Good afternoon, everyone. Hopefully, you're settled. I'll kick this off very briefly. I have all the legal language, so the faster we go through that, the better. No insult to the lawyers in the back corner of the room.
So welcome. I'm Kelsey. I run Investor Relations for Palo Alto Networks and we're thrilled that you came. We know this takes a lot of time investment. Many of you have flown long distances, so we appreciate your time and your interest in the company.
And this is the investor track for Ignite. And Mark will give you some higher sort of overview of what we invite you to do this week. But following our formal presentations, we'll be hosting a cocktail party, which will include demos. So I'll give you a chance to actually touch and feel and check out the technology. So This is all of the cautionary statements that said everything we say after this you can't pay attention to.
So we're done. And I'm going to turn it over to the team. And thank you very much for coming.
What that mindset needs to be and what we sort of think about at Palo Alto Networks is
to really move to more of a prevention mindset.
Dan, you can't just bolt on different threat preventions. You have to do it holistically. And a board company called Sure. Which works on cloud security bolstering the subscription based recurring revenue stream. Oh, I love that.
The latest security service called Aperture, how to safely enable SaaS applications that are increasingly prevalent on their network. The PA-seven thousand and eighty, the latest addition to our next generation firewall product line.
Here's the launch of our book Navigating the Digital Age, our partnership with the New York Stock Every meeting with
your executive committee, every meeting with your board, cybersecurity is on the agenda. Dabbling in this space is not the way to go.
The Scarlet Mimic adversary is targeting those government organizations to access the information they have.
The Operation Lotus Blossom, The campaign has been ongoing since 2012. The new strain of malware called Yee Spector spreads via a malicious code inserted into web pages.
You don't know what the bad guys are coming up with next. And that's why the relationship with Palo Alto Mark, they certainly have their eyes On the ground and what's going on? We want to continue to deliver prevention capabilities in the platform to make sure that we're staying ahead and prevent these attacks.
Please welcome Mark McLaughlin, Chairman, President and CEO.
Thanks a lot. I want to echo Kelsey's comment. Thank you very much for taking so much time with us, particularly coming to Vegas. We know this is a flight for most of you. And the reason we do the investor track here is because we are at Ignite and we hope you get a chance to spend some time tomorrow as well.
We're going to have over 3,000 of our users here up almost 1,000 from last year. So just a sense of what's going on with Palo Alto Networks, how people are using the technology and the level of excitement around so that's why we do it here and we really appreciate you taking the time to be with us. So today, you're going to hear a lot from us today. We'll try to be very efficient with your And we want to be very respectful of your time. But this is what the general agenda is going to look like for the investor track this afternoon.
After myself, our CTO and Founder, Nir Zocco, I think most of you know is going to talk about our platform. You're going to hear a lot about the platform. I know that You hear a lot from us about that. You hear a lot from other companies. So we really want to dive into that day just to a good degree.
Lee Claret, who runs all products for us, will also talks about the platform. He's going to talk about the roadmap. He's going to talk about things that we will be talking to our customers about over the next 2 days as well that they'll be very excited about. And Mark Anderson, who is our EVP for Worldwide Operations is going to talk about what the view from the field looks like and how it is that we have and will continue to execute at scale and use at scale and use that as a competitive advantage for us. We're delighted as well to be able to have some of our partners here who are actually in the room with us right now as well.
And Mark will run a partner panel, when you get a chance to ask them some questions yourself as Mark will. And then Renee Balvenir, our Chief Marketing Officer, It's going to give you some sense of how we continue to drive demand generation and also drive thought leadership in the market, which is important first From a selling perspective, of course, last but not least, Stefan Tomlinson, our CFO, will give some financial updates and we'll talk about the model. And then afterwards, these folks will join me on stage and we'll have a good amount of time for Q and A. We have a break as well. And then after the Q and A, we'll have a cocktail hour and we will stay long into that.
So to answer as many questions you can. I also wanted to note, in addition to the folks here on the agenda, we have a very full complement of executives from Palo Alto Networks, we stuck them all the way in the back and the corner. Give you guys the best view, but we have our Head of HR, we have our Chief Security Officer, we have the person who runs EMEA, we have the person who runs APAC, we have the person who runs we call Cybersecurity Solutions, so he's in charge of Aperture and Auto Focus and Traps, and they're all back there in the corner. They will be here at the break and also through the cocktail hour this evening. So feel free to get some time with them.
So what I wanted to start off this morning was if I only had one elevator ride with you, and I know you're busy and you'll be doing you'll be multitasking through this, I'm sure not my part, but the for the afternoon. But if I could only give you one slide, this would be it. This is how we would encourage folks to think about Palo Alto Networks from an investor perspective, which is we really believe that we've attained a leadership status and we continue to grow that In the digital age, and I'll do a little bit of a setup on that in a minute. And the reason I mentioned the digital age because that's the age we live in and I get the question a lot about security demand and spend and understanding I think where we are in this time of history is important to answer that question. The second thing is, we truly believe that we have a unique platform, in delivering against what has to happen in digital age from security perspective.
Everybody uses a platform word a lot. We're going to peel the onion a couple three times for you as to what a real platform looks like and why we believe we're the only ones in the market who have one. In addition to that, with our really large and growing competitive advantage on our go to market excellence, which Mark Anderson will talk about and Renee will talk about, we've been rapidly capturing market share in a market that's really big and continues to grow over time.
I think
it's going to continue to grow for quite some time into the future. And then we have a model that is driving really high revenue growth, but Underneath that, really significant free cash flow and increasing margins over time. And Stephane will spend some time with you on what we think that looks like going into the future. So when we're talking inside the company and talking with the Board of Directors, we really kind of parse the company on the 5 things that we think really matter for us. And the rest of the presentations this afternoon will also follow along to fill in some of these things that I have listed here, which in the first thing we think that really matters is philosophy, means what are you trying to do in the 1st place, because if you don't know what you're trying to do, the chances of getting it done are pretty low, right?
So The philosophy you start with as a security company, really matters over time because if you start with the wrong one, You're compounding an error. When you start with the right one, you've got a much better chance to be able to add to that into the future in a way that works for customers. The second thing is Frameworks and what I mean by that is how do you think about how you implement the philosophy? So we think frameworks matter and we're doing a lot of work with partners around this as well about what is the proper framework for a customer to think about in security to get outcomes that matter for them. And those outcomes have to be delivered then.
So the third thing that matters we think is do you have a platform that can deliver the outcomes that are dictated by the framework within that philosophy. So platforms really, really matter and I think that's one of the keys to our success today. And then on top of that, you could have all that wonderfulness and slip on many banana peels from an execution perspective. So really being disciplined on execution, particularly with high velocity at scale, that matters a lot. And of course, at the end of the day, we all want to keep score.
We do, you do. So results matter. So we watch that very, very closely, of course, and we know that the investors do. So let me I'll go through these kind of quickly and again people will fill in through the day on this. But kind of the setup, which really goes to Security, where are we?
So when I get the question like what's the demand for security today and what's it going to be in the future, my answer to that is what time is it in history? The time that we're living in today is absolutely the digital age. Everything is almost right, is digital and becoming more and more digital into the future. And that means that all the things that we rely on as consumers, as businesses and as those things merge over time are more and more bits and bytes stream. So there's massive productivity enhancements for that.
This age is being more and more called the 4th Industrial Revolution to compare it to productivity gains that have occurred over history. The difference on this one because it's digital is compression, The time compression rates in the last 30 or 40 years, the amount of productivity enhancement we've garnered as a society because of the digital aspects of what we're doing is far outstrips anything that has come before certainly the Industrial Revolution. And really importantly then, the expectations for productivity into the future are enormous. Like we have to get it right, to support the growth that we all want to see in society. I mean, these are what world leaders are talking about and Academics are talking about, right, when thinking about the digital age.
So there's huge productivity gains that occur. The problem is, as we know, is that the very things about the digital age that can drive productivity are security concerns. So that's the flip side of the coin. And I started using these words about 2 years ago in my role as the Chairman of the NSTAC with actually with President and it kind of resonated, which was Security, I think more and more is a fabric item of society in the digital age. And what we mean by that is, it's often a mistake is made.
I go to talk to boards and particularly with non technical people, they think security is a technical, they think it's technical, they think it's about technology, right? And of course, it is meaning you have to use technology and people and training and processes to deliver on security. But security itself is our transcended technology. It is something that is woven and this is why I came up with fabric, it's woven through, certainly every major IT decision the company is make whether it has anything to do with security or not, somebody is going to say, how do we secure that, right? Or what are we going to do about that?
And in the national sphere, many decisions being made around that from a statecraft perspective. But when you have something that's fabric, it's hard to get in there and parse it out, Right. And if you have the wrong thing in there, kind of the only way that we get it out is to tear it, right? So if we are tearing the fabric of the digital age because we got it wrong from a security perspective, that's a real problem for us. And this is really apparent to folks.
We saw 2015 was one of the years with the highest number of reported breaches. There's a lot of talk about where the breach is going up, breach is going down. I'm pretty sure they're want to do nothing but continue to rise over time. I think we're in good company with that thought. You saw President Obama come out not too long ago Request a $14,000,000,000 increase in cybersecurity spend, just to give you some sense of how our own government thinks about their own posture, Right.
The day after President Obama asked for this 40% increase from Congress or Spen, the Director of National Intelligence, James Clapper came out and said, Cyber is the number one threat to the United States. He did not say nuclear. He did not say chemical. He did not say kinetic terrorist attack. He said Cybersecurity is the number one threat to the United States from a national security perspective today and into the future.
