Palo Alto Networks Application Framework
Palo Alto Networks Application Framework
The Palo Alto Networks® Application Framework unleashes a consumption model based in software as a service, or SaaS, that allows customers to dynamically engage apps to solve a nearly boundless number of the most challenging security use cases with the best technology available. The framework extends the capabilities of the Security Operating Platform through a suite of application programming interfaces, or APIs, developers can use to connect apps with rich data, threat intelligence and enforcement points. The Application Framework enables developers to innovate and bring their products to market more quickly while taking advantage of a customer community with a population of more than 50,000.
Figure 1: Palo Alto Networks Application Framework
Customer Benefits
Consuming cybersecurity innovations has become nearly impossible. Teams spend more time testing, integrating and operating disconnected tools than stopping threats. Investments feel endless as organizations continue to deploy point products that don't work with what they already have. Data needed to fuel analytics is dispersed across multiple tools and formats, limiting its effectiveness. Organizations waste time deploying new sensors every time they want to collect a new piece of data as well as managing point products rather than improving security controls to stay ahead of attackers.
The Application Framework enables customers to consume security innovations quickly and efficiently. Customers can use apps for detection, analytics, automated prevention and rapid response, extending the value of their existing investment in Palo Alto Networks.
Customers can take advantage of the Application Framework to add new capabilities that build on their existing investments in the Security Operating Platform. They can focus on preventing successful cyberattacks using innovative apps, whatever their security needs.
Developer Benefits
Developers can exponentially improve time to market for new products by developing apps, compressing a process that took years down to months. Building for the framework is easy, letting providers focus on delivering security value as SaaS apps, not data collection or enforcement infrastructure. Teams use framework services, including software development kits, or SDKs, and APIs to streamline app creation. Security innovators can:
- Reach a marketplace of more than 50,000 Palo Alto Networks customers without having to develop, sell or deploy additional hardware.
- Get access to a massive data lake organized for analytics to train machine learning algorithms.
- Increase development velocity with Application Framework services and a SaaS-based consumption model.
| Application Framework Developer Benefits | |
| Bring new security capabilities to market faster | + |
| Reach a marketplace of more than 50,000 customers | + |
| Access to development licensing | + |
| Access to Developer Relations | + |
| Access to Palo Alto Networks community support | + |
| Palo Alto Networks partner account manager | + |
| Application validation | + |
| Product updates | + |
| Access to online training | + |
| TSANet customer support | + |
| Listing on Cloud Services portal | + |
| App Launch support | + |
| Palo Alto Networks logo on joint collateral | + |
| Opportunities to sponsor Fuel User Group | + |
| Social media blogging on partner's blog | + |
| Joint case study/customer reference | Based on approval |
| Access to press release template to announce new applications | Based on approval |
| Opportunities to showcase application at Palo Alto Networks Ignite Security Conference | Based on approval |
Figure 2: Benefits open to Application Framework developers
Program Requirements
Developers who want to create apps for the Application Framework must meet minimal requirements to be part of the program, as shown in Figure 3.
| Application Framework Developer Requirements | |
| Mutual NDA | + |
| Technology Partner Agreement and Program Addendum | + |
| Complimentary TSANet membership for joint support | + |
| Background check | + |
| Security validation and developer security assessment questionnaire | + |
| Application submission and validation | + |
| Code review or certification when requested | + |
Figure 3: Requirements for Application Framework developers
Use Cases
Apps gain access to data organized for analytics across the cloud, network and endpoint. Information is specific to your customer's environment or sourced from a global community of users, maintaining privacy while delivering value from shared intelligence. Key use cases the Application Framework supports include:
- Analytics and machine learning on rich data, which gives the right insight and context to stop attacks.
- Automated enforcement of security policy across the endpoint, network and cloud, including third-party threat intelligence.
- Security orchestration and automation to replace manual steps in analyst workflows so that teams can easily gather relevant data surrounding an incident to speed response efforts.
- Event and activity visualization to explore threat data, correlate it and guide the most effective actions.
Figure 4: Application Framework ecosystem
Figure 5: Application development timeline
Joining the Application Framework
The Application Framework is an open ecosystem of apps built by partners and customers. Submit an application today to join our developer ecosystem. Our simple onboarding process provides you with the tools you need to quickly build apps and launch them on our Cloud Services portal.
Application Framework Development Resources & Education
Application developers have access to development resources, including APIs, SDKs, videos, documentation and licensing, to build applications. The Application Framework wiki on GitHub® includes full documentation on how to deploy the Application Framework in a lab as well as how to interact with the APIs. The Palo Alto Networks Cloud Python SDK, or pancloud, was created to assist developers with programmatically interacting with the Application Framework. If questions arise, our development relations team is here to help you, as are members of our active user community and dedicated Slack® channel.
In addition, Palo Alto Networks offers an array of self-paced e-learning courseware covering our products, technology and security offerings. This courseware is offered on demand and free of charge. All you need is an account on the Palo Alto Networks Learning Center.
Figure 6: TSANet support flowchart
Support Policy
If a customer has a support issue with an integration or an application on the Application Framework, the developer partner and Palo Alto Networks will each make commercially reasonable efforts to troubleshoot the issue or issues the customer identifies to determine if the source of the problem is related to the partner's product or a Palo Alto Networks product.
If the partner's technical support organization reasonably determines the source of the problem is a Palo Alto Networks product, the partner will instruct the customer to contact Palo Alto Networks for support.
