By Tim Dillon, Founder, Director, Principal Analyst End User
Palo Alto Networks hosted a full house of customers (+ partners and a few analysts) at its Ignite
on Tour Sydney event in late February 2025. Running a full day, the agenda encompassed a morning of plenary sessions and an afternoon of topical breakouts.
Some thoughts on the day:
Execs in town: Kudos to having PANW President BJ Jenkins in town to give a clear overview of future threats, developments and successes around cybersecurity. Welcoming global execs in town can involve luck, alignment of multiple planets, and tolerance for long-haul flights, so when it happens, it’s great to see and was well received by the audience.
Local Talent Showcase: Stephen Scheeler, CEO of Omniscient Neurotechnology (Sydney-based AI company working in the field of neurosciences, AI and treatment/support for those with mental illnesses and neuro-divergence) gave a truly inspiring presentation and we’d encourage anyone reading this to check them out.
AI: AI is complicating thethreat landscape and making life a darn site harder. Luckily AI is also
addressing complications in the threat landscape and has the potential to make life a great deal better (note, not ‘easier’).
AI solutions have different tech stacks that introduce different threat vectors and to state AI attack services and vulnerabilities are expanding rapidly is like stating the Pope is slightly Catholic.
Philippa Cogswell, Unit 42’s JAPAC Managing Partner provided some stark warnings on how quickly AI is impacting the threat landscape based on findings from Unit 42’s newly released 2025 Global Incident Response Report:
● In 25% of cyber incidents that Unit 42 responded to in 2024, attackers exfiltrated data within 5 hours—a rate 3x faster than in 2021 when exfiltration happened in under 15 hours. In nearly 20% of incidents, exfiltration happened in under an hour.
● 70% of attacks targeted three or more attack surfaces,forcingsecurity teams to defend endpoints, networks, cloud environments, and the human element simultaneously.
● Phishing is back as the #1 entry point – 23% ofattacks began with phishing as GenAI makes phishing campaigns scalable and harder to detect and defend against.
● Unit 42 employees spent <1USD and <30 minutes to create anAI deepfake audio of Unit 42 senior VP Wendi Whitmore.
● AI is accelerating every stage of cyberattacksfrom automated phishing to ransomware. In a simulated attack conducted by Unit 42 researchers, AI reduced the median time to exfiltration from 2 days to just 25 minutes.
● Hackersare now using MITRE framework as a guide to creating Gen AI malware.
Some other notables:
Precision AI: The pitch around using AI to fight AI was clear and articulate. PANW is leaning heavily into ‘Precision AI’ and a platform approach, promoting the “use of AI in the right way, in the right place, at the right time” to strengthen cybersecurity stance, response and management.
There’s a bit to like about this including:
● It addresses shadow AI use alongside authorised AI use,
● Provides visibility into, and control over, GenAI applications, down to a user/IP level,
● Details what data is in which AI model or environment,
● It automatically discovers AI apps, models, users and data, supporting risk mitigation, as well as governance issues,
● Provides access control functionality and visibility down to userand device levels, and
● Encompasses SaaS, browser and network enforcement and extends to monitoring from compliance and GRC perspectives.
Secure Browser Anyone? The other highlight was the overview of the Prisma Access Browser, a SASE secure AI-powered enterprise browser. With browser exploits accounting to 44% of breaches, Prisma offers benefits, including:
● Coverage of unmanaged devices used by contractors or other thirdparties, as well as authorised BYOD and other employee devices,
● Applying zero-trust principles to password management usage,
● Provides access to (some) non-web apps including SSH/RDPapplications, Microsoft Excel, Adobe and SAP,
● Companies can have a single, common access policy for allapplications via the browser,
● Enables visibility into which AI apps are in use and who is using them,as well as access controls to apply policies, block unauthorised apps, and data classification and security controls, and
● It encompasses GenAI apps installed via marketplaces, particularlypowerful when employees are responsible for AI shadow IT activity.
Hopefully, we’ll seeadditional non-web apps added to the browser coverage. More critically, it will
be interesting to see user experience and performance metrics.
Partner implications
● Sharpen your AI capabilities and understanding. The PANW AI play spans identity, devices, workloads, applications, cloud, networks and data and there are multiple opportunities including ZTNA, cloud and identity security, access controls and management, insider threat monitoring, AI
automation and response, etc.
● Make sure you understand the demarcation line for PANW’s SOCservices with Unit 42, partners and customers, especially as more AI services come into play.
● If you’re not considering the browser play, give it some thought. Vendor competition is relatively low/still emerging and there is opportunity to create a sticky, engaged customer via Prisma Access Browser.