Good day and welcome to the Palo Alto Networks special investor update conference call. Today's conference is being recorded. At this time, I would now like to turn this conference over to Jeff Tru. You may begin, sir.
Good morning, and thank you for joining us on short notice. As you've seen this morning, we announced the proposed acquisition of Demisto. Joining us today to discuss the transaction are Nikesh Arora, Chairman and CEO of Palo Alto Networks and Lee Klarich, Chief Product Officer. Please note that we are still in our quiet period and will be reporting our fiscal second quarter results on Tuesday, February 26, We will not be commenting on our fiscal second quarter results or fiscal third quarter guidance during today's call. We'd like to remind you that during the course of this conference call, management will make forward looking statements, including statements regarding our competitive positions and the demand and market opportunity for our products and subscriptions, including our beliefs about the anticipated benefits of the proposed acquisition of Demisto, and our continued execution and focus on providing new products including the statements regarding the expected benefits of the proposed transaction are forward looking statements.
These statements are based on management's current expectations of assumptions, estimates, and beliefs. While we believe these expectations, assumptions, estimates and beliefs are reasonable, Such forward looking statements are only predictions and are subject to a number of risks and uncertainties, which are beyond our control and which could cause actual results to differ materially from those anticipated by these statements. These forward looking statements apply as of today, and you should not rely on them as representing our views in the future. With that I'll turn the call over to Nikesh.
Thank you, Jeff, and thank you, everyone, for joining us today. Since I joined Palo Alto Networks 7 months ago, you heard me say that digital transformation is altering the way customers evaluate their security needs. VFO Alta Networks continue to make progress on our strategy in support of our customers across three dimensions: 1, securing their enterprise by delivering more and more highly effective security and their on premise infrastructure, while taking away unnecessary complexity and breaking down existing silos. Our announcement last week of launching DNS as a service as a subscription that you can trigger off our firewall is another example of this continued innovation. Secondly, enabling our customer's journey to the cloud, by delivering the broadest set of security capabilities across all clouds and cloud configurations.
And third, helping them secure the digital future by deploying advanced AI and machine learning in our application framework and constantly delivering new technologies in the area security analytics and automation. We're delighted to announce the acceleration of our application framework strategy this morning with the proposed acquisition of Demisto. A few weeks ago, I was talking with a customer debating how many security vendors do they have deployed. We agreed that it was likely a large and undesirable number. She was kind enough to email me later and share that the actual number was 35.
We cannot solve security by deploying more and more solutions that alert us to potential issues. We need solutions. Demisto is a leader in the evolving space called SOAR. With Demisto, we add more security analytics and automation technologies to our platform, can strengthen the security outcomes that we deliver to our 60,000 customers and more. We believe that Demisto's multi vendor orchestration capabilities unique analytics and playbooks will help our customers further automate significant part of their security operations and allow them to turn their attention to solving unique and complex threats.
Under in 2015, Demisto has established itself as a leader in a large and growing market with an offering that uniquely serves security operations team. Beings that are sorely in need of solutions. This is validated by the 150 customers they serve worldwide. It spans more than 10 industry verticals. A quarter of these customers are from the Fortune 500 and include large organizations in healthcare, high-tech and financial services.
Eviso is changing the way incident response teams use automation to manage and stock attacks today. They have amassed 1 of the largest incident response communities in the industry with approximately over 5000 members. Their platforms in over 200 integrations with companies such as Microsoft, Amazon, Splunk, slack, and others are the top reasons why some security teams have chosen Demisto. With Demisto, we believe we are accelerating our ability to capture the $5,000,000,000 market they have associated with the Application Framework. Demisto's proven technology success, coupled with the benefit of Palo Alto Networks' large and growing customer base, well established sales organization and deep partner relationships that allow us to provide a more comprehensive set of solutions to our customers.
As you all have read, the agreed upon purchase price is $560,000,000, subject to customary closing adjustments. We've agreed to pay a portion of that purchase price shares of Palo Alto Networks common stock. Product shareholders might be concerned about the dilution associated with issuing more shares, I'm pleased to report that during our fiscal Q2 2019, we completed our $1,000,000,000 share repurchase program otherwise by our Board of Directors. During the quarter, we repurchased a final $330,000,000 at an average price of $177.62 per share. Thus offsetting the vast majority of dilution expected to this transaction.
