Norlem secures complex networks for users across hybrid and cloud environments

Following workloads to the cloud Among Norlem’s customer base, an almost universal issue was cloud security—i.e., the introduction of blind spots and vulnerabilities accompanying cloud migration. With its reduced visibility and increased complexity, cloud security was challenging for Norlem analysts, too. For virtual machine workloads, the VM-Series Firewall bridged the gap by bringing the same security policies, deep packet inspection, and familiar experience to AWS, Azure, and GCP. VM-Series opened new levels of visibility, including insights into where virtual machines were getting updates and what those updates contained.

For non-VM workloads, a new challenge emerged: Many cloud services operate on the provider’s back-end infrastructure, never touching the VM layer. Services like managed databases, serverless functions, and content delivery networks became security blind spots. Enter Cloud NGFW, which enabled the layer-7 inspection of traffic flowing entirely within the cloud back-end fabric. “It has provided us with a way to get back-end data from public cloud providers that’s otherwise inaccessible,” explains Bobby Brillhart, VP of Engineering. “There’s no other way to get that.”

Beyond the security advantages, Palo Alto Networks software firewalls delivered dramatic operational improvements for Norlem’s cloud security practice. Deploying a new firewall instance now takes minutes—versus the days or weeks required with previous solutions—enabling Norlem to scale protection rapidly as customers expand their cloud footprints. The streamlined management has freed up 10–15 hours per week previously spent on routine firewall maintenance and troubleshooting, time Norlem’s engineers now redirect toward strategic security initiatives and customer service.

For new network segments, Norlem has adopted Strata Cloud Manager as the centralized management platform for both SASE and firewall configurations. The platform’s Best Practice Analysis capabilities have proven particularly valuable for Norlem’s managed firewall services, enabling customers to self-service their security posture metrics and track progress on initiatives like SSL decryption deployment. This transparency allows customers to validate that they’re maximizing the value of their purchased licenses while giving security managers clear confirmation that their teams are advancing firewall projects—benefits that extend beyond Norlem’s managed services to any enterprise security operation.

While Norlem had deployed Global Protect VPN technology for over a decade, Prisma Access solved a critical performance challenge for remote users—particularly healthcare customers. Radiologists working remotely need to view high-fidelity medical images, but these large files performed poorly over traditional VPN connections that terminated at the customer’s data center. Prisma Access’s resilient infrastructure enabled Norlem to spin up points of presence closer to remote users, with backbone connectivity delivered through partnerships Palo Alto Networks established with major cloud providers. The result was connectivity that was not only more secure but significantly more performant than open internet paths.

Norlem is deploying Prisma Browser to address emerging security challenges around enterprise AI adoption. While the firm’s enterprise ChatGPT tenant provides full compliance and data residency protections, the primary risk is sensitive data exposure through file uploads and other user actions. Prisma Browser addresses this risk by serving as a corporate data policy enforcement point for GenAI tools, delivering granular visibility into and control of all GenAI applications. Prisma Browser scans files for sensitive data before they reach AI models and responds to threats in time to prevent damage. Beyond securing GenAI use, Prisma Browser is positioned to ultimately replace many virtual desktop infrastructure (VDI) deployments— delivering comparable or better security at a significantly lower total cost of ownership and with a superior user experience.

As customers embrace sanctioned SaaS tools, inline controls allow inspection primarily of uploads and downloads. In addition to SaaS security inline, by consuming the APIs SaaS providers offer for compliance and administrative visibility, CASBX (CASB + Enterprise DLP) has enabled Norlem to gain visibility—and the impact extends beyond just real-time monitoring. When Norlem onboards a customer SaaS account or email tenant, CASBX can retroactively scan the entire environment for sensitive files. Critically, CASBX enables a shift from reactive detection to proactive prevention. Rather than discovering after the fact that an employee leaked sensitive documents, the system prevents the exfiltration attempt and can present the user with a policy reminder.

Norlem continues to be an early adopter of Palo Alto Networks technology, recently procuring Prisma AIRS to secure the next wave of AI-powered innovation. The primary use case will be to secure AI apps and models by scanning for vulnerabilities and weaknesses, including an automated “red teaming” function that continuously tests the model for breaches. Equally important is understanding what’s actually inside the models being deployed. “Right now, AI apps are a bunch of human wrapper code and application around—in many cases—a black box machine learning model,” Brillhart explains. “Prisma AIRS also gives us a way to penetrate that black box and ask the question, ‘What’s in that model, and how safe is it?’” The partnership with Palo Alto Networks provides Norlem—and its customers—with the ultimate assurance: the ability to confidently build AI apps and agents.

By building its entire security practice on the Palo Alto Networks platform, Norlem delivers something increasingly rare: defensible security architecture. Whether securing on-premise networks with deep packet inspection, extending visibility into cloud back-end services, or preventing data exfiltration through SaaS applications, Norlem can document that it’s taking full advantage of every security capability the underlying platforms allow. Additionally, the winning roadmap

Norlem identified over a decade ago continues to deliver. As customer environments grow more complex—spanning on- premise data centers, multi-cloud infrastructure, remote workforces, and AI applications—the Palo Alto Networks platform evolves in lockstep, ensuring Norlem can confidently secure whatever comes next.