Palo Alto Networks Product Portfolio Overview

Palo Alto Networks organizes its comprehensive security offerings into three main product families: Strata for network security, Prisma for cloud security, and Cortex for security operations. These are complemented by specialized solutions and a suite of cloud-delivered security services that enhance the capabilities of the core platforms.

Strata: Network Security

Strata is the enterprise security portion of the portfolio, focused on securing network infrastructure with its Next-Generation Firewalls and associated services.

Next-Generation Firewalls (NGFWs)

Product Name: Next-Generation Firewalls (NGFWs) - includes PA-Series (hardware), VM-Series (virtualized), CN-Series (containerized), and Cloud NGFW (cloud-delivered).

Product Family: Strata

Core Purpose/Functionality: Provides comprehensive network security by inspecting all traffic based on applications, users, and content, and enforces granular security policies to block known and unknown threats. NGFWs go beyond traditional port and protocol-based security.

Key Features:

• App-ID™: Identifies applications regardless of port, protocol, or encryption (SSL/TLS), allowing for application-based policy enforcement.
• User-ID™: Integrates with directory services to map IP addresses to users and groups, enabling user-based policy enforcement.
• Content-ID™: Scans allowed traffic for threats (malware, vulnerabilities, C2) and sensitive data, leveraging threat prevention technologies.
• Single-Pass Architecture: Performs all security functions (App-ID, User-ID, Content-ID, etc.) in a single pass, minimizing latency.
• Decryption Capabilities: Inspects SSL/TLS encrypted traffic to uncover hidden threats.
• Machine Learning (ML) Powered: Leverages ML for proactive threat prevention, including stopping unknown command and control (C2) in real time.

Primary Use Cases:

• Securing enterprise perimeters, internal network segments, and data centers (physical and virtualized).
• Protecting private and public cloud deployments (VM-Series).
• Securing Kubernetes environments (CN-Series).
• Protecting AWS deployments with a managed cloud service (Cloud NGFW for AWS).

Target Audience/Environment: Enterprise Data Centers, Campus Networks, Branch Offices, Public/Private Cloud Workloads, Kubernetes environments, Service Providers.

Key Benefits:

• Superior threat prevention through deep visibility and granular control over applications, users, and content.
• Reduced attack surface by enabling a Zero Trust security model.
• Simplified security operations with a consistent security platform and centralized management (via Panorama).

Panorama

Product Name: Panorama

Product Family: Strata

Core Purpose/Functionality: A network security management solution that provides centralized visibility, policy creation, and management for Palo Alto Networks NGFWs and security services across various deployments.

Key Features:

• Centralized policy management with a single security rule base for firewalls, threat prevention, URL filtering, etc.
• Aggregated logging and reporting for network-wide visibility and actionable insights.
• Device groups, hierarchies, and template stacks for consistent and reusable configurations.
• Software, content, and license update management for connected devices.
• Zero Touch Provisioning (ZTP) to simplify onboarding of remote firewalls.

Primary Use Cases:

• Managing large deployments of Palo Alto Networks NGFWs across data centers, branches, and clouds.
• Ensuring consistent security policy enforcement and reducing administrative workload.
• Streamlining network security operations, incident analysis, and compliance reporting.

Target Audience/Environment: Organizations with multiple Palo Alto Networks firewalls, Security Operations Centers (SOCs), Network Operations Centers (NOCs).

Key Benefits:

• Simplified management and operational efficiency at scale.
• Improved security posture through consistent policy enforcement and rule usage analysis.
• Enhanced visibility and comprehensive reporting across the network, pulling logs from firewalls and Cortex Data Lake.

Cloud-Delivered Security Services (CDSS)

Product Name: Cloud-Delivered Security Services (CDSS)

Product Family: Strata (delivered to NGFWs and Prisma SASE solutions)

Core Purpose/Functionality: A suite of subscription-based services that extend the capabilities of NGFWs and SASE solutions, providing continuously updated protection against advanced and evolving threats using cloud intelligence and machine learning.

