The Future of Cloud & Security Operations: Analyzing PANW’s Cortex Cloud Bet
Part 1: A Deep Dive Into The Evolution of Cloud Security & SOC Convergence - Its Challenges, Promise and How We Get There.
Welcome, and thank you for diving into this latest research from the Software Analyst.
This report is part of an ongoing effort to analyze the most important trends shaping the future of cybersecurity—with a focus on where cloud security and Security Operations (SOC) are headed next.
Whether you're a CISO, a practitioner, an investor, or someone simply trying to stay ahead of the curve—my goal is to offer you thought-provoking insights, honest analysis, and a clear point of view on what matters most.
In this edition, I unpack Palo Alto Networks' boldest product strategy yet: Cortex Cloud. I hope this report not only informs but sparks new questions and ideas as you think about the future of your own cloud and security operations.
Let’s get into it.
—
Actionable Summary
This is Part 1 of a two-part series exploring the evolution of cloud security and a pivotal trend reshaping the future of both Security Operations Centers (SOCs) and cloud security: their convergence.
In this first installment, we revisit the history of cloud security and analyze Palo Alto Networks’ strategic vision to unify cloud and SOC capabilities. The centerpiece of this strategy is Cortex Cloud—a bold move launched in February that merges its security operations platform (Cortex XSIAM/XDR) with its cloud security platform (Prisma Cloud). This level of convergence has never been attempted at this scale.
As someone who has closely studied PANW’s history, I trace how every acquisition made under CEO Nikesh Arora has led to this moment. Cortex Cloud is the culmination of years of integration work and reflects a broader industry trend toward platformization.
This move not only positions Palo Alto as a first mover—it may also set the playbook for others. We explore how vendors like Google could integrate Wiz into Chronicle and Mandiant, and why companies like AWS, CrowdStrike, or SentinelOne may follow suit.
This report presents Software Analyst Research’s deep dive into Cortex Cloud—its architecture, vision, and implications. We evaluate how this platform could transform how cloud and SOC teams operate, collaborate, and respond to threats. We also examine the current challenges that make this collaboration difficult, and what this shift means for the future of security platforms.
My next report will feature another top vendor—and in that one, I’ll explore the maturity curve needed to fully integrate SOC and cloud security into a single, unified function.
Why Now for Cloud Runtime Security
It’s important to note: nothing here is entirely new. However, in recent months, cloud teams have become increasingly overwhelmed, and critical issues are left unresolved for far too long. Tanmoon, a fully managed cloud security service conducted an analysis of over 4.7 million CNAPP alerts analyzed to see the increasing volume of cloud-related threats in the SOC.
They found that the most common issues—like public S3 buckets or exposed services aren’t exotic. They’re basic hygiene issues that remain unresolved. Why? Because neither the SOC nor the cloud team truly owns them. SOC teams lack deep cloud context. Cloud teams aren’t built for fast triage. What’s needed is a hybrid skillset—someone who thinks like a cloud engineer but responds like a SOC analyst. That talent doesn’t exist in most orgs.
Cloud Runtime Security Risks Are on the Rise Into 2025
We also know that cloud high-alerts are slowly become more prominent for cloud teams. Alerts from a CNAPP are inherently different from CDR issues. In a CNAPP alert, something could go wrong. In a CDR alert, something has gone wrong—and it could already be a problem. CNAPP alerts must be prioritized and remediated to prevent breaches. CDR alerts require real-time triage and response.
Nearly 34% of all alerts are classified as high priority. While some organizations stay on top of their critical alerts, many are overwhelmed by the sheer volume of high-priority issues. Even the most efficient teams feel overwhelmed when their high-priority queue is 17 times larger than their critical one. Hence, there needs to be a better solution.
The rest of the report dives into the evolution of cloud security as we know it today.
Historical Context of Cloud Security and Security Operations
As many readers know, I’ve done extensive research on cloud security as seen in this in-depth report on cloud security, including past work on security operations (SOC).
Security Operations
Before the cloud reshaped enterprise infrastructure, cybersecurity was dominated by two pillars: network firewalls for inspecting network traffic and, increasingly, endpoint detection and response (EDR) for securing devices.