Demisto adds to a series of investments we've made over the last 12 months designed to strengthen our ability to offer integration, not consolidation to our customers. At this point, I am comfortable that we have all the elements across our 3 pillars to forge ahead on our plans to provide industry leading solutions to our customers across their traditional infrastructure, help them secure their journey to the cloud, and also change the paradigm of how security is offered with a more data centric approach that relies on industry leading AI and machine learning. Demisto has an ambitious plan for 2019. To facilitate and support it, we will have Demisto operate as a separate speedboat under the leadership of Slavik Markovich, their CEO. At the same time, Slavik will work closely with Lee, Nir and me to continue the integration they have with our Application Framework.
Before taking a few questions, I'd like to say that we're very excited to welcome the Demisto team to Palo Alto Networks. We took a hard look at the market and we strongly believe Demisto has the best technology, talent, as well as a shared vision for what we can do together to improve the effectiveness of security teams, and will provide meaningful returns to our shareholders over time. This is the future. With that, I'll be happy to take
Ladies and gentlemen, at this time, we would like to open the floor for questions. Our first question will come from Ken Talanian Evercore.
Hi, thanks for taking the question. Was wondering, could you give us a sense for how you intend to modify your go to market efforts to support Demisto?
Good morning, Ken. Thanks for your question. Ken, part of the interesting conversations we've been having as many of our as I highlighted in my prepared remarks, is that customers feel that they're getting a lot more alerts and a lot more alerts are getting spun out by the variety of solutions they're deploying in their sock. And they have been asking us, is there a way for them to solve this problem? And that's sort of triggered and inspired us to go looking in the market to see who had a good handle on this issue and was providing an industry leading solution.
And that's how we uncovered Demisto, spent a lot of time with them. Understood actually what they're offering is what the customer is asking for. We hope to be able to empower our sales teams around the world who are constantly having with CIOs and CECOs and their security strategies and what they would need for the future. So, we have been talking about Application Framework for a while, and how that is going to integrate data from everywhere and provide the ability to run analytics on top of that. Demisto is a perfect use case.
Or they already integrate their application framework and a large consumer of that data, and we hope to be able to provide that solution to our expanded Salesforce around the world.
And this is a follow-up to that. Do you expect this to be sold through the channel as well?
Yes, of course. Demisto is sold by the channel today and we anticipate that not to change.
Great. Thanks very much.
Our next question will come from Keith Weiss, Morgan Stanley.
Hi, this is Hamza Fodderwala in for Keith Weiss. Just a couple of quick questions on my end. Can you maybe give us a little bit more detail as to where exactly this extends the application framework, whether there's any existing rather, whether there's any overlap with existing functionality? And, could we, as a follow-up, get the split between the cash and stock going to be offered for this transaction? And that's it for me.
Hamzah, I'm going to give you a quick overview and then I'll have Lee jump in. On any potential overlaps. And as I said, Demisto is a multi vendor automation orchestration tool. As you know, application framework has been purely focused on Palo Alto Networks data so far. So from that context, this adds and extends our capabilities to be able to provide the analytics and solutions across multiple vendors, not just our own data.
So to that extent, it is non overlapping there are some analytical capabilities that we have already in the Application Framework, which, are also part of our Demisto, but part of our whole philosophy appear on the application framework is to allow the customers to choose the best of breed they'd like to deploy while retaining a consistent integrated platform underlying the data. So they have their profitability and visibility across various solutions, but Lee, do you want to jump into that?
Yes. So, Demisto is already a partner in the application framework. And so by nature of that is already very complimentary to to the core capabilities we have. For example, integrating with, auto focus for intelligence data leveraging the rich data that our sensors provide into the application framework and then providing SOC analysts the automation capabilities for dealing with alerts and respond jump. So, nice complimentary, aspects with little overlap with what we already have.
And Hamzah, to your second question, unfortunately, we'll give you a non answer, but I think part of the the shareholders and management wanted was to be able to participate in the continued success of Palo Alto Networks. Hence, they wanted a significant part of the consideration stock. The final numbers of amount of stock and cash will be determined at close, so we're unable to provide that information.
Got it. That's it for me. Thank you.
Thank you. Our next question will come from Fatima Bellani, UBS.