And around the world, other countries are, I think, rapidly catching up to the United States about these expectations. Recently, the EU, said that they will have laws in effect in the short order where it will require companies to report breaches. I think that's fairly common for the United States for publicly traded companies. It is not the case yet in the EU. It is not the case yet for all the major countries in APAC, but all of them have laws that are coming online.
So I think we're going to see a lot more reported breaches on a global basis than we have the future simply just because of reporting requirements because we know they're happening for sure. And it's getting more complex. So security is not a static thing whatsoever. It's dynamic. We know that if you've been following the space, we know that for sure.
And some of the complexity I think it's going to drive security demand into the future are the 3 things I've noted here. The first is that with the declining cost of compute power and it going down More and more and more over time, the compute power is in essence limitless, right? And when that happens, the bad guys use more compute power for less cost to drive more attacks. The second thing is the digital assets protecting this the physical assets are very real. I mean the problems are very real.
So when we usually think about cybersecurity, it's about protecting intellectual property and PII and those things are absolutely important. But if you paid attention to the Iranian folks who were indicted a couple of weeks ago by the U. S. Government for attacks against major U. S.
Banks, One of the portions of the indictment was taking over the control systems for a dam, North of New York City, right now they didn't do anything with it, but they demonstrated they could, right. So the mix from IT to OT and SCADA and ICT is very concerning and very compelling. That's going to draw a lot of security needs into the future. And then the third is Cloud and massively aggregating data and IoT making it more readily available in a lot of places drives great productivity. But if you're a bad guy, you're looking at that saying, Thank you for putting all the data in one place.
I appreciate that and thank you very much for giving me lots more ways to get at it. With IoT, there's going to be a lot of complexity in the future or needs can overcome this complexity from a security perspective. So that's kind of the big picture set up right before I get to the 5 things that matter very quickly. On the decisions that get made today are going to matter for a long time into the future for society about whether we get the productivity gains that we have to get in the digital age, which takes me to my first thing that matters philosophy, right? We're not thinking about it the right way.
We're unlikely to end up in the right place. And the philosophy The Palo Alto Networks has been driving for a decade since we opened the doors is one of a prevention orientation. And I want to be Clear about that, not a anybody stops 100%. Nobody stops 100% of the tax rate. But a prevention orientation to say, you have to try, you have to drive this industry do more and more prevention, because if we don't, we're upside down on a simple math problem.
And the math problem is as long as the cost of compute power goes down as it has, then the number of attacks and successful attacks is going to go up. I think that's been well demonstrated over the past decade. And if we don't change this, if we can't flip this on its head to dramatically increase the cost for the successful attack, we have a mathematical problem. So we have to increase the cost of the successful attack because if we can do that theoretically or more than theoretically, we should be able to drive down the number of successful attacks, not the number of attacks. Nobody is going to drive down the number of attacks, not us, not anybody else.
What we're trying to do is drive down the number of successful attacks, And therein lies the difference because from a framework perspective, the framework that people have been operating under for a very long time, is based on outcomes. And the outcome, the framework that we've been operating under has been one that's been very detection oriented using legacy technologies usually delivered in point products And the outcome of that has been reactive and manual.
So if you have a
highly automated adversary using compute power to their advantage And more and more, our outcomes are reactive and manual in nature. We are mathematically upside down in a way that we'll never recover from, no longer this continues. So what has to happen is a real paradigm shift on these frameworks to one that is a prevention oriented outcome that we're looking for using next generation technology delivered in a true platform or true platforms because the outcome then can be proactive and highly automated. And that's where we have to get to, right, fighting highly automated adversaries with highly automated capabilities not being reactive manual mode. Just again, it's just simple math.
So let me give you a quick primer on what's a true platform because That's super important to the success of Palo Alto Networks. Lots of other people say a platform as well. I'm going to give you just a few viewpoints on what the characteristics of a true platform Nir is going to talk about the technical requirements, what a true platform is. Lee is going to talk about how true platform actually works, right? But the characteristics of real platform, 1st, would be that if you're trying to do prevention and get inside the attack lifecycle to stop everything that the attack to do correctly, which is what we're trying to do with capabilities that are designed to do that and that they all are built together to work together.
It means they To be native to the platform, it's not something you cobble together. And if you do that, you're going to have superior security defined as higher prevention rates, number 1. Number 2, It has a real platform that's extensible. It's able to roll with the punches from what the new threats are or where your data may be in a way that is really flexible and really extensible, meaning you don't have to do massive hardware redesign, you don't have to burn ASICs, you don't have to do massive software rewrites, You can easily, relatively easily create capabilities that are native again to each other to take care of whatever the next threat is or to make sure you're covering data wherever it is. The third is it has to be highly automated.
What we mean by that is those native capabilities, When one of them does something right, it needs to be able to reprogram the other ones so that they all have the same base of knowledge in your own network. So it's getting leverage in your own network. So highly automated capabilities on your own network. The 4th point would be to get serious leverage outside of your network. So when it does something right or you did something right for somebody else, everybody is in your ecosystem, which Ideally, we'd be big and quickly growing.
Everybody gets it in a highly automated fashion because that's how we get leverage against an automated adversary. And the last thing, it has to be entirely consistent. What I mean by that is when it's doing these things, it has to do it exactly the same way wherever your data is. Because if it's in if you're doing it differently, you've created an inconsistency and inconsistencies are not the friend of security. So it has to be the same whether you're on an endpoint, in the data center, on the perimeter, in AWS, in NSX, in Dropbox, it doesn't matter.
It has to do the same thing everywhere in a highly consistent fashion. So again, we'll drill into that as well. What are some of the business implications? The competitive moat gets bigger, some of you here has noted. Even more importantly, what customers think about that, which is if you have a real platform, the competitive mode around that is already large because you started with the right philosophy.
You started to build it the right way from the beginning. And as you continue to extend it and make it more flexible, the moat gets bigger and this competition continues to be On the wrong philosophy with the wrong framework, with approximations of platforms, it's actually helpful. It makes them bigger over time because it really highlight the differences between those approaches and a real platform. The second thing is and Stefan will get into this, we've noted before is The services you can deliver services then off a real platform, subscription services off a real platform. And as you do that, they will continue to grow in importance over time Because that's the way the customers want to consume them, right?
What customers would like to do is be able to consume things in the services mode instead of a lot of point solutions as long as they're truly delivered in a platform with those kind of capabilities I described. The third thing is a real platform is position for whatever is coming down the path. It doesn't mean you have all the answers for whatever is coming, but it's the flexibility allows you to address things as they come down the path. What's coming down the path is important. IoT is important.
The SCADA IT to OT things are important. The cloud is important. Endpoints are important. So having a real platform says, I'm in position to be able to take care of whatever the issues are that arise from all these complexities that are going to continue to drive security in the future. And then from a business perspective, whether it's security or not, historically, in cases where you have fragmented markets, Real platforms have had the ability to capture historic market share.
And we think we've got about 9% market share today. We have a long way to go on market share. And with a real platform, we think we have a chance to capture historic market share gains as we progress down the path. That's important because it's a big market. Got about an $18,000,000,000 market we're planning in today.
We're in about $22,000,000,000 in the next few years. So there's a lot at from a market perspective and we intend to capture more than our fair share in that market as we go into the future. The next thing, so I talked about philosophy matters, I talked about Frameworks matter, I talked about platforms matter. The next thing that really matters and we pay a lot of attention to is execution. And execution for us has been this challenge, right, there's opportunity that I'm showing here, which is not a really pretty picture, but basically we're saying, hey, we're operating at a pretty big scale.
And we've been doing that for a very long time at really fast velocity. It's hard enough to run a company at scale, dollars 1,000,000,000 to $2,000,000,000 It's really hard to get it right when you have velocity growth rates that we have because there's lots of banana peels that slip on all over the place. So we spent a lot of time thinking about that and we'll talk a little bit at length through Renee Mark, about how we do that just from a go to market perspective on things like our thought and brand leadership, which is like a flywheel for us. The more known, the better known we are, the easier it is to get meetings, to get meetings at the right level and hopefully to sell things at the end of the day. Our demand generation, Renee is running A machine based on a lot of science is close to $2,000,000,000 of demand generation a quarter right now to support the kind of growth that we have and have been able to continue to seamlessly grow that over time.
The third, Mark Anderson will talk about is, what does it take from a focus and discipline perspective to go understand what the market opportunities are and continually segment the market in such a way that we can give the maximum focus and attention to customers in each part of that segment, so that they're very happy with the engagement from Palo Alto And we're happy with the results of being able to engage with them like that. The next is partner relevance, right? So in our business, we're almost 100% fulfilled through partners. Partners are a part of our business. We treat them that way.
We feel like we're in business with them. We give you a lot of data points about how we do that. But most importantly, we want to be, we need to be relevant with them. If we're relevant to their businesses, then they'll be relevant to us. They will invest in us.
They'll invest in training and people and all the things that go with success. So we care a lot about that. And of course, we care about our customers being delighted. We use that word delight, Brett Eldridge, he's back there, he runs all customer support. That's his mission is delight our customers.
Mostly because we want the customers to be happy, right, makes sense from a prevention perspective. We also know that happy customers tend to come back and buy more from us as they understand and fill out that prevention story. So we definitely want our customers to be delighted with us. And then last thing I said it matters is the results. We keep score like you do at the end of the day.