These solutions became ubiquitous across businesses of all sizes. Firewalls typically protected external perimeters, while EDR tools (evolved from traditional antivirus software) protected endpoints. Although a broader ecosystem of tools existed (such as SIEMs, vulnerability scanners, and email security), the market and budget emphasis was on deploying EDR agents on servers or devices. This simplicity contributed to the rise of industry giants like CrowdStrike and Palo Alto Networks. Within the top 5 largest cybersecurity companies, the prevailing assumption was that visibility and control meant deploying agents directly on-premises—where environments were relatively static and predictable.
SOC Team Responsibilities:
Runtime detection and response teams have historically been responsible for monitoring, detecting, investigating, and responding to security threats across an organization’s technology environment. Their stack typically includes:
Sensors that monitor cloud workloads
Detection engines that flag suspicious behavior
Response platforms for cloud incidents
SecOps works closely with IT, cloud, and application teams, but their focus is often more immediate — they operate in the “now” of an attack lifecycle. Their toolset typically includes a SIEM for aggregating and analyzing security logs, SOAR platforms to automate response playbooks, EDR/XDR tools for endpoint and extended detection, and threat intelligence feeds for context. These tools are typically owned by SOC or incident response teams.
In cloud-native environments, SOC teams also rely on sensors—like agents or eBPF—to monitor runtime activity, alongside detection platforms designed for cloud and container workloads. As cloud infrastructure grows more dynamic and distributed, SecOps teams are increasingly tasked with extending their visibility and response capabilities into these environments—while also collaborating more closely with cloud security and DevOps teams. This is where we need to dive in further and gain a better understanding. We’ll address these challenges soon—but first, let’s set the context and revisit how cloud security evolved.
Cloud Security
As businesses began migrating to the cloud, the security industry’s first instinct was to port existing solutions into this new environment. Virtual firewalls and endpoint agents were “lifted and shifted” into the cloud, often with minimal adaptation. This initial approach largely misunderstood the cloud’s fundamental differences—especially the fact that cloud infrastructure exposed entirely new surfaces for security via APIs and configuration layers. A pivotal realization followed: unlike physical data centers, public cloud environments allowed security teams unprecedented programmatic access to the infrastructure itself. This changed how security could and should be done.
Early CSPM (Cloud Security Posture Management) tools began to emerge, focused on scanning cloud APIs for misconfigurations and compliance violations.
Over time, posture and vulnerability scanning responsibilities were assumed by teams composed of cloud deployment specialists, application security (AppSec), or DevSecOps teams—depending on the organization. These teams are typically responsible for:
Hardening cloud environments and securing the software development lifecycle to prevent incidents.
Identifying and remediating known vulnerabilities in cloud resources and dependencies
Detecting misconfigurations, vulnerabilities, and insecure design patterns across cloud infrastructure and application code using CSPM tools and vulnerability scanners
Using Infrastructure-as-Code (IaC) scanners to analyze Terraform, CloudFormation, and other templates for security issues before deployment
Working closely with engineering teams to integrate security controls into CI/CD pipelines and using automated remediation platforms to streamline fixes
Operationalizing cloud and code security controls to reduce the attack surface and minimize exposure before runtime
Early Iterations of Agents and the Rise of Container Workloads (2015–2019):
While cloud security vendors were still focused on asset discovery and misconfiguration, a technological shift was already underway within developer teams: the adoption of containers and microservices. This shift fundamentally changed how workloads were deployed—moving away from static virtual machines to short-lived, distributed containers. However, security teams were late to recognize the significance of this change. Most security tooling at the time was designed for Windows-based systems and had little to no support for Linux containers. Innovators like Twistlock, Sysdig, and Aqua Security stepped into this gap, developing solutions specifically tailored for container security. These vendors emphasized visibility into containerized workloads, runtime protection, and orchestration environments like Kubernetes. While these innovations were ahead of their time—often misunderstood by a broader security market still focused on posture—this period laid the groundwork for what would become a critical component of cloud-native security strategies.
2019 - 2023: The Shift Back to Agentless from Initial Agents
From 2019 to 2023, the industry saw a broad shift toward agentless scanning. Orca Security led the way by introducing “side scanning,” which analyzed virtual machine and storage snapshots via cloud APIs—eliminating the need for agents. This made visibility significantly easier and faster. Wiz took this concept further, introducing graph-based visualizations of asset relationships and layering in more cloud-native insights. Wiz’s success came from a combination of technical innovation, product simplicity, and perfect market timing.
