Palo Alto Networks, Inc. is an American multinational

cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

company with headquarters in

Santa Clara, California Santa Clara (; Spanish for " Saint Clare") is a city in Santa Clara County, California. The city's population was 127,647 at the 2020 census, making it the eighth-most populous city in the Bay Area. Located in the southern Bay Area, the cit ...

. The core products is a platform that includes advanced firewalls and

cloud-based Cloud computing is the on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user. Large clouds often have functions distributed over multip ...

offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the

Fortune Fortune may refer to: General * Fortuna or Fortune, the Roman goddess of luck * Luck * Wealth * Fortune, a prediction made in fortune-telling * Fortune, in a fortune cookie Arts and entertainment Film and television * ''The Fortune'' (1931 film) ...

100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. In 2018, Palo Alto Networks was listed 8th in the

Forbes ''Forbes'' () is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. ''Forbes'' also re ...

Digital 100. In June 2018, former

Google Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...

and

SoftBank is a Japanese multinational conglomerate holding company headquartered in Minato, Tokyo which focuses on investment management. The Group primarily invests in companies operating in technology, energy, and financial sectors. It also runs the ...

executive

Nikesh Arora Nikesh Arora (born February 9, 1968) is an Indian-American business executive. Arora was formerly a senior executive at Google. He served as the president of SoftBank Group from October 2014 to June 2016. On June 1, 2018, Arora took on the role ...

joined the company as

Chairman The chairperson, also chairman, chairwoman or chair, is the presiding officer of an organized group such as a board, committee, or deliberative assembly. The person holding the office, who is typically elected or appointed by members of the grou ...

and

CEO A chief executive officer (CEO), also known as a central executive officer (CEO), chief administrator officer (CAO) or just chief executive (CE), is one of a number of corporate executives charged with the management of an organization especially ...

History

Palo Alto Networks was founded in 2005 by

Israeli-American , native_name_lang = , image = , caption = , population = 110,000–150,000 , popplace = New York metropolitan area, Los Angeles metropolitan area, Miami metropolitan area, and other large metropolitan are ...

Nir Zuk, a former

engineer Engineers, as practitioners of engineering, are professionals who invent, design, analyze, build and test machines, complex systems, structures, gadgets and materials to fulfill functional objectives and requirements while considering the l ...

from

Check Point Check Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security managem ...

and

NetScreen Technologies NetScreen Technologies was an American technology company that was acquired by Juniper Networks for US$4 billion stock for stock in 2004. NetScreen Technologies developed ASIC-based Internet security systems and appliances that delivered high p ...

, and was the principal developer of the first stateful inspection firewall and the first

intrusion prevention system An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...

. Zuk created Palo Alto Networks with the intention of solving problems enterprises were facing with existing

network security Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...

solutions: the inability to safely allow employees to use modern applications, which entailed developing a

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...

that could identify and provide fine-grained control of applications. In 2007, the company produced and shipped its first product, an enterprise firewall. In 2009,

Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...

released a publication defining the next-generation firewall. In contrast to traditional firewalls of the time which relied on simple rules such as

port numbers In computer networking, a port is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific ...

and

protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technolog ...

to block traffic, the authors stated that next-generation firewalls should operate on and inspect all layers of the network stack and be intelligent enough to block threats independently of port numbers or protocols used. In particular, the publication defined this next-generation firewall as containing (in addition to the full capabilities of both traditional firewalls and intrusion prevention systems): Support for in-line deployment without disrupting network operations, application awareness, and full stack visibility allowing for fine-grained detection and control of applications, extra-firewall intelligence, and upgrade paths. Starting in 2011, Gartner began listing Palo Alto Networks as a leader on its enterprise firewall,

Magic Quadrant Magic Quadrant (MQ) is a series of market research reports published by IT consulting firm Gartner that rely on proprietary qualitative data analysis methods to demonstrate market trends, such as direction, maturity and participants. Their anal ...

. In 2019, they were named a leader in the Gartner Magic Quadrant for Network Firewalls for the 8^th year in a row. The company debuted on the

NYSE The New York Stock Exchange (NYSE, nicknamed "The Big Board") is an American stock exchange in the Financial District, Manhattan, Financial District of Lower Manhattan in New York City. It is by far the List of stock exchanges, world's largest s ...

on July 20, 2012, raising $260 million with its

initial public offering An initial public offering (IPO) or stock launch is a public offering in which shares of a company are sold to institutional investors and usually also to retail (individual) investors. An IPO is typically underwritten by one or more investment ...