Good morning. Thank you for taking the questions. I just wanted to drill into the rationale behind the build versus buy route you took for Demisto. You know, as you've mentioned, Demisto has been part of the Application Framework for several months now. So really just wanted to better understand sort of why acquire Demisto's intellectual property versus go out and, take a more organic R and D scans and a quick follow-up as well?
Well, that's a good question, Fatima. And I think, The rationale is, I think as you look at the continued attention to security across enterprise, the continued need for security as you start making cloud transitions, there's a lot of pressure on the SOC. There's a lot of alerts going to the SOC. There's a lot of piece sparks being deployed in the sock. And we felt that there is a need for sock management and integration being provided with the sock.
We did not feel we can do that from a slow role in terms of an organic evolutionary approach. We felt that we needed a backbone to be able to create that integration, that automation, using all the data that you can deploy in the Application Framework. Hence, we went down the acquisition path. But Lee, did you want to add No, you did. That's a great answer.
I'm always going to have
you and our Head of Product tells me I've given a good answer.
Fair enough. And just actually on that point, one of the attractive elements of Demisto as an independent company was its ability to clean ice with others and potentially some of your competitors. So, maybe a 2 part question. How do you expect having acquired Demisto or in the process of being acquiring Demisto, how should we expect this to impact Demisto's technical and commercial relationships with third party vendors who could happen to be your competitors? And secondarily, what implications should this have on a monetization model for Demisto as we think forward Thank you.
So I think the reason Demisto has been successful is that it provides a multi vendor cross enterprise view of security and allows you to automate, irrespective of the vendors that you have deployed in infrastructure. I don't think in my life times we're going to end up in a situation where every vendor only has Palo networks or any one vendor from that perspective. So a multi vendor approach to solving the customer's problem is not just essential, it's mandatory. So from that perspective, we're not going to interfere with what has made Demisto successful so far. We expect that we need to be focused from a customer's perspective on a solution that works for them, hence Demisto is a company run almost independently with Slavik leading the charge, working with Linear and I, to keep driving that capability because that's not a motion that we do at Palo Alto Networks.
So definitely you have made, you have a good point and we intend to stick to the notion of keeping them as a multi vendor, unbiased, solutions. In terms of monetization, I think Demisto brings a tremendous amount amount of value to the sock, and part of their opportunities to be able to become the back forms of sock in the future. And we believe the more problems you solve for the customer in the sock, which is where customers are deploying a lot more spend because they're trying to remediate and automate and solve all the security alerts they get. We believe the more value you add there, the more likely you're going to get compensated for it.
Thank you. Our next question will come from Gur Talpaz, Stifel.
So how do you think about this in relation to what Splunk is doing with Phantom out there? Meaning, we've typically seen Store bolt alongside the SEM, how do you think about the relative advantages you may have with Demisto now building on the app framework versus perhaps what others are doing out there with their efforts in store?
Wanna let Lee answer that one because I know you you'll ask me a follow-up question and try and take me absolutely. Take this guy down. That was not my intention.
We've seen in the sort of the stock market overall is first the desire to quick lots of logs and data alerts. And that has produced both the benefit of having access to lots of data, but the challenge of being overwhelmed with too many alerts that can be dealt with. Out of that, the, soar market has emerged as a way of helping SOx deal with this overwhelming number of alerts that are coming in through the use of analytics and automation. And so with Demisto, we see an opportunity to extend our focus and, belief around the use of automation as a very critical component of security. And and leverage on top of the application framework allows us to, to, integrate it with the data and the sensors that we have.
Now as you're aware, Splunk recently extended in with their tech position of Phantom, which is also in the source space. And so there will be a certain amount of, overlap there, but we continue to be close partners with Splunk because it's one of the tools that we see our customers using.
That's helpful Lee. And then maybe just a quick follow-up. As far as the internal application of of Demisto, can you see this enhancing what you're doing organically now with Panorama, meaning could this be sort of a panorama on steroids as far as orchestrating your first party tools as well? Thank you.
Yes. So when we talk about automation, there's actually many different forms of automation. Some of the automation that we do is is sort of very native and intrinsic to how we integrate different services together. We do a lot of that in the back end infrastructures as we're building solutions. Second is how we automate the integration with, different data sources in order to use context and setting policies, one of the key ways in which Panorama provides, automation.
And third is the automation when we see an event and we want to take action. And that's largely the kind of automation that Demisto will provide. And so while it's complementary, the kinds of automation that Demisto provides and Panera provides are different. And so leverage them together, integrate them together, but I don't see one replacing the other.
