Please welcome Kelsey Turcotte.
Good morning, everyone. Thank you very much for joining us. We really appreciate it.
In order for you to
have the opportunity to review the very small language I'm going to let you read while I give you some
give you a little bit
of background. First of all, welcome to Investor Day 2017. We really appreciate this opportunity to spend this morning with you. Mark will have the opportunity to go over the agenda. I'm just going to give you a few little factoids.
There will be a break in the middle of the presentation. Please take advantage of the beverages and food on either side. Logistically speaking, for those of you who need the restroom, they're half a level down, and the team outside in the lobby can help you. So I think I've spent enough time on the legal and we're going to do a little video and then get things rolling.
Security has become a colossal topic in society. Security's role has shifted away from being considered a business inhibitor to becoming an amazing business enabler, but only if it stays ahead of the technology and advances made by cybersecurity attackers
And with the 8.0 release, which is the biggest release In the history of the company, we've done some really amazing things.
This is beautiful, you guys.
I have to tell you, this is the front. The back is
I'm very proud to be the one that everybody is looking up to as a company. And I think we've given them a lot to look up to today, but this is just the beginning of 2017. Wonderful. And 2017 is going to be a very, very big year for us and you're going to see a lot of new innovation and major changes to the way you do cyber 3rd
party partners that are part of the application framework, we think
that this is phenomenally powerful.
Navigating Digital Age. This is kind of a how to guide for senior executive boards of directors, government officials on how to think about cyber In a non technical fashion. Palo Alto Networks P8 and W, we've been acquiring customers at a very rapid rate and then growing them after we acquire them from the wallet share expansion.
Girl Scouts can now earn a badge for cybersecurity.
That explains why there's a mysterious $7,000 charge on your credit card for Thin Mints. Please welcome Mark McLaughlin. Good morning, everybody. Thank you. Appreciate that.
Thanks so much for taking the time to be with us today. We know your time is super valuable. We hope to be as efficient and productive today as possible. And we know there are a number of things on your mind in security in our business and we're going to do as much as we can today to help answer all those questions. And to help me do that today, I have a whole bunch from Palo Alto Networks here with me and I'll go over the agenda.
There's lots of other folks from Palo Alto Networks here as well, who will be at the breaks and happy to talk with you and answer any questions that you have. So from an agenda perspective on what we're going to do today, I'd like to kick it off To talk about what's been happening in security and I think of those in terms of evolutions and I'll describe that in just a few minutes' time. When we talk about the platform advantage we have, the distinct highly competitive platform advantage we have in serving those security evolutions, how we continue to disrupt the security market, how we have done that in the past and continue to do that today and intend to do that into the future and how with that distinct platform through these evolutions, we're solving the customers' most important needs. And of course, we'll discuss how we do that a financial framework perspective and we intentionally left ample amount of time at the end for questions and answers as well because I know you have things on your mind we'd like to talk there. So let me just start off at a very high level for a minute on just how we view the company at a glance.
We think Palo Alto Networks is the primary winner in security now and it's going to continue to be the primary winner in security into the future because we see ourselves as having a company that is serving a very large and growing continually growing total addressable market With a unique platform that has significant technical advantages, not only today, but into the future, it's very resilient that way. Has been able to acquire outsized market share gains and we intend to keep doing that into the future with super happy customers, world class customer satisfaction and all inside a framework where we're committed to deliver growth and profitability along the way as we continue to scale the company. The setup for doing all that of course is we're in the digital age, we all know that. We know that digital is so important for society and for all the productivity that underlies the digital age. And the people really have to trust that.
We know we don't have to go into a lot of detail on this trust continues to erode over time. We can see it all over the place in financials, in the media, in healthcare, now even in elections, just to name a few areas where we continue to see that trust erode. And into that breach, steps piled the networks. About 10 years ago with this mission statement, which is to protect our way of life in the digital age by preventing successful cyber attacks. That's a mission statement we've had for a very long time and a mission that we'll continue to have for a very long time because it's important.
It's meaningful today. It will be meaningful in the future and it gets people really jazzed and that's why we get some of the best talent in the world to join the company because they know they're doing something important not only today but in the future for society. And with that mission statement in mind, we've been able to serve a very large and growing total addressable market currently at about $19,000,000,000 expected to grow to about $24,000,000,000 in 2020 and we'll dissect that during the course of the day for you a little bit more. But a large and growing addressable market opportunity with that mission to do something very important in the digital age with security. And with all the anxiety and security that we see in the past, every day today and we expect in the future, been a healthy market in security.
I don't see any reason why that should change as security gets more important and more complicated on how people digest it over time, something that we're trying to fix, but it should drive a healthy market from a customer perspective trying to solve these problems. Let me talk about the problems. I'm just going to mention the 2 biggest ones in security at any time that we've been looking at security and these evolutions over a decade back or a decade forward. And the first problem is that you how do you do increasingly better and better and more automated prevention, Very important, when the adversary is increasingly automated themselves, very sophisticated, simply because the cost of compute power keeps going down. The adversary takes advantage of that.
They're doing a lot more, a lot faster, a lot cheaper and a lot more sophisticated and they are extremely automated, right? So the first problem is how do you do increasingly better prevention against an increasingly automated adversary? And the second thing is then how would you do that with a completely broken consumption model and security where everything is very disparate, There's 2,000 vendors, it's very complex and there's tons of innovation happening which is good, but how do you actually consume that innovation in a way where the consumption itself doesn't cripple you from an operational perspective. So highly automated prevention and consumed in a way that doesn't kill you, right, if you're half the person who has to operate these things, right? And that's what we've been up to.
As a company, what we keep doing is deliver highly automated, orchestrated, leveraged prevention capabilities, which are going to be better and better and better. We've done that in the past. We're going to keep doing that in the future. And doing that in a way where the consumption model is continuously disrupted, so it becomes easier to consume the innovation Without swamping, the environments are requiring yet more and more people to run more and more stuff. So those are the 2 main issues people are dealing with and the 2 things that have if you want to be successful in security.
And that's led over time to the drive for platforms. Everybody talks about platforms. It's important and it's true. Platforms actually matter to bring automated prevention and better and better consumption models to the market, right? And in those platforms, the architecture really matters.
It's super important about do you think about these things and how do you build them because that's actually how you deliver automation and orchestration and leverage and how you dramatically change the consumption model in the process. You don't slap stuff together, right? So architecture is super important. We believe we have a winning architecture. It is purpose built from the ground up starting 10 years ago and we continue that today and how we think about that, but we really care about the not losing our way or losing our sight on how that has to work in order to be successful for customers in the future.
So with those things in mind about what are the problems we're trying to solve, we'd say that security has moved in evolutions over the last 10 years and I would expect them to continue to do so into the future. And each one of these evolutions is very important in and of itself and I'll describe them to you, but each one is very important in and of itself and each one is self reinforcing for the next one. And we would also posit we invented each one of these evolutions and we're the leaders in each one of these evolutions, which provides us a very significant competitive advantage technically and in the market because they are self reinforcing. So I'd like to describe them to you quickly, I'll do that technically. And then I'd like to come back to them actually from a business perspective is what it means for our business today and into the future.
So in order to understand those three evolutions, we have to go back to the beginning in time, if you will, from a security perspective understand one basic point in security and that's the difference between an attack and a successful attack. And the difference between an attack and a successful attack is a successful attack actually has to do a number of things right, right? So if you're a security practitioner, The parlance on that would be there's this thing called the lifecycle attack or the kill chain of attack, right? And the attack has to do all these things correctly in order to be a successful attack as opposed to just an attack. So for a very long time, it's been a very good idea, which is how can you interdict the everywhere where it has to do something right as fast as possible at any point you can in order to get to the end before it gets to the end and prevent it from happening.
Or if you couldn't prevent it from happening, understand it super fast and to distribute that new knowledge as fast as possible everywhere. So while there might be patient 0, There's not an infection everywhere, right? So that's been a basic idea in security for a long time and it's a very good idea. It's a philosophy that has a lot of legs to The problem is that in doing that from a prevention perspective, it really got delivered over time as many, many disparate things point solutions There's still a proclivity in the market to do that. And the problem with that was back to the 2 things I said, there's no automation in that.
And over time, The consumption model actually gets worse. It gets more complex, which is counterproductive to doing security from an elegant perspective, which is what is needed in the market today. So that led to the first evolution, which we invented about 10 years ago, right, which is at the network security level, just the network I'm talking about now. Network security back when perimeters were very contained and everybody understood that, right, it was all nice and neat. And that was where we proved that all the attack interdiction best of breed capabilities that had been in the market and very important from their capability perspective, but were delivered as disconnected point solutions could actually be natively performed and delivered in a single platform, mostly from the cloud, which would bring lots of automation, lots of orchestration and lots of leverage, the bigger and bigger the customer base got over time and would significantly improve the consumption model.
So better prevention and a way different consumption model where in essence we subsumed entire industries into the platform at the network security level to drive the first evolution to get better prevention and different consumption. Then about 4 years ago, we introduced the 2nd evolution in security, which really is defined by consistency. So if you could do security the way I described, you could do high degrees of automated, orchestrated leverage prevention where you get better and better and better. We believe 4 years ago and we're sure of it now that you have to consistently apply that wherever data is going to be residing or computed or moving. So if I simplify that and said that might be in your network sometimes, Sometimes it might be an endpoint in IoT devices, sometimes it might be in the cloud.
Cloud may be in AWS, it may be in Google, it may be in Azure, it may be in a hybrid environment, it may mean a third party SaaS application. But the point is data is going to move, right? So the consistent application of those highly automated Orchestrated Leverage Prevention to be delivered exactly the same way wherever the data is, we think is increasingly important in the second evolution Because customers understand that if it's inconsistent, that's complexity, right? So we spent 10 years of time at the customers On the first evolution of saying complexity is not your friend, right? So I think many, many, many of them understand it now even though a lot of them are just working through that today.
They don't want to drive the inconsistency of security posture and outcomes wherever data may be as it moves to endpoints in cloud because that's just more complexity. So don't replicate that network problem again horizontally with more complexity. Let's have a consistent approach to prevention. And of course, along the way, we'd assume that your consumption model would also get better as well and be more simple over time. And that's the 2nd evolution we invented about 4 years ago and brought to the market, it's doing well.
I'll talk to you a little bit more about that in a second. And that's been the setup for Evolution 3, which we brought to the market recently at our Ignite user conference we call the application framework. And the 3rd evolution takes a massive number of our security capabilities that have been deployed in the network and growing very quickly in endpoints and growing very quickly in the cloud environments And the petabytes of telemetry that that's been producing over time and growing at exponential rates because the customer rate of Adoption is growing so quickly, puts them in our data lake, applies very sophisticated analytics and machine learning as we've done historically with many of our capabilities like wildfire and Mira will talk more about this later on, applies it to the data to do predictive and proactive analytics to give highly sophisticated preventative and proactive security answers. And answers in this case again is prevention, right? So it allows algorithms to be run against that huge data set with the answers from the algorithms automatically enforced on everything that has been deployed.
Okay, important point back to prevention and disruption of the consumption model so that you don't have to deploy more stuff, right? Now that is a big deal to get that right because it brings highly automated prevention in workflows, whether it's our capabilities or some third party capabilities, And in a way which completely disrupts the consumption model for the positive, which is very different in the next decade than it has been in past decade about how do I get all this innovation and security, right? So really kind of harmonizing the dissonance problem in consumption, which is there has to be tons of innovation in security because the adversary is moving so fast. No one company is going to be able to innovate and invent all the innovations that are required for security. We certainly don't think we can do that.
No security company has ever proven they can do that. No security company has bought many companies and cobble together to try to do that in any successful fashion. So how do you harmonize that dissonance, which is there's going to be a lot of security companies you're doing highly innovative things. But how do I actually use that to get automated prevention and consume it in a way where that next vendor I bring on board doesn't kill me from a complexity cost people perspective, right? And we've been laying the groundwork for the application framework for a number of years now.
And we've done a number of things to prove this so that we would have the confidence to stand up Ignite and launch it and bring it out to the world. Let Let me go through a number of things that we've done from a proof perspective. And the first thing is we did was we did a couple of applications, The first application that we put into the application framework is called Mindnub, which is a free open source we developed, we gave it away to the community. We have over 1200 customers using it today, growing quickly with over 150 sources of data. And what MindMeld is, is it can aggregate and normalize lots and lots and lots of threat intelligence streams automatically.
So it normalizes automatically and then can feed it into the data lake. So it can be ingested very simply, automatically from a machine language perspective. So a great source of threat intelligence coming from our customers where the Then the second one was auto focus, where we said, let's write an application into the data lake with the idea that we can take the data, the threat intelligence data and make it very valuable primarily for like SOC analysts so that they could be more productive because we have to get people out of the equation, make them more productive. So can we do that? And is it valuable enough that we can actually monetize So can we monetize an application through this framework?
We'll do one ourselves. We intend to do a lot more. And the answer to that is yes. I'll get into that a little bit more in And the third thing we did was with our LightCyber acquisition, which is one of only a few acquisitions as we know that we've done over 11 years of time because on the architecture we believe that for it all to be automated and all to be live original or orchestrated, We usually have better chance of doing that when we're building it ourselves, not because we're arrogant, because we know it works together. But one of the few acquisitions we did was a small company called LightCyber, which is a behavior analytics company and they have a great algorithm to do behavior analytics.
Like many of the innovators in security of these small companies, If you want to use it as a customer, they would sell you hardware, right? So I need to get the visibility of the data from algorithm to work on and then need to enforce the answer. So please deploy me everywhere, right? So we wanted to prove a point, which is could you take a really great behavior analytics algorithm engine, take it out of the hardware, write it as an application through the framework so that the algorithm can be applied to everything that's already been deployed, whether it's hardware or software agents that are in the cloud. And the answer to that is yes.
So that was an important proof point for us as well. And then the last thing we did was we said in order for the Application Framework to be as best as it can be and the applications running on it to be as great as they can be, It really matters to have a lot of data and the right data and Nir will talk about what we mean by that in a second. And today it's pretty cost prohibitive for customers to log a lot of data just the way the market is in the architecture. So our very smart engineers invented something called the logging service, which we just released, which is a way for customers to log massive amounts of data in a very cost effective manner. So they're going to be incented log a lot of data so that you can have the applications with the algorithms run against the biggest data set possible to make them better and better and better over time.
The application framework, the 3rd evolution, we think has positive impacts for our business. I'll describe those as push and pull. And from a push perspective, increases our addressable market opportunity, which I'll describe in just a second. We are going to develop our own apps we're going to sell them to people like we've done with auto focus and LightCyber coming through the application framework and we will monetize third party applications from other providers of increasing the business from the application framework. And the pull aspect is probably best described with this note I have from a G1000 CIO after I spent time briefing him on what the application framework is and this shows a sense we're trying to solve for customers with automated prevention and consistency, right?
So if you could consume a lot of innovation in a very simple way without having the umpteenth vendor where you have to find them, test buy them, run them, deploy them, maintain them, hire the people to do all those things. It's actually a really big deal if you can have these automated work streams in a very simple way. So this customer has gave me this feedback. I didn't ask for it, sent me a note the next day after hearing it. And I clearly thought about it overnight and said all these things, The pull aspect from our business though is the important point which I highlighted at the end, which is if we can eliminate those hurdles, that makes you the preferred source for everything.
What's everything? It's the network, it's the cloud, it's the endpoint, it's where you enforce all these decisions. So we expect over time if we get application framework, right, which we will, that it would pull through other things that we already have in the market from a services and hardware so that people can get the most value from the applications running on top of the application framework. So if I step away from this technically for a second and look at the business, what we've been doing over time is through these evolutions, they've all been growth drivers for our business where we keep layering in the way to bring these innovations to market to solve these problems of automated prevention and disrupting that consumption model. And each one of them leads to bigger and bigger opportunity sets.
And very important, technically, each one of them is self reinforcing where the Next one builds on the previous one and builds on the previous one, which continues to give you an architectural advantage over time. So if you look at this from a market perspective of what the opportunity is, if I dissect that other TAM I showed you a little earlier, the first evolution was really directed towards network security. The addressable market opportunity there is large and growing and our capabilities can service everything in this addressable market opportunity as we have been doing for some time. The second evolution on the consistency portion moved us also into the endpoint, not because we're trying to get addressable market opportunity, that's great of course, but because it's a necessity to provide the consistency of security for every data maybe and endpoints is a place where they are. Things in security can be done better on endpoints than in network and some things in security can be done better on the networks and endpoints.