, which was the 4^th-largest tech IPO of 2012. It remained on the NYSE until October 2021 when the company transferred its listing to Nasdaq. In 2014, Palo Alto Networks founded the Cyber Threat Alliance with

Fortinet Fortinet is an American multinational corporation headquartered in Sunnyvale, California. The company develops and sells cybersecurity solutions, such as physical firewalls, antivirus software, intrusion prevention systems, and endpoint secur ...

McAfee McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company head ...

, and

NortonLifeLock Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company co-headquartered in Tempe, Arizona and Prague, Czech Republic. The company provides cybersecurity software and services. Gen is a Fortune 50 ...

(formerly known as Symantec), a

not-for-profit A nonprofit organization (NPO) or non-profit organisation, also known as a non-business entity, not-for-profit organization, or nonprofit institution, is a legal entity organized and operated for a collective, public or social benefit, in co ...

organization with the goal of improving cybersecurity "for the greater good" by encouraging collaboration between

organizations by sharing cyber threat intelligence amongst members. By 2018, the organization had 20 members including

Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...

Juniper Networks Juniper Networks, Inc. is an American multinational corporation headquartered in Sunnyvale, California. The company develops and markets networking products, including routers, switches, network management software, network security products, ...

, and Sophos. The company expanded over the years, offering a wide selection of enterprise cybersecurity services beyond its original next-generation firewall offering, such as Traps endpoint protection and Wildfire

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

prevention. In 2017, Palo Alto Networks announced ''Logging Service'', a cloud-based service allowing customers to amass their own data for

machine learning Machine learning (ML) is a field of inquiry devoted to understanding and building methods that 'learn', that is, methods that leverage data to improve performance on some set of tasks. It is seen as a part of artificial intelligence. Machine ...

and

data analytics Analytics is the systematic computational analysis of data or statistics. It is used for the discovery, interpretation, and communication of meaningful patterns in data. It also entails applying data patterns toward effective decision-making. It ...

. In 2018, the company began opening dedicated cybersecurity training facilities around the world as part of the ''Global Cyber Range Initiative''. In May 2018, the company announced ''Application Framework'', an open cloud-delivered ecosystem where developers can publish security services as

SaaS Software as a service (SaaS ) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software. SaaS is cons ...

applications that can be instantly delivered to the company's network of customers. In 2018, several high-profile tech executives joined Palo Alto Networks. In June 2018, former Google Chief Business Officer and

President President most commonly refers to: *President (corporate title) *President (education), a leader of a college or university *President (government title) President may also refer to: Automobiles * Nissan President, a 1966–2010 Japanese ful ...

joined the company as chairman and CEO. His predecessor, Mark McLaughlin, became vice chairman of the

board of directors A board of directors (commonly referred simply as the board) is an executive committee that jointly supervises the activities of an organization, which can be either a for-profit or a nonprofit organization such as a business, nonprofit organiz ...

. Arora received a pay package worth about $128 million, making him one of the highest-paid executives in the United States. In September 2018 Liane Hornsey, formerly

Chief People Officer A chief human resources officer (CHRO) or chief people officer (CPO) is a corporate officer who oversees all aspects of human resource management and industrial relations policies, practices and operations for an organization. Similar job titles i ...

Uber Uber Technologies, Inc. (Uber), based in San Francisco, provides mobility as a service, ride-hailing (allowing users to book a car and driver to transport them in a way similar to a taxi), food delivery (Uber Eats and Postmates), package ...

, joined Palo Alto Networks as Chief People Officer. In October 2018, Amit Singh, formerly

Google Cloud Google Cloud Platform offers numerous integrated cloud-computing services, including compute, network, and storage. Products Past and present products under the Google Cloud platform include: Current * Google Cloud Datastore, a NoSQL databa ...

, succeeded Mark Anderson as President of Palo Alto Networks. In August 2021, William (BJ) Jenkins succeeded Singh as president, with Singh assuming the role of Chief Business Officer. In 2019, the company announced the K2-Series, a 5G-ready next-generation firewall developed for service providers with 5G and IoT requirements in mind. In February 2019, the company announced Cortex, an AI-based continuous security platform.

Nikesh Arora described Cortex as an "Application Framework 2.0".