Thanks, Nicole. Thank
you. Our next question will come from Gabriela Borges, Goldman Sachs.
Great. Good morning. Thank you for taking my question. Nikesh, I was hoping you could speak to a little bit of what the potential limiting factors could be to adoption. Specifically how difficult is Demisto to deploy today and how do customers get comfortable with some of the automation algorithms without accidentally breaking a piece of the business?
Thanks.
That's a good question, Gabriel. I think part of the challenge that we've also discovered in this process is as the 3 deploys more and more complicated solutions. That's not just restricted to SOARs. I think if you look at EDR, if you look at SOAR, the degree of sophistication that we're deploying in the AI and the ML, the automation, it becomes harder and harder for SOC analysts to be able to go and figure out what going on with 35 different vendors deployed in there and everyone's spinning out a different way of analyzing the data. So I think your point is about taking, we are working really hard some of the cybersecurity MSSP partners and some of the partners who are deploying more resources to, put on customer's side.
Because we want to make sure that people are well trained to be able to deploy these tools. Over time, my anticipation is that these tools will get more and more automated because, that's the only way to make them simpler. But I think in the short term, the only way to deploy these and for our customers to get the full value of this we have to have some sort of a managed part of the service to get mass adoption.
That's helpful. Thank you. And the follow-up is what can you disclose at this point about revenue or growth rates? And to the extent there's not a lot of information that you can disclose, maybe just talk to us about puts and takes that the team thought about when considering valuation? Thank you.
I think we're going to save that question for next week. When we do our earnings call, we should be able to talk to you about that, with more comfort. And there's a reason our General Counsel opened this call. He's watching me very carefully sitting across the table.
Thank you. Our next question will come from Karl Keirstead, Deutsche Bank.
Thank you. Hey, Nikesh, congrats on the deal. Nikesh, there's been some news around lately about changes that Palo Alto Networks has been making to its channel model where you've moved to more of a deal referral model for certain products. I'm just curious, will this fall into the category? That would be more of a deal referral model?
And would you mind just commenting on those channel shifts?
The only change you've made in our channel program is only around RedLock where we're seeing there is a natural go to market motion was a cloud provider. So when a cloud provider with its AWS, Azure or GCP signs up for a program with customer they take them direct. And what we've noticed that we have to attach our sale of RedLock to that sale. Hence, we've made a change on adaptation to our channel model specifically for that product category because we need to make sure the channel gets compensated, yet we need to be able to follow the motion of the cloud providers out there. Outside of that, we haven't made any other changes with respect to referrals.
Demisto is a channel play. It's a partner play. It's an MSSP play. And we anticipate to get more engaged and involved with our MSSP partners and SIs to be able to make this sale happen in the market.
Got it. Okay. That's very helpful. We'll talk to you next week.
Thank you.
Our next question comes from Andrew Weinstein, Piper Jaffray. Hey,
good morning. It's actually Jim Fish on for Andy. Announcement here. Most of my questions have been asked, but, I'm just curious how would you think about the mix of on premise first cloud deployments now at Demisto. And, if there's going to be any needed changes to the MISTO sales team in terms of just to get them on the Palo Alto comp plan?
Thanks.
Well, as of now, Demisto has, as I said, ambitious plan for 2019, part of the attractiveness for us to work with them as they have a well developed go to market motion and a good sales team to feel. We anticipate helping them from our broader sales team and getting them leads and getting them to customers. We don't intend to change much of their structure and process and plan in the short term. So you should not see any changes in the market as, regards to Mr. I think there are big opportunities to go out there.
And expose the capabilities to more and more customers, which our sales teams can help, create the opportunities and open doors and create the leverage. So I think the short to medium term casino plans. And any changes that we make is only after we spend a lot of time in management, which, thinking about future integration, etcetera, which is still early to call.
Got it. And then on premise versus cloud deployment mix.
Look, I think what's interesting is that Demisto has followed the model, which the customer has. The customers are slowly going from an on prem only situation to a hybrid situation or to a cloud only situation. And in a way Demisto has followed the customer in terms of where they wanted to keep their data, as you know, sewers or Demisto relies on where customers store their data. So that is the key determinant as to where they get deployed. As of now, we anticipate making no changes to their current model that they have in place.
Got it. Thanks guys. Congrats.
