Palo Alto Networks

NextWave Technology
Partner Program Guide

Palo Alto Networks | NextWave Technology | Partner Program Guide 1

1: NextWave Technology Partner Program
The NextWave Technology Partner Program includes s ­ trategic partners who are leaders in their technology segments as well as an
­extensive ecosystem of integration partners whose ­offerings extend the capabilities of Palo Alto Networks ­products and services.
The NextWave Technology Partner Program helps enable our customers to tackle the toughest security challenges through a
­collaborative approach. The program offers a path for ­interested partners to request to integrate (i.e., create interoperability) with
Palo Alto Networks products. All initial and subsequent integrations must be approved by the Palo Alto Networks team before they
can be implemented. It is at the sole discretion of Palo Alto Networks to determine which of its products partners may integrate
with. Palo Alto Networks offerings support integrations via XML API, Radius, SAML, SNMP, Syslog, and NetFlow.

2: About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the
way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We
help ­address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial
­intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem
of ­partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our
vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

3: Integrating with Palo Alto Networks Products

Partners who wish to integrate with Palo Alto Networks products can do so by applying to the NextWave Technology Partner Pro-
gram. Key benefits include:
• Ease of integrating seamlessly with our platform through our rich set of publicly available APIs.
• Virtual licenses (limited eval license, and, when possible, an NFR license) will be provided at no charge to build the integration,
with access to a technical team for questions.
• Joint brief and partner logo posted on our website upon completion of a successful integration.

3.1 : Integration Points

Partners can integrate with the following Palo Alto Networks products upon receiving explicit approval from the Palo Alto Networks
team. Partners integrating with these products are subject to the requirements and limitations listed in Section 4 of this program guide:
• Cortex™ XDR
• Cortex™ XSOAR
• Strata Next-Generation Firewalls
• Panorama™
• GlobalProtect™
• Prisma™ Cloud
• Prisma™ Cloud Compute
• Prisma™ SaaS
• Prisma™ Access
• VM-Series Virtualized Next-Generation Firewalls
• CN-Series Container Firewalls
• WildFire® Malware Analysis Engine
• CloudGenix®

Palo Alto Networks | NextWave Technology | Partner Program Guide 2

3.2: Integration Benefits
Palo Alto Networks currently has more than 300 integration partners. There are two other partnership tiers that are ‘by invitation
only’ that include pipeline generated through joint activities with the partner or direct revenues generated from the partnerships.

Table 1: Palo Alto Networks Integration Benefits

Strategic Emerging Integration

Access to eval licenses (NFR when possible) √ √ √

Product updates √ √ √

Logo on website √ √ √

Online training √ √ √

Blog √ √ —

Events sponsorship opportunities √ √ √

Account mapping √ Limited scope —

Product roadmap updates √ √ —

Joint case study/customer reference √ √ —

Internal trainings √ √ —

Webinar √ √ —

Joint marketing opportunities By invitation By invitation —

Press release By invitation By invitation —

Channel-driven enablement √ By invitation —

Sales enablement √ By invitation —

Dedicated partnerships resources √ √ —

3.3: Integration Requirements

Learn more and apply to become a NextWave Technology Partner on our website. The requirements for integrating with Palo Alto
Networks products are listed below. All requests to integrate, including initial and subsequent integrations, must be approved by the
Palo Alto Networks team before partners are able to move forward with integration work for validation. It is the sole discretion of Palo
Alto Networks to determine which of its products are approved for integration.

Table 2: Palo Alto Networks Integration Requirements

Strategic Emerging Integration

Integration validated √ √ √

Technical integration documentation √ √ √

Technology partner brief √ √ √

Partner locator listing √ √ √

Joint customer-driven integrations √ √ √

Join our support network (TSANet) √ √ √

Annual business plan review √ √ —

FAQ document √ √ —

Ignite sponsorship √ √ Can apply to sponsor

Executive sponsorship √ Case-by-case basis —

Eligibility Apply online (mutual

By invitation By invitation
customer required)

Cross portfolio integrations √ — —

Palo Alto Networks | NextWave Technology | Partner Program Guide 3

3.4: Integration Partner Process
To join the NextWave Technology Partner Program and integrate with Palo Alto Networks products, partners must apply to the program
and complete all requirements listed above to develop and complete the integration and continue to keep the integration(s) and content
up to date.