But if they actually understand each other seamlessly, that's better for sure and definitely gets better if it's in the cloud as well, but there's a seamless understanding and capability set. So increased our TAM by about $5,000,000,000 in the second evolution by moving into the endpoint space. And the third evolution increases the TAM further by about $5,000,000,000 as well, because now we can address additional security things that are happening in the market and we expect will happen in the market later on, either directly by ourselves and writing applications to their framework or by monetizing third party applications. And Nir, when he talks about this a little more Technical detail give you some sense of what all those use cases are that look like to help us drive this increased TAM opportunity through the 3rd evolution in the application framework. Now of course, all of this only matters and all starts with customers.
What do we have to do is we have to acquire customers. We want to get as many enterprise customers as we can. We've been very good at that. And then we want to increase our share of wallet with them over time by selling them more more of these capabilities as they understand and accept the evolutions where we're very often the teacher is the way things should be done time, but they continue to understand these evolutions and adopt them as things that will matter to do automated prevention and a better consumption model. So we've done very well in both regards of landing and expanding into the customer base.
New customer growth is you can see is very about 42,500 customers now and continue to add lots of customers, thousands of customers every quarter. And we know a number of things about the customers which are really Happy then if you're trying to increase your wallet share. The first is they buy a lot. Mark will go through LTV expansion with you, give some updates around what that looks but the customers continue to buy a lot of stuff. They're very happy.
Mark will give you some sense of NPS where customers sat and feedback from the customers where they are telling us, hey, we think you guys are doing the right things and they're very loyal. Our retention rate for our customer base is very high. We'll go through some of the statistics around what that actually looks like from the renewals and attach rates and things along those lines. So a large customer base that's growing quickly where our goal is to then get as much wallet share as we can from those customers for their security posture, right that they're going to have and we are helping them work through the architectural decisions about what those should look like in these three evolutions. So what are they buying from us?
Right. Well, they buy hardware of course. We've sold hardware to them. We've sold a lot of hardware to them. If you look here that this is The total value of the hardware we sold since 2,009 is about $2,800,000,000 right?
That's what we've sold out the door. Customer retention is very high. So they like us, right? So they continue to use us. So this given a lot of long term customers to sell new services to.
It's given us a great stream of maintenance revenue and it's given us a significant refresh opportunity with this kind of installed base from a hardware perspective, which we've done well on in the past and we expect to do well on into the future because our customers really like us, right? And in addition to the hardware buying, I wanted to get what we sold, I want to get in a sense of like why do people buy hardware? What drives those decisions as to hot hardware buying rate. And over our years of experience, I think it just boils down to 3 things here. The first is it's For whatever reason, it's cyclical, right?
We've seen buying patterns like this over a long period of time from a hardware perspective, which I think has occurred because of 2 other things. 1 is the timing aspect of customers making architectural decisions about how they're going to architect their environments and what the impact that's going to look like to them, what they need and want in order to secure those environments. And the third thing is continued innovation in use cases, which change in hardware all the time, right? So a use case today, if you're out talking to customers trying to sell them some hardware today that they care a lot about. For example, it's like can you do SSL decryption on the fly at a price performance that's acceptable to me, right?
Answer for us of course is yes on that. It's been yes in all the other use cases historically and that's one of the reasons why we keep rolling out New hardware devices, we've done a very large launch that you saw. So we can always address every use case, maybe the branch office use case, maybe the data center use case, maybe it's consistent cell decrypt use case, but being able to address every use case in a highly innovative way for the customers. Now in thinking about those buying cycles and how these decisions work over time, I also want to just double click on hardware for a second as to what is the growth of the hardware market. And the reason I wanted a minute on this was because it's not unusual when people talk about this market to conflate 2 things which are not the same.
The first is the growth of hardware in the market and the second is total enterprise security revenue, like what's everybody selling, right? And I see these numbers get mixed up quite often. And I think one of the reasons for that is there's no third party data that speaks specifically to the product side as to what it looks like. You'll see things that add in maintenance and support services on top. You'll see total revenue and security, some of which is hardware and support maintenance.
So here's how I think about this, which is I just go to the top players in the industry, I take their publicly reported numbers for anybody who actually talks about the product, nothing else, actually talks about the product and in Animala, right? And over time, you can see a number of things here. So the first is that in the last reported quarter for all these players combined, There was a total of $562,000,000 sold in product, right? This is hard. I don't think of that as hardware, so product perspective.
And the growth in that is about 3.7% year over year. And in that quarter, which is our 4th quarter as well, we sold $212,000,000 of it. So we captured a large share of it, biggest share and grew about over 11%, right. So if we let's go back further, right, and say, okay, rolling 6 quarters backwards, right, And take a look, there's $3,200,000,000 roughly of products sold by these vendors in the market that grew about 3% year over year. And again, in those cases, we sold over $1,000,000,000 of what was up for grabs, if you will, with about a 12% growth rate far in excess of the market compensation.
If you go back a bit further through these cycles, these buying cycles, right? If you go back rolling 8 quarters, there's been about $4,300,000,000 sold by these vendors. It's about a 7.4% growth rate and we sold close to $1,400,000,000 of it. So again, the largest from a share perspective and also growing well in excess of the market Like they roll in everything that they have into a security number, right? So if I put them on the chart without being able to dissect the hardware portion of this and just giving credit for everything that they have, right, we would have seen In the last quarter, they just reported that all of their security revenue, which includes all of their hardware, all of their services, everything they bought over $4,000,000,000 of acquisitions in the last 4 years they publicly reported and threw it all in there, it's 3% growth, right?
So me that would indicate probably their hardware business is going backwards, but I don't know because they don't report that, right? So that's why they're not in this chart. I just want to get a kind of sense of the difference between total revenue in the market, which I'll pump there, right, and what the hardware market looks like and why and how buying decisions are made over time because I thought that might Okay. So let me back up for a second to come up. And a lot of customers, we're increasing customers at a rapid rate.
We sold those customers a lot of hardware. In addition to that, We've also sold them a lot of subscription services over time, right? Some of those are attached to the hardware, Some of those are not attached to the hardware. We have more and more than that are not, of course, but they all matter in description services. So and we're doing that because we're increasing our attach rates, we're increasing our penetration rates and Mark will talk to you about what those look like.
We keep launching new services as well. And in fiscal 2017, Our billings for subscription services as you can see was $867,000,000 growing about 30% year over year. Let me get a little more granular inside the subscription services bucket as well and some of the newer stuff that we've done, right. I'll talk specifically on Evolution 2 in the endpoint And in the cloud, where we've been growing well for over the last 3 or 4 years or so, when we brought that definition into the market is something important in the second evolution that's contributing more and more to our business. So you can see from a customer perspective, customer count is growing well.
We ended fiscal 2017 with over 1400 Traps customers. We also ended in our cloud business, which is our VM Series plus Aperture to solve cloud security problems over 3,500 customers as well. Now in addition to the customer count, we ended our 4th quarter in 2017 on a billings run rate of over $140,000,000 of these of cloud and endpoint combined, that's about equally split between the two of those things. And the growth rate on that is about 90%. So a very fast growing business contributing a decent size and growing amount into our billings for non trash subscription services.
Now if I jump ahead for a second, the 3rd evolution which is already beginning to deliver for us and we think this will be a driver for us into the future as well. If we look at that application framework and the way it's going to work with our applications through the top of it and monetizing third party applications To the top of it, we have one example of an application we wrote to prove a point earlier I said about how do you actually make threat intelligence valuable can you monetize that? And that's auto focus, right? So that's one application in the application framework where today we have over 300 customers using it. So $15,000,000 with a growth rate of over 85% for that one application.
Now if we think about the application framework And in the future of how many applications will run through there, some of which will be ours like LightCyber coming shortly, plus many, many, many, many, many third party applications and we'll get into who's writing applications for us right now and our ability which we we will be able to do over time to monetize our 3rd party applications in addition to ourselves. We expect that to drive some significant growth for us over time into that subscription services bucket, as well as our mix of our business continues to go in that direction because we're driving it there through these evolutions. So if I come back up for a second and say back to these evolutions, we've been the inventors of these major evolutions over time. That's been increasing our market opportunity consistently over time. We've been delivering new capabilities to continually capture more and more that market share into our large and growing installed customer base.
We're going to keep doing that into the future. And we think that we're doing that really well because we're really the only true platform in the market that does highly automated, orchestrated leverage prevention with continually disruptive consumption models. And then we can see that into the results. So here I will flip gears from what I was showing you on the product side and say on total revenue, right? All this goes into total revenue and other companies report their total revenue for security.
And we can see that in our 4th quarter, We delivered a lot of revenue at very high growth rates relative to the market and all of the competition. So we've been able to do this growing faster than the market and the competition at significant scale consistently now and we expect to be able to do so into the future. And we're doing that inside our growth and profitability framework where we have our innovation and disruption, right? That's what we're doing with this framework. And developing in this framework which we've discussed before and which we're committed to and we're executing against it, we've balanced a number of factors.
On the top line, we have to balance what do we bring to market? How do we market all these evolutions and educate the market on what is actually insecurity and how security should be done over time? And on the bottom line, we have to look at things like how do we prioritize these investments? How do we drive continued leverage in sales and marketing? How do we hire and train hundreds of employees to support the growth in a high quality manner?
And how do we get the customer support organization and mechanisms to keep our customers So very happy with customer sat and MPS scores that are off the charts among other things as well, which is why we developed the framework in the first place to give us that ability so We can balance these decisions over a long period of time. And Stefan will talk a little bit more about this. One change to this we wanted to highlight here which is of the free cash margins used to be 25%, 30%, but not down to on the top end, right, because as the business moves more in the subscription services way, We don't expect that to be the case, right? And Stefan will get into some more detail around that. But we're committed to this growth and profitability framework and delivering against it for a while and we expect be able to continue to deliver it against the future as we march the market through these evolutions as the leader.
Allow us to say that I think we've had been and will continue to be the most disruptive force in security. This is something I use with our team internally all the time. We have been the most disruptive force in security. We believe we are the most disruptive force in security and we're going to continue to do that because we have the only real platform that actually delivers on the challenges of increasing automation to do increasing prevention and increasingly easier consumption models. So I'll end where I sort of started, which is at a glance, right?
What does all that mean? We think we've got a great company here, one that is serving a very large and growing addressable over time with very significant competitive technical differentiation that is getting reinforced Through the evolution, you can't have evolution 3 if you didn't do 2 and you don't get 2 if you didn't do 1, right? So that competitive differentiation keeps growing over time technically as well as our abilities in the market. We've been driving outsized market share gains. We expect to continue to do that in the future with a very large and happy customer base that we're able to sell more and more things into as we develop these capabilities and doing that continuously framework that delivers both growth on the top line and profitability on the bottom line.
So with that, I'm going to thank you for giving me some time and I'm going to
Thank you, Mark. Good morning. Mark did a great job of talking through the 3 security evolutions and why they're so important. It's interesting. We initiated that first evolution over 10 years ago with the introduction of the world's first next generation firewall.
And since that time, we've completely transformed the network security market. Along the way, we figured out how important it was to be able to provide consistent security everywhere that applications, users and data need to be secured, and that became the foundation of the second evolution and the focus on endpoint and cloud. And More recently, we realized just how fundamentally broken the consumption model is of new security services and have embarked upon the 3rd security evolution. And only with our unique approach to the next gen platform Is this even possible? Are we able to enable and drive these security evolutions?
And so I thought it'd
be valuable if today I
spent some time driving both what that approach is and what we're doing to drive continuous innovation and focus in the platform to drive these evolutions forward. Now to set some context, to be really good at security and to and our definition being to successful cyber attacks, there's a few things that have to be done and have to be done very well. You have to start with visibility because you can't secure what you don't Based on that visibility, you have to then reduce the attack surface down to something that can actually be secured.
And you
do this by through control mechanisms. That sets up the ability to then prevent everything that we already know to be bad and malicious, which then is the foundation of detecting and ideally preventing attacks we've never seen before. And very importantly, These four core elements build on each other, meaning you can't do anything if you don't start with visibility. Then you have to reduce the attack surface because without that, you're not going to be able to prevent what is already known. And if you don't do that, you don't set yourselves up for the ability to then new attacks and prevent them.
And so these are self reinforcing, highly integrated when done correctly. Now at the same time, There's a lot of capabilities that are required in each of these four elements. If you just look at visibility, you have to understand all applications, all users, all devices, encrypted traffic, SaaS and endpoint and cloud and mobile and all of that is just to get visibility and all really important. And the number of capabilities only grows over time. It doesn't shrink.
It's more and more we identify the next capability we have to deliver and then the next capability. But perhaps most importantly, because security is so important, each of these capabilities have to be really, really good. And because of that, there is this misconception that you need to deliver point products for each of these capabilities. At least this is what the market would lead everyone to believe. If you want to be really good at one thing, just do one thing.
It doesn't work that way though.
Let me give you an example. Imagine if you wanted to
be really good at preventing known malware. That was going to be the one thing that you do with a point product. And this is not a made up example. There are companies out there that this is their primary focus in life. But if you weren't also the absolute best at understanding applications, users, devices, endpoints, cloud, mobile, etcetera, you wouldn't be able to prevent very much malware because you wouldn't be in the right places with the right level of visibility.
And even worse, if you weren't also the absolute best at detecting new attacks, you wouldn't know about very much known malware. Now let's illustrate this with recent examples, say, WannaCry or Petya. The way this should work is A set of detection capabilities for detecting new attacks that never been seen before ideally would detect that new malware outbreak as soon as it happened, patient 0, automatically create protection mechanisms that could then automatically be applied to everywhere the security has to happen. And if you don't automate that entire process, it takes hours, if not days, to do, which simply doesn't work. Now to add a level of difficulty to this, you have to do it everywhere.
You have to do it everywhere that applications, users and data exist and have to be secured. And this is getting harder. More and more applications are being consumed as SaaS. More and more applications are being deployed in the cloud. Increasingly, users spend time off the network, working from home, hotels, airplanes, branch offices.
And so where this has to take place is ever increasing. And so the legacy approach of every time there's a new capability that's needed, there's a new product that's acquired or OEMed or just delivered on its own clearly doesn't work. This is what you would have to deploy in one location. Imagine replicating this everywhere this security has to be performed. It simply doesn't work, which is why we've taken a very unique approach to building the next gen security platform.
This approach starts with the idea that every one of these capabilities has to be natively integrated together in order to get the leverage. And then it needs to be automated such that everything that one part of the platform learns immediately is shared with every other aspect of the platform. And it has to be prevention focused, because in an automated world where adversaries are sophisticated and automated in their attacks, prevention is required. Manual detection response simply cannot scale. It has to be consistently applied because attacks will find their way to the least secured part of the infrastructure.
And very importantly, it needs to be flexible and extensible. And increasingly, it needs to enable a completely different consumption model. That is our approach to the NextGen security platform. Now we have to translate that then into a set of products and services that our customers can deploy and consume.
And this is how
we do it. And the way to think about this is very simple. You have to be in all of the right locations where security has to actually be enforced, where applications, users and data exist. So this means the network, the endpoint and the cloud. Those locations then need to be tightly integrated with a set of cloud delivered security abilities because increasingly, more and more security is dependent on analytics and machine learning and having the ability to iterate quickly and change and transform and respond to new attacks and new techniques, which the cloud is uniquely capable of providing, but it requires data from these different locations and it requires the ability to then automatically reprogram these points of enforcement for better and better security.
Now importantly, Each of these core components has to actually be really good on their own and then made better through the integration with the other capabilities and the cloud. And so I'd like to talk through how each of these core components keeps getting better and better and then how we connect them together. And I'll start with the network. In network security, We've been an innovator and a leader from the very beginning. Starting with the very first release of our next gen firewall, They delivered a number of industry first unique to Palo Alto Networks capabilities that started the transformation of the network industry.
And over the last 10 years, we have delivered innovation after innovation after innovation. Many of these innovations are actually still unique to Palo Alto Networks completely. Others are still very unique in how we do them in very important ways. And as you can see, We continue to deliver these new innovations. And with the release of 8.0 last February, we have one of our biggest releases in the history of the company, continuing to drive this innovation forward.