Thank you.
Thank you. Our next question will come from Michael Turits, Raymond James.
Just to make it clear, so I've jumped on light. So just quickly, you're not giving any financial impact information at this time. Wait until next week. Is that right?
Yes, Michael. I got that right.
Okay. Can I you've talked about sock a lot and people ask you about Splunk, but can you describe how this fits in with your strategy and thought process around, SIM long term?
Good question, Michael. So the SIEM and SIEMs have been around for a long time, as you know, and the the primary purpose of having a sentence to collect all the security alerts and provide SOC analysts the opportunity to investigate those alerts and figure out what response is necessary. What we have seen, in this market is a few important aspects. 1, the data feeding into, the data store is very important. And with our sensors, next gen firewalls, and the network Traps and the endpoint RedLock over to cloud service aputure in the cloud.
We have some of the best sensors in the world for not only preventing attacks, but also collecting data. And those are collecting data into the application framework, where we make it available to our own apps as well as third party apps. The second piece is being able to analyze that data and analyze the alerts and figure out which alerts are important and need to take action on, with in that area with the acquisition of Ice Server a couple of years ago and the release of Magnifier, about a year ago, We have some of the best AIML capabilities for analyzing that data and detecting some of the most sophisticated attacks. And then the third piece is how we then respond to those alerts. And with the, Demisto acquisition, it will give us the both the analytics and the automation capabilities for taking action.
And ideally, as Nikesh talked about, they highly automated action so that we can get SOC analysts back to doing the harder tasks as opposed to the menial tasks over and over and over again.
Okay. That's that's helpful. And if I get a a follow-up, I guess this is something you and I have spoken about before, but as since you've come on, you've you've talked about this becoming a more data focused company over time. But, you know, it's roots as a bot, as an extension firewall company, are really in, in, in network, network functionality, let's say. What does Demisto contribute to what may be an ongoing effort to build more IP around data science and analytics to make this a more data focused company?
Well, thanks for that question. I think if you think about I think if you think about the future of security, and I think we've said that in many different ways Niro said it, Lee said it, I said it. I think, today is a pro over time is going to get antiquated. And the notion of deploying a solution in infrastructure popping up an alert, having a SOC analyst error, it didn't try to remediate 50 or 150 days. By the time the bad actors have come in and taken what they wanted to take and left your infrastructure, perhaps it was sitting in there.
Is going to make it antiquated. They're deploying a lot more compute, a lot more, techniques to go find that 1% of your infrastructure that is not secured. So from that perspective, you have to believe that things are going to get by the inline sensors that you have in infrastructure. The question is, can you take a look at the other side? See what comes out, be able to figure it out on the fly, automate it, and remediate it before bad things happen.
Requires a degree of, machine learning, degree of AI that's not deployed in the industry today. So I believe the SOAR is a first step towards aggregating all the events at one end, automating as much as you can automate over time learning what is a false alert and being able to really sifted down and reduce the signal to noise ratio, really sifted down to events and have smart analysts be able to take a look at it and remediated much faster eventually getting into real time. So I think this is the first step in our ability to aggregate multi vendor data, start looking at automation, which is going to be manually. If you look at what happens in AI today around the world, there's a lot of data tagging. There's a lot of manual, sort of processing going on to the speech system.
So I think SOAR is our first step to create learning systems for security in the future. And I think that's why this is so critical for us from a building to future perspective.
Thanks very much guys.
Our next question will come from Matt Hedberg, RBC Capital Markets.
And Bergstrom for Matt Hedberg. Thanks for taking my question here. Could you, automation, obviously, it's key part of the technology here. There's been a lot of talk around automation on the call. Could you talk a little bit about the importance of the automation of the security processes particularly given a shortage of security personnel?
Yes,
absolutely. Maybe, maybe be helpful to give you an example. So one of the common forms of alerts coming into thoughts everywhere is, every time an employee thinks that they might have received a phishing email. This happens 100 to 1000 of times a day. And if you think about this in a traditional sock with highly manual workflows, every single one of those probably gets handed off to a SOC analysts who then has to try to find additional data find the original email, figure out if it was really a phishing email or not, possibly reach out to the employee and get confirmation And then some disposition of that either to say is a false positive, false negative, or maybe the user is compromised and you have to now deal with cleaning up the user's machine.