Acquisitions

* Morta Security was acquired for an undisclosed sum in January 2014. * Cyvera was acquired for approximately $200 million in April 2014. * CirroSecure was acquired for an undisclosed sum in May 2015. * LightCyber was acquired for approximately $100 million in March 2017. * Cloud Security company Evident.io was acquired for $300 million in cash in March 2018, creating the Prisma Cloud division. * Secdo was acquired for an undisclosed sum in April 2018. * Cloud security company RedLock was acquired for $173 million in October 2018. * In February 2019, Palo Alto Networks acquired security orchestration company Demisto for $560 million. * In May 2019, Palo Alto Networks acquired container security startup Twistlock for $410 million. * In June 2019, Palo Alto Networks acquired serverless security startup PureSec for $47 million. * In September 2019, Palo Alto Networks announced its intent to acquire IoT startup Zingbox for $75 million. * In November 2019, Palo Alto Networks announced its intent to acquire machine identity-based micro-segmentation company Aporeto, Inc. for $150 million * In March 2020, Palo Alto Networks announced its intent to acquire

SD-WAN A software-defined wide area network (SD-WAN) is a wide area network that uses software-defined network technology, such as communicating over the Internet using overlay Tunneling protocol, tunnels which are encrypted when destined for internal or ...

company CloudGenix, Inc. for $420 million. This acquisition was completed in April 2020. * In August 2020, Palo Alto Networks announced its intent to acquire Crypsis Group for $265 million. * In November 2020, Palo Alto Networks announced its intent to acquire Expanse for $800 million. * In February 2021, Palo Alto Networks announced it acquired Bridgecrew for around $156 million. * In November 2022, Palo Alto Networks announced its intent to acquire Cider Security for an enterprise value of around $300 million.

Products

Enterprise Products

Palo Alto Networks offers an enterprise cybersecurity platform which provides

cloud security Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud com ...

, endpoint protection, and various cloud-delivered security services. Components of the security platform listed on the Palo Alto Networks website include: *Next-generation firewalls, running PAN-OS, offered in multiple forms including: ** As a physical appliance through the PA series, which includes small form-factor firewalls such as the PA-220 for small businesses and offices, to the PA-7000 series built for large enterprises and service providers. ** As a virtualized appliance through the VM series, allowing the firewall to be run as a

virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...

to secure virtualized data centers and private clouds. It is also compatible with public cloud environments such as

Amazon Web Services Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon.com, Amazon that provides Software as a service, on-demand cloud computing computing platform, platforms and Application programming interface, APIs to individuals, companies, and gover ...

Microsoft Azure Microsoft Azure, often referred to as Azure ( , ), is a cloud computing platform operated by Microsoft for application management via around the world-distributed data centers. Microsoft Azure has multiple capabilities such as software as a ...

, and

. ** As a streamlined cloud service provided by Palo Alto Networks through GlobalProtect Cloud Service. *Panorama, a network security control center that allows customers to manage a fleet of firewalls at an enterprise scale from a single console. *Traps, advanced endpoint protection. Unlike traditional

antivirus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...

, Traps does not rely on signatures to detect malware. Instead, it focuses on analyzing the behavior of programs to detect zero-day exploits. Threat intelligence is shared with and obtained from Wildfire. *Wildfire, a cloud-based threat-analysis service that uses dynamic analysis,

static analysis Static analysis, static projection, or static scoring is a simplified analysis wherein the effect of an immediate change to a system is calculated without regard to the longer-term response of the system to that change. If the short-term effect i ...

, and bare-metal analysis to discover and prevent unknown threats.

Cloud Storage and Analysis Products

In 2019, Palo Alto Networks reorganized its SaaS offerings under the Cortex branding. * Cortex Data Lake - Cortex data lake is a cloud-delivered log aggregation service for Palo Alto Networks devices located in on-premise networks, directly from endpoints, or cloud based products such as Prisma Access. This data lake information is then fed into the Hub apps that provide analysis, response, and other added services. *Hub - Hub is an open cloud-delivered ecosystem where customers can subscribe to security applications developed by 3rd-party developers or Palo Alto Networks. Some applications from Palo Alto Networks such as XDR (analytics) and Auto Focus (threat intelligence) are Cortex-branded apps on Hub. * Cortex XDR - XDR is the primary tool for data analysis from Palo Alto Networks that leverages modern threat detection and response capabilities on the centralized data collected in the Cortex Data Lake. * AutoFocus - This service provides threat intelligence to enhance the analytic capabilities of the hub applications as an external source of relevant security information. * Cortex XSOAR - Integrating its acquisition of Demisto into the Cortex cloud suite, XSOAR is the Security Orchestration And Response component responsible for automation and integration with other security and network systems for the automation of incident response and intelligence gathering processes. *Prisma Access - Prisma Access is the Palo Alto Networks offering for moving the enterprise network monitoring and analysis functions into the cloud. It is the most comprehensive SASE solution of its kind, secures access, protects users and applications, and controls data for remote users and locations. *Prisma Cloud - Prisma Cloud secures any cloud environment and all compute form factors used to build and run cloud native applications, including multi- and hybrid-clouds environments. It addresses the majority of cloud security use cases a customer might have, such as CSPM, containers, server less, and identity-based micro segmentation. It is Palo Alto Networks cloud native security solution that integrates with