Now I'd like to share with you 3 really important innovations we delivered recently, Starting with hardware. Hardware is still actually very important. Bandwidth requirements continue to go up. New use cases are driving increasing bandwidth, more and more traffic is encrypted with SSL and needs to be decrypted in order to be secured. All of that is driving load and capacity requirements into the network.
And so with these next gen firewalls, this new hardware that we released, We really pushed the envelope on all the different hardware technologies that we bring together and integrate into these different platforms. In order to drive orders of magnitude improvement in performance and capacity with a focus not just on total bandwidth but also a focus on SSL decryption as one of the key use cases that we're seeing more and more of our customers adopt and understand the need for. Now 8.0 was a very big release from a software perspective as well. In fact, our customers have embraced it with over 20%
of the now running 8.0.
1 of the key security capabilities we added as part of this release with a focus on how we can leverage our location in the network as an identity enforcement point. This is really important because when you look at how attacks have evolved over the years, identity and specifically Credential theft and then the reuse of stolen credentials to log into sensitive systems and steal data has become more and more prevalent. And we can help prevent that. We start with a number of new innovations that focus on how we prevent credential theft in the first place. 1st, leveraging machine learning tied into our URL filtering capabilities second, with the ability to actually inspect traffic and prevents enterprise credentials from passing through the network out to the Internet where they're not supposed to go.
Very innovative, very unique to Palo Alto Networks. Now at the same time, we always have to assume that we're never going to be perfect. I'd like to believe we're perfect, but we always have to assume that we're not. So what happens if credentials are stolen? Well, interestingly enough, this is something that everybody in the security world actually knows what to do about this.
It's called multifactor authentication. Do not allow a username and password to ever be enough to log into important system with important data on it, have one time passwords, swipe the phone, tokens. There's lots of technologies for this. The Problem is for a lot of applications, it's very difficult to integrate multifactor authentication into the application. I've talked to customers that say they have projects that span months, even years to do this for a single application.
And most enterprises have 100, if not thousands, of applications. And so we did something very interesting in we turned the next gen firewall into an identity enforcement point where we integrate once with the identity infrastructure and then reuse that integration for all of the applications that we're protecting, whether those applications are sitting on premise or in the cloud. Customer feedback in this has been tremendous. 3rd, I want to talk about the GlobalProtect cloud service, which we announced recently and actually just made available this week. So we're very excited about that.
Well, I want to set a little bit of context for this new service. Many, many years ago, we recognized that more and more users are spending a lot of time off the network, and they're accessing more and more applications that were also not on the enterprise network. Were deploying public cloud and SaaS and other things like that. And as that happens, more and more enterprise traffic moved off the traditional network, Okay. Now when we looked at that, obviously, there's it has implications relative to how you secure the application.
I'll come to that later. But how do you secure all these users when they're spending more and more time off the network? And the answer was GlobalProtect. We introduced GlobalProtect over 6 years ago. And since that time, our customers have been adopting GlobalProtect.
Initially, People weren't quite sure just how important this was going to be. But more recently, it's become very apparent to base how important it is to secure these users regardless of where they're located, whether they're on the physical network or off the physical network. And as a result of that, we've seen a lot of success with GlobalProtect. Today, we're serving over 5,700 customers with GlobalProtect. And maybe even more exciting is that in just the last quarter, we added over 700 new customers to GlobalProtect, our largest quarter ever.
Customers are really understanding the importance and the value of this important service. But many of them have been telling us, This is great, but I would like to be able to consume this as a service as opposed to having to deploy it and operate it myself. And that was the impetus behind the GlobalProtect cloud service. Same security capabilities as GlobalProtect and we continue to offer GlobalProtect for customers who want to deploy and manage it themselves, but for those that don't, we now offer it as a service, one that we operate on their behalf. This will give our customers even more deployment options for GlobalProtect, more flexibility and more ways to take advantage of this very important component of the platform.
Now switching gears to endpoint. This is another market very much like the stateful inspection firewall was over 10 years ago, there's another market that has been ripe for disruption, largely based on the fact that the legacy vendors in this space all started with a very simple, yet now clearly faulty assumption that for every piece of malware, you can write a signature. Now in reality, this was true at one point in time. It's just not true anymore is the problem. And so let's dissect this just a little bit.
So if you think about how attacks happen on the endpoint, certainly, there's still a lot of commodity malware out there. And You can approach this from many different ways, but
you need to
be able to stop traditional malware. The reality though is malware has evolved significantly. It is increasingly polymorphic, changes rapidly, many cases automatically. It's increasingly targeted, meaning you're not going to see it show up millions of times around the world. And frequently, it's delivered in new formats, not just executable application for Windows, showing up in the form of malware and macros and scripts and DLLs and other kinds of formats.
This is largely what The next gen endpoint vendors have really focused on is how to deal with this adapting malware on the endpoint. And it's really important. In fact, it's something that we focus a lot on. I'll show you that in
a second. But it's not the only thing that you need
to do on the endpoint. Increasingly, attackers are leveraging vulnerabilities found in operating systems and common applications to change the delivery mechanism malware. And in some cases, they found ways to not even use malware to carry out an attack on an endpoint. And so attackers actually get to pick and choose these different techniques in order to be successful with their attack. So you have be really good at covering every path an attacker might take.
And that is why our approach to this is very unique. We start by focusing on malware, not just the traditional malware, commodity malware, but polymorphic and targeted and new forms of malware with multi method prevention for different kinds of capabilities that are necessary to brought to bear. Some of these are very specific to the endpoint. But some of these leverage the full power of the platform and what we learn from the network, what we learn from the cloud and what we learn when our cloud deliver services like wildfire.
Then we complement that
with multiple methods of prevention for vulnerability exploits. And here we take a very unique approach. We focus on the techniques that attackers use, which do not change very frequently. It's very hard to do, but they don't change frequently, which allows us to get ahead of the attackers. It allows us to not only prevent vulnerability exploits that we know about, it allows us to prevent attacks we've ever seen before because we take the tools away from the attackers that they would otherwise be dependent upon.
And then we continue to iterate and execute on this strategy. Around this time last year, we introduced Trap 3.4, A very important release in our focus on endpoint security because with this release, is the first point where we could really stand in front of customers and say, we can replace your legacy AV. While providing all of these new great capabilities, we also replace the legacy capabilities you have as well. This is important because customers don't want to keep adding to the endpoint. They want to be able to replace something when something new and better comes in.
This spring, we released 4.0, a lot of important capabilities. Probably most notable was the inclusion of macOS support. This allows us to secure more and more of the endpoints on enterprise. And then most recently, just a week or 2 ago, we introduced Traps 4.1, a number of new and very important security capabilities, extending support with some new exploit techniques that focus on the kernel, new ransomware behavior modules that enhance our already really great prevention capabilities for ransomware and support for DLLs, which I don't blame you if you don't understand what that is, but it's a new way of delivering malware that we can now prevent as well. So through this iteration and execution on the endpoint, This is what has allowed us to really drive the customer adoption forward.
And as Mark said earlier, we now are proud to serve over 1400 customers with Traps and growing at a very rapid rate. Now we switch to cloud. First, a little context of what's happening. So many years ago, you rewind the clock far enough, this is what a typical enterprise network looked like. Applications were deployed in the data center.
Users worked in the campus environment on premise and most of the traffic went from users to applications and back and forth. Is a little bit of traffic that connected out to the Internet. Fast forward to today, more and more applications are deployed in the cloud, More and more applications are consumed as SaaS applications. And this drives a couple of really important trends. First, you'll notice that the amount of bandwidth has both increased, but it's also shifted.
I mentioned before the importance of the new hardware platforms. This is one of the key reasons for that. As the shift to the cloud actually drives increased bandwidth load across the infrastructure. In addition to that, the vast majority of
it is encrypted with SSL. It needs
to be decrypted and secured. So that connects the dots back to the new hardware models and why they're so important. At the same time, what you'll notice is applications are now showing up in lots of different places, which drives the need for consistent security. There is no one cloud. There are many clouds And customers use many clouds to get a diversity of capability and a diversity of location and uniqueness that they need.
And so what this has resulted in from a cloud security perspective, starting with public and private cloud, is our approach. Our approach starts with consistent security. You have the same bad guys going after the same applications for the same reason, you need to have the same security. That needs to be applied everywhere. And to do that requires that we support a diversity of clouds, different private cloud environments, different public cloud environments, all with consistent security.
You can't just do security in one place. You can't do security different in every different cloud environment. It's operationally impossible and it's not very good from security perspective. 3rd, you have to support the way the cloud scale. Yes, Things still scale vertically, meaning when you need more performance, you get something bigger.
But more and more in the cloud, you scale horizontally. When you need more capacity, you scale up. We need less capacity to scale back down. This is natively built into our VM Series for the cloud. And lastly, in all of these environments, everything's automated because that's how you get a lot of the value of the cloud.
And so to perform security in these environments requires a very tight integration with the automation tools and orchestration capabilities that exist there. And they're different in different cloud environments, which goes back to the diversity of cloud support as well. But we've enabled this and in fact, we enabled this From way back, we first built the next gen firewall by making sure that everything we did was always extensible through APIs. And so As we approach the cloud, we're able to take those APIs and extend them into the cloud infrastructure as well. That has enabled us to have a very different approach to securing the cloud, where many of our competitors have defeatured and do everything, their product in order to get it to fit into a software form factor that can run-in the cloud.
We've kept all of the same security capabilities, but then we've extended the integration points, the networking and APIs to be cloud specific. Now there's a different form of cloud for our customers, which is SaaS. So SaaS is different in that SaaS you consume as an application as opposed to deploying your applications into the cloud. In SaaS, it's important to understand that there are different ways in which these SaaS applications are consumed and used. There's sanctioned SaaS.
These are applications that the enterprise, the CIO and IT department, they specifically go out and contract with these vendors to have an enterprise contract with them. These are typically things like Salesforce and Office 365 and things like that. And with these sanctioned SaaS applications, you clearly want to enable them, but you need to make sure they're used safely. Then you have tolerated SaaS. The easiest way to think about this is a business partner's SaaS application, not yours, but theirs.
You have users that need to be able to use them and access them. But because you don't actually own that application, you do have some limitations in terms of what you're able to do. So you have to be very thoughtful and focused on how you securely enable these applications to be used. Then third, you have unsanctioned. Unsanctioned has come in many different forms.
It used to be called consumerization of IT. And then that term went away, became shadow IT, now it's just unsanctioned. But generally speaking, these are all high risk. These are users deciding that they want to go do something, usually without any regard for what the implications on the enterprise security posture actually is. And so the approach So you have to take to the how you secure these different SaaS applications needs to be multifaceted.
And for us, this starts with Aperture. Aperture is how we tie into the sanctioned SaaS applications in a very deep and granular level and how the application is being used, what data is there, how that data is being shared, whether the data is safe, whether it's sensitive, whether it should be shared at all and covering a broad range of enterprise applications that are likely to be sanctioned and highly sought after. At the same time, though, we integrate that into the rest of our platform because how we then deal with tolerated and unsanctioned SaaS applications
is through a combination of
our next gen firewall plus GlobalProtect to make sure we have consistent and complete visibility and control over all SaaS applications that are being used. And so this is yet another example where the power of the platform can deliver a complete solution as opposed to point products trying to solve individual challenges and never actually tying it back together as a complete solution. And through this approach to cloud, this has driven our success. And as Mark pointed out earlier, over 3,500 customers are using us to secure their cloud applications and growing very quickly.
Many of you have asked
For more information about these cloud customers, let me give you a couple of very interesting facts. First, What we know about our customers that they're biased to secure their cloud applications. They grow faster than the rest of the customer base, over 2x faster, in fact. What this means is when we have an opportunity to get one of our customers on to the cloud and help secure that journey for them, they are a better customer. They will buy more and they will buy faster.
2nd, we've also seen that cloud is a very important and useful opportunity to land new to the Palo Alto Networks platform, where then, of course, we get to expand into the rest of the capabilities that we have. And we've seen of these 3,500 customers, over 1,000 of them came to us to secure the cloud as the first thing they ever did with Palo Alto Networks. So in the overall strategy of land and expand, the cloud becomes a great opportunity for us to land new customers and expand. And we've seen that when we can do this, they grow faster. Now all of that comes together as how we're really focused on innovating and executing for network security, how we're doing this on endpoint security, how we're doing this in the cloud.
But very importantly, all of this then is made better and integrated together through a set of cloud delivered But I thought it'd be helpful to first set some context for that and talk about one of our really important security services that we deliver from the cloud and show you the journey that it's been on. And I use Wildfire to talk about this. Wildfire first came out a bit over 5 years ago. And this is what it looked like when we first came out with it. We could our firewalls at the time, our hardware firewalls, could send Windows executable files
up into the cloud to
be analyzed. When we got to the cloud, we could perform what we call dynamic analysis. Means you actually execute it. You see what it does. If it does something bad, it's malware.
We can create signatures. We can do this automatically and deliver those automated protections to our customers every 24 hours. In fact, this was really great functionality for our customers even when it was first released. But over the ensuing 5 years, We have made wildfire great. To start, we've expanded it such that Our endpoints, our cloud partners can all send data up into the cloud to be analyzed.
The kinds of data has extended significantly. Lots and lots of different kinds of files and other kinds of data can now be sent to the cloud for analysis. What we do with it when it arrives in the wildfire cloud has also extended significantly. Static analysis and machine learning, Bare metal analysis. Lots of different capabilities can now be brought to bear on everything that is sent to the cloud in order to make sure we have really accurate results of both what is bad, but also what's good.
And the number of protections that we can deliver When we find something malicious has also extended. In addition to preventing malware, we can block at a URL level, DNS level, command and control level, And all of these protections are automated. And what originally was about 1,000 protections per day, It's now over 230,000 protections in a typical day are delivered to our customers and they're delivered every 5 minutes. What this means is that from anywhere in the world, One of our customers sends us something that we detect as malicious, within 5 minutes, we are protecting our entire customer base. And that's happening 230,000 times a day across the network, across the endpoint, across the cloud, across our key partnerships as well.
And not only has this driven amazing customer growth with over 19,000 of our customers using wildfire today. But it's delivered an amazing amount of data that we're able to leverage as well. Since the inception of wildfire, we have collected and analyzed over 3,100,000,000
unique files.
And for every single one of these files that we've analyzed, we produce a set of artifacts or attributes about that analysis. And we have produced well over $1,000,000,000,000 of these artifacts that we fully understand both in the context of what we analyzed as well in the context of everything else that we've analyzed. Every time a new file comes into Wildfire being analyzed, we can immediately compare it to everything else we've ever seen. And the power of that has delivered over $350,000,000 protections to our customers since the service was first introduced. And so Wildfire has obviously on its own has been an amazing service, but it also does a lot to set ourselves up for the 3rd evolution, both in terms of the years of learning that we have gleaned from how to do this and how to do this successfully and how to expand over time, but also just the sheer amount of data that it has provided to enable the next set of applications.
And with that, I'd like to invite Nir up on stage to talk through that. Thank you.
Okay. Good morning, everyone. Thank you, Lee. Thank you, Mark. I'd like to pick up where Lee has entered this presentation and spend the next 25 minutes or so talking about our 3rd evolution, specifically why do we need a 3rd evolution, Why is now the right time for the 3rd evolution?
And most importantly, why is Palo Alto Networks going to be the one that leads the 3rd evolution. And I want the conclusion that we all reach at the end of this presentation to be that Palo Alto Networks is not only the best position, but probably the only company that is positioned to deliver on this 3rd evolution due to our market position due to our architecture and due to the data that we have collected, analyzed over the last 10 years. Okay. So why do you need a 3rd evolution? If you look at a typical Security Operations Center, SOC analyst.
And you pick behind your back and look at what they do as their daily job. They have consult in front of them. They have data. They go in and they search for the data. They look for attacks.
Maybe they get events that support attacks. They investigate the attacks. They come up with conclusions, with decisions. They come up with mitigation and mitigations to these attacks and then they take those and they reprogram different things in their infrastructure to stop the attacks. On the other end, we have an adversary that's growing in size, right.
More and more cyber criminals are entering the cybercrime circles every day. We're seeing more and more automation, which increases the volume
of attacks and we're seeing
more and more sophistication. So while cyber criminals are increasing Financially, the amount of data that they produce and for the analysts, the poor analyst is still doing everything manually and there is a big connect over there. And that disconnect is forcing us to lead the industry and we've been doing that for many years like you've heard from Mark and Lee to automate as many cyber security processes as possible, right? So automate the process of analyzing the data, coming up with conclusions, coming up with decisions, coming up with mitigations and taking those mitigations distributing with the infrastructure for prevention, automate that entire process. That's called analytics, right?