3.5: Integration Validation

Palo Alto Networks validates all partner integrations before partners are able to join the NextWave Technology Partner Program.
Technology Partners must complete integration work and all requirements within ninety days of initial use case discussion. Partners
must keep integrations up to date after major releases from either Palo Alto Networks or the partner. Furthermore, partners must
revalidate their integrations annually. Integrations not kept up to date, or that do not meet Palo Alto Networks requirements, will be
removed from the website and are subject to removal from the program. Partner integrations shall not abuse or misuse the API. Palo
Alto Networks reserves the right, at its own discretion, to require partners to recertify their integrations.

3.6: VM-Series Virtualized Next-Generation Firewalls Self-Qualification Process and Responsibilities

1. Once a partner has been approved by Palo Alto Networks for the partner-driven Partner-Qualified Platforms Program ­utilizing
VM-Series Virtualized Next-Generation Firewalls, the partner is responsible for performing the testing and qualification ­process
described in the Partner-Qualified Platform Program Guide.
2. Once the testing and qualification has been reviewed and approved by Palo Alto Networks, the partner may launch the integration
into production and shall provide first-line support to its customers using the integration. The partner must define the integration
as “self-qualified” pursuant to the Palo Alto Networks Partner-Qualified Platform Program Guide.
3. Furthermore, partners must adhere to marketing requirements in the Program Guide. For example, the partner must include
in ­every marketing collateral and customer-facing material that the integration was “self-qualified” by the partner based on
­technical guidelines issued by Palo Alto Networks and that the self-qualification has been reviewed by Palo Alto Networks. The
partner must also make clear that it is solely responsible to address any and all platform-related issues regarding the integration.
4. Palo Alto Networks will support VM-Series related issues, while the partner takes responsibility for all platform-related issues.
Please refer to the Partner-Qualified Platform Program Guide for more information.

3.7 Cortex XSOAR Marketplace Process and Responsibilities

1. Palo Alto Networks NextWave partners who are participating in the Cortex XSOAR Marketplace must also adhere to the rules and
procedures described in the “Palo Alto Networks Cortex XSOAR Partner Program Guide.”
2. Once a partner has been approved by Palo Alto Networks to contribute to the Cortex XSOAR Marketplace, the partner shall be
r­ esponsible for completing the certification process, where applicable.
3. Once the partner’s integration pack has been made generally available, the partner shall provide all support to its customers using
the integration. The integration pack will be marked as partner-supported in the platform.
4. Palo Alto Networks will support Cortex XSOAR platform-related issues, while the partner takes responsibility for all pack-related
issues. Please refer to the “Cortex XSOAR Partner Program Guide” for more information.

4: Support Policy
The following support policy pertains to all NextWave Technology Partners.
If a customer has a support issue with an integration, the partner and Palo Alto Networks will each make commercially reasonable
efforts to troubleshoot the issue or issues the customer identifies to determine if the source of the problem is related to the partner’s
product or a Palo Alto Networks product.
If the partner’s Technical Support organization reasonably determines the source of the problem arises from a Palo Alto Networks
product, the partner will instruct the customer to contact Palo Alto Networks for support.
If the Palo Alto Networks Technical Support organization reasonably determines the source of the problem arises from the partner’s
product, Palo Alto Networks will instruct the customer to contact the partner for support.
Palo Alto Networks and the partner may each, at their sole discretion, require such customer to have an active Technical Support
agreement in place for the affected product. Palo Alto Networks and the partner shall use their own then-current published customer
support response times to fulfill their respective obligations herein.
If an issue needs joint troubleshooting, Palo Alto Networks and the partner are required to be part of TSANet and can coordinate
support via TSANet membership.
TSANet is a not-for-profit global alliance consisting of hundreds of companies working together to improve their shared ­customers’
support experiences. Palo Alto Networks has chosen TSANet as a two-way collaborative mechanism for mutual customer support
­escalations. TSANet provides a neutral site from which to view and update collaboration and escalation information. TSANet’s Case
Exchange provides the ability to collaborate with Palo Alto Networks and its partners’ support organizations.
Customer satisfaction is paramount, therefore both the partner and Palo Alto Networks must work jointly to resolve integration
­issues identified by shared customers.

