Palo Alto Networks and Beyond Identity's Strategic Partnership

Kurt Johnson, Chief Strategy Officer and Head of Alliances, looks at the Palo Alto Networks and Beyond Identity partnership and how they work together to help you achieve zero trust.


Hi, I'm Kurt Johnson, chief strategy officer and head of strategic partnerships and alliances here at Beyond Identity, and I'm really excited to be talking to you today about the partnership between Beyond Identity and Palo Alto Networks, and the integration of Beyond Identity's passwordless phishing-resistant zero trust authentication platform and Palo Alto Prisma SASE Zero Trust Network Access Solution. 

Together, we bring the best of both worlds from a network-centric and identity-centric zero trust to help our customers on this journey. When we talk about zero trust, we're really talking about enabling upon access request, the verification, authentication, authorization, and monitoring of that access, and pulling together the appropriate risk signals so that we have true assurance and confidence that we know who and what is gaining access. 

And a big piece of that is a network-centric view of zero trust, of which Palo Alto is the leader, and Prisma SASE is one of the leading ZTNA solutions. And really what ZTNA and Network Centric zero Trust is about is how to really modernize the infrastructure for secure networking and connectivity in today's cloud-centric hybrid workforces. 

That users can gain only the access they need by bringing in identity and policy inputs to ensure efficient and secure connectivity to applications, whether they're accessing them from the office, from home, or on the road, and that that access is secured and efficient, but also providing visibility to monitor that on an ongoing basis. 

You combine that with an identity-centric view of zero trust, which is historically focused on who is gaining access. Who is the identity? Whether that's a human identity or a machine identity, is it authorized? 

Do we know what role they play and what level of access they should have to those applications and resources based on that role, based on the activity, based on the risk profile of the applications and data? And how do we have the highest level of assurance that we know exactly who that individual is and what they're authorized to do? 

There's also an aspect of this, which is device-centric view of zero trust. We like to say Kurt has access to Salesforce or Kurt has access to the network, but the reality is it's the device I'm on. And we certainly hope we understand who is on the other end of that device, but equally important is understanding is that an authorized device? 

Does that device carry any risks or threats with it? And is it authorized to access those resources and data as well? The sweet spot of all of this is in the middle here, where we can bring all those different aspects together, which is the cornerstone behind Beyond Identity and Palo Alto Networks building this level of integration. 

And really, the basis and strategy behind Beyond Identity and our phishing-resistant passwordless zero trust authentication solution that provides the ability of understanding who, but also what is gaining access to our critical resources and data. And we do this by cryptographically binding the identity and the device together to provide that highest level of assurance and trust. 

We know who that individual is and whether that's an authorized individual to access these resources, we understand which device because it's cryptographically bound to them, so we know it's an authorized device, but we'll actually capture the device security posture information. And we do this by placing a private key in the Secure Enclave TPM of that device, which manages that cryptographic binding, signs that against the public key when trying to gain access, and we pull that device security posture information through integration with leading IDP single sign-on solutions like Ping, Okta, ForgeRock, Microsoft and others to enable access to the variety of different applications and resources people need access to. 

But we also know many of our customers. To provide greater visibility and connectivity for those users regardless of where they're accessing from, are investing in solutions like Palo Alto Networks, Prisma SASE, which has been recognized as a market leader by analysts and others for providing Zero Trust Network Access. 

And through our integration, we've ensured that we can provide that high level of assurance and authentication into a Palo Alto network environment, whether it's sitting behind an IDP or directly to the Palo Alto network, and again, to all the resources and applications that Palo Alto is protecting and securing. 

Providing continuous visibility into that traffic, but ensuring at the point of authentication we know exactly who and what is gaining access. Equally important is knowing that authentication and true Zero Trust Authentication is not a one-and-done event. 

We provide continuous monitoring of that device to ensure it stays within policy. Perhaps I logged on, but then I turned off my firewall, or I jail-broke the device, or some outside threat came onto that device. By detecting that, we can take immediate action to notify Palo Alto, and Palo Alto can actually disconnect the session when something falls out of policy. 

That will require that user to re-authenticate, and they will not be able to get access again unless that device has been brought back within policy. Together, Beyond Identity and Palo Alto can again bridge this gap and bring the best of both worlds together. 

Combined, we offer the significant value to our customers to hide applications on the public internet, only provide visibility and access to authorize users taking signals of the identity and the device, to provide that connectivity and monitor that on an ongoing basis. This is what we mean by zero trust authentication, bringing together the best of network-centric, identity-centric, and device-centric zero trust to ensure you have the highest level of assurance and trust on who's gaining access to your important and critical resources, applications, and data. 

We look forward to working with you together to bring this vision and this journey to your organizations. Thank you very much.