If Palo Alto Networks technical support organization reasonably determines the source of the problem is the partner's product, Palo Alto Networks will instruct the customer to contact the partner for support.
Each party may, at its sole discretion, require such customer to have an active technical support agreement in place for the affected product. Each party shall use its own then-current published customer support response times to fulfill its respective obligations herein.
If an issue needs joint troubleshooting, Palo Alto Networks and members of the Technology Partner Program and Application Framework are part of TSANet and can coordinate support via TSANet membership.
TSANet is a not-for-profit global alliance consisting of hundreds of companies working together to improve their shared customers' support experiences. Palo Alto Networks has chosen TSANet as a two-way collaborative mechanism for mutual customer support escalations. TSANet provides a neutral site from which to view and update collaboration and escalation information. Case Exchange provides the ability to collaborate with Palo Alto Networks and your support organization.
Trust, Security & Privacy
Maintaining the security and privacy of our customers' data is our top priority. The Application Framework ensures the privacy of customers' data by limiting access to customers' authorized apps, which customers can revoke at any time. The AutoFocus™ contextual threat intelligence service, Logging Service, WildFire® cloud-delivered malware analysis service, and Cloud Services portal infrastructures are secured with industry-standard best practices for security and confidentiality, including rigorous technical and organizational security controls.
Logging Service and WildFire are SOC 2 Type II certified annually, with reports available for distribution. Key security controls include data encryption. As part of the Cloud Services portal, customers authenticate to apps using single sign-on, including two-factor authentication. You can find additional information on personal data processed by Palo Alto Networks products in the applicable privacy datasheets.
Palo Alto Networks Application Framework partners are required to participate in a diligence questionnaire and a background check before their applications will be posted on the Cloud Services portal.
Privacy
As part of joining the Application Framework, we require Palo Alto Networks Application Framework Partners to maintain compliance with the minimum privacy requirements outlined in this Program Guide. Palo Alto Networks Application Framework Partners and their personal data processing may need to comply with additional privacy restrictions if required by applicable law. The minimum privacy requirements are detailed here.
Transparency
Partners must be transparent about how they handle customer data. This includes providing a link to a privacy notice that customers can review before purchasing the app. The privacy notice must not modify, supersede or be inconsistent with this Program Guide. It must comprehensively disclose how the app collects, uses and shares customer data, including the categories of parties with whom the data is shared. Partners must comply with their privacy notice, including by limiting use of the data to the activities and purposes described in the notice. Partners must provide a readily available method by which to contact them with privacy inquiries.
Partners must clearly and accurately disclose the legal basis for requesting and processing customer data.
Data Minimization
Apps should only request access to customer data relevant to the core functionality of the app, and should collect and use only the data necessary to accomplish the purpose of the app.
Access & Support
Apps must respect the customer's app settings and not attempt to induce or force customers to consent to unnecessary data collection or access. Partners must provide meaningful customer support for their app and make it easy for customers to contact them.
Data Use & Sharing
Unless otherwise permitted by customer and applicable law, and unless properly covered by adequate privacy notice, Partners may not use, transmit or share customer data. Partners must provide access to information about how and where the data will be used.
Data Retention
At a customer's request, Partners must delete or return to Palo Alto Networks all data specific to that customer received through the Palo Alto Networks Application Framework unless required to keep it under applicable law.
Third-Party Data Sharing
Partners must not share customer data with any third parties in connection with the Application Framework unless the third party signs a contract to: (a) protect any customer data obtained through the Application Framework with terms that are at least as protective as the terms and policies of this Guide and the Technology Partner Program Agreement, (b) limit the third party's use of that customer's data solely to using it on Partner's behalf to provide services relevant to the app, and (c) keep the data secure and confidential.
Partners must not directly or indirectly transfer any data received through the Palo Alto Networks Application Framework, including anonymous, aggregate or derived data, to any ad network, data broker, or other advertising or data monetization-related service.
If Partner is acquired by or merges with a third party, it can continue to use customer data only within the app.
Cross-Border Data Transfers
Partners will adopt an adequate legal data transfer mechanism as well as ensure compliance with applicable data transfer and localization laws and regulations before transferring any data across borders.
Security
As part of joining the Application Framework, we require our developers to go through a security vetting process.
In addition to going through the Security Validation and Security Assessment Questionnaire, each app should implement appropriate security measures to ensure proper handling of customer data collected and processed pursuant to the Application Framework as well as to prevent its unauthorized use, disclosure or access by third parties. Additionally, all transmissions of user data must use modern cryptography, and app interactions with the platform must use HTTPS.
Palo Alto Networks may remove from the Application Framework any app associated with a security vulnerability that could be exploited to compromise another application, device, network or service. This includes apps that:
- Contain viruses, Trojan horses, malware, spyware and any other malicious software.
- Promote or facilitate the distribution or installation of malicious software.
- Use data obtained through the Application Framework to provide tools used for surveillance.
Palo Alto Networks will also remove apps that interfere with, disrupt, damage or access in an unauthorized manner customer computers, servers, networks, APIs, services or other apps; any Palo Alto Networks product or service; or the Application Framework.
App Launch Support
At an application's time of launch, Application Framework partners will have access to press release and brief templates as well as social media enablement to support the launch of the application. In addition, partners will have sponsorship opportunities with the Fuel User Group. Sponsorship opportunities include the ability to reach an active user community online, such as via webinars, as well as at local chapter meetings or regional summits.