An Engineer’s Reflections – Ignite 2018

That’s a wrap folks! Yet another successful Palo Alto Networks Ignite conference made up of countless conversations and deep dives into Indeni’s offerings. Though we did our best to appease everyone who stopped by our booth, we are aware we could not get to everyone, as you can see from the photo below. If you did not receive the information you were seeking regarding Indeni’s Crowdsourced Automation Platform, I invite you to join me and one of our Palo Alto Networks experts, Brad Spilde, in a Live Webinar on June 27, 2018.

After so many conversations with Palo Alto Networks (PANW) end users, a few key themes became apparent to me:

  • The Application Framework will help converge threat intelligence/management tools and enable further automation for security teams.
  • Automating operational health management is more important now than ever.
  • Fostering and engaging in communities will improve any organization’s chance at achieving automation.

Being a Systems Engineer here at Indeni, I am always interested in breaking down what topics are trending within the industry. As “automation” was such a hot topic at Ignite 2018, I think it warrants further inspection. In an Ignite onsite survey, 90% of our 260 respondents mentioned automation is a high priority or on their horizon. Eric Parizo, a Senior Analyst for GlobalData Technology, hit the nail on the head with this tweet:

The Application Framework will help converge threat intelligence/management tools and enable further automation for Security teams

The Application Framework is going to a play a major role in automation for analysts, engineers and architects. As is, there are over 30 partners that are leveraging the framework for ingesting threat data and augmenting, analyzing, or providing some level of automation. It’s unlikely it will stop there considering Palo Alto Networks (PANW) is even investing in application ideas. If you are already using 3rd party tools on your PANW infrastructure, you should heavily consider how to leverage the application framework. The ecosystem extends far beyond the big players like Algosec, Firemon, Google Cloud, and others listed in the image below.

For example, tools like Demisto and Phantom provide runbooks that automate time-consuming tasks of a security analyst. Medigate is providing deeper vulnerability analysis in connected medical equipment. Seclytics distributes an automated feed of new malicious activity to predict new attacks and exposes as an API through the Application framework for security analysts to take advantage. Even tools like Algosec can leverage the inherent log-collecting mechanism of the Application Framework to do firewall rule analysis.

Automating operational health management is more important now than ever

While I really enjoyed exploring the app landscape, I have my concerns. New tool adoption introduces new risks, operational overhead, and training. At PANWs current pace of innovation, the challenge is really in an organization’s agility in adoption and we’ve all heard the saying, “we don’t want a point solution”. So wouldn’t leveraging Application Framework reduce the headache?

Yes mostly, but it also increases the dependency on the core Palo Alto Networks infrastructure. For example, what if a firewall loses connectivity to Panorama or to the syslog server (in this case, the logging service for the App Framework)? How do those issues percolate into the day to day of operations and engineering? There are best practices that should be in place, but the challenge remains: the operational health management of the PANW infrastructure needs to be further automated. Indeni automatically gathers context of the device and recognizes what operational risks to consider. For example, if you are using the application framework and have assigned for syslog server, Indeni tracks indications that the connectivity may fail at any point, whether it’s physical or networking issue. Check out this snapshot of what Indeni does out-of-the-box for Palo Alto Network devices.

Fostering and engaging in communities will improve any organization’s chance at achieving automation

Github, Reddit, StackExchange – they all have something in common besides distracting us at work. They share information, or domain knowledge, to connect engineers. These communities empower us to be more efficient at our jobs, build a professional brand, and gain access to cool side projects. For example, I know a number of PANW users that would like to automate PANW firewall back ups. If that is all you’re looking for, take a look at this GitHub thread.

So how does crowdsourcing from the community benefit Indeni and our end users? There was a question that EVERY engineer asked me during my booth demos that stuck with me – can Indeni track for CRC errors? I put my feelers into our Community and found that analyzing the data is rather hard. The community even brought to my attention several other maintenance challenges that I had not seen before. After this community conversation, I was confident in thinking “Indeni can automate these tasks in our platform”. I immediately brought this up to our R&D and begun scoping for our development lifecycle.

The problem that Indeni is trying to solve is simple – we want to lower the adoption curve by automating health management. We do this by crowdsourcing the knowledge from our own end users and community. Whether it is a question asked at our booth or through a POC, we scope all knowledge so it can be added into our platform. One of our resident PANW experts, Brad Spilde, and I will be demonstrating the complete crowdsourcing lifecycle – from ideation to reality – in our upcoming webinar. I look forward to talking with you all then!

About the author
Charles Kim

Start the discussion at