And just quick snapshot from results perspective. What I just took here was, I just took our last 4 quarters, so Q2 backwards by 4 quarters, right? Added it all up from revenue perspective. I did the same thing for some of our competitors in the market took the most closest quarter for them from our Q2 and added them all up backwards.
And just
got to get a sense of the scale of how those operating at right now. And then more importantly, the growth rates relative to our largest competitors who are underperforming the market, right? And the rate at which we are over performing the market and over performing this competition and their numbers up here Also given the benefit of acquisitions, so the Fortinet with Meru, for example, probably even more telling. Cisco has done 6 acquisitions in the security space over the last 3 years for a total of about $4,000,000,000 and yet they get these kind of results. Only mention that because I think it really matters about real platforms.
If you're trying to approximate a platform to do the things I'm talking about and you think you're going to buy them and put them together, this is what you get, right? So we're very focused on the different approach. So I will leave you where I started at a glance. I'm not going to go through all these again, but we think we've got a very special company here at Palo Alto Networks doing something important at a time it matters to our customers and we really care what our customers think about that. That's why we do Ignite.
That's why if you hang around tomorrow and the next day, You'll see very little people talking on stage. You'll see tons of breakout sessions, lots of labs. You'll see us enabling our customers to get together and talk to each So we can get their feedback and we can help them solve really hard problems in security. Thanks again for taking the time to be with us today. We appreciate that.
I'd like to Follow-up or have Nir Zuk, our CTO and Founder follow me. Thank you.
Thank you. Okay. Thank you, everyone. Thank you for being here. What I'd like to cover now as Mark said in his introduction is to talk about some of the technical aspects of the platform And specifically explain why UAV need a platform in order to deal with data breaches, talk about how the platform works, just One slide, Lisa going to cover it in much more depth.
Talk about what are the technical requirements from a platform and show you what different vendors in the space have in terms of the different pieces that are required in order to build a platform, Okay. To do that, I have to cover a few subjects or go through Some explanation about some areas that will help me explain the things I want to explain. And first thing I want to do is I want to show you a breakdown of the market, which is relatively unique and is based on the attack vector that the bad guy is taking. And there are other parts of the cybersecurity market that are not depicted here. These are the ones that at least to me are the most important.
There are really 3 main attack vectors that bad guys take today. The first one you can see at the top is going directly at the external facing application at an external data center. And those are usually protected mostly with WAF, with web application firewalls and with DDoS prevention devices. Then there is the market that we're playing in and that's the market where the attack vector is the bad guy taking over an end user machine, sometime an unmanned machine like an ATM or a point of sale system and so on. And then from there jumping to the data center, whatever they want to do.
Sometimes they want to modify the data, encrypt the data, delete the data, most often take the data out. That's the market we're playing in, right? Our job is to prevent these kind of attacks. And as you probably know, we don't have the different market sizes here. This is by far largest part of the cybersecurity market.
Messaging security, which is an area that we don't play in is sometimes considered part of that because It's part of that attack vector, right? Very often, attackers will use e mail or instant messenger or other messaging applications in order to deliver something to an end user, take over the end user machine and then from there jump to the data center and do whatever bad thing they want to do. And then last, Down there, we have the market where that TAC vector is usually stealing credentials, right? This is what the IAM, the Identity and Access Management vendors are trying to deal with, the bad guys filling credentials and using those credentials for remote access through VPN or other services and sometimes accessing applications using stolen credentials as well. If all those fail, we have the incident response market where if data breach is successful, they come in and they try to figure out what happened, clean up and see what you do next.
So again, we're playing where that big blue oval is and everything I'm going to say from now on is really going to be focused on that area, on that market, okay? So if you look at that market, if you look at the again, preventing that attack vector, Traditionally, the industry has been focused on dealing with known attacks. Meaning, if you look at the typical vendors out there and the different solutions that are listed there in Those boxes and others that aren't listed here, they try to stop known attacks. Meaning if you know in advance if they know in advance something about attack like They know about the malware that the bad guy is going to use. They know something about the command and control infrastructure that the bad guy will be deploying in order to control that malware.
If they know in advance something about the vulnerability that the bad guy is going to exploit in order to gain access to an edge user machine and there are many other things like that, then they will do their best to stop the attack. That is if they can see the traffic, if they're in the right place at the right time and Lee will cover that a little bit more. This works great except that most of the attacks that customers care about today what we call the targeted attacks that that's where The bad guy takes the time and money to create an attack that's never been seen before are irrelevant here. And I would say something a little bit more explicit. Take all the IPSs in the world, ours included, put them as a standalone IPS not as part of the platform.
Put them in any infrastructure that was bridged in the last 3 years that made it to the World 3 Journal in a bad way. What percentage do you think you're going to save? The answer is 0. There is no IPS in the world that would have saved anyone from being breached with a targeted attack over the last 3 years. The same is true for antivirus.
The same is true for URL filtering being used as security not as an HR service. The same is true for the proxy. The same is true for the stateful inspection firewall, except of cases where it was just an open port, it wouldn't have been open. These products would not have saved anyone from being breached with a targeted attack in the last 3 years because they only deal with known attacks and those targeted attacks are almost always an attack that's never been seen before. So this is why we've seen a cottage industry being created around the detection of unknown attacks.
You know about sandboxing companies. If you've been to RSA, you probably saw about 3,000,000,000 big data and machine learning companies dealing with security. There are companies using DNS traffic or DNS information, URL information and so on to detect attacks that's never been seen before. And the way these companies expect you, the customer to work is they'll detect the attack for you, they'll tell you about it And you are going to respond to it as quickly as possible and then remediate, right? Detect, respond, remediate.
The challenge with that is that it's easy to do when there are very few attacks. The bad guys are not stupid and because they have unlimited compute and unlimited bandwidth available to them, thanks to Amazon Web Services and other services like that, they will never try to just attack you with one attack. They have learned and we've seen it in real world attacks to either completely hide underneath the radar or more often overwhelm your infrastructure for detecting unknown attacks with 1,000 and 1,000 and 1,000 of attacks. And the thing is that the difference for them between you having to deal with 1 attack and you having to deal with 10,000 attacks is almost 0. And the difference for you as a defender Between dealing with one attack and dealing with 10,000 attacks is either you hire 10,000 secondurity experts that you'll never find and don't have budget for or you spend 3 months, 6 months, 9 months investigating a data breach, which is usually what happens.
So What like Mark said, what we believe is security has to be automated. And the idea is that and as an engineer, I just don't think there's any other way and I'm Surprised that many others think there's another way. The idea is that if you can detect an attack if software can detect something, software should be able to stop it. Humans don't need to be involved in that situation. People have to go and hunt for attacks that software cannot detect.
But if software can detect it, Topper needs to be able to stop it. Now this is easier said than done. And whenever we talk about it then this is the reaction of the industry. We've been talking about the need to stop these attacks for the last many years and the response from the industry has been you can't do it. There is no way to prevent attack.
What you have to do is to embrace for them, understand that they're going to happen. You're going to lose the bad guys, just recover as quickly as possible. We don't believe that. And we have been working really hard to convince the market that this is not true. We've been working really hard to show customers that this is not true and show them how they can prevent those targeted attacks.
And the result of that is that now the competitors with this, Never mind. The competitors are now following us. This is our slide, right, or at least like taken from our book from 5 years ago and at least the marketing of our competitors is now following us. You need to do prevention. All of a sudden prevention is possible.
Now it's not that simple, okay? The same way you cannot take a 20 years old product, put the words next generation in front of it and make it a next generation product like we've proven again and again with our financial results versus theirs, you can't just UTM your way, okay, into prevention. You can take a 20 years old product, put a bunch of blades on it, whether UTM blades or software blades or Whatever blades different vendors have on top of their product and all of a sudden prevent attacks. It's much more complicated than that, okay? And The biggest challenge and Liz is going to talk a little bit more.
The biggest challenge in stopping attacks is that Unlike the attack that you know about that you can stop like this, we can stop an attack at 100 gigabit per second in less than a millisecond if we know about it in advance. It takes a few minutes, sometimes more than that to detect an unknown attack, which and since you can't delay everything for a few minutes, the business has to keep going. At the time you know about the attack, meaning at the time you turn that unknown into known, the attack is already going on. And what you have to do then is you have take the information you just have in your hands and reprogram the entire infrastructure not just where the attack was found but of your entire customer base. Have to reprogram everything to stop the attack.
You have to reprogram all the networks and all the endpoints to stop that attack at what wherever the attack is now and at whatever phase the attack is. For that you need a platform. And this is at the high level from a technical perspective what a platform needs to do. It needs to be able to take unknown attacks, very quickly determine that they are making known about the unknown attacks, making them known and then very quickly go and reprogram the entire infrastructure of everyone to stop the attack. That's the only way to prevent data breaches.
To do that, there are 6 things at least that you need to do from a technical perspective and I'm going to cover them 1 by 1 very quickly right now. First thing is you have to be at the right place at the right time. Now with an attack that you know about in advance, you know where the attack is going to be, you know where it's going to come from, you know how it's going to look, you know where you can stop it, You can just wait for it there. With an unknown attack you don't. You don't know where the attack is going to come from.
You don't know where it's going to be the best place to detect it. You don't know at the time we detect it where the attack is going to be which is where is the right place to stop it which means that you have to be everywhere. Have to be in the main on the main Internet connection. You have to be in the branch office. You have to be in the corporate data center whether it's virtualized or not.