And we've been doing that for many, many years. 11.5 years ago when we started developing our product, We decided that unlike anyone else in the industry, we're not going to offshore 100 and 100 of engineers to somewhere in Asia so that they can look at files, analyze them manually and come up with signatures. We completely automated the process of taking malware, Reverse engineering it, coming up with mitigations, coming up with signatures and distributing those signatures to our customers. We replaced 100 and 100 and 100 of people with analytics. That was 11.5 years ago.
You just heard Lee talking about how 6 years ago when the market was deploying SandBoxes in order to generate even more work to take the sandbox, take the output of the sandbox, investigate it automatically, come up with mitigations automatically and those mitigations automatically to our customers for prevention. We've been using analytics in order to make our customers' life better in order to make them more secure over the last 10, 11 years. And I don't know if any other vendor in the industry that's even remotely close to what we're doing with a single analytics process. We have many of them today. And over the years, we found ourselves using more and more a very specific type of analytics.
There are multiple types of analytics. You need all of them. We use all of them, But there is a very specific type that we found ourselves using more and more and that type of analytics is called machine learning. And everyone in the world is now talking about machine learning and how machine learning is going to fix all the problems in cybersecurity. And engineers inside me gets really upset when I see companies talk about machine learning without really even knowing what it is and without doing the right that need to be done for machine learning.
I hate it especially when they put the word AI in front of it because AI is a specific type of thing that almost nobody is doing for cybersecurity because it's we can talk about it the other time, you just can't do that too much. Don't yes, I only have A few minutes talk about it. So I think it's worthwhile spending the next 3 minutes talking about machine learning. What machine learning is such that we can set the stage to be able to understand what machine learning needs and then be able to really determine if someone is doing machine learning or not. And maybe before that, today we have at Palo Alto Networks, we use about 100 machine learning classification models In order to secure our customers, that number is growing very fast.
We have a very impressive team of cybersecurity, machine learning, data scientists, both in Santa Clara, California and in Tel Aviv and worse spanning that team constantly, right? Let's talk about what machine learning is. Let's say you want to build a self driving car, right? You can use this additional approach of building software of having an engineer sit down and say and write a bunch of rules, right? If you see a green light, you go.
If you see a red light, you stop. If you see a yellow light, you look for police and you do your humanitarian decisions based on that. And The list is so long that a human is probably not going to be able to enumerate all the use cases and all the different cases that software that's driving a car will encounter. We need something else. So what we need is a way of creating the rules under which the car is driving in a more automated way.
So what do you do? You take a bunch of cars, you put a lot of sensors on them, you put humans in them and let them drive around the town, it happens to be the town I live in. So I see them all the time and those cars keep recording everything that they see, keep recording the action of the driver at the same time there is a lot of data there and then you take all that data and you let machines figure out from the data of what we've seen and what was the human reaction, what are the rules for driving, right? And then you take that and you let the car try to drive itself And you see when the driver is touching it and then you reinforce your learning and you get more data and more data and you make yourself driving better and better and better. This is machine learning.
Machine learning is about letting software figure out by itself what are the rules under which it needs to perform or operate rather than a human putting in those rules. And that's becoming and that's very useful in situations where you need to distinguish or you want to distinguish between good and bad, Right, because if you have a lot of information about the good and a lot of information about that, good files, bad files, good URLs, bad URLs, domains, IP addresses, network activity, endpoint activity, cloud activity and whatever it is, if you have enough information about what's good then enough information was bad and you're pretty certain that the good is good and the bad is bad, you can theoretically and practically teach machines How to distinguish between good and bad? Okay. So how does the process work? This is Very, very generalized and simplistic case.
Don't try to take that and have a meaningful conversation with the machine learning expert. But In general, you start with a very high quality data set of what's good and what's bad. There are other things that you can do as well. And you have data scientists extracting important information out of the data. That huge amount of data usually has very specific data points that are important for this machine learning that they are trying to build.
Then the data scientist chooses the right machine learning algorithms, there are many dozens of them that you need to choose from, and runs all the data through it and creates what we call a machine learning predictive model, right? This is a model, it's kind of a pre wired brain, a brain that was wired based on all this data, all the features that were extracted from the data that is now able given data coming in from a customer side to distinguish between good and bad. So you take the data, distinguish good and bad. If it's good, you do whatever you do with good stuff. If it's bad, you do whatever you do with bad things.
And then you take all that data that you collect and use that to reinforce the machine learning. So you keep that data and you make your machine learning models better and better and better. This is what machine learning is about, okay? So what are the challenges in machine learning today? The first challenge is that machine learning needs a lot of data.
If you have 10 pieces of malware and 10 pieces of benign files or 10 good domains and bad good domain names, 10 is not going to get you anywhere. You need millions, you need tens of millions, you need hundreds of millions depending on your machine learning model. You need 100 of millions of data points, okay? And we're living in a world where customers have to make very tough decisions every day as to which data they collect and retain and which data they decide not to return because the cost models of retaining security related data today is outrageous. Completely out of whack.
Most of our customers, most of the customers that we talk to end up only recording, only logging into their event logging infrastructure, The things that they already know are bad. When the firewall stops something or the IPS stops something or the end of hours stops something or whatever, they log it. That's useful information but not for machine learning. If you already know it's bad, you don't need machine learning to tell you that it's bad. You need the good.
You need everything And cost models today are very prohibitive for that. The second thing is that all these systems that customers use today to log all this information We're designed for an analyst that sits in front of the screen and looks for stuff. We call it direct search. That's the opposite of what machine learning needs. Machine learning needs data that is stored all together in one place and to process that in what we call batch processing, right, or MapReduce where you go into the data and break it into small pieces and you use a lot of processing in order to process those pieces of data and you aggregate them And it needs in line processing.
It needs to take the data coming in from customer side. And every time something comes in, you have to compare that piece of data to all the 100 and 1000 Of machine learning models that you have to figure out if it's good or bad, that's completely different than what customers use today. The architectures that they use today to store the data, whether it's commercial or an open source tool, they just use the wrong architectures. And then on top of that, if you compare the infrastructure that's required today for security analysts to do simple searches and the infrastructure that's required to drive analytics in general and machine learning specifically, The amount of infrastructure that you need is multiple orders of magnitude higher than what customers are using today. So machine learning needs a lot of data, very specific data structures, huge infrastructures and customers don't have that today.
The second thing that you need is high quality data, right? If the driver in the self driving car is going to pass red light every or 5% of the time then guess what, The machine is going to learn that 5% of the time it's okay to pass a red light. You need very high quality data. If the 100 of millions of good things and 100 of millions bad things have 5% noise in them, you're going to end up with a machine learning model that has more than 10% inaccuracies in it. How do you get very high quality data?
Well, you can't use machine learning because there is a chicken egg problem there. You need other techniques. The other techniques that we've been using and developing for the last 10 years in order to come up with high quality data and need to have a very big customer base that has been sending you all that data over the last 10 years in order to have that. You can't wake up one morning and say I'm a machine learning company today. Where do you get the data?
Okay. That's why I just don't believe a lot of these startups that are saying that. It takes a long time to do that. And then the other thing is that if you look at customers today, customers don't have data, They have data puddles, right? I met one of the largest utilities in the country last week and they are very proud about how very close they're going to have petabyte of data, the ability to capture a petabyte of data which is probably for them 2 days worth of data into their data lake.
That's on the data lake. You want to do machine learning? You better have tens and hundreds of petabytes and exabytes, Okay. Otherwise, you don't have enough data in order to do machine learning. You're not going to be accurate enough.
You're not going to have the right machine learning models coming out at the end of the the other end of it. And then the last thing that's important is that it's very hard to find cybersecurity experts. It's very hard to find machine learning experts or data scientists and it's extremely hard to find the unicorns that you need, which are Data scientists that understand cybersecurity, you won't find those. You'll find cybersecurity experts that have turned into data scientists as well, we have them. We hired them.
We trained them. We made an acquisition of a company called LifeCyber And in the year and they brought a lot of them into the organization as well. You need unicorns, very hard to find, okay? So Now that we understand the challenge with machine learning, there are 2 other challenges. So if you are 3 smart engineers who just graduated from a good university you have this great machine learning based algorithm for cybersecurity that you want to bring to the market.
Today, you need a complete product around it, Okay. Whether it's a network product or an endpoint product or a cloud product, you need to build a complete product around it. So you go and you raise $10,000,000 and you build a product and you go out to the market, whether it's an endpoint product or a data analytics product or UBA product or EDR product or whatever product it is, you come out of the market and all of a sudden you find out that there are 100 other companies that are doing exactly the same thing as you are just with a different machine learning algorithm. So you go and you raise 100 of 1,000,000 of dollars or at least $100,000,000 at some outrageous valuation to then go into the market and try to convince them that you have the right solution. Okay.
That's not scalable. We have to change that. We have to enable very smart teams of engineers to come out of the market with machine learning based detection and prevention or other kind of analytics without going through that process. And then on the consumption side, you've heard the challenges before, but there is another challenge which is a lot of these technologies are junk, But very few of them are good. And today as a customer, you have this long line of vendors in front of your door trying to sell you the technology and maybe you'll find 3 or 4 good endpoint machine learning based algorithms and you find a few good ones For EDR and you find it's a good one for this and good one for that, you can only choose one because it's so difficult to deploy today, so difficult to consume it today that you have to limit yourself to 1.
You want to use all of them. How do you use multiple machine learning algorithms from different vendors, from different innovators at the same time. So when I look at all these challenges, the fact that the world is not ready for analytics and specifically for machine learning, When I look at an industry that just can't bring innovation out anymore because of the cost associated with it and I look at customer base that cannot the innovation because of this long line that they have to deal with, I see an opportunity for disruption. Okay? And I see an opportunity for Palo Alto Networks to disrupt the market for the 3rd time and bring the 3rd evolution into the market and drive the 3rd evolution into the market.
So what do we do? We created applications framework and we created the logging service which go together And we created an architecture that turns all the very high quality sensors that we have there, network, endpoint, cloud into data collector data producers, sorry, data producers. We collect all of that into the right architecture. I'll talk about it in a second in a very cost effective way. And then we run our own applications and we let 3rd party run their applications whatever kind of applications these are, whatever type of analytics they're doing and if they're doing machine learning whatever type machine learning they want to do display results to users, but most importantly make decisions and drive those decisions into the infrastructure for automated prevention.
Okay. So let's click into some of these components. Starting with the log service, there is a test after this about all these different components. So, no, I'm kidding. So, This is what you need to do in order to do machine learning.
And if you don't have that, you're not doing machine learning, okay? So our logging service takes what customers do today, which is in purple there, right? They do direct search either with Elasticsearch or some commercial tool over a very limited amount of data and extends that to all the right technologies that process the data and also extends that with practically unlimited amount of data be stored. So you want batch processing, we use HDFS, Hadoop for that. You want direct search, no problem.
We have that. Things are not showing up well there. Sorry. It's hidden somewhere there. Just with the wrong colors.
You want you need in line processing. We have a DOP and we have Spark for that. We have HBase, we have SQL. We have all the different components that you need. And all of that for a fraction of the cost that you pay today for whatever is there in purple.
Today, for whatever example, again, something for an analyst to go and do direct search, you'll be lucky to pay a few tens of 1,000 of dollars a year per terabyte. Usually you'll pay closer to $100,000 a year, if not 100 of 1,000 of dollars a year per terabyte. Our pricing, $2,000 a year. We created an architecture that allows us to charge customers $2,000 a year per terabyte, not because We want to lower the price that they pay because we want them to use the same amount of budget that they have actually building new budget because we're not going to replace what they have today, but we want them to use a reasonable amount of money to log everything.
We don't want customers to
be in a position where they have to choose What to log into and what not to log and what not to log, we need all the data if you want us to do machine learning for you and then we put it into the right infrastructure, into the right architecture, not into a subset of it, which is well done today, but into the right things that need to be done. And then Now we have the data sitting in the right architecture at the right size at the right volume. Now the second thing we need to remember is high quality data. How do you do that? You spend 10 years of building it.
You saw Lee talking about very specific type of data, the data that comes out of wildfire. Wildfire is only one of the few things that it's only one thing of the things that we're doing. We've been doing threat prevention and URL We're looking at DNS, URLs, files, command and control, network traffic, endpoint activity, cloud activity. We have a lot of data that we've gathered over the year, but more importantly, We have created processes to very accurately classify the data. We have the right data and we are very unique at having the right data that can drive the training of machine learning models so that we can deliver them to the market in a very high quality way.
Okay. So that's the second thing that we have. And then we have all of it in one big data leak. We don't have data fuddles. We have huge infrastructure that's been collecting all the data forever.
It's now significantly expanded in order to collect all the additional data that we're going to get from customers Through the logging service and all the data, whatever type of data it is, no matter if we collected it 10 years ago or we collected it yesterday, It goes all goes into one extremely large data lake. Okay. No more data puzzles on customer premises. This doesn't work. It has to be a huge lake in the cloud, okay?
And now that we have all of that, we can let Our own engineers, right, we can ourselves run applications on top of that data, analytics application, including machine learning based applications, and we can let 3rd party run applications on top of it. What kind of applications? Many different ones. Here's just a few types of applications. And we are now we already are one application, right?
We're selling a threat intelligence application called Autofocus. We announced a behavior analytics application and that's going to be available around the end of the year. That's called LiteCyber, well it doesn't have an official name yet, but it's coming from LiteCyber and we are working on more applications to date. We are working on a good number of applications that are going to turn into a good number of services that our customers are going to be able to buy from us. But more importantly, We have more than 30 partners, some startups, some large, some customers of ours, some partners, some competitors that have already announced that they are going to build applications into the applications framework and deliver their functionality to our customers through the application framework while we monetize that.
Okay. So I see a future where I want to get to a point in the industry in the future without a timeframe where Everything that has everything that organizations consume when it comes to cybersecurity is consumed from the cloud. Most of us most of it will come from either us or our partners through the app framework and the logging service. Some of it might be coming through other mechanisms, but all of that will be running on top of just A few things that flowed in the infrastructure, our next generation firewalls, our endpoint security solutions and our cloud security solutions. Okay.
So I think it's very clear what's the benefit for a vendor in delivering their services through the applications framework, right. You get immediate access to a lot of customers. You get immediate access to data that doesn't exist anywhere else in the world and not just in quantity, but also in quality and you're able to deliver those services would add building a lot of code. You just take what's unique for you, the algorithm that's unique for you or the machine learning model that's unique for you, you build a single application framework And all of the sudden, all of Palo Alto Networks customers can consume it. So very clear what's the benefits to these vendors and others.
What is the benefit to customers? If you are a customer, why would you use that? So I want to give you an example. Let's say that you decide to use a behavior analytics solution, whether it's ours like cyber or a competing behavioral analytics service that's going to be delivered to a year or is delivered in other cases. Here's the way you work with it today.
The behavioral analytic solution that you decided to use is going to tell you about something Weird what happened in your infrastructure. You have to take that information. You have to compare it to all your threat intelligence feeds. You have to make decisions. You have to score the risk of it to figure out what is the risk of you just what you just found and compare it to your risk tolerance.
And if it's high enough, You want to take that information and convert it into actions that you then take care of the infrastructure and all of that is a person moving from one application to another, right? Looking at the alert, looking at the threat intelligence feed, comparing them, then looking at their risking system, taking it into the system that's going to then Orchestrate and distribute that into the infrastructure and then you need to take the data and generate a report for your manager to show here is what I've done, here is what happened, here is how I mitigated that, that takes hours, if not days or weeks. Or as a customer, You can buy those applications inside applications framework, right, and you can again buy LiteCyber or you can buy a competing application inside application framework. We're not going to make the life of our competitors more difficult than us in delivering applications. We don't care.
We monetize it anyway. So you use that application. Application comes up with the alert automatically sends alerts to a threat intelligence application that's going to mine many threat intelligence feeds and figure out whether that threat is relevant to you, all of that goes into a system that scores the alert or the event and gives it a risk number and checks whether the risk number is matches your risk profile in connectivity versus security. And if needed, it goes into an orchestration tool that takes that information and distributes that information in back in the infrastructure for prevention Then automatically that information goes into your application that's responsible for reporting. A report is generated and sent to your manager wherever it needs to be sent to.