2024 - Now: The Shift to Agent and Runtime Emphasis
As cloud environments became more complex, the security industry began engaging in a more nuanced debate around deployment models: agent-based versus agentless. Agentless solutions became widely favored due to their simplicity, ease of deployment, and ability to deliver fast insights. By scanning disk snapshots and analyzing cloud logs, these tools provided a broad layer of visibility without requiring developer involvement. However, this convenience came with trade-offs. Agentless tools could not observe real-time behavior or capture ephemeral activity within containers. They often generated excessive alerts without sufficient context or actionability, leading to alert fatigue.
By 2024, the technology had matured. Agents could now be deployed using modern DevOps tools (such as Helm and ArgoCD), and eBPF had made runtime instrumentation more efficient. Nevertheless, teams still need to carefully weigh the trade-offs between visibility, performance, and developer impact.
History and Context
The evolution of Prisma Cloud
We have to give credit to Palo Alto Networks. The cloud security landscape fundamentally changed when PANW acquired RedLock and Twistlock between 2018 and 2019. By combining misconfiguration scanning (CSPM) with container and workload runtime protection (CWPP), Palo Alto effectively created the first consolidated Cloud-Native Application Protection Platform (CNAPP). This marked a strategic pivot: instead of treating posture and runtime as separate domains, the vision was to unify them into a single platform. This consolidation introduced a new narrative around agent-based versus agentless deployment, as customers began to ask not only what the solution did—but how it was deployed.
Palo Alto’s Prisma Cloud stands out for its breadth and maturity, offering one of the most comprehensive CNAPP platforms on the market. Through a series of strategic acquisitions—including RedLock (CSPM), Twistlock (CWPP), Bridgecrew (IaC scanning), Cider Security (ASPM), and Dig Security (DSPM)—Palo Alto has built a robust solution that spans posture, runtime, identity, data, and application security. This modular approach benefits large enterprises already using Palo Alto's ecosystem, offering seamless integration with their firewalls, XDR, and SOC infrastructure. Prisma Cloud supports both agent and agentless deployments, giving teams flexibility. Its Resource Query Language (RQL) offers powerful customization for organizations with complex compliance or governance needs. Twistlock’s runtime protection remains relevant for deep container insights, and overall, the platform “checks more boxes” than most competitors, making it a strong, feature-rich contender.
Palo Alto Networks Security Operations
Historically, Palo Alto already had SOC and threat intel DNA (beyond firewalls). They had integrated EDR, XDR, SIEM, and SOAR capabilities within one product capability. Its evolution was acquisition-led, starting with Secdo for behavioral analytics and kernel-level data collection, forming the foundation of Cortex XDR. The 2019 acquisition of Demisto added powerful SOAR capabilities—automated playbooks, case management, and ChatOps—which now serve as the automation backbone of XSIAM. This was further bolstered by Crypsis Group, a top-tier DFIR firm, which enriched XSIAM’s investigative workflows and threat intelligence. Together, these pieces allowed Palo Alto to position XSIAM not just as a tool but as a fully integrated SOC platform.
XSIAM as a Splunk Alternative
Around 2022, Palo Alto Networks converged on a number of these acquisitions and built out its native SIEM on GCP’s infrastructure, with the goal of replacing legacy SIEMs. They launched XSIAM (Extended Security Intelligence and Automation Management) during this period as a modern alternative to traditional SIEMs like Splunk. XSIAM was built to unify detection, analytics, and response across endpoint, network, and cloud data—most of which Palo Alto already had in its product ecosystem. This tight integration makes it especially appealing to large enterprises already using Palo Alto’s products. As of 2024, XSIAM has become one of Palo Alto’s fastest-growing products, surpassing $500M in ARR.
Platformization was the theme for Palo Alto Networks last year—and it makes sense. Just as Prisma Cloud became Palo Alto’s all-in-one cloud security platform, XSIAM is their answer to modernizing security operations across every category.
Today - Introducing Cortex Cloud
In 2025, Palo Alto Networks launched Cortex Cloud as more than a rebrand—it was a complete re-architecture that merges Prisma Cloud and Cortex CDR into one unified platform, designed to enable both teams to work closely together.
It runs on the Cortex SecOps platform, applying Precision AI, automation, and real-time analytics across the entire lifecycle—from code to cloud to SOC. Cortex Cloud was built to unify the silos between CNAPP solutions utilized primarily by CloudSec teams and SecOps, to close the investigation loop and help security teams focus on what matters most as it relates to closing SOC cases. The objective is to improve MTTR in the cloud with CNAPP context and visibility. PANW’s goal is to make the SOC as close as possible to real-time, which hasn’t been the norm.