You have to be in the public data center. You have to be in SaaS. You have to look at mobile traffic. Have to be everywhere, which means you have to be the firewall. The only network security device that is everywhere in the infrastructure is the firewall.
Everything else that is being sold today in the market is not deployed throughout the entire infrastructure, usually doesn't see all the traffic, usually only dedicated for 2 for one application like e mail or web and in many cases not even in line and position to stop the attack. If you don't have a firewall, you are not going to prevent data breaches. You're not going to stop the unknown attack. Maybe if you see the traffic you can stop a known attack. Nobody cares.
You are not going to stop a data breach if you don't have a firewall, Okay. We just took out 19 95 vendors out of the list of those that can stop a data breach. Okay. We're left with the firewall vendors. We'll talk about them next.
You also need to see the traffic and for that you need to have a next generation firewall. We will talk about it more. Now you also need to be on the endpoint. That's where the attacks are happening. In many cases or in some cases, the endpoint is the best place to detect the attack.
In some cases, the endpoint is the best place to stop the attack. You need to be there, okay? So that's the first requirement from the platform. You have to be a firewall. You have to be on the endpoint.
The second requirement is you need to be best of breed, okay? You're not going to replace an IPS and a content filter and neural filter and an APT solution and so on, if you are not best of breed, Okay. It doesn't matter how good you are at stopping data breaches. You also need to be able to stop the old stuff. You need to be best of breed.
Now if you look at reality, when we Palo Alto Networks compete for example on an APT deal, right, an advanced persistent Threat deal, the only other vendor that shows up is FireEye. You never see the other firewall vendors or other standalone vendors even trying to compete on an APT deal. Why? Because they don't waste their time on something they know they're not going to win. I don't recall a single case where the competition was not or was someone other than FireEye when it was an APT deal.
Now when we compete on a U. S. Filtering deal, These guys don't show up either and neither does FireEye. It's WebSense and Glucose that show up for the deal, right? And when we compare that on an IPS deal, Cisco shows up with Sourcefire not with their firewall or the IPS inside the firewall.
They talk about it all the time, but they show up with a standalone So as far as appliance maybe McAfee shows up with their IPS and that's it. You never see Check Point and Juniper and Fortinet. They don't even try to compete on an IPS deal in an enterprise because they know they have no chance of winning because they don't have a best of breed solution. And The way to test whether they have best of breed is looking at the results. They don't compete on these deals.
They don't win those deals. They don't have best of breed, which means they cannot be a platform because nobody is going to replace a fine working IPS with an IPS that's not best of breed even if it gives them additional functionality on the breach prevention side, Okay. The next thing is you need to have a single path architecture. This idea of creating a new module every time you need to detect something new and ending up with 25 software blades running on poor Intel Core is both doesn't work both from performance perspective, Okay. You need to be able to run fast at the same speed no matter what you're trying to look for.
For that you need a single pass architecture. You can't have again 25, you can even have 3 UTA modules or UTA or application module or whatever they call them. The next thing and Mark said this requirement is the ability to adapt to new attacks. When there is a new attack and something new has to be detected, you can't wait for your vendor to come up with a new module, A new UTM module, a new blade to support that. Sometimes we even need a new ASIC in order to do it, which is a 3 year process.
And then go through the 1 to 2 years process that it takes to upgrade all the software in a very large enterprise in order to bring it to the latest version. You can't wait 2 years to deal with this new attack. If you have a single pass engine and that single pass engine can be configured to look and stop any kind of attack, there's no upgrade required, just a new service. Either a new service or part of an existing service, we'll deliver you the need to do that. And there's just no way to do it without a single pass architecture, okay?
The next thing that you need is to be able to control the security capabilities. As I said, the way the platform needs to work is you detect a new attack that you've never seen before and you immediately reprogram the entire infrastructure all the networks and all the endpoints to stop it. To do that you need to have control over these security capabilities. If you OEM your antivirus from a Russian company or a Chinese company, if you OEM your URL filtering from another company, If your IPS was acquired not too long ago and it completely separate from your firewall, you don't have this kind of control, Okay. You either need many, many remote controllers or in many cases it's not even your control because it's someone else that's doing the work for you.
You need to own these capabilities and they need to be native integrated into a single pass engine such that you can control them And you can update them very quickly once you need to when you find a new attack that you've never seen before. The next thing is that when you do that, As I said, you need to run everywhere. You have to secure everything everywhere, which specifically more and more means that you need to go virtual. Willy will talk about it more. Securing AWS Azure and internal virtualized data center has to be part of the platform, which means that you need to be Supporting virtual environments, which means that if ASICs are your competitive advantage, you're kind of screwed, because there are no ASICs in the virtual world, right?
All you have is a bunch of Intel cores. And if you rely on ASICs for your competitive advantage, guess what? You're not in that market. If you rely on the fact that you're the networking vendor in order to sell security, meaning your message and the reason people buy you is because you're the networking vendor and they want to buy the from the networking vendor because security is part of the network. Guess what?
You're not the networking vendor in AWS, it's Amazon. And you're not the networking vendor In Azure and you're probably not even a networking vendor in the private cloud. It's any text that does that, okay? So you have to be not relying on things that don't exist in the virtual world. If you want to play in the virtual world and since the virtual world and the physical world have to be secured the same way as part of the same platform, Guess what?
The last thing is that and Lee will talk about it more. As you've seen on the previous slide, there are different techniques today for detecting iron If you walk the floor of RSA, you probably saw between 103 100 companies doing different things with big data analysis and analytics and sandboxing and all this other stuff to detect unknown attacks. There is no winner here. You have to do all of them because nothing is perfect, okay? The only way to detect the right number of unknown attacks with the right level of false positives and Lee is going to talk about it is to have many different detection capabilities.
They all have to be brought into the platform. Having a standalone sandbox or a standalone something else that only detects attacks, it only doesn't prevent them and only in one way is not going to cut it anymore, okay? They all have to be brought into the platform. Again, Lee will talk more about it in his presentation. So the next thing I want to do is to map those 6 requirements, technical requirements that I have for a true breach prevention platform into vendors, who has what, Okay.
And of course, we have everything except for a stateful inspection firewall. You would expect less, right? And Let's pick on the next vendor on the list, which is Check Point. I'll explain why I have the check marks and the X marks Over there. So Check Point has a separate inspection firewall.
They don't have a next generation firewall. I mean they took a separate inspection firewall. They added the word next generation in front of its name. That's not the next generation firewall and I think we've proven that in the market, okay? If you don't believe that anymore then I don't know what else we can do to convince you that they don't have one.
The next thing is single pass architecture. They don't have it. They have, I don't know, 20, 30, I don't know how many blades they have today. Each one of them is a separate engine. A separate engine running separately from all the others, that's not a single class architecture, not going to cut it with a platform, okay?
It's not going to run fast enough, not going to be modular enough. In terms of capabilities, they don't have best of breed capabilities. They never show up for IPS deals. They never show up APT deals. They never show up for Uro filtering deals, proxy deals and so on.
All they do is they show up for firewall deals, which proves that they don't have best of breed capabilities. The proof is in the pudding, not in what they say. They just don't do that. They don't show up to these deals, meaning they don't have best of breed and that's by the way true for the other vendors as well. I'm just speaking on them now.
In terms of being able to control their technology, Many of their blades are OEMs. Their AB blade is OEM, their oil filtering blade is OEMs. They probably have other blades that are OEMs. They don't have control over it. They're going to reprogram it within a few minutes of seeing an attack?
They're not, okay? Checkpoint is one of vendors that doesn't rely on networking and ASICs and other things, yes, they're ready for the virtual world. Too bad for them they don't have the other stuff. And in terms of using multiple attack detections, as far as I know, they only use whatever they call it, sandblast or something like that to detect attacks. I haven't seen any customers using it, but
at least they have the
technology on paper. They don't have anything else, okay? There's one platform in the market and that platform belongs to a company that's growing so much faster than everyone else and that's the reason for that. Okay. The last thing I just want to quickly go over is to talk about how customers see.
So we are seeing more and more customers now buying architectures, okay? Customers used to look at to buy firewalls and IPSs and neural filters and endpoint and AV and all these other technologies. That's not true anymore. More and more customers are thinking about an architecture and about an outcome. The outcome is I want to stop data breaches, The traditional outcome is I want a new firewall.
I'm not kidding you. That's what customers were thinking about. I need a new firewall. I need a new IPS. Now it's about I need to stop data breaches.
How am I going to do it? Well, I believe Palo Alto Networks. I believe that it's going to be a platform. Here are the requirements from the platform. Here's how we're going to do it.
Now Palo Alto Networks does a few things very, very well or many things very, very well. Are things that Palo Alto Networks doesn't do. We don't do WAF and DDoS. We don't partner with WAF and DDoS vendors because there's nothing that we do that can make them better. There's nothing that they do that can make us better.
We don't do that. In the case of messaging security, there is information that messaging security vendors have that can make our platform better. There are things that we have that can make their messaging security better, which is why recently we partnered with Proofpoint. It provides Much better value for the customer because now they can protect e mail as well as the rest of the traffic in the same way, Okay. If you look at incident respond vendors specifically more specifically about vendors that are focused on breach investigation or forensic analysis, We have a lot of information that's very useful for them.