All of that automatically within seconds without humans without a human touch. This is the future. We believe we're going to drive that future because we are uniquely positioned when it comes to access to network based information, endpoint based information and cloud based information. We have a unique architecture. Nobody has that.
Nobody gets close to that. Everything that's being used today has been geared towards an analyst, not machine learning and in general analytics and no correlation is not analytics. It's 2 queries that you combine. We have the right data in the right context, data that took 10 years to build and we'll take anyone else in the world at least 10 years to build if they can even do that. We're going to use all of that to bring to the market more and more and more Palo Alto Networks applications sold as a service to our customer base and We're going to monetize many more applications that are going to be brought to the market by 3rd parties.
Many of these have already been announced and many more, I'm sure are in the works. Thank you very much for listening.
Ladies and gentlemen, we will now take a 10 minute break. Ladies and gentlemen, our presentation will resume in 5 Ladies and gentlemen, please take your seats. Our presentation is about to begin. Please welcome Mark Anderson.
Good morning. Thank you. Thank you.
So I hope This morning, we've made
it crystal clear to everybody here in the room that our innovation engine at Palo Alto Networks has never been stronger. The need for what we do in a highly integrated way has never been greater from our customer bases or around the world. With the 24 hour news culture as well as the proliferation of disconnected legacy point products that are out there, Our prevention oriented architecture is winning in governments, it's winning in enterprises in a very high rate. I'm going to talk a lot about that in detail, Connecting with customers every day and the themes, things that I'm hearing from customers give me a pretty broad perspective and I'm going to share some new data with you today that demonstrates the value of this innovation is It only gets stronger as time goes on. Our ability to be able to leverage this power of innovation to be able to continue to drive improvements in productivity and enablement in our field and partner ecosystems is going to continue to drive massive differentiation between us what everybody else is doing.
Around the world, hearing the exact same thing from customers, they need better security. They need more efficient consumption model. And we've seen this slide now three times, but to me it really feels like it's been broken for a very long We know the consequences for failure have never been greater. Obviously, the breaches aren't slowing down. The scale actually seems to be increasing.
And despite what you hear From the marketing departments of some of the other people in our industry who claim to have glued together architecture from acquisitions or umbrellas or fabrics, they're really just not cutting it. Fighting highly automated adversaries, we've heard and the Huge amount of data crunching that's required to be able to be effective in this space is not going to be enabled by a conga line of different and disconnected devices. Our 3 evolutions of technology tie things in a very nice tight integrated way and an architecture that is being recognized by customers, recognized by the governments that I talk to around the world and and it's driving better security outcomes everywhere because the platform is winning. It's a comprehensive platform. We see long term customers Extending beyond the network security platform that we evolved, moving from the data center to their to our endpoint solutions, to our Cloud solutions, I'm going to give you some specific examples of that later on.
Others like Lisa are attracted to us based on the innovation we've applied in the cloud or on the endpoint with over 1,000 customers coming to us first in cloud and then we get the chance to expand that relationship as we very much focused on that. But as we expand these customer relationships, I want to make sure you understand the barriers to entry for our customers as we deepen our relationships with these customers, excuse me, barriers to entry for our competitors as we deepen relationships with customers It's very, very significant because the choice for Palo Alto Networks becomes self reinforcing. And the common thread that runs across All of our entire customer base is that they buy and they keep on buying to drive those outcomes. And the platform is really delivering on what they're telling us that they need from a partner. We win because we really are delivering that better and they're choosing Palo Alto Networks because they're solving these compounding issues that they're finding in security.
And these are compounding issues that really are existing because of the waves of innovation that are hitting the entire IT supply chain. We help our platform helps reduce the number of discrete vendors that people have to deal with, reduces big time operational complexity And as a result, it reduces the number of people that they have to hire to manage this estate. And we demonstrate this with tools in front of our customers every day with provable high rates of return, provable ways to reduce their operational costs. And just a few weeks ago, I was in Spain, spent time with the team down there in Barcelona and met with a number of customers. And I got to tell you the vendor fatigue that I hear from customers is very high.
They're clearly in the northern part of Spain, the economy is improving pretty dramatically. They're Starting to spend, but they're buckling under the complexity of the legacy point products that they have and our brand in Spain has never been stronger. This and they can't hire enough qualified people even if they could afford them. And this is a big problem we hear about I hear about worldwide. Today, There's roughly a 1,000,000 open cyber positions around the world.
And recent cyber job reports talks about by 2021, there'll be 3,000,000 open cyber positions in the world. So clearly, Automation is very important in this dynamic and our adversary, as we've said, is highly automated. We've got to be able to respond to them and Palo Now we're doing so in kind with customers and customers are agreeing and they're voting with their wallets. So it's why we're seeing this Really record customer adoption you saw in Q4, we added a record number close to 3,000 customers and almost every single one of these 2,500 customers that we have today, they've displaced multiple point products from our competitors with our platform. And let's take a look at a little bit excuse me, let's take a little bit deeper look at these customers.
Who are they from a vertical standpoint? Take a vertical cut of the data. This data is based on lifetime purchase order value for each vertical. We've got tremendous Vertical diversification, one of the things I love about this company is everybody needs better security. We've got some of the largest spending verticals that we still have a tremendous amount of room for expansion in.
But all customers are struggling with the same issues, complexity of managing the estate and lack of skilled personnel. But as we focus our subject matter experts that we've built out over the years into the bigger spending verticals like Service provider, like financial services, like SCADA, ICS entities, they're Turning to Palo Alto Networks as their subject matter expert, thought leader for security for help. And I think we'll continue to be able to expand not only these larger spending verticals, but continuing to focus with our partners and our diversified sales team to cover all of these different verticals capturing more wallet share. So and where are they? Really they're as we talked about in the Q4 earnings call, We saw record revenue growth or certainly great revenue growth out of EMEA and Asia back in Japan.
But this cut of data is talking really about the 8,500 customers that we brought in FY 2017 and the customer acquisition by GEO. And you can see the investments that we've made in Asia Pac, Japan and EMEA are paying off With customer acquisition growth growing by 27% 30%, respectively, I Think about the IT cultures that I visit around the world. Clearly, these cultures vary. Some are very forward leaning like the Americas here. Some are a little slower to adopt new technology.
But what struck me in recent travels, you look at EMEA as an example, some of the compelling events In May of 2018 GDPR, General Data Protection Regulation and the NIST directive, Legislation that are imposing a sense of urgency on these customers and we're getting meetings to talk about What our view is of the definition of state of the art technology and more and more They're turning to us to help them in this journey because we're Palo Alto Networks. The brand reputation that we've evolved over there is pretty spectacular. I think this legislation and others like it in places like Australia or Canada or the U. K. Is very, very good for follow-up networks.
And as one of the 2 non Americans on the executive team, I get a chance to spend time, not only with customers internationally, but also with governments and government entities like NATO, National Police Agencies, security organizations as well as Ministry of Interior, Ministry of Defense from most of the countries across Europe. And now In this last couple of years more than ever, they want to turn to Palo Alto Networks to ask for advice on how to interpret this legislation and had it federated into their countries respectively, different forms of certifications and whatnot. And we're there at the table with them. And they're also becoming customers. So we're invited to the dance just generally more than we ever have been before and it's especially the case with our biggest customers, our Global 2,000 customers.
So I'm going to break
this down for you. Our Global 2,000 customers. So I'm going to break this down for you. I stood up here a few years ago and talked about betting big on major accounts and building organizations to go after dedicated teams to go after major accounts. And this specifically this index Global 2,000, the Forbes Global 2000 Index in every geographic theater.
And as you can see in the past 3 years that focus has really paid off. Going from a little less than 50% in FY 'fifteen to 63% penetration of the Global 2,000 by the end of FY 'seventeen, The investments are working. Many of these customers have gone all in with us. I'll give you an example specifically later and that's fantastic. They'll use us to protect their perimeters, their data centers, their endpoints, their journey to the cloud.
And these are very big complex customers, many of them having subsidiaries and dealing with ultimately thousands of vendors. But many of these accounts, We still have ample opportunity to expand and I'll give you a sense of wallet share in a few. But the 37% Of the G2000s that are not Palo Alto Networks customers today, we're getting meetings there and we're talking about this journey and we've never been stronger in being able to do that than we are today. With the brand we build, along with the motivated sales teams and motivated partners that we have, We're all focused on landing and expanding in all of these accounts. As far as wallet share goes, Even with the accounts that we have penetrated, the 63%, we still believe that on average, we still only have 10% to 15% of the wallet share within their security spend.
So there's enormous upside in the accounts that we've already broken into And that's why we're focusing on driving an improvement in that wallet share, helping them with new use cases, new locations, new customer sites and leveraging some of the new and exciting services that we've recently announced. So let's zoom back out to our 42 1500 customer population, you can see for Evolution 1 that our attach rate in Q4 was 2.9. So this is new data for you. Last year, we mentioned we attached 2.6, 2.6 subscriptions on average for every device sold.
This really
proves that we're continuing to penetrate and leverage the power of the platform for our network security offerings. So when we land a brand new customer, we land with the platform. We don't just try to sell a firewall or a web gateway or an IPS device, we're replacing multiple products as we land with customers today and it's clearly supported by the numbers. For all existing customers, we're selling new use cases, looking to expand their estate. So example is Someone that's committed to us for firewall and IPS, if their web gateways come up, the easy thing to do with the kind of coverage that we continue to focus on them is to just turn on URL filtering if they haven't purchased that initially.
And just look at the wildfire adoption, it's pretty incredible. This is a product, remember, that We announced about 5 years ago that customers continue to unplug their standalone APT devices and turn to wildfire for better, more orchestrated, more integrated security verdicts that we can provide with
the platform.
Now if we Pull back out to Evolution 2 and 3, important additions to our plan like Aperture, autofocus, our VM series, they're all represented here in the cloud category for 2 and 3 for just an exceptional year for Traps. We grew our count by over 3x. The prevention part of endpoint being an integrated part of the architecture really resonating with customers. Same thing with cloud, more than double and these numbers are starting to get very big and material for us and we know that our customers are moving workloads to SaaS environments are moving them to public cloud data centers and they want to be able, as Mark said, to enable consistent security policy. So every single customer I talk to whether it's at an EPC or whether it's during my travels, I always ask what their plans are with regard the cloud and we're seeing almost 100% customers are thinking about it.
They're testing it or they're deploying it in different stages And more and more they're turning to Palo Alto Networks as the thought leader in securities to help them on this journey. So, the other thing I thought if you got a chance to attend Ignite or download any of the presentations, up on the main stage I had Anne Johnson with me, the Head of Cyber at Microsoft, she talked about Palo Alto Networks being the number one ISV for Microsoft Azure. So we're working very closely with Microsoft's team. Same with Dave McCann. He was up here.
He was up on the stage with me, runs engineering for AWS, talked about the engineering integration that we've worked so closely with on AWS to be able to enable These AWS deployments for customers work and drive that consistent level of policy enforcement. And I really want to make this crystal clear. Think you think about this from any of our field salespeople, our existing partners, they really view cloud as being additive to us and to our mission. We're not only adding value to the existing customers, but as Lee said, it's an attractive entry point for us. So buying cloud Traps is the 1st product purchase.
We're leveraging the brand that we've built and the ability that we've been able to take to customers, land with product and then continue to expand there. So we want to talk about wallet Share expansion here from a different viewpoint. This is this shows each cohort's expansion multiple of LTV against the initial buy. And as you can see, every cohort continues to expand year over year. Look how interesting this gets for the fiscal years 2012, 2013, 2014 and beyond.
A number of customers that we added in those cohorts are actually becoming substantial in the 1,000. A little while you're going to hear Renee and Naveen. Renee, our amazing marketing Chief Marketing Officer Naveen, our Chief Information Officer, they're going to talk about how we're arming our sales teams and our products and services in a very scientific way. So teams around the world, they've got a lot more to sell logging service, Mobile Protect Cloud Service. They've got new products to sell.
They've got a lot more arrows in their quiver and we're laser focused on our existing estate to continue to focus on growing more wallet share. And
the power of
the LTV here is really With this land and expand model that we have, I know all of you are familiar with this. In the past, we've used the 2,009 cohort to kind of demonstrate the journey that we take with our customers. But this year, I want to shift it to the 2012 cohort. That's the year of our IPO. I think it's a better illustration of our business.
And you look again, the cohorts as you move after 2012, They continue to expand very nicely. And by the end of last year, the products and subscriptions Growth from that 2012 cohort, 5x. Even the renewals has grown 2x. So this is even without a major refresh cycle and that's certainly coming up with the new products we announced 6 months ago. So thousands of Palo Alto Networks personnel out there in the field, tens of thousands of partners are focusing on the opportunity at hand, which is to go after this existing estate and help their customers on their digital transformation journey to really protect their way of life in this digital age and it's clearly yielding results.
So I want to give you a little more granular look And our top 25 customers, this is a very familiar slide. We talk about this every quarter, but I want to deconstruct it for you to kind of by pulling data out to you illustrate the significant opportunity that we have with our largest customers. So just as a reminder, top 25 slide represents our biggest 25 customers at a point in time. Now this list can change from quarter to quarter because we're seeing large customers make 7 8 figure buys that buy their way into this top 25, but this looks at it at the end of last fiscal year. The initial purchases in for these prospective customers are represented by the green boxes and you're going to see a remarkable pattern emerging from this data.
When you think about the thought leadership we have in our industry and the focused sales coverage that we're applying for these customers. So, the blue boxes show subsequent purchase orders in subsequent quarters. It's a sea of blue, Repeat orders are the norm. New business is being contracted with us at an increasing frequency, but we're not just selling them more stuff. We're really helping them expand their scale, cover their attack surface.
We're working with global organizations and helping them reduce complexity and drive efficiencies. And This is just a remarkable phenomenon. Bigger customers pushing for consolidation faster, looking for more automation as we heard. You can just see the consistency of this spend. It's almost every single quarter.
And let me overlay how this consistency looks with regards to multi year agreements that we've done. So the orange boxes are quarters where customers first made a multiyear purchase commitment to Palo Alto Networks. So clearly, major account teams don't just go away. They're proactively positioning and winning additional business because of the growing faith and trust that these customers are giving Palo Alto Networks because we're helping them eliminate pain points. In fact, almost every single one of these 25 customers have purchased another multi year purchase in their journey.
So different locations, different solutions, different services. It's we have dozens of use cases to sell, a whole now broad array of products, physical and virtualized to sell. And our teams and partners are trained to go after these like rabbit dogs to help customers get to a much better place. Now the ticket to get into this club grows every quarter as well. We announced on Q4 earnings call that The ticket to get in was close to $22,000,000 up from $14,000,000 of Q4 2016.
So can anybody guess what the ticket was In the year in the Q1 of our IPO, the ticket to get into the top 25 club, I've got a free portfolio for you If you can guess the right answer. Yes. Yes, roughly $2,000,000 Good. So we'll give that Manny another portfolio, please. Actually $1,800,000 So really a compelling story here of growth and focus and frankly thought leadership and technology.
And lifetime value, year over year we see this The multiple going up, we mentioned again, it grew from 52 times in FY 2016 to the end of FY 2017, 97 times that initial buy. I'm going to share some new information with you because you continue to ask us for more information but a broader cut of our customers. So let's talk about that beyond the top 25 customers. Our top 100 customers, LTV expansion is 75x. That's pretty compelling.
I was expecting some jaws to drop and some gasps. But if you zoom back a little farther, the top 500 customers, the lifetime multiple is still 25x, truly partnering with these customers in their journey. And I talked a bit about digital transformation. It's a buzzword that hear from pretty much every customer today, you can't embark on a journey of digital transformation without thinking about security from day 1. They've got to look at their legacy security estate to embark on this transformation.
And when they're doing that, they're thinking about Palo Alto networks. So I'll show you by double clicking on one customer in the top 25 in particular to show you their journey give you some even more data. So just picked a particular customer here in the middle of the top 25. This is a large professional services company, started with us innocently enough back in Q4 of 2010, made a small pair of firewall purchases in one of their locations, bought Threat prevention and URL filtering. Back then, the legacy estate owners, Cisco, Checkpoint, WebSens and Symantec barely even noticed that we were there.