Key Features (Examples of Services):

• Advanced Threat Prevention: Industry's first advanced IPS to stop unknown command and control (C2) in real time.
• Advanced WildFire®: Cloud-based malware prevention engine using ML and crowdsourced intelligence for detecting file-based threats.
• Advanced URL Filtering: ML-powered web protection to enable safe web access and prevent web-based threats like phishing and malware.
• DNS Security: Applies predictive analytics and ML to disrupt attacks using DNS for C2 or data theft.
• IoT Security: Discovers, assesses risk, and applies policy-based enforcement for every IoT and OT device.
• Enterprise DLP: Cloud-delivered service for consistent data protection, discovering, monitoring, and protecting sensitive data across networks, clouds, and users.
• SaaS Security (CASB features): Provides visibility and control over SaaS applications.

Primary Use Cases:

• Blocking known and unknown malware, exploits, and command-and-control communications.
• Controlling web access and preventing web-based threats and data loss.
• Identifying and securing unmanaged connected devices (IoT/OT).
• Protecting sensitive data from exfiltration.

Target Audience/Environment: Any organization using Palo Alto Networks NGFWs or Prisma SASE solutions.

Key Benefits:

• Continuously updated protection against the latest global threats through cloud intelligence.
• Comprehensive security coverage across multiple attack vectors.
• Reduced risk of data breaches and cyberattacks through proactive, ML-powered prevention.

GlobalProtect

Product Name: GlobalProtect

Product Family: Strata

Core Purpose/Functionality: Extends network security (from NGFWs or Prisma Access) to mobile users (laptops, smartphones, tablets) and remote networks by establishing secure connections and enforcing consistent security policies, regardless of location.

Key Features:

• Secure remote access (VPN and ZTNA capabilities) for users on any device, anywhere.
• Consistent security policy enforcement (App-ID, User-ID) for remote and mobile users.
• Host Information Profile (HIP) checks for endpoint compliance assessment before granting access.
• Integration with NGFWs and Prisma Access for policy enforcement.
• Support for clientless SSL VPN for unmanaged devices.
• Multiple connection methods (Always-On, On-demand, Pre-logon).

Primary Use Cases:

• Securing remote workforce access to corporate applications and data.
• Enforcing security policies for mobile and BYOD users.
• Providing endpoint context for Zero Trust Network Access (ZTNA).
• Filtering access to malicious domains and adult content for remote users.

Target Audience/Environment: Remote Workforce, Mobile Users, Contractors, users requiring secure access from untrusted networks, BYOD environments.

Key Benefits:

• Consistent security posture for all users, regardless of location, by extending the Security Operating Platform.
• Improved user experience with seamless and secure connectivity.
• Enhanced visibility and control over remote access traffic and endpoint posture.

Prisma: Cloud Security

Prisma is a comprehensive suite of cloud security products designed to protect organizations' cloud environments, including public, private, and hybrid clouds, SaaS applications, internet access, mobile users, and remote locations.

Prisma SASE (Secure Access Service Edge)

Product Name: Prisma SASE (includes Prisma Access and Prisma SD-WAN)

Product Family: Prisma

Core Purpose/Functionality: A cloud-delivered SASE platform that converges networking (SD-WAN) and security services (FWaaS, ZTNA 2.0, SWG, CASB) to protect all users, applications, and data, regardless of location, with a focus on performance and user experience.

Key Features:

• Converged Networking and Security: Integrates Prisma Access (security) and Prisma SD-WAN (networking).
• Zero Trust Network Access (ZTNA) 2.0: Provides secure access to private applications based on least privilege and continuous trust verification.
• Cloud Secure Web Gateway (SWG): Secures web access with static analysis, machine learning, and real-time threat prevention.
• Firewall-as-a-Service (FWaaS): Delivers ML-powered NGFW capabilities and Cloud-Delivered Security Services from the cloud.
• Next-Generation CASB: Automatically secures SaaS applications, discovers shadow IT, and protects data.
• Autonomous Digital Experience Management (ADEM): Provides visibility into digital experience across the entire service delivery path.
• Prisma Access Browser: A SASE-native enterprise browser that extends security to unmanaged devices and protects data at the last mile.

Primary Use Cases:

• Securing remote workforces and branch offices connecting to cloud and data center resources.
• Replacing legacy VPNs and complex MPLS networks with a simplified, cloud-native architecture.
• Enabling secure access to cloud (IaaS/PaaS) and SaaS applications with consistent policies.
• Transforming branch security and optimizing network performance.