DevOps DevOps is a set of practices that combines software development (''Dev'') and IT operations (''Ops''). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary to ...

continuous integration and continuous development (CI/CD) processes for a more holistic control of the security life-cycle of cloud assets.

Threat research

Unit 42 is the Palo Alto Networks threat intelligence and security consulting team. They are a group of cybersecurity researchers and industry experts who use data collected by the company's security platform to discover new cyber threats, such as new forms of malware and malicious actors operating across the world. The group runs a popular

blog A blog (a truncation of "weblog") is a discussion or informational website published on the World Wide Web consisting of discrete, often informal diary-style text entries (posts). Posts are typically displayed in reverse chronological order ...

where they post technical reports analyzing active threats and adversaries. Multiple Unit 42 researchers have been named in the MSRC Top 100,

Microsoft's Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...

annual ranking of top 100 security researchers. In April 2020, the business unit consisting of Crypsis Group that provided digital forensics, incident response, risk assessment, and other consulting services merged with the Unit 42 threat intelligence team. According to the

FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...

, Palo Alto Networks Unit 42 has helped solve multiple

cybercrime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...

cases, such as the Mirai Botnet and Clickfraud Botnet cases, the LuminosityLink RAT case, and assisted with "Operation Wire-Wire". In 2018, Unit 42 discovere
Gorgon
a hacking group believed to be operating out of Pakistan and targeting government organizations in the United Kingdom, Spain, Russia, and the United States. The group was detected sending

spear-phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

emails attached to infected

Microsoft Word Microsoft Word is a word processing software developed by Microsoft. It was first released on October 25, 1983, under the name ''Multi-Tool Word'' for Xenix systems. Subsequent versions were later written for several other platforms includin ...

documents using an exploit commonly used by cybercriminals and

cyber-espionage Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, ...

campaigns. In September 2018, Unit 42 discovered Xbash, a

ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...

that also performs cryptomining, believed to be tied to the

Chinese Chinese can refer to: * Something related to China * Chinese people, people of Chinese nationality, citizenship, and/or ethnicity **''Zhonghua minzu'', the supra-ethnic concept of the Chinese nation ** List of ethnic groups in China, people of ...

threat actor "Iron". Xbash is able to propagate like a

worm Worms are many different distantly related bilateral animals that typically have a long cylindrical tube-like body, no limbs, and no eyes (though not always). Worms vary in size from microscopic to over in length for marine polychaete wor ...

and deletes databases stored on victim hosts. In October, Unit 42 warned of a new crypto mining malware, XMRig, that comes bundled with infected

Adobe Flash Adobe Flash (formerly Macromedia Flash and FutureSplash) is a multimedia Computing platform, software platform used for production of Flash animation, animations, rich web applications, application software, desktop applications, mobile apps, mo ...

updates. The malware uses the victim's computer's resources to mine

Monero Monero (; Abbreviation: XMR) is a decentralized cryptocurrency. It uses a public distributed ledger with privacy-enhancing technologies that obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses t ...

cryptocurrency. In November 2018, Palo Alto Networks announced the discovery of "Cannon," a

trojan Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...

being used to target United States and European government entities. The

hackers A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

behind the malware are believed to be Fancy Bear, the Russian hacking group believed to be responsible for hacking the Democratic National Committee in 2016. The malware communicates with its command and control server with

email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...

and uses

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...

to evade detection.

References

External links

* {{NASDAQ-100 2005 establishments in California 2012 initial public offerings Companies based in Santa Clara, California Companies listed on the Nasdaq Companies formerly listed on the New York Stock Exchange Computer security companies Networking companies of the United States Technology companies based in the San Francisco Bay Area Technology companies established in 2005