Fast forward, 3 quarters later, they felt comfortable enough with the leveraging of App ID and User ID, the visibility that we were giving them to their customer and application behavior, they decided to displace some of this legacy estate and more sites. And as you can see every quarter or 2 they went about deploying our network security offerings and displacing these vendors pretty aggressively adding both new products and more subscriptions. We get to the end of FY 'thirteen, the year we productized wildfire, They slid us into the network right beside FireEye. And a few quarters later, they felt comfortable enough with the capabilities of now this extended platform that was being deployed in more and more of their global sites to turn wildfire on globally and kick out fire. By the end of FY 2014, they started buying from us every single quarter, new sites and new use cases.
FY 2015, they had our devices deployed in almost every single site. Our sales and partner team introduced GlobalProtect as their Juniper SSL VPN started to experience some scaling problems. We turned on the first few sites, same thing, getting comfortable with us. Now we've become their global standard. We're trusted partner of this account.
Within a few quarters, they had they pushed Juniper out of the way and had a GlobalProtect deployed globally. And as you know with GlobalProtect, we can enforce consistent policy for customers, users that are off network They love that capability. It's really important for large distributed customers, especially in the professional services space, but I'd say every large distributed business in the Global 2,000 is going to use GlobalProtecting, especially with the growth that we talked about earlier. At this point, it's becoming very difficult to penetrate this account with the proliferation of Palo Alto Networks. Now with their global standard, they start to build out hybrid data centers with VMware.
They deploy our VM series to enforce consistent policy there. Again, these VM licenses clearly additive to the spend. By the beginning of FY 2017 with their entire global enterprise uploading files to Wildfire all devices physical, virtual, on prem, off prem, they really saw the value of out of focus and made the investment there, helped their SOC engineers hunt for threats that was very valuable to them. Later in FY 2017, as they started to move workloads to SaaS and more incremental workloads to public cloud, They added more VMs and finally added Aperture, beating out the startup CASB vendor that really had a difficult time coming in to be one of the non Palo Alto Networks standard solutions there. We beat him out on features and capabilities, especially with the backdrop of the platform.
And As you can see, this customer's consistent buying is now every single quarter. And last year, at the end of the year, they did a huge Traps deal with us, eventually getting rid of Symantec as their core antivirus solution and extending our platform to the very location that many of these attacks are being launched, but to the endpoint, bless you. So I think this point we got to kind of They've rationalized so many vendors, purchased every single product that we sell and along the way you can see we're adding products and almost every single quarter. Their lifetime spend with us today is well into the tens of 1,000,000 of dollars. But more importantly, we're driving airtight security for this important customer, a way better security outcomes everywhere in their state and that's what we care about the most.
But we've also displaced so much cost and complexity out of their environment. Internally, we're viewed as like the poster child for ROI for Information Services. So it's a really good customer story. It's taken place over close to 7 years and it's going to continue to grow because now we have new stuff to follow. And all this is not happening by accident.
It's happening because our customers, as Mark said, really happy. Our subscription rates at 90%, renewal rates around 100%. This is I think it's world class and I think it's a big driver of top and bottom line growth for Palo Alto Networks, but also for our partners. They're very much attracted to this. If you look at our net promoter score over the last 6 months, 71.6, Remember, this is a range that goes from minus 100 through positive 100.
This is world class, we think, in our industry. And last year, we were also recognized by the TSIA and J. E. Powers for our outstanding customer support and outstanding experience that we deliver to customers. We've got 100 of amazing support teams around the world driving this, but it's not just people, it's Business process, very agile business process that Matthew Staubel has driven in that organization.
And it's tools, next generation world class tools that we're using to be as quick and responsive and effective as possible. So, listen, our company, the support organization, the rest of the company, we're not distracted by selling switches or routers or video teleconference or Wi Fi devices, we sell security. We support our customers with regards to security and we're very much focused on driving customer across the board. Let me talk a little bit about our channel partners. We've got 4,420 out there with a portfolio of services that continues to grow, which is why they love us.
Spent a lot of time with partners in Spain last week And boy, the reception for the logging service, MobileProtect cloud service and the application framework was unbelievably positive. We're always looking to surgically add new partners. We're not out there just trying to kind of cover the world with tens of thousands of partners. Looking for ones that are going to help solve our customers' problems. And I think we saw a nice uptick year on year for that.
But More importantly for our partners, 661 of them last year doubled their business with follow-up to Networks. That is incredibly important to them given the dynamics of the world that we live and they're really what this means is the ones that are growing at this rate and at rates are really leaning in with Palo Alto Networks. They're making investments. They're buying they're training their people. They're hiring and building out teams to cover Palo Alto Networks customers and they're combining demo gear to provide to expand the footprint, the sales footprint that we have for our sales team.
And they're doing this because we're providing the top line growth at scale in our industry that nobody else is doing and that's leading to very attractive bottom line outcomes for them. So continue to be very attractive to them. Ron Myers has done a great job building out this business. And partners continue to become more and more productive and carry the ball farther and farther down the field. This is part of a multi year focus that we've had.
Last year, just as an example, we trained over 8,000 partners around the world. These are partner reps, partner SCs. We had 1,000 that came to our sales kickoff in August. Hundreds of them came to our annual SE Tech Summit. And then every month we do new hire for the dozens of people that we onboard each month and we bring partners to that.
So they're getting the exact same curriculum that our sales teams are, exactly in curriculum, sitting there shoulder to shoulder with our people, learning how to articulate the business value that our platforms deliver for customers. They're really an extension of our sales force. That's why Last year over 1,000 more customers were found were sourced by our partners going up from 3,500 to 4,500. So significant value creation that we have there. On the Traps side, we now have 130 Certified Traps Partners.
This is up from 50 year over year. And just to make this clear, You got to spend a lot of money and a lot of time to become TRAP certified for Palo Alto Networks. It's not an easy endeavor. Going to make a sizable commitment to training. And from my perspective here, success begets success as our endpoint customers and the endpoint revenues that we're getting and sharing with our partners continues to become a more meaningful and more material number.
We're going to continue to snowball and grow this. And as we go through FY 2018, I expect this number to go up dramatically as I do clearly with our revenues in Traps. And then finally, really a new category for us, maybe a new category for you. This is a born in the cloud partners, the Bix. We Hi, Dean Darwin, a little less than a year ago to build out a global focus on public cloud.
And he went about and signed up 9 and these are 9 of the biggest born in the cloud partners. And this is an emerging channel. It's ramping very fast. Right now, there's another 30 BICS that are in the process of becoming certified. And really they're coming to Palo Alto Networks not just because of our brand and reputation, but Because of the subject matter expert team that Dean has built out around the world, public cloud security specialists that we have now in every geographic region that are helping our overlaying our core sales teams to be able to go in to customers and help customers on that journey.
And I'm spending a lot of time with our biggest, longest term partners and I'm probing on what they're doing to react to this really existential reality that's happening in their world as the value, The stack of value for delivering an IT service to a customer gets compressed by the likes of Amazon and others, by the likes of our application framework for that matter. And we're challenging our existing partners to develop these capabilities and they're responding very well. They're building out their own public cloud practices there. They're buying Board of the Cloud partners and we're going to work with them together to help them on this journey and we think it will be great for both of us. On the strategic technology partner side, These continue to be a cornerstone of our open approach.
We're not focused on building marketing relationships that we can broadcast, but really ones that are R and D led and that are highly integrated and coordinated in our field sales organization. Partnerships that our customers lead us into really help them reduce the cost of integration and implementation, so that they don't have to do it and they can leverage the automation that we can provide. So market leading partners like Point, female security, VMware for private cloud, obviously AWS and Azure for public cloud, Identity companies like Centrify and Okta to help prevent credential theft as Lee walked you through and really Arista for next generation networking. I'm also really proud of our partnership with Splunk. We got compelling integration as they build out our next generation SIEM.
We continue with Splunk to be the number one independent downloaded app in their marketplace. And these partnerships are mutually beneficial obviously, but more importantly, they're driving better outcomes for customers. So really to close things out, get back to some of the questions that have been asked over the last few quarters just on the execution side of things. We're deeply focused on field execution. I want to give you a few quick updates.
As we said, we're in the bottom of the 5th inning well into the run it phase. And this is the relationship building side of things where we're trying to maximize the alignment that we put in place a few quarters ago. Firmly believe we have the right solution. Our employees, more importantly, believe that our partners and our customers seem to agree with us. And as a President, I'm laser focused on the 2 key elements of this, attrition and productivity.
So on the attrition side of things, It's improved. It's where we expect it to be and well below industry average, very much focused on this in the hierarchy of sales leadership around the world. On the productivity side, by the end of Q4, over 60% of our sales teams were ramped and fully productive. This is the highest it's ever been. This is new data, right?
And I expect that this will continue to grow in FY 2018. It will grow mathematically as we focus on attrition and driving productivity. We're focused on improving that productivity in a number of different ways. Sales enablement is a really important one. Adding productivity enhancing tools, driving better efficiencies will clearly drive higher productivity.
The woman that runs worldwide enablement, Linda Mas, now reports directly to me. So it's major time focus from my standpoint. And excitingly also at SKO, we announced some new world class organically built tools that leverage machine learning and artificial intelligence. This is Going to ensure our reps are taking a very scientific approach and have the best possible chance for success. It's something that our CMO, My brother from another mother, Rene Van Veenee and our CIO, Navin Zucci, has been working really hard on for a while.
I'm going to let them get into details and invite them up onto Thanks, Mark.
Mark promised me he wouldn't say AI. After what Nir said about AI, of course. Much like what Nir said before about the power of machine learning and the power of data, I've had the privilege of having been with the company for quite a while and having the opportunity to set up an infrastructure that was capable of collecting the data that we have gathered over time about how our customers, our channel, our sales reps, our marketing efforts all come together. And we're talking about millions and millions and millions of data points that we have collected over time in a single data infrastructure, very much like the data lake that Nir described that we build for our products using the same types of tools and technologies that Nir mentioned to build what is ultimately a highly targeted system to help our sales reps, our channel partners, our distribution channels to go after the right opportunities with the right knowledge. That kind of machine learning is non trivial and we believe it's a distinctive competitive advantage for the company.
Now the context in which we have done this, this didn't happen overnight of course. It took us 10 years to collect this data and build and refine the algorithms. But clearly in the last 6 months there has been lots of emphasis after our Q2 announcements. We started to train this machine even more so on making sure that we could align the machine learning outcomes to the priorities that we had set in our go to market planning, as a result of the first half performance. But it is based on investments in technologies that we've had for a long time.
Now the reason I'm doing this with Navin is typically what you hear is the CIO and the CMO can never be friends because somehow they're at odds. Not so here. We have built a lot of this together. Navin has been with us for quite a while now. And it turns out that if you build a great relationship based on fantastic tools, such as salesforce.com and SAP that we use and Hadoop and those kinds of technologies.
You can build amazing things. Now the machine has been very specifically trained to do a variety of things. So a few use cases for which we have developed very specific and very precise algorithms is for opportunity scoring and we'll show what that means. So where do we get our sales reps aligned behind the opportunities that are there in the market? Lease scoring, where do we train our partners what to go after?
Account scoring, what is the opportunity for expansion in those accounts And where do we point the machine out of investments to go after? Competitive risk factors in deals or in existing accounts, right? A lot is said about somehow a threat after the first half performance that all of a sudden might be up the Competition said, well, listen, Palo Alto Networks has some volatility. We wanted to make sure that we understood that volatility and could arm our sales reps, our channel partners with the right tools, but also very much accounts certain risk. We now start to get into the very early innings of a refresh cycle, but where do we want to point the machine, where do we see that appear first and attend the random.
So the machine has been trained and we now see very high accuracy in the recommendations, well over 90%, which is where these technologies should be. Now the first we want to talk about is opportunity management because this is important specifically because of the work we did in North America after the first half where we reset the clock on territory management and on account management where we wanted to make sure that we were closer to the opportunities. So Navin, why don't you explain what this screen is about? By the way, what you're looking at is a salesforce.com implementation, one of our core technologies.
I think I was about lightning, sorry, in sales force. But why don't you tell us what is going on here? Good morning, first. Good morning, everyone. So As Renee, as you mentioned, I think this notion of co creating with business is really taking hold at Palo Alto Networks and it's great to work with sales, marketing and other leaders and teams to actually build solutions together.
So as we looked at sales productivity, one of the areas that we are focused on is How do we improve sales productivity in general, but more specifically how we give time back to our sales reps so that they can spend time with our customers. And that's a critical factor for us because we know that when they are talking to our customers, our customers are successful in preventing cyber attacks and we are providing better tools our customers to do that. So what we did in Salesforce specifically is simplify account opportunity creation, contacts and lead creation, put rigor and discipline around sales stages and by sales stage, add specific processes that make it really important and critical on what stages they need to work through and run through each stage Specifically, we also made the resources available in one place for our sales reps. So whether these are TCO analysis, Whether that is evaluations they want to do for a customer, whether there's a POC request that they have that they want to evaluate With the customer, we made it really easy for our sales reps to make that accomplish that through the Salesforce tool. Yes, every one of these opportunities is scored.
It's also presented to
the sales reps in such a way that they can work their way down to from the highest possible score to the lowest possible score and then align the resources that we have so that they can spend more time selling and less time searching or researching by these opportunities and these accounts. This is very specifically developed for upsell because as you know lifetime value expansion is lifeblood for the company. Now the other tool that we built was the ability And we're using a technology called Wave, which is part of Einstein Analytics within Salesforce. This is a completely different way, a new way that we build in sales force that we are giving back to sales force as a methodology to score the propensity of accounts to expand in certain parts of our business. So for example, it allows a rep to better look at his or her territory So, well, in my territory, what can I do in terms of upsell and what can I do in terms of cross sell?
What can I use in these accounts? Where do I have an intersection of different technologies and then very specifically what is my action that I'm going to take there? What should I do to introduce Traps to a VM Series customer or what should I do to introduce hardware to a VM Series first customer? What are those actions? And typically that is not take them out to lunch.
That is not the first action. It typically is much more technical. It is much more evaluation driven. And it is very important that we test the tools and the effectiveness. So there is a Very important feedback loop in all these tools that help us then also refine the machine and the machine learning so that the outcomes keep on becoming better and better.
Now the next thing is an idea about refresh as an alternative to renewal. Right. And we applied some very specific technology here in terms of scoring, but also in terms of scenario building. So you want to talk about that?
Yes. So I think with the amazing new products that we rolled out 6 months ago, as an example, and the refresh cycle coming for our customers, We are surfacing for our account managers at account level and as well as at an opportunity level, the ability for them to refresh instead of renew. And we are also giving them what if scenario generators where they can do scenario planning for their in terms of TCO calculation, looking at price performance ratios between what is the existing installed base compared to the new installed base and do that in a dynamic and a real time manner so that they can have those valuable conversations with the customers. And more importantly, they can generate opportunities automatically from that into their sales force accounts. So all with the intention of really improving, 1, the visibility and tracking our refresh opportunities within our plan business and 2, be more effective in selling with the refresh installed base for our renewal installed base as well.
I want to
make one comment here. The data you're looking at by the way is entirely taken. But so don't think that we're showing new opportunities in our installed base. This is a disclaimer of what the data says. The systems aren't highly real.
The data is not. What is important to note here as well is that The scenario building again is presented through machine learning. In other words, the rep doesn't have to come up with these things. They don't have to understand these different scenarios. The scenarios will be generated based on machine learning and then the rep can decide together with our channel partner and the customer, which of these scenarios works best.
And it isn't just how much more money can we gain from these opportunities, also what is in it for the customer in terms of a return of investment or TCO. So all of these things have combined and this helps our sales reps spend a lot more time on the sales process, a lot less time on configuration, on e mailing, on quoting because we want folks in the field with the best tools possible and with the most competitive information out there. Now all of this was great. But then Navin one day walks into my office and says, I think we can do even better. Why don't we allow our sales reps to crush it?
So because as you know reps love to do 100%, but they love to do 150% even more. So Navin came up with this idea of a quota crusher. So why don't you tell us a little bit about the quota crusher?
Yes. So I think the basic premise is the following. I've been supporting sales teams now for a while. And as you think about the sales teams, you want to make sure that they have a leg up in their territory to manage their book of business. And they have a much more they have better visibility and with the notion of machine learning surface opportunities and accounts that they ordinarily would not have scoured themselves.
