their employees submitting all sorts of sensitive data, it is critical to secure this attack vector.
Who to hire
A bit of a tangent from security, however, hearing what a multi-billion dollar company is looking for when hiring is always good to know.
Palo Alto looks for people:
- Who can be taught, therefore, they want to learn.
- Have a small ego; therefore, they are willing to take criticism and feedback.
- Have good critical thinking.
The hope is that they can create T-Shaped people. Essentially, people who have a good amount of breadth of knowledge, but are incredibly knowledgeable about something niche.
All in all, the conference was fairly educational, with a wide range of current-day issues. If you're new to the industry, I would highly recommend you go to the next one.