Core Components of the Product Suite
This is a complex and multi-dimensional integration across the suite since, as we know:
Prisma Cloud:
AppSec includes Secrets scanning, SCA, IaC scanners and CI/CD pipeline, and 3rd party scanners.
CNAPP includes CSPM, CIEM, API, DSPM and AI-SPM, and vulnerability management.
Palo Alto XSIAM:
CDR agent includes cloud workloads across VMs and serverless
XSIAM includes SIEM, XDR, SOAR and ASM
Every acquisition Palo Alto has made under CEO Nikesh Arora has led to this moment. Cortex Cloud is the culmination of years of integration work, reflecting a broader industry trend toward platformization and unified security workflows.
Let’s break down each of the components of Cortex Cloud:
App Sec Components: Secrets scanning, SCA, IaC Scanners & CI/CD Pipeline
Palo Alto has long had scanner and application security capabilities. They acquired Bridgecrew in 2021 and Cider Security in 2022. This product is primarily targeted at developers and DevOps engineering teams, integrating directly into DevOps pipelines and tools, embedding security guardrails into workflows developers already use.
They’ve integrated everything together. Today, Palo Alto’s AppSec tools and third-party scanners—SAST, SCA, IaC, secret scanning, and CI/CD—give development teams visibility into vulnerabilities within code and the ability to remediate them. They’ve incorporated an AI prioritization engine that helps triage issues early and flags the most exploitable risks, drawing from runtime application and infrastructure context. As a result, vulnerabilities get caught before they ever reach production, with no slowdown to the development process.
Based on the dashboard I reviewed, they can map vulnerabilities from runtime back to source code and commits, and tie developer identities to misconfigurations or exploitable code. This provides end-to-end visibility from pull requests to container/image deployment.
Cloud Security Posture (CSPM++)
This is one of Palo Alto’s core product areas, focused primarily on CSPM—scanning cloud environments for posture and policy violations during configuration. Palo Alto has aggregated its platform to unify posture tooling, starting with CSPM and extending to CIEM, DSPM, AI-SPM, ASPM, and vulnerability management—all under one solution.
Cortex Cloud helps correlate misconfigurations, identity risks, vulnerabilities, and sensitive data exposure to highlight real attack paths. It can model what could happen if an attacker exploited an open storage bucket, and what else they might be able to access. The platform uses AI to group related issues into Action Plans, enabling teams to remediate entire clusters of risk in one motion. Some issues can even be resolved automatically, reducing manual effort. This has been a major focus in my own observations of how the product is built. Since it runs across multi-cloud environments, it allows teams to achieve consistent posture enforcement—regardless of provider or architecture.'
Cloud Runtime Security (CDR, CWP)
Modern cloud environments are dynamic — workloads spin up and down constantly. Cortex Cloud leverages the Cortex XDR agent to scan cloud workloads – specifically to secure VMs, containers, Kubernetes, and serverless platforms, using behavioral analytics and anomaly detection to catch both known and unknown threats — including zero-days. Everything runs through a unified agent, reducing deployment complexity.
The key point for readers to understand is this: EDR/XDR has now been extended to cloud runtime workloads and enriched with cloud-specific signals, which feed into MITRE ATT&CK-tested analytics that help teams block threats before they land. Runtime context is tied directly to risk prioritization—so posture decisions can be informed by what’s actually happening in the environment.
Some of these capabilities were built by leveraging Twistlock (for container and runtime security, including mapping images to CVEs) and PureSec, acquired in 2019, to expand support for serverless functions in compute environments.
SOC Operations
It’s important to understand that the SOC still primarily remains separate and distinct. However, going forward, Cortex Cloud will extend these capabilities into Cortex XSIAM, its next-gen SIEM equivalent. It will continue to operate independently, focused on enabling threat hunting and incident response. Still, a major focus for Palo Alto is to provide security teams with deeper visibility into cloud-related threats through real-time telemetry.
PANW’s goal is to ensure SOC teams have enough context when responding to a cloud alert. These threat behaviors are mapped to MITRE ATT&CK, which improves investigation quality by enriching them with full context. Teams can pivot across misconfigurations, identity issues, and runtime threats, all within the same platform.