So what we did with this notion of quota pressure is, Okay. How do you achieve quota and how do you actually beat quota? You look at the new logo business, you look at the expand business and you look at your refresh business. And in each three areas we can actually apply statistical analysis, we can apply machine learning and we can apply other algorithms to actually surface better opportunities and accounts for the sales reps. And with that, we can also have a feedback mechanism, which is both qualitative and quantitative, where over time those machine learning algorithms can improve.
So as an example, in the new logo business, you can sell, you can show the total addressable market in that account and then you can show what percentage of that addressable market is accessible to our sales reps in a given quarter and in a given fiscal year. But more importantly, over time, you can actually demonstrate, okay, based on Are those quality opportunities that we are surfacing? Sales reps can tell us that. More importantly, we can also look at forecasted amount versus actuals and we can modify our algorithms over time to improve the feedback mechanism that's going back to the algorithms itself. So this notion of providing a tool that actually makes their lives easier at the same time makes them more effective in going and addressing customer needs is what we are after.
Yes. Nir mentioned that in our platform we make use of 100 plus algorithms. In this single screen you see about 30 algorithms at work that we use for this specific use case. It has to do with the understanding of the market, understanding of wallet size, understanding of addressable market, understanding of competitive products, understanding of a lifetime value, understanding of their buying pattern, understanding of their interaction history with the company, understanding of many of these things and these are all specific modules that we then combine. You see a little doctor up there.
He's our deal doctor. He recommends to a rep what needs to be done or he prescribes to a rep what needs to be done or suggests what needs to be done. So these are all the fine tuning that we do on this. Now we had a challenge with this because again, we don't want our reps to go into systems and spend lots of time at home or in the office. We want them on the road.
So the final thing we did is we made it entirely mobile. So we build a complete mobile security infrastructure for these guys It is entirely portable, gets this on their phones, on their iPads, in front of them so they can do this right in front of the customer, right there where they need to be. And this is all homegrown. We did not rely on some third party. This is our intelligence brought in our technology, right, to our sales reps and our channel partners right where the opportunity is.
And that is an amazing collaboration that Naveen and I have had for I want to
thank you once again. Okay. Thank you so much.
Thank you, Alexander.
Thank you very much. It is my honor now to invite Stefan Thomason on the stage. Thank you. Thank you.
All right. Welcome. All right. So you've heard a lot of great things today from my colleagues. And what I'm going to walk through today and later on I'm going to invite Kathy our Senior Vice President of Finance to come up and talk about modeling points.
But what I'm going to talk about is a little bit about the financial strategy of the company And our philosophy and mindset, as Mark mentioned, has always been balancing market share capture with growth and profitability. And I'm going to start with market share. So first, you've seen the slide before, We play in a very large market, dollars 19,000,000,000 market growing to $24,000,000,000 and Ultimately over $30,000,000,000 by 2020 with the expansion of the evolution that we talked about. One point that Mark mentioned that I just want to reemphasize because there is some confusion on the Street about market growth rates. When you look at CAGRs and you understand how the markets are growing, it's a total revenue number, which is hardware, software and maintenance.
And one of the reasons why we have such a large market to play in is security remains top of mind to customers and partners across the world. Now it's great to have a large market, but you need to have the right architecture and framework in order to capture that market share. You've seen this before. This is our updated version of our framework. We continue to make investments in the innovation engine and introduce the right technology at the right time.
Each evolution which we covered today has tapped into the needs of our customer base and therefore expands the market opportunity for us. With our framework, we enable customers to actually have automated and consistent security wherever they are. And because it's a true platform, it automatically improves the level of security and sophistication that we can use to attack threats. And as a result of having the right platform at the right time, it's led to outsized market share gains. In the inset graph, you can see the TAM.
What I'm focusing on right now is network security. So in the first evolution of the company, we've been disruptive to enable customers to use an automated and integrated approach to security. Customers were actually able to decommission hardware appliances from legacy vendors that were sitting behind the firewall and use our network SaaS subscription services. And by replacing Hardware with software, we're actually leading and accelerating how customers consume technology in the security space. And in a relatively short period of time, we've gained a market share of 14% surpassing Check Point and we have Cisco in our sites.
Now Cisco is just a waypoint on our journey to capture outsized market share growth.
When you broaden out the market
and you look at the total market including endpoint and other functionality, our market share has risen to approximately 9%. Now there's still a large market in network security And relative to network security, the market expansion opportunity in front of us is even greater for cloud, endpoint in the application framework. We view market share capture in the context of our growth and profitability framework, which I want to cover. So this framework governs how we run the business, it enables us to balance different priorities within a framework And with the right framework in place, we're able to deliver industry leading growth and profitability and free cash flow margin. The security market is dynamic And when new opportunities and initiatives arise, they're vetted through this framework and the ranges in each category give us the latitude to make the trade offs to run the business.
Mark mentioned this earlier, I just want to underscore one change that we've made to the framework. In the long term category, previously the range for free cash flow margin was range bound between 25% 30%. The change that we've made is now free cash flow margin is unbounded above 25%. Now the reason for this change is you've heard about the 3 evolutions. We are driving the business to be more SaaS based.
The consumption models are changing and as the profiles of business change, we look at running the models and we look at the free cash flow margin potential of the company, which is why free cash flow margin is now unbounded just as operating margin is unbounded above 30%. And we're very much interested in increasing the leverage of the business over time. So now let's take a look at top line growth. The starting point for top line growth is new customer acquisition. We proudly serve greater than 42,000 customers and we added a record number of new customers in FY 'seventeen that we have, which delivers better security at a lower total cost of ownership and it's coupled with a very strong go to market machine.
You've heard Les reference our land and expand sales strategy. So the land component is important and it's critical, But what's even more important as part of the equation is the expand opportunity. You've seen a number of data points in this presentation and in other presentations around the concept of lifetime value and cohort analysis, which clearly demonstrates how we've expanded within our installed base. A new data point which we'd like to point out which is comparative in nature demonstrates our true platform and ultimately true platforms win. We've spent a lot of time with the investment community and I fully sympathize and empathize that a lot of Companies and securities sound alike.
The data sheets sound alike. The presentations sound alike. When you look at our true platform and you look at it on a revenue per customer basis, once we land a customer, we're able to and by selling other parts of our platform and our revenue per customer on average is 5.6x times the size of the competition. There's no better data point than that in terms of underscoring how true platforms win. Now this land and expand sales strategy has culminated in market leading growth.
Since our IPO, We've grown close to 7x the rate of the market growth, which is another data point around how true platforms win. Now our top line revenue growth is also put through our financial model and we call it our hybrid SaaS Financial Model. This SaaS Financial model is a key element in the overall financial strategy of the company. With more of our business being consumed in a SaaS and recurring manner, the visibility of the business is increasing. As of the end of 2017, we have about 45% visibility into our FY 2018 revenue, which is based off of FactSet consensus, that percentage number.
And the visibility is being driven by strong billings growth. In FY 'seventeen, it was approximately 20%, steady contract duration. In FY 'seventeen, it was approximately 3 years. In FY 'eighteen, we're expecting it to be stable and that's for new business And that's led to strong deferred revenue growth. We have $1,800,000,000 worth of deferred revenue on the balance sheet And in FY 2017 that grew 43% year over year.
So visibility is improving and that's being driven by how we're selling our products and subscription services. Now top line is just one part of the equation. We've been very much committed to driving growth and profitability. And as measuring points, We look at operating income on a non GAAP basis and free cash flow margin. When you Take a snapshot in time and then you look at the trended analysis.
We started FY 2012, our operating margin was roughly 7% and free cash flow margin was 24%. Through this time period through 2017 our operating margin and free cash flow margin have increased with operating margin at 20% and free cash flow margin at 40%. There are very few companies that are able to grow the top line, take the market share that we've done and expand profitability. That has been a hallmark of the company and It's been underscored by Mark McLaughlin in terms of the growth and profitability framework and We feel very proud of what we've accomplished to date and we feel like we're just getting going. That's something that we are also focused on.
And in addition to non GAAP and operating margin, non GAAP operating margin and free cash flow, the biggest recurring difference between Non GAAP profitability and GAAP profitability is our stock based compensation expense. We're committed to reducing the share based compensation expense and the main input of that is our burn rate. To level set folks, Between FY 'fourteen and FY 'seventeen, our burn rate declined by about 12% per year. SBC as a percentage of revenue declined approximately 200 points year over year in FY 'seventeen and as we look towards FY 'eighteen, we're looking to decline SBC as a percentage of revenue by at least 200 basis points. To wrap things up before I give it over to Kathy, I'd like to spend a moment on our capital allocation strategy.
Given the amount of cash flow generation the company generates, We have 3 priorities and it starts with investing in the business. The second is M and A and the third is return of excess cash. Priorities of course change over time with the evolution of the company at different stages of the company. Right now Our priority is to invest in the business. However, we've also demonstrated the capacity of doing M and A and also returning excess cash to shareholders.
So while these priorities govern our annual planning process and our strategic approach to the business, we are we've been able to basically demonstrate we can do all 3 and do it in a high quality manner. So with that, I'd like to hand it over to Kathy Bonanno, our Senior Vice President of Finance to cover some modeling points and then I'm going to come back up on stage to wrap things up from a finance standpoint. Kathy?
Good morning, everyone. Thank you, Stefan. I want to provide you with some modeling points today, which will hopefully help you as you put pencil to paper and project our business going forward. I want to start with the growth and profitability framework. You've seen this several times today already.
Stefan and Mark both commented on it, both reiterated our commitment to operating within this framework. And the only difference on this slide is that you'll see our FY 'eighteen guidance here. And as you can see, for FY 'eighteen, we are in growth mode. Now I want to peel the onion back a little bit and talk about our top line and in particular talk about revenue mix. As you've heard today from a number
of people,
our innovative approach to delivering security with a platform approach has meant that more and more of our security offerings are delivered as subscription services. Mark talked to you about the breadth of the subscription offerings that we have today and with the application framework, the number of subscriptions will just continue to grow over time. Stefan touched on the recurring nature of revenue that is associated with those subscription offerings. And it's the combination of both more and more subscriptions that we're offering to our customers and what is now a very large and growing subscriptions recurring revenue stream that has driven this shift in the mix of our revenue towards subscription services. In FY 'seventeen, 60% of our revenue was in the form of subscriptions and support.
And we expect in FY 2018 that, that will continue to be the case. We'll see a greater shift happening in FY 2018, with 65% projected to be in the form of subscriptions and support in FY 'eighteen. Another trend that we've seen in revenue as we have grown is that seasonality patterns have become more and more apparent in our business, both in terms of revenue and operating margin, which you see here, and operating margin, of course, being very tied to revenue performance. Q2 and Q4 are our strongest fiscal quarters in terms of sequential growth. Q2 is strong for us because the calendar year end falls in that quarter.
And as many of you, I'm sure know, there's a lot of budget flush buying that happens at the end of the calendar year and that boosts quarter results. 4th quarter is driven like many large enterprise companies experienced by sales behavior, which I'm sure Mark Anderson can attest to as the sales team push and strive to hit their numbers and move into accelerating territory. So that drives our Q4 higher. We've seen these patterns for some time now, and we expect in FY by 2018 that we will continue to see the same seasonality pattern. Now I'd like to touch on gross margins For a moment, the shift into subscriptions that I was talking about earlier have impacted our gross margins over time as well, because subscription services have higher gross margins.
The more and more subscriptions become a portion of our revenue, our gross margins have been averaging up over time. We have a targeted gross margin range of 75% to 78%. And as you can see from the slide, we've been operating at the high end of that range for some time. Now, we will fluctuate within that depending on our investment levels and for product gross margins, they can vary depending on our product release cycle. You saw in the second half of last year, our last fiscal year, we had the largest new product introduction in our company's history.
And that did put some pressure on our product gross margins. But we continue to operate within this range and we plan to operate within this range in FY 2018 as well. Now, I'd like to look beyond FY 2018 At a few modeling points around taxes and CapEx, for our non GAAP tax rate today, our rate is 31%. There's a lot of discussion about tax code changes, both in the U. S.
And elsewhere. But barring any significant change to tax laws, we expect to remain at a 31% non GAAP tax rate for at least the next couple of years. In terms of cash taxes, which may be of interest to you as you think about free cash low. We are today a very low cash taxpayer and we expect because of our significant NOL balance, over $1,000,000,000 in NOLs on our books, that we will continue to be a very low cash taxpayer for the next several years. For CapEx, we have a targeted range of 5% to 7% of revenue.
That's been the case for many years in the past, and I would expect that to be the case into the future. For fiscal 2018, We've guided to $100,000,000 of CapEx with $10,000,000 of that associated with building out our headquarter facility in Santa Clara. In addition to spending on building out facilities, which we need in support of our employee growth around the globe, We also spend capital on DevOps, building out the application framework that you've heard so much about today, as well as building out the the IT infrastructure that's needed in support of our growth. And finally, in terms of modeling points, I just want to touch briefly on ASC 606, the new revenue recognition standard. As you may have read in our 10 ks filing, we plan to adopt the new standard at the beginning of our fiscal 2019.
We are still analyzing the impact of the new standard on us. And But as you can see from if you look at the 1st and the third rows in this table, The vast majority of our revenue in terms of hardware and subscription will continue to be recognized tomorrow as they are today. However, there are definitely some finer points in the new revenue recognition standard, which we are analyzing. And once we have completed our analysis, we'll be sharing results with you at that time. So with that, I'd like to turn it back over to Stefan.
Great. So I'd like to just take 30 seconds as a point of reflection Ben, on my tenure at Palo Alto Networks, the company's business model is dynamic and is durable. And the progress the company has made financially and driven by the team with the power of the hybrid SaaS model has been really extraordinary. We've grown our customer base by over 30,000. We've increased operating margin by over 13 points.
We've generated over $1,800,000,000 of free cash flow during my tenure. And again, it's all about the team and the team results. It's been a privilege and it is a privilege to work with all of my colleagues at Palo Alto Networks and our customers and the Wall Street community as well. Our team at Palo Alto Networks is dedicated to fulfilling the mission that Mark mentioned around protecting our way of life in the digital age and it's been extremely rewarding experience. So with that, I'd like to turn this over to Mark for final and closing remarks.
As I mentioned earlier, that concludes the presentations for us today. We certainly want to leave some time at the end for Q and A. So I have the executive team here with me and we're happy to take We got mic runners too and we're webcast, so if you could just take a second before it comes to mic, Yes, we hear you. Okay. Hey, Jason.
Mark, thanks. Hi and Stefan, good luck with the next step. I wanted to ask on the data lake. That's a relatively new topic for Palo Alto, but being Quantity of data are a big deal. How do you monetize this?
Would it be done directly or would it be done
through products across the portfolio? Yes. Well, a couple of points on that. One is we have been monetizing it indirectly for quite some time through services that we bring to market. Heard both Nir and Lee talk about how we've used the data and the analytics to do things with threat prevention, with Wildfire specifically, which has been a giant analytics capability for us, which is a service to do sandboxing, but it's all being driven by data behind it, right?
So we've monetized data for quite some time in the form of services. The next monetization around that would be to use the data lake to develop our own applications on like auto focus like LightCyber. And in addition to that is to have third parties that are algorithmically driven, right, where they're what their value prop to the customer saying, I have an algorithm to do something like behavior analytics, right? That algorithm is literally academic if it doesn't have data to And the more data it has, the better its chances is to operate. And it's also not academic is the right word, but it's more useful if you can enforce the answer, right?
So the second level of monetization for that data now that it's so large is to say, well, we can write our own algorithmic apps on top of that and monetize third party apps as well on top of that. So we're not monetizing the data directly and selling data to people. What we're doing is allowing people to access the data because the more data you have and if it's the right data, algorithms get better and better and better on massive sets of data. So does that make sense? It's monetized, but it's indirect through whatever the applications are that feed on the data lake.
Okay. Just to clarify, the 3rd party is paying Access to the data, the 3rd party is paying for access to the data. And then are you receiving data from the 3rd party also
to populate the satellite? I'll stop there. Yes. So the 3rd party could access the data in order for the algorithm to run on top of that. And those algorithms are also producing results as well, which in turn feeds data.
So that's one of the reasons why when I said, hey, we were trying to prove things out for ourselves over the last couple of years when we built the MindMeld tool, which is a threat intelligence Aggregation and translation tools, one of the things we wanted to show was to say that is getting data from over 1200 of our customers now growing very quickly from hundreds of data sources that they're curating for us, right? And it's feeding into the data lake their data that they are providing for indicated a compromise.