We have very strong relationship with vendors like Splunk and Tanium because we have information that we can provide to them that make them much better. So we partner with them. Good for the customer, it's good for us. If you look at Identity and Access Management. Identity and Access Management is becoming more and more important part of preventing attacks because in many cases it's stolen credentials that are being used.
But more importantly, we are becoming a more and more important Identity and access management enforcement point, right? They do the identity management. We do the enforcement. We need to work with everyone, Okay. We need to work with the traditional ones, the IBMs and the CAs of the world.
We need to work with the new ones, the Okta, the Ping, the Centrify and so on and we work with everyone and bring them into our platform in such a way. Think that's what you're going to see our philosophy just in general is really following what customers are asking us to do which is to focus on the things that make the platform better. If something can make the platform better or the platform can make something else better, then we'll find a way to do that at the right time. If it doesn't, And we stay away from it. There's no reason for us to do that.
We'll let others do that. They can do it better than us. That's all I have. Thank you very much. And Next, we have Liq Larich, who is going to tell you about the products that do all the different things that we talked about.
Great. So I am the lead Sid is going to tell you everything in more detail, as Nir pointed out along the way. In addition to that, I'm going to try to actually pick up where near left off and try to go from the approach, the philosophy, architecture of the platform and translate that into products and product capabilities. And along the way, share with you some of the really exciting things that we're announcing this week here at our Ignite users conference. And when I think about that translation of platform to product, that's what I mean when I say product execution.
And for any high-tech company, product execution obviously is going to matter. But I think in particular as a security company, it really matters Because even the slightest difference in capability can really translate into whether or not one of our end customers is protected or not protected, And that difference is, as we all know, very meaningful. And to set some context for this, I thought it'd be helpful to share with you kind of how we think about like this concept of prevention and what it takes to actually do prevention. So At the simplest level, this is what you would have to do to be successful at preventing attacks. You would start by having complete visibility because if you don't have visibility, you can't secure what you can't see, quite simply.
From there, you would reduce the surface area of attack. Let's face it, security is hard enough without trying to secure things that aren't actually necessary for the business to operate. From there, you would prevent all bad things that you already know about and then you would prevent any new unknown attacks you haven't seen before. Sounds pretty simple. It may not be that simple.
But conceptually, if you could do this, you'd be great at preventing attacks. Now to do these different elements actually requires a lot of different capabilities. And each capability that's required in and of itself is fairly complex, hard to do, requires A lot of technology requires a lot of know how and expertise that it requires continual innovation and focus. And you can see there's a lot of different things and this is not even an exhaustive list of all the capabilities you would have to have. And because of that, the industry has historically approached this with the idea of building a new product for every capability that's needed.
Now 20 years ago, this list was really short. And as the years have gone by, the number of capabilities required continues to increase. And as it keeps increasing, the number of different products keeps increasing. And this goes on and on. And there's Lots and lots of problems with this.
Let me start there. There's 3 that are really sort of top of mind from my perspective. The first is For an enterprise, a large enterprise to adopt a new product in an infrastructure is actually really hard. It takes them a long time. It's hard to figure out how to fit it in, which one's the best, how is it going to tie in operationally and all the things required just to operationalize and deploy that new thing.
Very difficult. It takes a lot of time. So if you need a new capability and your the response is a new product that has to be built and selected and deployed, it takes a long time for enterprise to be able to respond with the capabilities they need. 2nd, Most of these products are not designed to be part of the infrastructure. And because of that, they're designed to hang off of SPAN ports and taps and things like that to provide detection, not prevention.
And third, there's no integration. There's no sharing. There's no leverage between these different capabilities. And this is possibly the most important point. And so let me show you just a couple of quick examples.
Imagine if you're trying to detect and block bad domains on a network. Relatively simple and straightforward as a technology, most heavily dependent on knowing about all the bad domains. Now one of the key ways in which you can find out about new bad domains is by doing dynamic analysis of new files. The problem is, if you're the product that does bad domain prevention, you're not product is doing the sandboxing for the dynamic and static analysis of new things. So you get no leverage from that.
In addition, you can't apply that to all traffic because You're also not the thing that's actually scanning all of the applications. Let's look at malware. You want to prevent malware. Well, you have to know about the malware and you have the same problem of not being the engine that's detecting new threats. You have the same problem of not being able to apply your preventions to all applications.
You have additional problems not being able to apply this to encrypted traffic, which increasingly is the majority of enterprises traffic with SSL taking over from traditional web browsing. And
besides all of
that, you have these bad applications like TOR and using encrypted tunneling and Ultra Surf and a bunch of other things that are ultimately designed to bypass And if you don't have any way of reducing that surface area of attack, you have no hope. And I can give you example after example after example of these different problems when you approach each capability as if you need a new product to do it. So for us, From day 1, we reimagined how you would approach this. And from and sort of very fundamental to this was this idea that These different elements that are required to accomplish true prevention have to be natively integrated. And they're all gaining leverage and context and information from each other, constantly making each different element smarter in a highly automated way.
And so this is when you think about like what the platform does, ultimately, this is what it's designed to do. Everything is integrated together. We're able to take that and consistently apply it everywhere in the enterprise. We're able to it's designed to be very flexible, so we can with new capabilities as new requirements come along. We automate everything and with everything we do, we're always thinking about how we can Turn detection into prevention.
I have this conversation with my team probably on a daily basis. We're talking about some new capabilities like, okay, great. How do we use that to prevent an attack, not just detect it to kick off the manual remediation process as Nir was talking about? So with that as the context then, there are a few very important sort of security transformations that are taking place and have been taking place and will continue to take place. And really big transformations obviously take time to play out.
And I want to talk through each of these. The first is this idea of having complete visibility and being everywhere you need to be in order provide security, there's a lot of activity going on, whether it's things like IoT and SCADA systems or cloud, whether it's public cloud, private cloud. This movement of and changing of the enterprise network and what it takes to be in all the right places to secure it is a very important transformation to us. And quite frankly, it becomes an opportunity for us to extend our footprint and the value we can provide to our customers. 2nd is, as the attackers evolve and become more sophisticated, what it takes to actually provide real security has to evolve as well.
And there's a lot of things we've been doing and continue to do to accelerate our ability to detect and prevent even the most advanced attacks. And lastly, how we extend from a network security standpoint to the endpoint is very important. And it's very important because The endpoint provides a unique opportunity to prevent certain types of threats that the network is not necessarily the most well suited for, just like the network is very well suited for things that the endpoint isn't as well suited for. And so I'll talk through how our thinking around endpoint security continues to evolve and what we're focused on. So I want to start with a very important trend around the movement of applications.
And this gets back again to You have to be everywhere the applications are in order to be able to secure them and you have to be able to provide consistent security as well. And so If we start by kind of rewinding the clock back several years, every enterprise had this very traditional data center architecture. It tended to be a bunch of physical servers. It was very static. It was hard to change.
And you put high scale firewalls in front of it to protect it. And in fact, this actually is still going on. But to a large extent, that architecture is giving way to private cloud. Now it's important to understand with private cloud, it is still the enterprise's infrastructure. So they still have all the same security requirements that they used to have in terms of protecting that infrastructure at the north south boundary, Only in addition to that, because private cloud is highly dynamic and automated and changing very rapidly, There are additional requirements to secure traffic within the private cloud infrastructure.
You'll often hear this referred to as micro segmentation. And this is securing between applications, between tiers of applications. This is why we took everything we do and virtualized it in the VM Series. This is why we took that and integrated it with VMware's NSX, which is the primary orchestration platform that drives all these public cloud architectures. And this has been something we've really helped our customers embrace the change to private cloud because we can help them do it in a safe way.
Now at the same time that that's happening, more and more enterprises are looking to be able to move some of their applications up into public cloud infrastructure, whether that's Amazon, AWS, Microsoft Azure, IBM Softlayer and others. And the idea is to get some of the benefits of Just the sort of pay as you grow dynamic, spin up, spin down, move globally kind of benefits of the cloud, in some cases, saving money in the process. Now in these environments though, the public cloud provider is only taking responsibility to secure their infrastructure. They are not taking any responsibility to secure the applications and data that enterprises are deploying into those environments. And so For that reason, we took the VM series and we packaged it up in such a way that it can run-in these public cloud infrastructure environments so that our customers can have that same security there.
And this week, we'll be announcing that we're extending support to include Microsoft Azure in addition to AWS, which we've had now for a bit over a year. In addition to that, there is the transformation of applications to SaaS consumption, where instead of the enterprise owning and deploying the application themselves, they're letting somebody else do that, but it's still their data. It's their data running within the application that they're consuming it. And it's for this reason that we acquired Cirrus Secure almost a year ago and came out with Aperture a little over 6 months All of this is designed to be able to extend our security capabilities into SaaS environments in a consistent way To secure the use of these enterprise managed applications, whether it's Box or Dropbox or Salesforce.com, most recently this week, we'll be announcing support for Office 65 as well. And so ultimately, what I'm basically painting for you is this picture that the enterprise application landscape, While changing, ultimately, it's extending.
It's extending from traditional data center into private clouds, extending up into public cloud and SaaS. And as all of these this movement happens, what we're hearing from our customers is they need the ability to have system security regardless of where their applications move to, regardless of how they consume their applications. And that's what we're providing to them. And as I said before, the providers of this infrastructure, whether it's public cloud or SaaS, they're not taking responsibility for why it's so important for us to do this right. And lastly on this topic, I just want to update with what we're seeing from our customers.
