NYSE-listed cybersecurity company Palo Alto Networks Europe, Middle East and Africa CEO Helmut Reisinger has said the company will continue to invest in its technical and services capabilities in South Africa as part of its continued investment in Africa.

The company has identified a strong dynamic for the provision of cybersecurity services for businesses, industries and governments on the African continent and has developed growth plans for Africa.

Palo Alto has been building up its team and capabilities in South Africa under Anglophone sub-Saharan Africa MD Justin Lee and has partnered with hyperscale cloud companies to be ready to provide its services in the country.

The company was also engaging with government departments on cybersecurity and protecting critical infrastructure. Some departments have already asked it to provide advice and recommendations on several issues forming part of the country's move towards e-government systems, Lee reported.

The local investments matched those made in Nairobi, in Kenya, and Lagos, in Nigeria, as part of this strategy, Reisinger added during Palo Alto's yearly Ignite tour customer engagement event in Midrand on February 26.

African companies and countries were targeted by the same cybersecurity threats and attacks that other countries faced, said Lee.

African businesses, industries and governments had to deploy digital technologies to provide the services demanded of customers and citizens, but had to do so securely for these to be sustainable and effective, he added.

The threats organisations faced were being accelerated by the use of AI tools that enabled threat actors to create customised ransomware programmes within 25 minutes, compared with four days a few years ago, Palo Alto VP and chief security officer Haider Pasha pointed out.

However, AI is similarly boosting cybersecurity, with about 70% of customers using Palo Alto's customer security operations solution achieving a meantime to detect and respond to cyberthreats of less than 15 minutes.

“This is necessary. Traditionally, a few years ago, it would take about two to three weeks for a threat actor to build up an understanding of a specific vulnerability and build a customised code to exploit it.

“Currently, one-third of vulnerabilities are being exploited within 24 hours owing to the use of AI tools and capabilities by threat actors,” he illustrated.

The barriers to entry for creating an attack on an organisation had also been reduced. Attackers no longer required sophisticated environments and were using tools available on the Dark Web and generative AI programmes to attack organisations, said Pasha.

However, Palo Alto has been using machine learning, which identified patterns within datasets, and AI in its cybersecurity research and systems for the past 13 years, said Pasha.

In response to a query, Reisinger explained that the company's use of AI was centred around automation and analysis and that all responsibility remained with personnel and in their control.

The use of AI in security operations centres is enabling faster detection and response, and the automation allows the cybersecurity teams to focus on strategic and priority work and novel anomalies to create responses to.

Some estimates showed that the use of AI tools saved individual team members between five and ten hours of work a week, noted Pasha.

Further, part of Palo Alto's goal in South Africa and its other African territories was to provide companies with what it termed 'platformisation', which involved a company moving from using disparate security solutions and tools to using Palo Alto's platform to manage all the tools and solutions across an organisation, said Reisinger.

Some security operations centre teams in South Africa have to manage and secure up to 57 different digital tools from 16 vendors for their organisations, said Palo Alto South Africa technical solutions manager Adriaan Joubert.

Each of these tools may be the best-in-breed, but monitoring and patching such a diverse set of digital tools for a range of different corporate functions reduced the speed at which security teams could respond while greater speed was required to defend organisations, he said.

The average time from an organisation's network being compromised to data being exfiltrated or an attack being launched had been nine days several years ago.

The current average was about one day to compromise and then exfiltrate data or launch an attack, with the shortest time detected thus far being 72 minutes, said Reisinger.

Additionally, digital identity was the new frontier in cybersecurity, with about 90% of incidents Palo Alto investigated in the past year having been the result of victims' identities being stolen and used to launch an attack, said Pasha.

The explosion of digital identities is one of the emerging challenges that organisations and their cybersecurity teams have to contend with.

Current estimates show that the ratio of digital identities for virtual machines and digital processes compared to digital identities for people is 82-to-1 machine identities to every one used by a human.

With the rise of agentic AI systems, which acted as semi-autonomous agents and would have short- and long-term storage and reasoning capabilities, this was expected to increase to potentially thousands of digital identities for machines compared with those for people within the next few years, he said.

Palo Alto's platformisation was aimed at reducing these complexities for organisations, and a key benefit of consolidation for organisations was that it created a single data lake for an organisation, said Lee.

“A single data lake for cybersecurity telemetry also leads to better security outcomes and raises the resilience of an organisation. Cybersecurity is a data issue and needs to be real-time,” said Reisinger.

“We continue to invest strategically in Africa as a promising growth area. We aim to secure work with large organisations and companies, help them to reduce the noise and partner with them for the long-term,” said Lee.