Think about that just as one kind of alert that could happen 100 or times a day and you realize just how much value there would be if you can automate part of that process or even all of that process. And that's one example of many that Demisto has built these automated playbooks that can be customized for different customer environments. To be able to take that sort of very manual task that SOC analysts perform and automate it.
Great. Thanks. And then maybe one more. Just curious if the deal was a competitive process. The company was in the press last year as a target from some larger technology companies?
Thanks.
I can't tell you what I don't know.
Thank you. Our
next question will come from Sterling Auty, JP Morgan.
Hey guys, this is actually Ugam Kamath on for Sterling. So in your prepared remarks, you mentioned that, they have 150 customers, but any particular, like, color that you can throw on what is the overlap of the Demisto customers with Palo Alto's existing customers? And what are the common themes between those 150 customers?
I mean, you have to imagine at this point with over 60,000 customers on Palo Alto Networks that there's going to be a lot of overlap. In this case, we both target enterprise customers. And so and many of their 150 plus customers are in the Fortune 500. So, now the what comprises that customer base of Demisto, the main theme is, enterprise customers with SOX, obviously, because this is a tool that is and product that is targeted toward the SOX. And often it's more forward looking and forward leaning customers that are looking to find ways to improve the function of the sock through, through better technology.
Got you. And Can you give us any color on what contract structure does Demisto follow?
I'm not sure I understand the question. What kind of contract structure?
Sense that whether they sell 1 year contract, 3 year contract build up front or build in the areas, something like that?
No, not, not at this time.
Thank you. Our next question will come from Shelby Ferrazzi, FBN Securities.
Yes, thank you.
Can you talk about who you guys see as the key competitors to Demisto. Gartner talked about XPEL kinda response, but but SplunkBot Phantom I mean, just talk about who you see at the closest competitors to Demisto and what key advantages, Demisto has over the competition?
Yes. So
there's in this space, there are a number of competitors, obviously. But the I think in a lot of ways, the the biggest competitor is actually just, we call it the momentum of customers with trying to focus on the manual processes. So we saw this, anytime there's a need for market shift, the inertia of keeping things the same is actually often the biggest challenge that needs to be overcome. And so, within the source space with Demisto, the, our focus will be on helping customers understand that there is a better approach, a way to leverage
automation to
improve the efficiency and the capabilities of the SOC analysts. Now, as noted earlier in the call, There are companies out there like Phantom. There's other companies in this emerging space that are trying to purchase from different angles somewhere from the automation space, somewhere from the analytics space. What we really liked about Demisto is that they've focused on that combination of analytics and automation in order to, provide for better outcomes for the customer.
Okay. And Nikesh, I think you communicated last year, you can't that, the company's likely not gonna make at least near term any big splashy kind of deals. This is not, I would guess, splashy, but it's a 500,000,000 plus. What's your posture on future M and A?
Look, as I said in my prepared remarks, I feel very comfortable that with the acquisition of Demisto, we have the key ingredients in place to drive the 3 pillars of our strategy. So as of now, it's heads down and execute on our vision across all three different pillars. Very excited. Last week, we announced our biggest release, from an OS perspective of firewalls. We announced our 5th subscription.
We haven't launched a subscription in a while. And our strategy in the firewall side is now to keep deploying more and more capability on the firewall because once you've already deployed less in infrastructure, there shouldn't be need to bring more appliances into infrastructure, which is the theme of integration I talked about, in my first ever call, about this topic. So I think we are driving towards more and more integration across all three pillars to solve all three categories. And we felt that rather than go ahead and build automation capabilities from an organic perspective, I think Gabriel asked, I think he felt the need to accelerate that opportunity and hence we looked hard and thought hard about Demisto. So we haven't done this lightly.
We've spent a lot of time in that for thinking about it. We intend to spend a lot of time and effort and resources building this. But as of now, I don't see anything in the near future that, that we're missing from a portfolio perspective. As I've said before, I don't feel the need to go out and buy market share in any particular product category because that does not fit into the team of integration. So I think from now, we're happy and good.
Thank you. Our next question will come from Dylan Reider, Cleveland Research.
Call. Just curious if you guys could provide an update on the Evident RedLock Consecutu integration within the broader portfolio. Where do we stand now? Are those integrations complete? Yes, absolutely.