Palo Alto Networks | NextWave Technology | Partner Program Guide 4

 Customer
support issue

Customer contacts
Customer
Palo Alto Networks
contacts partner
support

Palo Alto Networks Partner

troubleshoots issue troublshoots issue

Issue is with Issue is Issue is with Issue is

Palo Alto Networks with partner Palo Alto Networks with partner

Palo Alto Networks Partner refers

Palo Alto Networks refers customer to customer to Partner resolves
resolves the issue partner for support Palo Alto Networks the issue
for support

Figure 3: TSANet Support Workflow

5: Trust, Security, and Privacy

Maintaining the security and privacy of our customers’ data is our top priority. All partners must maintain compliance with applicable
data protection laws and must follow our partner security guidelines.

5.1: Privacy
As a prerequisite to joining the NextWave Technology Partner Program, Palo Alto Networks requires partners to maintain compliance
with certain threshold privacy requirements outlined in this program guide. Technology Partners are also required to comply with
­additional privacy restrictions and controls where required by applicable law. The threshold privacy requirements are detailed here and
may be updated from time to time. Palo Alto Networks may remove from the NextWave Technology Partner Program any integration or
app associated with a privacy violation.

5.2: Transparency
Partners must be transparent about how they handle customer data. This includes providing a link to the partner’s privacy notice that
customers can review before purchasing the app. The privacy notice must not modify, supersede, or be inconsistent with this program
guide. It must comprehensively disclose how the app collects, uses, and shares customer data, including the categories of parties with
whom the data is shared. Partners must comply at all times with their privacy notice, including limiting use of the data to the activities
and purposes described in the privacy notice. Partners must also provide a readily available method by which customers and individuals
may contact them with privacy inquiries.
Partners must also clearly and accurately disclose the legal basis for requesting and processing customer data.

5.3: Data Minimization

Integrations Should only request access to customer data relevant to the core functionality of the integration or app, and should collect
and use only the data necessary to accomplish the purpose of the integration or app.

Palo Alto Networks | NextWave Technology | Partner Program Guide 5

5.4: Access and Support
Integrations and apps must respect customers’ settings and not attempt to induce or force customers to consent to unnecessary data
collection or access. Partners must provide meaningful customer support for their apps and make it easy for customers to contact them.

5.5: Data Use and Sharing

Unless expressly permitted by affected customers and applicable law, and unless properly covered by an adequate privacy notice,
partners may not use, transmit, sell, or share customer data. Partners must provide access to information about how and where the
data will be used.

5.6: Data Retention

At a customer’s request, partners must delete or return to Palo Alto Networks all data specific to that customer that the partner received
through Palo Alto Networks, unless required to keep it under applicable law.

5.7: Third-Party Data Sharing

Partners must not share customer data with any third parties in connection with the NextWave Technology Partner Program unless the
third party signs a contract to: (a) protect any customer data obtained through the NextWave Technology Partner Program with terms
that are at least as protective as the terms and policies of this guide and the NextWave Technology Partner Program Agreement, (b) limit
the third party’s use of that customer’s data solely to using it on the partner’s behalf to provide services relevant to the app, and (c) keep
customer data secure and confidential.
Partners must not directly or indirectly transfer any customer data received through the NextWave Technology Partner Program,
including anonymous, aggregate, or derived data, to any ad network, data broker, or other advertising or data monetization-­
related service.
If the partner is acquired by or merges with a third party, it must continue to use customer data only within the app.

5.8: Cross-Border Data Transfers

Partners will adopt an adequate legal data transfer mechanism as well as ensure compliance with applicable data transfer and localization
laws and regulations before transferring any customer data across borders.