Many of you are asking, Sydney, like how does this transformation kind of play out? And what I can tell you is sort of our observations so And our observations are we're seeing very healthy adoption of the BM Series. Well over 1,000 of our customers have purchased VM Series from us and are using it. This is probably one of the better metrics to think about relative to private cloud adoption. In addition to that, even though it's relatively new for us, we're seeing hundreds of our customers adopt us to secure their public cloud Applications and Infrastructure.
And at the same time that this is happening, we're seeing continued growth in our data center business. This time last year, it was about 35% of our overall business and now it's over 40% of our business. And so What we're observing from our customers is healthy adoption growth across all these different areas. Okay. So switching gears to Threat Prevention and Threat Intelligence Cloud.
And we've talked a lot about why this is so important. And within the Threat Intelligence Cloud are a number of capabilities. This is where a lot of our security services are delivered. Within that, We talk a lot about wildfires, sort of one of the core capabilities that we provide from this infrastructure. And so I want to start just by giving you an update.
If we were here 2 years ago, I would have been actually thinking we're doing a great job in the scale of wildfire, And it would have been a little tiny blip down there. In the last 2 years, we've grown wildfire usage by about 50x. Last month, We processed over 100,000,000 unique files in wildfire. In addition to that, we processed more than 250,000,000 unique URLs. The scale of Wildfire is just amazing.
And this is important because wildfire has this great community effect or network effect where If any one of our customers anywhere in the world submit something to wildfire that we're able to detect as being malicious, we can then reprogram the infrastructure of every other customer to be from that. And so everybody is benefiting from everybody else in this architecture, which means that this really matters. The more capacity and scale we can bring to bear with wildfire, the better the capability is over time. And so To support that, over the last 12 months, we've been running a project and I'll preface this by saying this is probably not the sexiest, most interesting on the surface I'm going to tell you about, but it's actually really important. We've rebuilt the entire back end infrastructure of Wildfire in order to be able to continue to scale to any capacity that we can foresee in the future and to do so in a very global way because our customer base very global as well.
And so that project completed a few months ago, and it was very important to set us up for continued success. In addition to that, We've expanded the operating systems we support. So we started with Windows, of course, the biggest attack vector. We extended that to Android support a couple of years ago because we started to see a lot more attacks against mobile devices. And this week, we'll be announcing support for Mac OS X.
And as a Mac user, I'll tell you, I like to believe that Macs are impervious to all threats, but it's not quite true. And in fact, During the beta of OS X support and wildfire, we actually detected And we're able to successfully prevent a new ransomware campaign that was targeting Macs. It was the first time we've seen a fully productized ransomware campaign for macOS. And we're able to detect it early enough in a cycle and then get it taken down from the App Store and get removed from the application that had infected before it had ever spread to anybody. It's just an amazing example of good technology being able to prevent attacks by detecting them early enough in the attack life cycle.
In addition to that, we've been very focused on how we continue to get make wildfire better and better And in 2011, when Wildfire first launched, we were at basically industry norms from a speed perspective. From when we detected something to when we had prevention, and that's supposed to be a 24 hour clock, in case you're wondering. It took about 24 hours. Industry standard, we thought it was great. And then we started observing what actually happened.
We noticed that most malware spread very quickly within the 1st 24 hours. We said, all right, well, we got to get faster. And in 2012, we brought it down to 60 minutes. And then in 2014, we brought it down to 15 And this week, we'll be announcing that as we've brought it down to every 5 minutes, we're able to release new prevention capabilities, both for the malware as well as the other attack vectors that are subsequent to the initial infection. So basically just squeezing that time from detection anywhere in the world to prevention of all of for all of our customers.
Now one more thing on wildfire, and I have to set this up a little bit. Everybody understands a seesaw. This is my attempt to draw a seesaw. From a security perspective, We're constantly dealing with how do we get really good coverage and ideally how we get really good accuracy for that coverage. And the problem is It kind of goes like this.
You bring the coverage up and your accuracy goes down. And when your accuracy goes down, you have false positives. Problem with false positives is that nobody wants to deploy you in prevention mode because they're afraid you're going to block something good. So you try to raise your accuracy up and your coverage goes down. So now you can prevent, but you don't get to prevent very much.
And you this is what happens over and over again. Now Nir and I were talking about this, I don't know, 2 or 3 years ago, and we said, well, this is stupid. We need to find a better way to do this. So we said, let's go break the seesaw. Let's go make it so that we have really great coverage and really great accuracy at the same time.
So how would we do that? We can't keep doing the same thing that everybody else keeps doing because it's not working. How do we do this? And so what we figured out is the way to accomplish this is with multiple techniques, ideally non overlapping, where for each one, we're going to try to be really good at it, But we're going to focus on making sure the accuracy is really high. We're going to drive the detection rates as high as we can, but knowing that for any one technology, we're not going to get it to where we want it to be.
Then we're going to combine that with others. And when it's non overlapping, each one benefits from the other and can accomplish things the other one is not specifically suited for. And so With wildfire, we start off with dynamic analysis and we try to get really good at this. And we think we did and we continue to work on this. But over the last 12 months, we've been extending that with static analysis and machine learning from the big data we get out of autofocus.
And we've been building up these different capabilities in order to make everything better. And The net result of all of that is we've been able to break that traditional trade off. Based on our analysis of what we're now processing the last couple of months, we're able to achieve coverage that is approaching that ultimate goal of know about everything bad, while accuracy is approaching that same level. So really driving false positives out of the tool while driving coverage up at the same time. Ultimately, the result of all of this and why it really matters is with these levels of accuracy, it gives our customers confidence to on the automated prevention.
And when they do that, they're turning on really great coverage and prevention capabilities. Now wildfire, as all of you know, is essentially sort of it's in the middle of a lot of different things we do. It's making the firewall smarter, Traps smarter on the endpoint, Aperture smarter for SaaS security. It's the basis of all the data that's being fed into auto focus from a threat intelligence and analytics perspective. It's also the place where we're extending out to a number of very important partnerships.
We've taken it recently. We've extended it out to Proofpoint. So we can extend our security into their e mail platform. We've extended out Titanium and Splunk. So we can extend it out to, as Nir was saying, the instant response tools and analytics tools and others, tools like that.
And we're just going to keep doing this because we think that while Wildfire makes everything we do better, we think for our customers' benefit, we can make other tools better as well. Okay. Last piece, advanced endpoint protection. I mentioned before that there are certain things that the endpoint is uniquely to be able to do. And for this reason, this is very important to the overall platform and efficacy of the platform.
Now the endpoint landscape, for those of you who've sort of paid attention to it, is actually kind of convoluted. There's lots of stuff. And a typical enterprise endpoint has lots of different agents running on it. Some of these are very security focused, some are management focused, some are DLP focused, etcetera. And with all of these agents, system load typically kind of grinds the endpoint down to run a lot slower, users get angry.
And in the process of all of this, You don't even get very good efficacy. It might be okay if you actually had a really good outcome, but you don't. It's not very effective from a security perspective. And so as we've approached this, the way we think about it is Traps, 1st and foremost, needs to be very good at security. It needs to be very good at being able to prevent targeted advanced attacks.
Like that's ultimately the primary value we want to provide. And we think we're doing a very good job of that both from exploit prevention perspective as well as malware prevention. In addition to that though, because of that problem I just mentioned, we're more and more focused on how we at the same time can replace the legacy junk is sitting on the endpoint. Can we replace the legacy antivirus? Can we replace the legacy host IPS?
Because that would be a good thing to be able to reduce the footprint while providing the real thing, which is number 1, and over time, expanding operating system and refining the product so that we can then be pervasively across all endpoints. That is our focus. That is what we're trying to do. And so when you go back to that same picture, the blue is what we're ultimately trying to replace and replace with a single Traps agent. So at the same time, they're providing very unique and incremental value.
We will reduce the overall load and footprint on the machine, providing better security, better total cost of ownership and better user experience, okay? So with that being said, we are seeing very good traction amongst our customers with Traps. We're very pleased with the adoption rates. This is still a relatively new product. But at this point, we have well over 300 enterprise customers using Traps, many of which are using it across tens of thousands of endpoints in their infrastructure.
And so it's very good to see. So We're here at Ignite. I feel compelled to tell you we're announcing a lot of new product capabilities here, a big new release with Panos and Panorama 7.0, Over 50 new features. We have many wildfire and auto focus enhancements coming, some of which I described to you today, but others of which will be announced this week. Cloud expansion into Azure, which we're very excited about in terms of extending the cloud infrastructure we can secure, extending Aperture to include Office 365, so just expanding number of applications we can secure there.
And there's actually a lot of GlobalProtect enhancements as well. Nearly 15 different features are enhancing GlobalProtect as it becomes a bigger and bigger piece of the overall platform and how we accomplish security.
So with that, I'd like to
say thank you and bring Mark Anderson up.
Hey, good afternoon folks. So, I'm going to talk about things I'm very familiar with execution And scale, certainly going to talk about how we're winning with platforms, maybe not quite as passionately as Nir talks about them, Definitely more passionately than Stephanie will talk about it. But we really are affecting some major business outcomes with our customers with this concept of prevention that our platforms can deliver. What we're doing in response to this is we're continuing to build out what I think is a world class execution machine and continuing to deliver these outcomes that are making our customers happier than they've ever been and prone to buy more from us. What I said last year on the stage here was I talked about how our relevance had continued to get better and holy mackerel in the last year it really has snowballed.