Mark, so a couple of times people brought up the whole thought Process around the refresh cycle.
Yes.
Love to get your thoughts on how that's going to work its way through the system, where we are with that right now And how you think about monetizing that?
Yes, sure. So from the refresh, we've shown customer cohorts over time, right? You can see them getting bigger and bigger over time. The cut I showed you today was to take a look at like the dollars that we've collected over time and hardware into that state, if you will, right, around that. And in both of those views, taking a look at that, we know a few things.
We know that the opportunity set gets larger and larger over time just because you could see how the value of hardware that's been installed has grown over time. And then we know a number of things about our customers' reaction to us with the tension being high and the penetration being high and the attach being high and all these other data points that are around the idea, the customers are very happy and they like Palo Alto Networks and tend to stick with us for a long time. If we look backwards and say, hey, from like a 2012 or 2013 kind of view of those customers and what has occurred refresh wise, we've done very well in there. We've also done extraordinary well in expansion in there. So sorting through what are people doing with the various devices and use cases It's harder over time as the cohorts get bigger because they continue to expand so aggressively as well.
But we know that they're to spend a lot of money with us and the retention is really high, right? And we know that the refresh has been positive up at that point. So when we look and say bigger cohorts over time, we would expect that to continue to do well for us over time. Now just one point that come up on the call as I said, hey, in 2018, we didn't think that was going to be the primary driver of our hardware growth. The primary drivers we think are going to be the fact that we've got the best platform.
We introduced new hardware. We're sorting through the execution things that we we suffered last year which we're fixing, right? And we think those would be the primary drivers of the growth in hardware. Of course, the refresh is going to be part of that, but it's not going to be the I don't think it's the primary part of that. And you can just see the values growing over time to us by 2013 as to when those may occur.
We're positive on that for
sure. Yes.
Hey, sorry. Sorry, I can't see anything.
I'm trying to understand the company in kind of traditional ways and understand the growth drivers for the next few years. If you go back the last 5 years And you try to think about growth drivers, you can put it in 3 buckets, kind of the market grew and accelerated. You've taken share and the attach rate of new products went up either standalone platforms or attached products. If you think about these 3 buckets, It's the market may slow because we went through major cycle. Market share gains may slow because Cisco recovered and Juniper is making efforts and the attach rate that's really high with some of your products.
When you think about this kind of framework, what do you think about the growth going forward? Should we still think in terms of these three drivers? Or should we think about something else that may drive up revenues that is not related to what I discussed.
Yes, sure. That's a great question. I would add a 4th into there, of course, which would be New services as well, right? Because the tax rates, as you heard, went up. Those are services attached to devices.
We have a whole slew of Things that are not attached and they're growing well for us plus a few things we just announced later this week from a new service perspective. So let me add a 4th category, if you will, to yours. And then on the second category, what I'll call the competitive landscape as well, we continue to displace the competition at very, very high rates, Right. I've heard the Juniper's making efforts. Frankly, Juniper's almost non existent as a security player these days in network security.
I mean, it's just a numerical statement. And the idea that Cisco has gotten more and more competitive relative to us, I don't see a lot to support that statement, when you just look at the relative growth rates of the company. So now we have to prove that every day of the week, right? So that's my competitive juices coming up. We have to prove that every day of the week.
But I would say in those buckets you just laid We continue to be the competition at very, very healthy rates and taking their market share, the forces that they have from those. In any market environment, back to your first point, and then I would add the 4th one as well, which is the new services.
And how long does it take the new initiatives to kick in the things that Nir spoke about?
It will take time, right? So that's why we're speaking these things in If we looked in evolution 1 from things we created that became network SaaS services over look at Wild for example or the other network SaaS services over a multi year period that grew into nice businesses for us. In the second evolution you can see that our endpoint capabilities and cloud capabilities are getting to be more significant contributors to the new subscriptions billings as I showed you earlier. And in Evolution 3, it's just starting off. You got one of our own applications there, Lightsaber coming soon and we would expect those 30 plus application developers plus many more over time to drive increased revenue growth from 3rd evolution.
As far as that being significant, I don't know yet. We have a lot to prove out there in the application framework and the business model, but it looks very promising. Who's got the mic? Okay. Hey, Mark.
Matt Hedberg, RBC. Hey, Matt.
Splunk is a great partner of yours. And I'm curious a
little bit more detail on your new cloud log management system. Is that eventually going to become a little bit more competitive With their offerings or maybe just a little bit of differentiation on how the 2 are positioned?
Yes, I don't think so. Spunk is a very good partner of ours and has been for a long time. We That to be the case. So Nir made a very important point about data lakes and this I'll call it a separation of data where it is, right. So from a use case perspective, Splunk has done a very nice job and continues to do a nice job of saying wherever your data may be, we can ingest that data into multiple use cases for analytics, right?
Our logging service is focused on logging information from Palo Alto Networks capabilities, Right. So it's taking information off anything you deploy from Palo Alto Networks into a Palo Alto Networks data lake in order to run our applications and the run analytics on top of this, some for security, some that are outside security. That's I mean it's lunch where they have many use cases that they operate under. Does that make sense?
Hi, Mark. Fatima Boolani from UBS. Thanks for taking the question. Just thinking about the addressable market slide that you put up and if I look at the composite areas that you're playing in one aspect or area or vector that's specifically missing is email security. So I'm wondering your thought process around why not think about getting into that arena, so the network portfolio of protection is more filled out?
Sure. Great question. So, one of the Somewhere along the presentations, I can't remember if it was Lee or Nir specifically said something important about how we think about what we're doing as a company, which is try to be very focused. Security moves real fast, right? And in order to be really good at things for customers, we believe you have to be focused on things you can do extraordinarily well, right?
So we said we cannot do everything in security just a general matter, nobody's ever done that, right? That's one of the reasons why the application framework is so compelling is you don't have to innovate everything. You can bring all the innovation to market through a different framework, right? So as we look at areas in security where things are important like location is important, email is an important location, right? Everybody uses e mail.
It's got a ton of data in there, right? So it's an important location. When we look at that market and say, consolidate networks organically, bring something to that market that other people haven't done yet. We looked at it and said, we don't think we can do that, And if somebody is doing a great job in that market, then let them do it. We should partner with them.
And in this case, our partnership, which we've talked about many times, is with Proofpoint who we think is doing the best job in next generation email security. So what did we do with them? We try to make it better for the customers and feed the data link. Right. So our relationship with Proofpoint, which is good and many years in the making now is that their version of Wildfire, which they call TAP and wildfire are integrated together where the data is moving back and forth.
So if you send in a Proofpoint customer sends an to the Proofpoint cloud to be dissected. It also then goes to wildfire to be wildfire. Now why do they do that? Because wildfire is a massively bigger data set. So Proofpoint gets a better answer, if you will, by having that question wildcard in addition to what they're going to do for it.
Why do we do that? Because we get all the data. And if it's maybe not obvious from everything we've said so far, we have an insatiable appetite for data from all sources and email is an important source. And that's how we're getting lots of really good threat intelligence data from email is through that partnership. And we think that works.
It works for them. It works for us. Next question. Is it Mike? Yes.
Hi, it's Keith Bachman. Hi, Keith.
Thanks very much. It's Bachman from Bank of Montreal. I had two questions. On one of your slides when you started out, you indicated that Hardware growth over the last 6 quarters was about 3% for the industry. Palo Alto was above that.
As you think about the industry dynamics that you laid out on the slide, what does that look like over the next 2 years? For the industry, is that still a positive number? Is it low single digits?
Did you say product or partner?
I said hardware. Okay, sorry. Hardware, sorry. I had a little trouble turning on the mic. Okay, good news.
So the hardware growth has been percent over the last 6 quarters. Is that still a positive number over the next 2 years? And then I have a follow-up.
Well, the point I was trying to make on that is, it's hard to tell, right, which is what is going And with hardware over time, so that's why I went back to sort of what have we seen over many years of time, right? Whether these buying cycles, if you map hardware Sales in 10 year period of time, you see kind of a cyclical nature like this. We know people, which we mentioned a year ago are saying, hey, I really need to think about these things when make decisions about machine learning, right, or the cloud or what the impact of those kind of things as I architect my environments over a long term basis. My environments over a long term basis. Plus I have additional use cases now like, hey, that visibility point Lee mentioned is super important.
You can't secure anything you don't see. If 35 plus percent of my traffic is now SSL encrypted and I can't do something about that, that's a problem, right? So all these things kind of go into the mix and say how much hardware people are going to buy at any given time. And the answer is for us to sit back here and say is 1 player to market. We don't know that over a multi year period.
But what we do know is in those buying decisions over a long period of time, we do really well, Right. And that's the reason I wanted to show you the more product or hardware specific thing is to say, we've outperformed the market growth and we've outperformed the Competition's growth back to the gentleman's question over there, specific to hardware in the short term and the mid term and the long term and we would expect to be able to do that in the future. And we don't think we don't think hardware is going away. People are buying a lot of hardware. We said we're going to sell $750,000,000 ish dollars This coming year at least, right?
So but what we wouldn't be able to tell as one vendor in the market on a multiyear basis is what the hardware growth rate is going to look like On a multi year basis, I don't know. What we do know is that people are using a lot of it. They're definitely in hybrid architectures, And we expect that to continue for a long time. And as long as we're doing our jobs as we have, we would expect to capture more than our fair share, a lot more than our fair share or whatever that spend would be, which means we got to execute.
Then my second question relates to you've talked about analytics and data lakes one of your value propositions going forward. In order for that to come to fruition and you presumably to take more share of wallet from your customers, Who do you think is at risk? In other words, where are you going to take share from in this process? Or is this new dollar spendings? Thank you.
Yes, sure. Casey. So we think in order to continue to acquire market share, that means well, firstly, we have to acquire market share in a sense of get more customers, right, just get them in the first and sell them more stuff. So we're going to keep doing what we have done. Get as many customers as we can and we're going to sell them as much stuff as we can, right?
And we broke it into those I broke the evolution into the TAMs to say if what their interest is and their needs is today is network security oriented. We have a meeting with them and the meeting is about firewalls, right? Or the meeting is about IPS capabilities or the meeting is about Now we're advanced customers think that way and that's how they talk, then we say, great, we've got something to sell you on that. To try to sell you in the context evolution. So the next thing I want to sell you is something in your hybrid journey to the cloud or in an endpoint or whatever the case may be.
So we're going to keep doing more of that. As far as the winners and the losers in this market, over time, I think We continue to acquire more market share in the network security market. We're small but growing rapidly in the endpoint security market. I think we're doing more than our fair share in cloud security market and then we just opened up an entire vector if you will to take market share and things that we don't do today yet. Evolution 3 is near head that whole list of use cases and applications where people actually buy point products today for those things, either do that ourselves through the application framework or monetize the 3rd party through the application framework because they're doing a great job on something that we're not doing ourselves.
So that's what we have to keep doing into the future to do that. And I think I made a comment on the break somebody asked me a question. With this application framework in mind, we think we're the winners in this. We think it has to happen. But if you looked out over a few years' 3 to 5 years time and said in the security market, there's going to be lots and lots and lots of security companies.
There always are, Why are there 2,000 companies at RSA every year? And the answer is because security needs tons of innovation. The adversary is moving very quickly. You can't run 2,000 vendors, right? So that's the problem that has to be solved.
But more and more because of the second evolution of consistency, I hear customers saying and I think this is going to happen, we think we're going to win all this, is to say, if you looked at it for years, how many companies will be able to make a credible claim and I'll call that second evolution of consistency to say I can give you the exact same security in your network you're going to get on your endpoint, that you're going to get on IT devices, that you're going to get in cloud, exactly the same. And when I do that, I won't create your network Because the firewall is a networking device and there is a security device. That's why there's so few firewall vendors in the world. It's not a security thing. It's about being able to do great security and operate and not create your network.
I'm not going to blue screen your endpoints. That's an operating statement, operational statement. I'm not going to lose the connections to the cloud not be able to sync data. That's an operational statement, right? So how many companies are going to be able to make that operational statement with security on top of it in a few years' I can do all that for you globally, highly availability for giant enterprises around the world.
Less than 5. There's still going to be 2,000 secondurity companies. How do they get to the market? And that's increasingly a problem customers and for them. Next question.
John?
I think you're on.
Thank you, Mark. Just wanted to ask about the application framework. And maybe can you talk a little bit about sort of the type of revenue model that you guys are expecting and maybe the type of margins that we could see from this type of business? But it seems the data lake component, which seems a little bit more storage oriented, but just wanted to see what
the overall model looks like? Yes, sure. So the monetization model for the application framework would be, as I mentioned a little earlier to say, 2 direct angles and 1 indirect angle. The direct angle would be, we write applications, We serve them through the application framework like MindMeld, which we don't monetize. That's about getting threat intelligence.
Like Autofocus, which we do, like LiveCyber, which we will Shortly, so one, we write applications ourselves and we monetize it through the Application Framework. The second way is 3rd parties will want to be in the Application Framework. Why? Because you have access to tens and tens and tens and tens and growing thousands of customers to put their algorithm on a data on a set of data that is massively bigger than anything they're ever going to see themselves and to have their answers enforced when our infrastructure that's already been deployed, so they don't have to go stand in line with the CIO to get their stuff tested, run, deploy and those things, right? So we should get paid for that.
We expect to, right, on a rev share basis. We'll work all that out, okay, we need to do that. And that's the 2nd model. And the 3rd would be indirect, which is why should you be email, not that one email makes the case, but I hear this all the time, it should be that one of customers saying the application framework is very compelling. If you get it right, then I'm going to want to deploy you everywhere because that's actually how I get the most value out of all those applications is I get to enforce the answers everywhere, right?
So the pull through impact saying I want you all over my network, I want you all over my endpoints, I want you all over the cloud is another aspect of that that we think It would grow over time. Did you have a second part, Jonathan? Oh, I'm sorry, margin structure, right. So on as a general matter, We believe and it's been the case for us that if we're delivering something as software, it's higher margins, right? And the application framework as far as what's coming through the top are software applications.
We would expect those to have software type margins if we if they're ours. And if they're not ours, we're a distribution channel in there, very low friction distribution channel in there. So the margins for that should be very high, Because we didn't write the application. We're just monetizing the fact that you're using it through our framework. And then last thing on the logging service, Logging services is about creating the capability so that customers will log as much data as they want to, right?
So we have to sort that out at scale over time with the infrastructure we built. But that's actually about that's about getting them to log the data. We're going to make money on that, right? That's not a software kind of model. We actually have to run a big infrastructure for that, but that's a building block point in order to make the application framework, which are very high margin things from an application perspective, more useful for folks.
I want to quickly say we have
time for one more question, which is over here. For those of room, please do not pack up. We have an extra special little piece of information for you in terms of some customers that will come up As soon as we're finished with the Q and A. And let's take one more question.
Hey, Mark. Michael Turits from Raymond James. So I have a growth and profitability framework question. So if you look at the Street's numbers, they drop below the 20% level and yet The free cash flow margins are still up in the 30s. So two related questions.
How long do you guys think that 20% growth might actually be sustainable and if not, the street is right. And what are the puts and takes and maybe getting higher than the framework margins on free cash flow, which is What the expectations?
And this is why we have a framework, right, over a multiyear basis. But in the top line of the drivers in top line, we have a lot of top line drivers, What we haven't done, I'm not going to do is go out beyond 2018. We gave you what our guide is from a 2018 perspective. But we have a lot of drivers of growth and the ones that are in the market and baking already are doing very well and we have more to come, but we haven't gone out beyond 2018. From a free cash flow perspective, given the model which is hybrid in nature, we collect all the cash upfront, right, for all of the things that we sell Today, we expect to be able to continue to do that.
Into the future, we generate a lot of cash flow off of that. And from a free cash flow The main impact of that on a long term basis would be taxes, right, not the model itself, right? And you've heard us, Kathy, just say, For quite some time, we expect to be a low cash taxpayer. One is as we reach back up profitability and then we got a lot of NOLs to burn through at that point as well after we achieve that, right? So that would be the main fresh free cash flow.
Stefan, anything else? Did I get it right? Okay, I'm good. Give me a thumbs up. All right.
I'm sorry that went by real Sorry, but I'm here, Stefan's here, whole management team is here after we finish up in the hall and in the demo stations if you haven't seen them. We'll be here for as long as you like to answer any questions that you have. And with that, we're going to end the webcast portion. So