Sell
PAN Translator
What They Say → What We Solve
Map customer pain points to Palo Alto Networks platform capabilities in seconds. The cheat sheet for every discovery call.
Quick Scan
Customer Problem → PAN Solution
Scan in 5 seconds. Find the customer's pain on the left — follow the row to see which platform pillars address it.
| Customer Says… | Strata NGFW | Prisma SASE | XSIAM | Cortex Cloud | Prisma AIRS | Identity | Observability | AgentiX |
|---|---|---|---|---|---|---|---|---|
| "We have too many security tools" | ★★★ | ★★★ | ★★★★ | ★★★ | ★ | ★★ | ★★ | ★★★ |
| "Our SOC can't keep up with alerts" | ★ | ★ | ★★★★ | ★ | — | ★ | ★★ | ★★★★ |
| "Remote users are on legacy VPN" | ★★ | ★★★★ | ★ | — | — | ★★ | — | ★ |
| "We're moving to multi-cloud" | ★ | ★★ | ★★ | ★★★★ | ★★ | ★★ | ★★★ | ★★ |
| "Firewalls are end-of-life" | ★★★★ | ★★ | — | — | — | — | — | — |
| "We're deploying AI / LLMs" | ★★ | ★★ | ★★ | ★★ | ★★★★ | ★ | ★ | ★★★ |
| "Privileged accounts are unmanaged" | — | ★ | ★★ | ★ | — | ★★★★ | — | ★★ |
| "Our MTTR is measured in days" | — | — | ★★★★ | ★★ | — | ★ | ★★★ | ★★★★ |
| "We can't see what's in our cloud" | — | ★ | ★★ | ★★★★ | ★ | ★ | ★★★ | ★★ |
| "SIEM costs are out of control" | — | — | ★★★★ | — | — | — | ★★ | ★★★ |
| "We need browser-level DLP" | ★ | ★★★★ | ★ | — | ★★ | ★ | — | — |
| "Observability & security are siloed" | ★ | ★ | ★★★ | ★★ | — | ★ | ★★★★ | ★★★ |
Drill-Down
What PAN Says vs. What Customers Hear
Click any pillar to see how to translate PAN messaging into customer-relevant language — and the deal reality behind it.
Network / Strata
"ML-powered NGFW with App-ID, FE400 ASIC, and integrated security subscriptions managed through Strata Cloud Manager."
"Another firewall vendor trying to sell me expensive hardware I'll have to replace in 4 years."
Lead with TCO, not features. HW refresh cycles are 4-5 years. The real play is showing that the PA-series + SCM Pro + security subscriptions replace 3-4 point products (FW + IPS + URL + DNS + IoT). Position the NGFW as the on-ramp to the full platform — not the destination.
SASE / Prisma Access
"$1.5B+ ARR SASE platform with ZTNA 2.0, AI-powered DLP, App Acceleration, Browser 2.0, and SD-WAN — all in one agent."
"Sounds expensive. We just want to replace our VPN and maybe add some web filtering."
Start with GlobalProtect migration. GP → Prisma Agent is the lowest-friction entry. Show them the Browser 2.0 demo — IT and procurement teams love the SaaS visibility. Once the agent is deployed, expanding to ZTNA 2.0 and full SASE is an upsell conversation, not a new sale.
XSIAM / SecOps
"AI-driven SOC platform replacing SIEM, SOAR, XDR, ASM, and ITDR. $0.5B+ ARR, 600+ customers, 60% achieve MTTR under 10 minutes."
"We just renewed our Splunk/Sentinel contract. We're not ripping that out anytime soon."
Don't fight the renewal. Flank it. Position XSIAM as the next-gen layer on top. Start with XDR endpoint data, add cloud telemetry, then ask: "What would it take to retire your SIEM when that contract ends?" Plant the seed 12-18 months early. The $1M avg ARR per customer makes this worth the long game.
Cortex Cloud / CNAPP
"Unified CNAPP + CDR with code-to-cloud visibility, SmartScore, autonomous AI agents, and runtime protection."
"We already have Wiz for posture. We're good on cloud security."
Wiz doesn't do runtime. Agentless-only CSPM is a snapshot — not protection. Lead with CDR (Cloud Detection & Response) and runtime enforcement. Show the gap: "What happens between your Wiz scans?" Then layer in the platform story — Cortex Cloud + XSIAM = cloud telemetry feeding the SOC natively.