Target Audience/Environment: Organizations with distributed users, branch offices, mobile workforces, and a cloud-first or hybrid strategy.

Key Benefits:

• Simplified network and security infrastructure with a converged SASE solution, reducing complexity and cost.
• Best-in-class security consistently applied to all apps and users, stopping web-based threats inline.
• Exceptional user experience with optimized app performance and industry-leading uptime SLAs.
• Increased organizational agility and ability to securely adopt cloud and mobility.

Prisma Cloud

Product Name: Prisma Cloud

Product Family: Prisma

Core Purpose/Functionality: A comprehensive Cloud-Native Application Protection Platform (CNAPP) that secures applications from code to cloud, across multi-cloud and hybrid environments, providing visibility and threat detection.

Key Features (often referred to as pillars):

• Cloud Code Security: Integrates security into developer and DevOps workflows for IaC and cloud-native applications.
• Cloud Security Posture Management (CSPM): Monitors public clouds for security posture, detects misconfigurations, and maintains compliance.
• Cloud Workload Protection Platform (CWPP): Secures hosts/cloud VMs, containers, Kubernetes, and serverless functions.
• Cloud Network Security (CNS): Provides microsegmentation and network visibility in the cloud.
• Cloud Infrastructure Entitlement Management (CIEM): Manages cloud permissions and entitlements to enforce least privilege and reduce risk.

Primary Use Cases:

• Securing public cloud workloads (VMs, containers, Kubernetes, serverless) on AWS, Azure, GCP, etc.
• Ensuring compliance with industry regulations and security best practices in the cloud.
• Protecting cloud-native applications by integrating security throughout the DevOps lifecycle ("shift-left").
• Mitigating risks from misconfigurations and overly permissive identities in cloud environments.

Target Audience/Environment: Cloud Workloads, DevOps Teams, Cloud Security Architects, organizations using public clouds (AWS, Azure, GCP, OCI, Alibaba Cloud).

Key Benefits:

• Comprehensive visibility and control across multi-cloud and hybrid environments.
• Automated threat detection and remediation for cloud assets and applications.
• Shift-left security integrated into the development lifecycle, improving developer productivity and reducing risk.
• Consistent security policies and practices across various cloud platforms.

Prisma SD-WAN

Product Name: Prisma SD-WAN (formerly CloudGenix)

Product Family: Prisma (often part of Prisma SASE)

Core Purpose/Functionality: Delivers an application-defined, autonomous, and cloud-delivered SD-WAN solution to simplify network operations, improve application performance and user experience, and enable a secure branch.

Key Features:

• Application-aware routing (Layer 7) and path selection for optimal performance and user experience.
• Zero-touch provisioning for rapid branch deployment and simplified management.
• Centralized cloud-based management and orchestration.
• Seamless integration with Prisma Access for comprehensive SASE capabilities (often sold as Prisma SASE).
• Machine learning and AIOps for network anomaly detection, predictive analytics, and automating complex IT functions.

Primary Use Cases:

• Modernizing WAN infrastructure for branch offices and retail locations.
• Improving application performance and user experience for SaaS and cloud applications.
• Reducing MPLS costs and WAN complexity while increasing network agility.

Target Audience/Environment: Organizations with multiple branch offices, retail stores, healthcare clinics, financial services branches.

Key Benefits:

• Enhanced application performance and reliability for critical business apps.
• Simplified WAN management and operations, reducing IT overhead and MTTR.
• Increased network agility and significant cost savings compared to traditional WANs.
• One-click deployment with Prisma Access for comprehensive security.

Prisma SaaS (SaaS Security)

Product Name: Prisma SaaS (SaaS Security, functionality often integrated into Prisma SASE/Access as Next-Gen CASB, or available as SaaS Security API).

Product Family: Prisma

Core Purpose/Functionality: Provides deep visibility, data security, threat prevention, and compliance for Software-as-a-Service (SaaS) applications, acting as a Cloud Access Security Broker (CASB).

Key Features:

• Discovery of sanctioned and unsanctioned (shadow IT) SaaS applications.
• Data loss prevention (DLP) for sensitive data stored and shared in SaaS applications.
• Threat detection and prevention for malware and malicious activity within SaaS environments.
• Compliance monitoring and reporting for SaaS usage against industry standards.
• Granular access control and policy enforcement based on user, device, and data context.
• SaaS Security Posture Management (SSPM).