So the very pleased with the progress that we've made on the Evident RedLock integration. We're now substantially, integrated between those 2 into a single product with all of the capabilities of both. Offer to our customers. So very, very happy and pleased with the progress there. Regarding Secoo, we had previously stated that in early calendar 2019, we would be coming out with XDR, which is a largely based upon the technology that sector had developed.
And we are very close to announcing and making that available. Thank you. And then just one follow-up Could you provide any color around how many employees Demisto has currently?
150 between Israel and here.
Perfect. Thank you.
Our next
question will come from Don DiFucci, Jefferies. Thank
you. Nikesh, my question is in regards to the orchestration part of Demisto. You say you want to keep it as a multi vendor unbiased solution across all security products and vendors. But your purchase of it in a way negates it's truly neutral status, which is an important characteristic for something like this. And I and I guess this is a I think Fatima was trying to get to this.
I don't know. In other words, since it's owned by you now, how are you going to ensure that competitors continue to seamlessly integrate with Demisto. I mean, I can see how you this helps you to further integrate your your own platform, your products across that platform. But I could also see how competitors aren't going to be so, forthcoming and integrating, helping you manage their products.
So just two comments and I'll let Lee jump in. I think 1st and foremost, as reported realized that whether it's Demisto or take Phantom, for example, if Phantom relies on other data stores other than Splunk to be able to provide the sort of capabilities, they still integrate with ARC Site, LogRhythm, QRadar, etcetera, which are effectively competitors to Splunk. Similarly, Demisto integrates across multiple data stores, There's no special integration that stores enjoy with any of the cybersecurity vendors. They have to get the customer's permission to be able to integrate and they use open APIs and protocols to be able to integrate across the board. So from that perspective, I don't feel that any particular competitor or partner out in the industry is going to stop us from being able to do the things that Demisto needs to do because it's in both of their best interest and the customer's best interest.
But continue. There are many people who you would call competitors who are integrated into our Application Framework platform, not something that we are and to do the volunteer to come and participate with us and provide their capabilities and solutions to help the Application Framework. So I don't particularly to the issue. Maybe Lee, you do or you have something else you
want to add. But the integrations between Demisto and all different security companies and third parties are based on a set of standards and APIs. And these standards and APIs are readily available to anybody. And so just like we've been able to do this with the application framework. They've extended this to, hundreds of third parties in terms of the data they can collect as well as the APIs they can use for, integrating for response action.
So I don't see any reason why we can't technically continue to have these integrations and extend these integrations. And on top of that, the value of the platform is based on. And so we'll continue to push and focus on being able to, embrace these kind of third party integrations to continue to extend
the value of the platform.
So everything you need is available through open APIs today?
Yes, APIs and standard. So, log standards, log format standards, just log formats and things like that for data collection as well.
I think it's important to understand that the customer has a big say in this as well. Because the customer wants to benefit invisibility across all their security, vendors. So typically, you cannot go deploy a SOAR. Without getting a customer to buy and then signing up to be able to integrate with what's on their prem and on their infrastructure.
Understood. Okay. Thank you.
Our last question will
but a question for Lee. I'm wondering on the product side, one thing I think the SIEMs and the SARS have been very complicated to install and you look at customer counts in these areas have been pretty low. I'm wondering given you have a very large customer base larger than any of the kind of modern security companies here how do you make this really lightweight, between application framework, your cloud SIM and SOAR make it easy to taking the customers who have found these technologies too complex. Is there something you can do from a product or deployment perspective that might be different than what's been done in the past?
Yes, I think there's a couple of things that we will be focused on. One is, you know, very similar to what we've done across the rest of the platform. We will be very focused on continuous improvement and how we can, make this simpler and simpler for customers to consume and use this. The application framework is designed to be able to, enable and simplify the consumption of security applications and we'll leverage, that over time as well. The second aspect is through partnerships.
We've
We
have a great set of system integration and MSSP partners, many of which we believe will be very interested in partnering with us with Demisto as a key component of their service offerings, which, of course, from a customer perspective then makes it even easier for them to consume the benefits of Demisto and the rest of what we do. Got it. Thank you.
There are no questions, I really want to thank all of you for joining us. I can't reiterate how excited we are about this acquisition and how We believe this is going to become a significant part of us being able to build the future of security with a lot more AI and a lot more ML and a lot more automation. With that, I want to thank you and I look forward to talking to all of you next week.
You may disconnect your phone lines and have a great rest of the week. Thank you.