Prisma AIRS / AI Security
"AI Runtime Security with model scanning, red teaming, posture management, and runtime protection. 100+ customers, nine-figure pipeline."
"We're still figuring out our AI strategy. It's too early for AI security."
Shadow AI is already in their environment. Employees are using ChatGPT, Copilot, and custom LLMs whether IT approved them or not. Lead with discovery: "Do you know how many AI apps your users are accessing today?" The Protect AI acquisition gives PAN model-level security no one else has.
Identity / CyberArk
"$25B CyberArk acquisition. PAM for human, machine, and agentic AI identities. The identity pillar completes the platform."
"We already have an identity vendor. CyberArk is just PAM — we need more than that."
Machine identities are the blind spot. Most customers have human PAM covered but zero governance over service accounts, API keys, and AI agent identities. Lead with: "How many non-human identities do you have?" The answer is always 10-50x more than human accounts. CyberArk + XSIAM identity telemetry is the cross-sell.
Observability / Chronosphere
"Gartner MQ Leader in observability. Telemetry Pipeline reduces data volumes 30%+. Metrics, logs, traces — all cloud-native."
"We have Datadog. Observability isn't a security problem."
Datadog costs are the real pain. Customers are getting crushed by Datadog's per-host and custom metrics pricing. Chronosphere's Telemetry Pipeline can sit in front of ANY backend and cut costs 30%+. Start there. Then show how Chronosphere + XSIAM bridges the ITOps/SecOps gap — one telemetry plane for both teams.
Cortex AgentiX
"Agentic AI workforce trained on 1.2B playbook executions. 6 prebuilt agents. 98% MTTR reduction. No-code builder with MCP support."
"AI hype. Our team doesn't trust automated remediation — too risky."
Start with investigation, not remediation. Most SOC teams are drowning in Tier-1 triage. Position the Threat Intel and Email Investigation agents first — they investigate and recommend, humans approve. Once trust is built, expand to autonomous remediation. The 1.2B execution dataset is the moat no competitor can replicate.
Platform Architecture
Seven Pillars, One Data Lake
Every pillar feeds telemetry into a shared data model. More pillars deployed = exponentially better detection, faster response, and lower cost.
Network
Strata NGFWs, SCM Pro, Security Subscriptions
SASE
Prisma Access, SD-WAN, Browser 2.0
SecOps
XSIAM: SIEM + SOAR + XDR + ASM
Cloud
Cortex Cloud CNAPP + CDR
AI Security
Prisma AIRS + Protect AI
Identity
CyberArk PAM + IGA
Observability
Chronosphere Metrics, Logs, Traces
All telemetry converges. Cortex AgentiX agents operate across the full dataset — correlating network, cloud, identity, and observability signals in real time.
Hidden Value
Embedded Capabilities Customers Miss
Features already included in platform licenses that customers often don't realize they have — or are paying separately for elsewhere.
Threat Prevention
- Advanced WildFire sandboxing (included in NGFW subscriptions)
- Inline ML for zero-day prevention — no signatures needed
- DNS Security blocks C2 before payload delivery
- IoT Security discovers & classifies unmanaged devices
SOC Automation
- XSIAM includes SOAR — no separate purchase needed
- ASM (Attack Surface Management) built into the platform
- ITDR for identity threat detection — no add-on
- 1,100+ pre-built integrations via Cortex Marketplace
Management & Ops
- SCM Pro: AIOps, ML policy optimizer, unlimited logging
- ADEM for digital experience monitoring (included in SASE)
- Panorama → SCM migration path at no extra cost
- Single-pane visibility across all firewalls + SASE
Data & Visibility
- Chronosphere Telemetry Pipeline reduces noise 30%+
- Cortex XDL 2.0 ingests 15+ PB telemetry daily
- XQL (Cortex Query Language) — unified query across all data
- App-ID identifies 3,500+ apps, not just ports/protocols
AI & Automation
- Cortex AgentiX agents available in XSIAM and Cortex Cloud
- AI Canvas for visual policy design (in SCM Pro)
- Copilot natural-language interface across the platform
- MCP (Model Context Protocol) server for custom integrations
Licensing Leverage
- EA/ELA customers get SCM Pro at no additional cost
- Platformization discounts for multi-pillar commitments
- Prisma Browser included for all SASE customers (9M+ licenses)
- Credit-based flex licensing — shift between products as needed
Cheat Sheet
Discovery Question → Lead Product
Use these openers on any call. Each question naturally leads into a specific platform pillar.