Resources
OMS Coverage Map
Where Palo Fits in Optiv's Framework
A complete mapping of Palo Alto Networks solutions to the Optiv Market System (OMS) — 10 security domains (including AI Security), every sub-domain, with coverage levels and PA ownership.
What Is the Optiv Market System (OMS)?
The Optiv Market System (OMS) is Optiv's reference architecture and security taxonomy. It organizes the entire cybersecurity landscape into 9 core security domains (plus AI Security as an emerging 10th) — from Infrastructure and Operations to Identity, Risk, and Physical Security.
Optiv uses the OMS during SPL (Strategic Partner Landscape) assessments to map vendor coverage across these domains, identify gaps, and guide technology investments. Understanding where Palo Alto Networks maps — and where gaps exist — is essential for positioning deals through Optiv's framework.
Coverage Legend:
Strong = Primary solution, market-leading fit.
Moderate = Partial or emerging coverage.
Gap = Recognized gap with workaround.
None = No PAN solution.
At a Glance
Coverage Across Key Domains
A quick view of Palo Alto Networks' presence in each OMS domain.
Detailed Mapping
Domain-by-Domain Breakdown
Every sub-domain mapped to PAN solutions, coverage level, and PA ownership.
Infrastructure
StrongNetwork, cloud, endpoint, and OT/IoT security — the foundational layer of any security architecture.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| Network Security | Strata NGFWsNext-Generation Firewalls — hardware and virtual firewalls with ML-powered threat prevention, App-ID, and security subscriptions., Strata Cloud ManagerThe single management console for all Palo Alto network security — NGFWs, SASE, and subscriptions in one pane., Security SubscriptionsAdd-on licenses for NGFWs: Advanced Threat Prevention, DNS Security, WildFire, IoT Security, URL Filtering, and more. | Strong | Ford, Chad, Charles |
| Secure Access / SASE | Prisma AccessCloud-delivered secure access — ZTNA, SWG, CASB, and FWaaS in one service, managed through SCM., SD-WANSoftware-defined WAN with intelligent path selection, app-aware routing, and integrated security., Prisma Browser 2.0Secure enterprise browser with DLP, isolation, and SaaS visibility — replaces VDI for many use cases., App AccelerationOptimizes SaaS app performance (Teams, Zoom, Salesforce) by steering traffic through the fastest path., ADEMAutonomous Digital Experience Management — end-to-end visibility into user-to-app performance. | Strong | Ford |
| Cloud Security | Cortex Cloud 2.0Unified CNAPP + CDR — cloud posture, workload protection, code scanning, and runtime defense. (CNAPP + CDR) | Strong | Chad |
| Endpoint Security | Cortex XDRExtended Detection and Response — endpoint agent for cross-data-source detection, investigation, and response., XSIAM agentUnified endpoint agent combining XDR detection, prevention, and forensics capabilities. | Strong | Charles |
| OT/ICS | K2-SeriesRuggedized firewalls for OT/ICS environments — manufacturing, energy, and critical infrastructure., IoT Security subscriptionAuto-discovers and classifies IoT devices, then enforces least-privilege security policies. | Moderate | Ford |
| IoT | IoT SecurityAuto-discovers and classifies IoT devices on the network and enforces least-privilege policies. subscription, K2-Series | Moderate | Ford |
Operations
StrongSecurity operations center capabilities — detection, response, automation, threat intelligence, and incident management.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| TDR | XSIAMAI-driven SOC platform unifying SIEM, SOAR, XDR, ASM, and ITDR with ML-powered alert grouping., Cortex XDRExtended Detection and Response — endpoint agent for cross-data-source detection, investigation, and response., Advanced Email SecurityAI-powered email security detecting phishing, BEC, and malware — included in XSIAM. | Strong | Charles |
| Orchestration & Automation | AgentiXAgentic AI SOAR — autonomous agents that investigate, triage, and remediate incidents without human intervention., 1,300+ playbooks, MCPModel Context Protocol — enables AgentiX agents to securely communicate with on-premise systems. | Strong | Charles |
| Analytics | XSIAM analytics, XQL, Cortex Data LakeCloud-based data lake centralizing logs and telemetry from firewalls, endpoints, and cloud., Federated SearchQuery data across Splunk, S3, etc. without requiring data migration. | Strong | Charles |
| Threat Intelligence | Unit 42Palo's elite threat intelligence and incident response team., TIM add-onThreat Intelligence Management — aggregates and operationalizes threat intel feeds., WildFireCloud-based malware sandbox detonating suspicious files to identify zero-day threats. | Strong | Charles |
| Incident Response | Unit 42 IR, XSIAM case mgmt, Forensics | Strong | Charles |
| Insider Threat & Fraud | XSIAM ITDRIdentity Threat Detection and Response — detects compromised credentials and lateral movement., UEBAUser and Entity Behavior Analytics — ML-powered detection of anomalous user behavior. | Strong | Charles |
| Digital Brand Protection | XSIAM ASMAttack Surface Management — discovers internet-facing assets to find exposures. + Digital Risk Protection | Moderate | Charles |
| AML | No PAN solution | None | N/A |
| Observability | ChronosphereAcquired for $3.35B. Gartner MQ Leader in observability — metrics, logs, and traces. — Telemetry PipelineChronosphere data routing — filters and routes observability data, 30%+ noise reduction., metrics, logs, traces, 30%+ noise reduction | Strong | Ford, Chad, Charles |