Automation is a major component of PANW’s vision. They plan to integrate their native SOAR platform and leverage AI-powered playbooks to automate much of the incident response process across both cloud and SOC—under one umbrella. The ultimate goal is to reduce context switching and enable faster alert response. When an SOC analyst sees an alert tied to code, they can easily investigate and remediate it.
Another key objective that PANW aims to achieve is to allow SOC analysts to investigate and remediate risks in the cloud. They also built the platform to allow organizations to have seamless hand-offs between SecOps and cloud/developers for fixes, with granular RBAC across the person types/teams. The SOC can use PANW’s case management (based on XSOAR) or integrate with their workflow tool of choice for resolving cases.
Analysis: The Benefits of this Consolidation
Palo Alto’s Unified Dataplane
All capabilities (XDR, XSIAM, CSPM, CNAPP, SOAR, AppSec) are now built on a single platform, backend, data lake, and risk model. This supports modularity—customers can start with any capability and expand via license upgrades, rather than needing separate systems.
This is a ground-up rebuild designed to natively link runtime threats with cloud misconfigurations, CI/CD, identities, and even source code commits. A key value proposition of Cortex Cloud is its ability to trace runtime incidents back to the exact developer pull request and CI/CD pipeline commit that introduced the issue, as well as to give SecOps visibility into the broader engineering ecosystem to more efficiently respond to supply chain attacks
The ability to bring together first- and third-party security findings into a single unified dataplane is valuable for security teams. That unified view cuts down investigation times, and ideally eliminates blind spots. Additionally, Cortex Cloud utilizes over 7,000 detectors and 2,400+ machine learning models, to prioritize alerts based on asset importance, threat intel, and real-world exploitability. With their Cortex XDR agent (which achieved 100% detection coverage in MITRE ATT&CK evaluations), that intelligence is constantly translated into meaningful action. Where possible, the platform automates resolution completely — fixing misconfigurations and enforcing policy without manual input. Analysts can also lean on customizable or out-of-the-box playbooks that adapt as incidents unfold, freeing up time for higher-level work like threat hunting and strategy.
Context Helps Reduce Investigation Times & Root Cause Prioritization
This is a central thesis: bridge SOC and DevOps workflows to reduce MTTR (mean time to respond). Cortex enables one team to detect and contain threats, then assign remediation workflows and context to other teams with full playbook and ChatOps integration.
Palo Alto showed how some incident close rates improved from 20% to 100% and they are seeing 75% decrease in analyst workload and better MTTR (as much as 90% reduction from 4-days to 1-2 hours). The major benefit is that their coverage spans the entire lifecycle. Cortex Cloud is built to cover four critical pillars of cloud security: App Security, Cloud Posture, Cloud Runtime, and the SOC.
Another benefit is that the system automatically composes cases by correlating multiple alerts and signals from posture, runtime, identities, and secrets into a single case. Within the cloud, they refer to these cases as a list of potential risks.This stitched together analytics view of potential risks helps reduce alert fatigue and refocus effort on root causes rather than symptoms.
Platformization & Cost Savings
This is all built around Palo Alto’s platformization story. Cortex Cloud is a major initiative aimed at consolidating multiple security functions—posture management, threat detection, and incident response—into a unified data and operational layer.
From the vantage point of a CISO or senior security executive, this offers a range of transformative benefits that go beyond technical capabilities and extend into operational efficiency, governance clarity, and long-term cost optimization. Palo Alto claims to be over ~50% more affordable than competitor platforms on AWS Marketplace—while delivering deeper coverage and lower total cost of ownership. From a budget and procurement perspective, this modular yet integrated architecture is a powerful enabler. Organizations can start small—for example, with posture management or XDR—and scale horizontally into other capabilities over time via license upgrades, without needing to deploy or learn a new platform.
Analysis: Industry Challenges to Navigate
One of the biggest challenges for all the vendors (even beyond Palo Alto Networks) within this convergence is reducing MTTR. However, as discussed in the Tanmoon report, Remediation times remain painfully slow. It takes an average of 128 days to fix a critical CNAPP alert, which is four months of exposure.
Tamnoon’s analysis breaks down the reasons:
It’s hard to understand what’s most important: Organizations often manage hundreds or thousands of critical alerts at once. With such high volume, it’s difficult to prioritize, causing many alerts to remain in the backlog for months.