We've seen a 2 50% increase in the members of the cyber threat alliance, something that's very good for the industry. It's a Nonprofit consortium, we've seen over 100 campaigns solved by Unit 42. Lee just mentioned one of them, but Almost every week they're coming up with actionable threat intelligence and research that they're doing in their Basement offices and their dungeons and caves. And, but boy, we have really got a lot more relevant in social media. You're going to talk you're going to hear Renee talk about Our cyber notoriety has really gone through the roof.
And what that's doing is it's causing us to invest real dollars with our partners driving 70% more marketing events. We'll do 7,000 events around the world this year. At each of these events, we're looking at existing partners, targets, Getting them together, looking to build significant pipeline and it's definitely working. And back home in our HQ in Santa Clara, we've actually had to expand the size of our EBC, We've doubled the number of customers that are coming to OREBC and we're getting senior executives, CEOs, CIOs, CISOs, CFOs are coming to visit us to listen to what we have to say about our platforms and that preventative architecture that we can deliver. And finally, at the end of the day, what I really care about is the pipeline that Renee's magical marketing team is helping us deliver.
Our field teams, our partners are creating real actionable significant pipeline 80% more this year than ever. So I would like to sort of Take the gauntlet and say that we definitely have become the 1 and only thought leader out there in security and it feels like that every day. I hear that from customers every day. Certainly, it's playing out with customers where we've added almost 2,000 customers a quarter for the last 6 quarters, over 1,000 customers a quarter since we became public almost 4 years ago, so really seeing major traction there. And so in response, as I said, we're building out this incredible team.
When I joined years ago, we had 226 people on the worldwide sales team back in 2012. Today, we've got well over 1800 people. And just to put it into context, from a salesperson's perspective, when we build out the team to that selfish salesperson that I used to be, means my territory is getting smaller. But for Palo Alto Networks, it means we're building tools, we're dedicating resources to that quota carrying ahead so that they can be more productive. So when we split a territory within 3 or 4 quarters, that territory is doing twice as much as it was before.
And we're doing that all around the world. As an example, in the state of California in 2012, we had 4 sales teams doing a little more than $1,000,000 a quarter. Today, we've got 32 sales teams. It's actually 4 different districts, each with a district sales manager. And I can't tell you how much we're doing because Stefan would shoot me, But it's many, many times more than $1,000,000 a quarter.
It's a significant part of our business. In Germany, Same thing, we had 4 sales teams back in 2012. Today, we've got 18 sales teams calling on enterprise customers, calling on service providers, Calling on government, producing on average, like I said before, close to $1,000,000 a quarter around the world, well over $1,000,000 quarter in the Americas right here. And then finally in Australia, when I joined, we had 4 sales teams there, 3 in Australia, 1 in New Zealand, Doing way less than $1,000,000 a quarter today, we've got 21 sales teams out there and it's a great business for us, really happy customers, much more safe customers. And you can see from the total addressable market numbers we have up here on the slide, we still have so much more to go.
Even with 1800 people, we still have a long way to go, less than 10% market share in the Americas, less than 5% market share in EMEA and Asia Pac. So we are thoughtfully continuing to invest in building out this coverage, working closely with partners to go after customers, not only grow our existing customer base, as you heard Mark talk about, but continue to add new customers that will become the gifts to keep on giving.
I'm not going to
go into detail here because I did last year, but our go to market machine really hasn't changed. We continue to have a philosophy of dedicating An SC to an account manager, it is a technical sale. They work together. They don't necessarily always do 4 legged sales calls, but they work with our partners and our customers and are driving those outcomes. And we're continuing to build a machine behind that quota carrying team to make them more productive.
So more investments in inside sales. Got an amazing science driven team around the world now that helps support our outside sales team members. Continuing to invest. Now we have close to 100 people in the worldwide channels organization that are treating our partners as customers and you'll hear me talk a lot more about that in a few slides. I'm really proud of the machine we have.
I think it's very scalable. Again, I'm not going to go into detail here, but we have added a couple of new segments here to our Go to market plan, we're still focusing very aggressively on major accounts and global accounts, Got sales teams that have a heavy direct touch there. We work with large global systems integrators like you're going to hear from PWC later at the panel that I'll be moderating, working with large service providers. You're going to hear from Telstra Talk about managed services that we're driving with them. So these major customers are flocking to Palo Alto Networks and we're doing a very good job with helping make them more secure.
We continue to focus on named accounts, typically in a territory that has about 80 accounts in it with an outside sales team supported again by these back office resources. And then we created a new tier called commercial. And this is primarily an inside sales led channel That goes after our medium sized customers, many of whom definitely or all of whom definitely need world class security. We really haven't paid much attention to them in the last 4 years. So we're really going after this tier now.
It's definitely a channel led tier. So our inside sales teams are working with outside sales teams from our partners and taking business there that's purely incremental for us. I'll talk about service provider in a bit, but we're actually Creating a brand new tier going after service providers, it's an important market for us today, less than 7% of our business depending on the quarter. But I think it has a very, very bright future. You guys have seen this slide since our IPO roadshow talking about How that intense focus coverage is delivering great productivity for Palo Alto Networks, delivering new outcomes for customers.
You can see in the last year, the ticket to get into the top 25 customers has gone from $7,400,000 to $11,400,000 So massive increase Just in one year, just to get into the top 25, the multiple of the initial purchase to their lifetime value has gone from 32.2x the initial purchase to almost 41x the initial purchase. So quick trivia question for you here. Does anybody remember what the ticket to get into our top 25 customers was in our IPO road show? Got a car? No.
$2,000,000 to get into be The 25th largest customer we had back in 2012, so we've really come a long way and I'm sorry nobody gets the car. We'll have to save that for next year. So talking about the service providers, these are the markets that we're going to go after. These are the businesses, the customers that we're going to target to go after this massive spending service provider market. Certainly going after fixed telco, these are businesses that spend a lot of money delivering wireline services to us today.
Mobile operators for sure are looking for Differentiated services to deliver to their customers more and more focused on user experience, more and more requiring application security, user security. Same thing with cable operators. That's where I get my Internet service from at the house that I'm never at. And then web scale and cloud, we had the folks from Amazon Web Services in yesterday for my weekend direct report team. It's amazing what they're doing.
You heard Lee talk about our focus there. We definitely need to learn how to sell to these giant webscale companies and we are going to do that. We're going to get design wins with the team that we've hired to go after them. The same thing with SaaS and hosting, salesforce.com, LinkedIn, these are very different customers. They're not enterprise mindset.
They're more of a production networking kind of a mindset. We're hiring people. I hired Scott Stevens to run this business at the beginning of the fiscal year. Definitely a person that has really good legacy and service provider space. And our mission is to make all of these logos here customers in the near future.
Because in the past, we've called on service providers mostly As an enterprise customer, their IT organizations are quite familiar with our solutions. Many of them have become among our biggest customers. But the big spending dollars that we can go after, we've just ignored. The production networks for mobile operators selling GI Firewalls, selling infrastructure that goes into their core networks to deliver the services that I spoke about. If you talk to Lee and you look at the next major releases of our products, you're going to see services and features here that are very applicable to what they need and what they want.
And we're working very closely with them to make sure we're aligned with that. Same thing with managed service providers. The more I travel outside of the U. S. Even within the U.
S, the more I hear from customers that they want big providers to take some of these services over for them, right? It's a different mindset for us sell into. So we're building out a team that's going to focus on using Palo Alto Networks infrastructure to turn on services for these big MSSPs out there. This again will not only be a very important channel for us in the future, but will be a very big market for us. I want to talk about our comp plan.
I think we've got a great comp plan. It's definitely a world class design. I played a small role in it. We've got a great team in our comp, Our sales operations team has gone after this, but it's really based on a simple philosophy of paying for performance. When You're building the platforms that we are that are changing the dynamics and being the thought leader in security.
It's definitely fun to win with a better platform. We give really aggressive quotas to teams. I think it's enterprise, world class quality quotas. But we tend to focus their greatest payouts are on product plus initial. So P+i, the bigger rates that they make are rates that are going products that are going to affect our in quarter revenue.
We don't pay most reps for renewals. We have an amazing inside sales led renewals motion. We do pay for multi year, but it's a much smaller rate. So I think it's a very well aligned comp plan. It's really driving the right behavior.
It's certainly a big part, I think, of our Success in driving these never before seen rates of growth in security, I'm really proud of the team. I think it's a world class implementation. Because our productivity has just never been higher annualized, you take a look at how even with the changes that we've made by dividing and conquering the territories that we're splitting going from 200 and something to 1800 people around the world in just 4 years, we're still driving increased productivity. So that tells me We still have so much more to go, less than 10% market share in this massive total addressable market. We're going to continue to thoughtfully Invest in areas, countries, cities, right here in the U.
S. Of A, where we can continue to drive Productivity up into the right. We're very thoughtful about it. We leverage data science like my brother from another mother, Renee, does in marketing And we're very, very focused on continuing to do this. And this is only with 55% of our team members that are fully ramped.
So again, we're hiring good quality people. We've never seen better inbound candidates and we're focused on driving that productivity on a continual basis. I'll talk about enablement for a little while. We just hired a woman to run worldwide enablement for us. And I know this is a busy slide, but if you think about The people that need training or enablement, think about customers.