Primary Use Cases:

• Securing data in popular SaaS applications (e.g., Microsoft 365, Salesforce, Google Workspace, Box).
• Preventing data leakage and unauthorized sharing from SaaS platforms.
• Identifying and mitigating SaaS-based threats, compromised accounts, and misconfigurations.

Target Audience/Environment: Organizations heavily reliant on SaaS applications, IT and Security teams managing SaaS risk and compliance.

Key Benefits:

• Improved visibility and control over SaaS application usage and data.
• Enhanced data security and compliance for SaaS applications.
• Reduced risk from SaaS-related threats, data breaches, and compliance violations.

Cortex: Security Operations

Cortex is a comprehensive security product and service suite focused on transforming security operations through AI, machine learning, automation, and advanced analytics, enabling organizations to detect, investigate, and respond to threats more effectively across endpoint, network, and cloud environments.

Cortex XDR (Extended Detection and Response)

Product Name: Cortex XDR (Extended Detection and Response)

Product Family: Cortex

Core Purpose/Functionality: An extended detection and response platform that natively integrates endpoint, network, cloud, identity, and third-party data to stop sophisticated attacks with industry-leading analytics, AI, and automation.

Key Features:

• Next-Generation Antivirus (NGAV) and Endpoint Detection and Response (EDR): Uses multiple prevention methods for malware, ransomware, and exploits.
• Data Integration: Correlates data from endpoint, network, cloud, and identity sources.
• AI and Behavioral Analytics: Leverages machine learning and behavioral analytics to detect stealthy threats, anomalies, and group related alerts.
• Unified Incident Engine: Provides root cause analysis and a complete picture of each threat, significantly reducing alert volume.
• Response Orchestration: Enables quick response to threats and integration with enforcement points.

Primary Use Cases:

• Detecting and responding to advanced threats (e.g., ransomware, APTs) across multiple data sources.
• Consolidating security tools (EPP, EDR, NTA, UEBA) and reducing alert fatigue for SOC analysts.
• Automating threat hunting, accelerating incident investigation, and providing root cause analysis.

Target Audience/Environment: Security Operations Centers (SOCs), Incident Responders, Threat Hunters, IT Security teams.

Key Benefits:

• Improved detection accuracy and speed for known and unknown threats, proven in evaluations like MITRE ATT&CK.
• Significantly reduced alert volume and faster investigation times.
• Simplified security operations and enhanced SOC efficiency through automation, integration, and a unified platform.
• Lowered SOC costs by consolidating tools and improving operational efficiency.

Cortex XSOAR (Security Orchestration, Automation, and Response)

Product Name: Cortex XSOAR (Security Orchestration, Automation, and Response) (formerly Demisto)

Product Family: Cortex

Core Purpose/Functionality: An extended security orchestration, automation, and response platform that simplifies security operations by unifying automation, case management, real-time collaboration, and threat intelligence management.

Key Features:

• Playbook Automation: Standardizes and automates incident response workflows, threat enrichment, and remediation actions using hundreds of out-of-the-box playbooks.
• Case Management: Unifies alerts, incidents, and indicators from any source on a single platform.
• Threat Intelligence Management (TIM): Aggregates, scores, and shares threat intelligence with playbook-driven automation.
• Extensive Integrations: Marketplace with hundreds of integrations (content packs) for third-party security and IT tools.
• Real-Time Collaboration: Virtual War Room with ChatOps and CLI for joint investigations.

Primary Use Cases:

• Automating repetitive security tasks and complex incident response playbooks (e.g., phishing, IOC enrichment, vulnerability management).
• Standardizing incident response procedures for consistency, efficiency, and scalability.
• Improving SOC efficiency, reducing analyst burnout, and enabling faster response times.
• Managing threat intelligence from multiple feeds and operationalizing it.

Target Audience/Environment: Security Operations Centers (SOCs), Incident Response teams, Security Analysts, Threat Intelligence teams, MSSPs.

Key Benefits:

• Faster incident response and remediation, minimizing breach impact through automation.
• Increased SOC productivity and scalability, allowing teams to focus on critical tasks.
• Consistent, auditable, and measurable incident handling processes.
• Improved ROI from existing threat intelligence investments.

