Palo Alto Networks’ Nir Zuk on what’s coming in cybersecurity in 2025

This syndicated post originally appeared at Zeus Kerravala – SiliconANGLE.

One of the highlights at Palo Alto Networks Inc.’s the most recent version of its Ignite on Tour event series, this one at its Santa Clara headquarters, was founder and Chief Technology Officer Nir Zuk’s presentation of the cybersecurity company’s 2025 predictions for the security industry.

In the security world, Zuk has a broad following and is never afraid to express his opinions. He has called endpoint detection and response a dead technology and labeled one of his larger competitors “the place acquisitions go to die.” Because of his outspoken style, I was looking forward to hearing what he had to say as security is going through a major transition.

Given the complex cybersecurity landscape, organizations must address longstanding inefficiencies in their security operations centers, or SOCs, and prepare for emerging threats. According to Zuk, 2025 is set to be a pivotal year for transformation. He envisions a future where modernized strategies and advanced technologies redefine operations. Here are some of his key predictions for cybersecurity in the upcoming year:

Measuring and reducing detection and response times

Zuk predicts a significant shift will happen with the widespread adoption of metrics such as mean time to detect, or MTTD, and mean time to respond, or MTTR, as benchmarks for security performance. Many organizations today lack processes to measure these metrics, and the results are alarming. Detection often takes weeks, and response times are measured in days. Cybercriminals have enough time to exploit vulnerabilities, exfiltrate sensitive data, disrupt operations and launch further attacks.

“Adversaries are much more automated nowadays, and it’s effortless for them to try thousands of times to break into your infrastructure in different ways,” Zuk said. “All they need to do is succeed once. If you miss them, they’re in, and the odds are suddenly against you. 2025 will be the year where you will measure MTTD and MTTR.”

This is an interesting prediction, as the security industry has never had any metrics to measure effectiveness. However, metrics are needed to help focus investments. Companies are spending record amounts on cybersecurity, and breaches continue to happen at an accelerated rate. Without metrics, it’s hard to understand where to focus continued investment, so Zuk’s concept has merit. Companies should track MTTD and MTTR.

If these metrics become a standard measure of cybersecurity effectiveness, the SOCs will be able to focus on reducing inefficiencies responsible for slow detection and response times. In addition to measuring the metrics, organizations must invest in tools, processes and strategies to improve them.

The rise of AI-driven SOC architectures

Zuk’s second prediction is that SOCs will need a complete overhaul to lower MTTD and MTTR to acceptable levels — ideally, minutes. The traditional approach to cybersecurity operations, where human analysts are central to detecting and responding to threats using various tools, will no longer be sufficient. Instead, future SOCs will rely on artificial intelligence to handle routine detection and response, with people stepping in for more complex cases.

To make this transition, organizations will need to phase out legacy tools such as security information and event management, or SIEM, endpoint detection and response, or EDR, and security orchestration, automation and response, or SOAR. However, the transition won’t happen overnight. Though 2025 may not see the full implementation of AI-driven SOCs, organizations will adopt these technologies to modernize their cybersecurity operations.

“What’s required is a complete re-architecture,” Zuk said. “We need to move from a SOC where everything is centered around the analysts, and the analyst is being assisted by technology to a SOC that’s being run by machine learning or AI-assisted by humans.”

I’ve long been a critic of SIEM and felt that technology had run its course. The concept of having a single dashboard to collect alerts and help security professionals find vulnerabilities is reasonable, but the reality is that SIEMs push too much data with too many false positives to be useful. Instead, businesses should be looking to AI-driven security tools, such as Palo Alto Networks’ Cortex XSIAM, that can automate the heavy lifting and let security teams focus on remediation.

Consolidating data with unified data lakes

The third prediction is that organizations will move toward a single, consolidated data lake as the backbone for cybersecurity operations. Data is often siloed across multiple systems, creating inefficiencies and increasing costs. A unified data lake will collect information from across the infrastructure — networks, endpoints, cloud services, applications and more — providing a comprehensive dataset for AI-driven SOCs to analyze.

This will have implications beyond SOCs. The same data lake can be leveraged by other cybersecurity functions, such as domain name system security, internet of things security and even cloud security. Furthermore, managing one large dataset is far more cost-effective than maintaining multiple systems requiring separate storage and processing resources. Organizations can reduce redundancies and energy consumption by ingesting, processing and analyzing data in a single instance.

“These are all the good reasons why cybersecurity and all the different cybersecurity functions that need a good amount of data will be migrating towards using a single data lake — starting with SOC and cloud security, and in the future, moving into more and more cybersecurity functions,” said Zuk.

In my opinion, the rise of a unified data cloud is critical to the success of AI in security. In data sciences, there’s an expression, “Good data leads to good insights,” and that’s undoubtedly true. What’s not talked about is that silos of data lead to fragmented insights, so if a company is using dozens of security vendors, each with its own data set, that will significantly limit the effectiveness of AI. Platformization is the right strategy as it leads to a unified data lake which will result in better AI.

Preparing for the quantum computing threat

As a bonus, Zuk made an additional prediction about quantum computers. He said that though they are not expected to pose an immediate threat to encryption in 2025, organizations must consider long-term risks. Cybercriminals could potentially record encrypted data today and decrypt it years later using advanced quantum technology. This raises the need for forward-looking strategies, including the adoption of post-quantum encryption.

“If your organization cares about it, then maybe it’s time to start doing the math of when to deploy post-quantum encryption, which means it resists the current known attacks against cryptography,” he said. “So it would be best if you started thinking: when is the right time to deploy it such that your data will remain secret in the future.”

The timeline for adopting post-quantum encryption will vary by organization. Those handling highly sensitive data may choose to act immediately, while others may delay until quantum computers become a clearer threat.

There’s still some uncertainty about the effectiveness of post-quantum algorithms. Although these algorithms are designed to withstand quantum attacks, there’s no guarantee that they will remain secure against emerging decryption methods. Organizations should evaluate risks and update their encryption strategies as new technologies emerge.

Only time will tell if Palo Alto Networks’ predictions will come true, but I’ve talked to more than enough security professionals to say that security needs to evolve and modernize. As I said earlier, businesses continue to fall behind despite spending record amounts on security tools. Staying with the status quo has not worked and will not work. Every organization should strive for a security platform as the foundation for an AI-driven SOC with metrics to help guide the team.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.