5.9: Security
As part of joining the NextWave Technology Partner Program, we require our partners to go through a security vetting process.
In addition to following the security guidelines and requirements listed in this guide, each integration or app should implement
appropriate security measures to ensure proper handling of customer data collected and processed pursuant to the NextWave
­Technology Partner Program as well as to prevent its unauthorized use, disclosure, or access by third parties.
Palo Alto Networks may remove from the NextWave Technology Partner Program any integration associated with a security vulnerability
that could be exploited to compromise another application, device, network, or service. This includes apps that:
• Contain viruses, Trojan horses, malware, spyware, and any other malicious software.
• Promote or facilitate the distribution or installation of malicious software.
• Use data obtained through the NextWave Technology Partner Program to provide tools used for surveillance.
Palo Alto Networks will also remove integrations or apps that interfere with, disrupt, damage, or access in an unauthorized manner
customer computers, servers, networks, APIs, services, or other apps; any Palo Alto Networks product or service; or the NextWave
Technology Partner Program itself.

5.10: Security Requirements

Data Protection
• All Palo Alto Networks customer data collected by the partner must be classified as private and handled securely.
• Partners must leverage strong encryption when handling Palo Alto Networks customer data at rest.
• All data in transit must be secured using TLS 1.2 or greater and must not be sent over clear text.
• Confidential data (auth tokens, passwords, credentials, keys, etc.) must be secured properly.
• Palo Alto Networks customer data must not be commingled with other partner customer data; and partners must leverage logical
and physical separation where applicable.

Palo Alto Networks | NextWave Technology | Partner Program Guide 6

Access
• Access to Palo Alto Networks customer data is restricted internally to only partner employees with the need to access such data.
• Authentication to systems containing Palo Alto Networks customer data is secured via standard SSO/MFA capabilities.

Compliance
• Partners must adhere to privacy regulations, such as GDPR and local privacy laws, where applicable.
• Where relevant, partners must provide copies of external assessment results (e.g., SSAE16, ISO, SysTrust).
• Partners must adhere to US regulations regarding restricted entities for export compliance as it relates to Palo Alto Networks
customer data.

People
• Partners’ employees and contractors must undergo background verification where applicable before being granted access to customer
systems and/or data.
• Partners’ employees and contractors must sign confidentiality agreements before being granted access to customer systems/data.
• Partners’ employees must be regularly trained on the principles of information security.

Application and Infrastructure Security

• Partners must have implemented secure coding practices as well as ongoing manual and automated code testing.
• Infrastructure (hosted or on-premises) that processes, stores, or transmits Palo Alto Networks customer data must be regularly
scanned for vulnerabilities, and identified vulnerabilities must be remediated in a timely manner.

Monitoring and Incident Response

• Security events for infrastructure and applications that contain Palo Alto Networks customer data must be logged and monitored.
• Audit logs must be retained for a reasonable amount of time to support incident investigations.
• Partners must have a documented Incident Response program and the ability to respond to security events in a timely manner.
• Partners must notify Palo Alto Networks and their affected customers in the event of a security event breach that affects customer data.

6: Palo Alto Networks Ignite Security Conferences

Ignite is where we—the most disruptive security company in the world—invite our users, prospects, and partners to try out the
world’s most advanced security technology and see firsthand what it can do for them in tracks tailored to their field, interest, and
level of expertise.
Ignite offers sponsors exceptional opportunities to drive influence and awareness among the most engaged Palo Alto Networks
­customers and prospects. Sponsorships are limited to an invitation-only group of premier partners. Learn more.

7: Logo Usage and Brand Guidelines

We value our partnerships and invite you to review our brand guidelines. Please note that partners need our written approval for all
publicity concerning Palo Alto Networks, including—but not limited to—any marketing any marketing statements or sales materials,
regardless of format: digital, print, online, or social media. All use of any product, service, logo, or company name is subject to prior
written approval and trademark usage guidelines. Please send requests to [email protected].

8: Program Guidelines
Palo Alto Networks reserves the right to modify the program guidelines described herein at any time and at its sole discretion.

9: Contact Us
Apply to become a NextWave Technology Partner.
Email us at [email protected].

3000 Tannery Way
Santa Clara, CA 95054
Main: +1.408.753.4000
Sales: +1.866.320.4788
Support: +1.866.898.9087
© 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered
­trademark of Palo Alto Networks. A list of our trademarks can be found at
https://www.paloaltonetworks.com/company/trademarks.html. All other
marks mentioned herein may be trademarks of their respective companies.
nextwave-technology-ppg-080420

www.paloaltonetworks.com