Cortex Xpanse

Product Name: Cortex Xpanse (formerly Expanse)

Product Family: Cortex

Core Purpose/Functionality: An active attack surface management (ASM) platform that continuously discovers, evaluates, and helps organizations mitigate unknown and unmanaged internet-facing risks and exposures across their global internet footprint.

Key Features:

• Continuous discovery of all internet-connected assets and services (known, unknown/shadow IT).
• Automated risk assessment and prioritization of identified exposures and vulnerabilities.
• Identification of misconfigurations, vulnerabilities, exposed RDP/SSH, and policy violations.
• Contextual information to attribute assets to the organization.
• Integration with Cortex XSOAR for automated remediation workflows.

Primary Use Cases:

• Identifying and managing the complete external attack surface, including shadow IT and unmanaged assets.
• Proactively reducing the risk of opportunistic attacks by discovering and fixing exposures.
• Supporting M&A due diligence by assessing the attack surface of acquired companies.

Target Audience/Environment: Security teams, Risk Management teams, CISOs, organizations with a large or complex internet footprint.

Key Benefits:

• Comprehensive and continuous visibility into the external attack surface.
• Proactive risk reduction and improved overall security posture by addressing unknown exposures.
• Automated discovery and assessment of internet-facing exposures, reducing manual effort.

Cortex Data Lake

Product Name: Cortex Data Lake

Product Family: Cortex

Core Purpose/Functionality: A cloud-based logging service that collects, normalizes, and stores security telemetry from Palo Alto Networks products, enabling advanced AI-based innovations, analytics, and powering applications like Cortex XDR and Prisma Access.

Key Features:

• Centralized and massively scalable log storage in the public cloud.
• Normalized data format for easy consumption by various security applications and tools.
• Secure and compliant data handling, with regional storage options to address data residency.
• Serves as the foundational data layer for Cortex XDR, Prisma Access insights, and other PANW apps.
• Open APIs for data access and integration with SIEMs or custom analytics tools (Log Forwarding app).

Primary Use Cases:

• Storing and managing logs from NGFWs, Prisma Access, Cortex XDR agents, and other sources.
• Enabling advanced security analytics, machine learning, and threat hunting capabilities.
• Facilitating long-term log retention for compliance and historical analysis.

Target Audience/Environment: Organizations using multiple Palo Alto Networks products, SOCs, Security Analysts, Compliance teams.

Key Benefits:

• Radically simplified security operations by collecting, integrating, and normalizing enterprise security data.
• Enhanced data insights for security operations through normalized, accessible data, enabling AI and ML.
• Scalable and cost-effective solution for long-term security data retention without needing local compute/storage.
• Improved accuracy of security outcomes with trillions of multi-source artifacts for analytics.

Other Key Security Areas

5G Security

Product Name: 5G Security

Product Family: Specialized (leverages Strata NGFWs including CN-Series, CDSS, and specific 5G capabilities)

Core Purpose/Functionality: Provides comprehensive, real-time security for 5G networks, including the 5G core, edge (MEC), enterprise private 5G deployments, and IoT, protecting against threats specific to 5G infrastructure, services, and connected devices.

Key Features:

• Visibility and control over 5G signaling protocols (e.g., HTTP/2, Diameter, GTP-U, SCTP).
• Threat prevention for 5G core network functions and user plane traffic.
• Security for Multi-access Edge Computing (MEC) environments and applications.
• Containerized security (CN-Series NGFWs) for cloud-native 5G deployments.
• Real-time threat intelligence and specific protections against 5G attack vectors (e.g., subscriber ID protection, roaming security).

Primary Use Cases:

• Securing mobile operator 5G public networks (core, edge, transport, roaming).
• Protecting enterprise private 5G networks for critical infrastructure and industrial IoT.
• Securing IoT and mission-critical services delivered over 5G.

Target Audience/Environment: Mobile Network Operators (MNOs), enterprises deploying private 5G, IoT service providers, critical infrastructure operators.

Key Benefits:

• Comprehensive threat protection tailored for 5G infrastructure, data, and services.
• Enables secure deployment of new 5G use cases and revenue streams.
• Maintains subscriber trust, service availability, and network integrity in 5G environments.