It’s hard to find the owner: Who owns a piece of infrastructure is not a trivial question; resources are often tied up in multiple functions, and multiple different people (of varying degrees of importance and influence within the organization) have connections to each resource. Identifying one decision-maker can be difficult.
It’s hard to plan remediation safely: Just as identifying the owner is hard, evaluating possible outcomes and analyzing the blast radius of a specific remediation path is complex and technically challenging. Organizations often lack a clear understanding of how each infrastructure component fits into the broader context.
Here are a few things that PANW will have to navigate as it builds out its solution:
Collaboration Workflows Between SOC and Cloud Teams
One of the most persistent challenges Cortex Cloud faces today is the operational workflow between SOC and cloud engineering teams. While the platform offers the ability to unify alerts and incident context across posture management, runtime threats, and identities, the orchestration of workflows connecting detection to remediation remains in its early stages. Teams are often unclear about where responsibilities begin and end, particularly when handling issues that require cross-functional collaboration.
In my opinion, PANW should build on its existing granular RBAC capabilities and prioritize the development of pre-built, role-aware workflow templates tailored to specific incident types (e.g., container misconfigurations). These templates can guide SOC analysts on when to assign issues to cloud or DevOps teams, including recommended remediation actions and communication mechanisms (e.g., Slack, Jira, ServiceNow). Additionally, integrated war rooms with ChatOps and audit trails can help reduce friction.
Automated Remediation Playbooks
While Cortex Cloud provides an automation engine with customizable playbooks and some good AI-driven remediations, I still think there needs to be more real-world adoption. From my discussions, some customers are hesitant to execute fully automated remediations for misconfigurations or threats due to the risk of business disruption. As a result, many playbooks are used in a semi-automated fashion (e.g., sending Slack messages or approval prompts) rather than as true hands-off remediations. I would almost recommend a partnership with emerging AI-SOC and AI-SOAR vendors to further enhance their capabilities for automatically resolving cases, but Palo Alto continues to make strides in enhancing its capabilities in this area.
Remediation Workflows Between Security vs Dev Teams
One of the most complex challenges is orchestrating remediation workflows between security and development teams. This is an area where Cortex Cloud must demonstrate meaningful progress to fulfill its objectives. While traditional SOC teams are trained to isolate and contain threats, that mindset often clashes with the needs of cloud-native environments—where misconfigurations or entitlements may require careful adjustments by DevOps or platform teams.
The Cortex Cloud team has made strong progress in mitigating this challenge through a persona-driven experience supported by a unified role-based access control (RBAC) model. Each team—whether SOC, AppSec, or Cloud—is provided with custom dashboards and workflows aligned to their specific functions, helping clarify ownership while operating on shared data. Once a cloud account is connected, posture and runtime signals surface instantly, allowing teams to pivot across identities, assets, permissions, and associated risks.
The benefit is that by integrating runtime threat detection with posture insights, Cortex helps shorten the window between detection and resolution. While there’s still room to improve how remediation is handled and tracked, especially in high-stakes environments, the groundwork laid in Cortex’s platform architecture provides a good foundation for enabling cross-functional collaboration.
Concluding Thoughts: The Unfolding Landscape of Cloud Security Convergence
Throughout this deep dive, we’ve explored Palo Alto Networks' Cortex Cloud strategy for converging security operations and cloud defense. The ambition to fuse traditionally disparate realms—the SOC and cloud teams—into a cohesive operational unit holds the potential to unlock significant gains for CISO budget efficiency, platformization, threat visibility, and incident response.
However, the path to realizing this vision comes with many practical considerations, most notably the intricate challenge of harmonizing the workflows of teams with distinct cultures and expertise. Cortex Cloud's ultimate efficacy will be judged not solely on its technological strength in unifying data, but on its capacity to orchestrate seamless communication and clearly defined responsibilities through automation and thoughtfully designed access controls between teams. The winner will be determined by who can simplify complex remediation processes.
Looking ahead, the challenges confronting the cybersecurity landscape are poised to become even more pronounced. Credit must go to vendors like Palo Alto Networks for taking this bold move to converge both security professionals and cloud architecture. The true measure of success in this evolving landscape will not only be in simplifying security platforms but, more critically, in how well we bridge the siloes across security teams for faster and improved security outcomes.
Thanks for reading. In Part 2, I’ll explore how another major vendor is navigating this convergence, and what it takes to actually make this vision work in real environments.
Great post. Enjoyed reading it. 128 days to resolve an alert is shocking.
another fantastic write up