In a recent episode of Cyber Dialogues, Bruce Byrd, Executive Vice President and General Counsel at Palo Alto Networks, shared valuable insights on the evolving cybersecurity landscape. From the critical role of public-private partnerships to the impact of AI on cyber defense, Byrd's perspective offers cybersecurity leaders a strategic framework for navigating today's complex threat environment.
The Mission-Driven Nature of Cybersecurity
For Byrd, cybersecurity isn't just another industry; it's a mission-critical function that helps protect economies and national security in an increasingly threatening landscape:
What Palo Alto Networks does is as fundamentally important as anything I've ever done in my career. We are on the frontlines of really defending economies, defending people's livelihoods and societies’ critical infrastructure. We are also part of the national security apparatus in many ways.
And this mission has never been more crucial. The accelerating pace of evolving threats – ransomware, supply chain attacks and high-profile vulnerabilities, like SolarWinds and Apache Log4j – has placed enormous pressure on security teams across both public and private sectors. Government agencies face particular challenges as they embark on ambitious digital transformation journeys while confronting staffing shortages and increasingly sophisticated threat actors, who are investing heavily in machine learning, automation and artificial intelligence.
Cybersecurity as a Core Governance Responsibility
Byrd offers pointed advice to general counsels and board members – stop thinking of cybersecurity as someone else's problem:
Don't think of cybersecurity at whatever organization you work at as somebody else's problem or responsibility. One of the errors that organizations continue to make, particularly corporations, is they think of cybersecurity as a systems issue and an IT issue and that 'the IT team has it covered.' Actually, cybersecurity is fundamental to any assessment of a corporation's risk.
General counsels should take ownership of cybersecurity as part of their core responsibilities and help ensure boards are regularly informed about cybersecurity risks.
The Evolving Policy Landscape
As the geopolitical environment changes and cyber incidents increasingly impact critical infrastructure, understanding the policy priorities of the new U.S. administration will be critical for security professionals worldwide. When asked about these priorities, Byrd offered a perspective that crosses political divides:
I believe that if you look back over past years and multiple presidential administrations in the U.S., cybersecurity policy tends to be one of the less partisan issues in the United States. And I think for good reason. There's a recognition that cybersecurity is part of the frontline, whether it's national security or economic security . . . we have to be careful about that and make thoughtful decisions.
This bipartisan approach stems from widespread recognition that cybersecurity underpins both national security and economic prosperity. Byrd further explains this continuity:
I've seen throughout administration[s]...regardless of the political party, there is an appreciation of the importance of cybersecurity and the support for a policy approach that ensures continued prioritization. Let's continue to innovate through robust competition to get the best possible solution.
This continuity of focus across administrations provides some stability for organizations developing long-term security strategies, even as specific regulatory approaches may evolve. For allies, like Australia and others in the Indo-Pacific region, this consistency reinforces the importance of international cooperation on cybersecurity standards and threat intelligence sharing.
Government's Dual Role
Byrd divides government involvement in cybersecurity into two categories: deploying solutions to help protect government systems and establishing standards and requirements for private sector cybersecurity. While there's broad recognition of cybersecurity's importance, he worries governments aren't moving fast enough:
I don't believe that the cycle of innovation, employing new technologies and moving quickly aligns with legacy government procurement practices. If governments adopt innovative technologies at the same pace over the next 10 years that we’ve observed over the last 10, we’re sadly going to fall behind.
The AI Opportunity and Risk Balance
Byrd emphasizes that discussions about AI often focus too heavily on risks while overlooking the risks of not investing in the technology:
Every day, we see up to 8.95 million new cyberattacks that did not exist the day before. If we were doing this interview just eight months ago, that number would've been a million and a half.
This dramatic increase demonstrates that attackers are rapidly adopting innovative technologies, creating an urgent need for defenders to leverage AI and other advanced tools to keep pace.
Principles Over Prescriptions
When it comes to regulating AI, Byrd advocates for a principles-based approach, stating, “If it were up to me, guardrails and principles over directions are preferred… as opposed to very specific regulatory schemes."
Byrd cautions that prescriptive regulation often stems from fear rather than optimizing for innovation:
Prescriptive regulation is built from this concept that AI is something to be worried about. It's perfectly appropriate to ask all the million questions that AI raises, but there’s a problem if this prevents us from asking this: What is the risk if we don’t aggressively leverage AI?
The Platform Imperative — Transforming Security Operations
Perhaps most emphatically, Byrd asserts that platformization will be transformative for cybersecurity. The days of deploying dozens of disconnected point solutions are coming to an end:
I honestly don't think we can overstate the impact of platformization for cybersecurity over the coming years. You have organizations throughout the world that have 10, 20, 30, sometimes 80 different cybersecurity solutions that might have worked when the threat environment was less complex. Those days are over.
Modern security operations centers need platformization because traditional fragmented approaches can't match the speed and sophistication of today's cyberattacks. Platform approaches deliver several key advantages:
- Outcome-Focused Measurement: "A platform approach is inherently and maniacally outcome-focused. We are going to provide a better outcome that is very measurable."
- Value and Efficiency: "Looking at raw dollars is the wrong approach because what you're really looking at is how much value are you getting from the deployment?"
Lets get rid of all of these more simplistic solutions that don't talk to each other and replace them with an integrated system where all the data is available to the cyber defenders at every minute of the day.
An integrated platform delivers measurable operational benefits – reduced manual workload through automation, faster threat detection and response, and lower total cost of ownership by consolidating tools and reducing complexity.
Final Thoughts
As cyberthreats multiply at an unprecedented pace, security leaders must advocate for integrated, AI-powered platforms that deliver measurable outcomes. They need to balance regulatory compliance with innovation, enabling their organizations to defend against increasingly sophisticated attacks.
The dramatic increase in new attacks detected daily because of the power of AI (from 1.5 million to up to 8.95 million in just eight months) makes it clear that platformization isn't just a strategic option; it's becoming an operational necessity. By embracing these insights, cybersecurity professionals can better position their organizations to meet today's challenges while preparing for tomorrow's.
About Cortex XSIAM
Cortex XSIAM® is the AI-driven security operations platform for the modern SOC, harnessing the power of AI to simplify security operations, stop threats at scale and accelerate incident remediation. Reduce risk and operational complexity by centralizing multiple products into a single, coherent platform purpose-built for security operations.
XSIAM unifies best-in-class security operations functions, including EDR, XDR, SOAR, ASM, UEBA, TIP, and SIEM. XSIAM centralizes all of your security data and uses machine learning data models designed specifically for security. With XSIAM, automate data integration, analysis and response actions, thus enabling analysts to focus on the incidents that matter. Learn more about Cortex XSIAM.
Schedule your personal demo today!