Identity
Strong NewIdentity security across access management, governance, PAM, and lifecycle — powered by the $25B CyberArk acquisition.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| Digital Access Management | CyberArk Identity (SSO, MFA) | Strong | TBD |
| Identity Governance | CyberArk IGAIdentity Governance — automates access reviews and role-based provisioning. | Strong | TBD |
| User/Entity Lifecycle | CyberArk LifecycleFull identity lifecycle — joiner/mover/leaver with automated provisioning., XSIAM ITDRIdentity Threat Detection and Response — detects compromised credentials and lateral movement. | Strong | TBD |
| Identity Orchestration | CyberArk Identity FlowsLow-code identity orchestration across apps and infrastructure., AgentiXAgentic AI SOAR — autonomous agents that investigate, triage, and remediate incidents without human intervention. | Moderate | TBD |
| PAM | CyberArk PAMPrivileged Access Management — vaults, rotates, and monitors credentials. (human+machine+agentic) | Strong | TBD |
| CIAM | CyberArk Customer IdentityCIAM for external/customer-facing identity with adaptive authentication. | Moderate | TBD |
| OCM | No PAN solution (services play) | None | N/A |
Data Protection
ModerateData security and governance — protecting sensitive information across the enterprise.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| Data Security | SASE AI DLPAI-powered DLP delivered through Prisma Access for network-level data protection., Cortex DLP (3.4)DLP in XSIAM 3.4 — prevents sensitive data exposure across endpoints and cloud., NGFW DLPDLP at the firewall — inspects traffic for sensitive data and blocks exfiltration. | Strong | Ford / Charles |
| Data Governance | No direct solution | Gap | N/A |
Application Security
ModerateSecuring the software development lifecycle and application runtime environments.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| Secure SDLC | Cortex Cloud ASPMApplication Security Posture Management — finds risks across code, dependencies, and pipelines., code-to-cloud | Moderate | Chad |
| App Operations & Security | AIRS runtimeReal-time LLM protection — guards against prompt injection, data leakage, and hallucination., Cortex CloudUnified CNAPP + CDR platform for cloud security, workload protection, and runtime defense., WildFireCloud-based malware sandbox detonating suspicious files to identify zero-day threats. | Moderate | Chad |
AI Security
Strong NewSecuring AI models, agents, LLM applications, and the entire AI lifecycle — a new frontier in the security landscape.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| AI Model Security | Prisma AIRS 2.0 — Model scanning (35+ file types, 25+ threat categories), Protect AI Guardian | Strong | Ford, Chad, Charles |
| AI Red Teaming | Prisma AIRS — Automated adversarial testing, prompt injection detection, Protect AI Recon | Strong | Ford, Chad, Charles |
| AI Posture Management | Prisma AIRS — Discover shadow AI, map data flows, model/pipeline inventory | Strong | Ford, Chad, Charles |
| AI Runtime Protection | Prisma AIRS — Real-time LLM guardrails, data leakage prevention, hallucination detection | Strong | Ford, Chad, Charles |
| AI Agent Security | Prisma AIRS + Koi Security (pending) — Identity, tool misuse, and memory manipulation for AI agents | Moderate | Ford, Chad, Charles |
Risk
LightRisk management, compliance operations, and cyber insurance — organizational risk governance.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| Compliance | Cortex Cloud complianceContinuous compliance against CIS, SOC2, HIPAA, PCI and other frameworks., SCM Compliance CentreSCM dashboard tracking posture compliance across managed firewalls and SASE. | Moderate | Chad |
| Risk Governance | No PAN solution | None | N/A |
| Risk Operations | XSIAMAI-driven SOC platform unifying SIEM, SOAR, XDR, ASM, and ITDR with ML-powered alert grouping. Exposure Mgmt, ASMAttack Surface Management — discovers internet-facing assets to find exposures. | Moderate | Charles |
| Cyber Insurance | No PAN solution | None | N/A |
Offensive Security
LightProactive security testing — red teaming, attacker simulation, and readiness assessments.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| Attacker Simulation | AIRS AI Red TeamingAutomated adversarial testing for AI — finds prompt injection and jailbreak vulns., Unit 42Palo's elite threat intelligence and incident response team. | Moderate | Charles |
| Readiness | Unit 42 readiness, XSIAMAI-driven SOC platform unifying SIEM, SOAR, XDR, ASM, and ITDR with ML-powered alert grouping. detection validation | Moderate | Charles |
| OEM Security | No PAN solution | None | N/A |
Privacy
LightPrivacy operations, governance, and regulatory compliance for data privacy mandates.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| Privacy Operations | DLPData Loss Prevention — detects and prevents sensitive data exfiltration., Prisma AccessCloud-delivered secure access — ZTNA, SWG, CASB, and FWaaS in one service, managed through SCM. Browser (mask/block/prevent) | Moderate | Ford |
| Privacy Governance | No PAN solution | None | N/A |
| Privacy Regulations | No PAN solution | None | N/A |
Physical Security
NonePhysical security controls — access control systems, surveillance, and facility protection. No PAN coverage.
| Sub-Domain | PAN Solution | Coverage | PA Owner |
|---|---|---|---|
| All sub-domains | No PAN solution | None | N/A |