They need to learn how to take to be able to configure and manage and consume our technology. I think about partners, the account managers, the SEs that need to learn how to sell and position Palo Alto Networks infrastructure. I think about our TAC engineers, the world class team that Brett manages of hundreds of people around the world that provide support, but also we get support delivered by our partner tech engineers. So we need to build programs and solutions to train all of them. We've done a great job on this, Building a framework to be able to deliver the right kind of training either free or delivered through partners in a way that I don't think anybody in our industry has ever done.
The outcomes for the people are accreditations and certifications that they can use to get Raises in their jobs, they can use to make more money working in a community that craves trained and enabled security professionals. And for us, the outcomes are very simple. We get our technology gets consumed faster. We get a much broader reach with thousands of people that are enabled every year Freaking the Kool Aid of Palo Alto Networks. And at the end of the day, our customers get better security and that's ultimately what's most important to us.
So we're going to continue to invest more and more in this. If you're a partner account manager or a sales rep, you likely had 548 of them attend our sales kickoff last year. We opened up all of our internal sales training to our partner account managers and engineers. They sit In the audiences every month I talk to roughly 100 people at our new hire, including many partners that are digesting the same curriculum as our very own salespeople and SCs get. So very open like we are with you in this community.
We're very open in terms of training our partners to make sure that They can go out there and become extensions of our very own sales force. And for the result with the customers, like Mark said, For our customers, with customer satisfaction standpoint, the it's just never been better. I mean, close to 9 out of 10, The customer satisfaction range is absolutely world class. I've never worked at a company that's been as focused on delighting our customers. And then if you look at our Net Promoter Score for our global support, in a range of negative 100 to positive 100 Where 50 is considered world class for an NPS score, we've got 75.3, which is a 7.3% increase over last year.
So it's a big focus. We're investing, I think, smart dollars in getting better at this and the outcomes for us are happy customers buy more. I want to talk about our commitment to the partner community and really the evolution of the journey that we've been on. If you look back at 2,009, our Our revenues were $13,000,000 or so. And you fast forward to today, you saw that at the end of Q2, we printed the billings line close to $500,000,000 a quarter, so a $2,000,000,000 run rate.
That's a tremendous transformation. We could never have done this without our partnerships. But on the distribution side, we started with many country based distributors that were difficult to manage. And the current state is we've got fewer, much, much fewer large global distributors, companies like exclusive networks in Europe, companies like Arrow and Westcon They've become great, very efficient distributors for us. On the reseller side, the only people that would pick up the phone 7 years ago to listen to someone from Palo Alto Networks for the mom and pop security focused resellers that were very regional.
And Of course, the great scale wasn't didn't exist with them. But in the last year, we had over 500 of our partners grew their business by more than 100%. Clearly, even those mom and pops are getting bigger, but the current state today is a really nice range of regional, national And global resellers, Global Systems Integrators, you're going to hear from James Shireh, the global CISO for PwC later on today. You're going to hear from Mike Conley at Forsyth, an incredible business that we've grown dramatically with. So we're really focused on these target partners and making them better and stronger, training them on how to sell our solutions and helping their businesses grow while we help our customers and ourselves get to a better place.
On the deployment side, you've heard from Lee's presentation and from Nir's vision, We're not just selling products that sit in our customers' environments anymore. So we need to be mindful as we build out partnerships that these We might be selling license keys. We might be selling software that resides in somebody else's servers and we're very, very focused on that. Then finally, I think we've become so much more relevant to this partner community. We had 1 CAM in Europe, 1 CAM in the U.
S. In 2,009. Today, as I said, we've got close to 100 people around the world under Ron Myers, really focused on delivering training to These partners just like their customers, so we have channel business managers, we have inside channel business managers for the emerging size partners And we've got dedicated systems integrator managers that manage our practice around the world. So continuing to focus on this because it's a big Game changer for us and very excited about the job that we're doing. I just put up these logos here.
We have arrangements with all of them. You're going to hear from Juhi at IBM on our panel, but still very focused on executing with everybody on this list, service providers, large global systems integrators. In the last year, our relevance to this community has, like I said, snowballed dramatically. And we're responding by dedicated resources, by building out service creation teams to help them build managed services and we think our business here is still has a very, very long way to go. So I want to talk about some of the pain points that we're solving with customers.
I've got 5 very quick examples here. Had to sanitize them. Our Chief Counsel made me do that. But just this last week, I was in this unnamed city visiting this healthcare company based in the States. If you think about the healthcare and the healthcare insurance market, it's just been a systematic target for the bad guys out there.
These guys bonded to that vertical being dramatically breached by implementing a 0 Trust architecture. We did an 8 figure deal with really selling everything that we provide to these customers, all of our subscriptions, our biggest chassis devices, our biggest Appliance devices as well as some VM versions as they're deploying right now. This is a tremendous opportunity where I think we've only got 20% of the opportunity there penetrated. So We've got a long, long way to go at this account. Over in Europe, a huge energy services provider, same thing.
They were breached This company itself was breached in 2004, because they had a multilayer, very complex point product approach to security that they called defense in-depth. I think they were in deep shit to be honest with you, but they got breached and we were in we didn't we don't follow these customers around with our hands out for POs, but we're there with our engineers offering assistance. And in this case, we were able to completely retrofit their Corporate network security, again, selling the biggest chassis that we have, selling all of the subscriptions that we make available And we continue to have 8 figures of opportunity even after spending having them spent a lot of money on Palo Alto Networks. Large city government, one of the largest cities in the world, a very politically charged environment, disconnected legacy point products, Different groups politically fighting within to get control of the security landscape. They needed to deliver a next gen emergency services call center.
They brought in Palo Alto Networks. So not only did we deliver the gear that and design that provided the winning solution, but they ended up hiring 4 of our resident engineers. And we're seeing this more and more as a best practice for our bigger customers where they want a Palo Alto Networks badged employee to be on-site For our valued partners, resident full time engineer on-site to be able to be there to transfer skills and help them do the migration faster than they would otherwise do. Like usual, we competed against The cartel of legacy providers Cisco, McAfee, longtime vendors in this city, that had a very strong political hold and we kicked their butts. I think there's still a lot more opportunity here like we feel there is in many of our customers and we're we've got a focused and dedicated team to go after it.
Another healthcare provider, this is actually a hospital chain that we they were onset with crypto wall in 20132014. We were brought in on the network side a year and a half ago to help remediate that situation and build out a new that could protect against it in the future. We were brought back in to sell them 35,000 endpoints with traps. We competed against McAfee. It was a McAfee renewal.
They actually used the money from the McAfee renewal for AV to pay for the trap solution and then they went to Microsoft with Microsoft Essentials and were able to use their free antivirus solution because they had an ELA with Microsoft. So we're seeing more and more customers look at doing this. Again, we've got plenty of expansion opportunity here because certainly no hospitals are a target for the criminals. And finally, at Global Services, a Tier 1 bank, This is a really like a next generation opportunity. We worked with VMware and actually EMC was the integrator, The huge data center of virtualization and perimeter refresh, so they were taking legacy data center architecture and completely refitting it with an NSX build out in this amazing bank.
We sold them really big physical devices, we sold them tens of thousands of virtual for thousands of nodes of our VM series. And it was a real very highly publicized rip and replace from a long time reputation reputational account with, excuse me, Checkpoint. So this is one of their big data centers that they've done. We've got continued opportunity here. This is again one of the world's largest banks.
So I could tell you many, many more, but I think you're going to hear the same pain points being resolved. You're going to hear the same theme that platforms are winning, platforms sell, customers are looking for more of a preventative minded architecture. Palo Alto Networks is really the only one that they can turn to for that. I'd like to say that the sales team that I manage, the global customer team that I manage, I think we all have the same philosophy that even though the change is pretty constant here at Palo Alto Networks, we all feel certainly I do feel that this is the opportunity of my lifetime. We get to do things that are very different than we do at other technology companies.
It's fun to win with sheet metal and software, but when you get to win With security solutions that change the outcomes at customers, if you're selling to the government, I've had government officials tell me that we're Helping save lives. If you're selling to the large enterprises that have been breached that you're helping turn those companies and turn their around. So even the most selfish of salespeople out there have that kind of running through them every day realizing that what we do really makes difference and I think that drives us all to work a little harder and work a little more efficiently and continue to make the world a better place. And I certainly know it helps me feel great when I wake up in the morning. So with that, I'd like to thank you again for your time.
I'm going to push you out for Kelsey how long of a break? A 10 minute break, that's not 9 minutes. 10 minutes is how long you get. I'll see you back at 10 minutes to 4 for the partner panel.
Hello. We're going to get started again. This is our partner panel. We're going to talk up here amongst ourselves for about 20 minutes and then open it up towards the back half for questions from you all. So with that, I will turn it over to Mark.
All right. Thanks, Kelsey. Did we have chocolate bars out there? I didn't even get to go because I was assaulted as I was leaving. All right.
So, thank you folks. Thank you guys for coming back from the break in Good solid 10 minutes. I'd like to welcome you for the partner panel portion of our talk. So I'd like to really just sort of go down the line and maybe get our partners to introduce themselves and their companies. So Juhi, why don't you start?
So hi, everyone. Nice to meet all of you. My name is Juhi McClellan. I work for IBM. I've been there for about 16 years, so feel old now and entrenched.
And because IBM is so big, and most of you know it, I would to say that I come from IBM's Global Technology Services and we're the group that does system integration and services integration.
Great. Well, thanks for being here. James Shire, everybody. James is really the only security practitioner on our Panel today, James, was a CISO customer of ours a couple of years ago, but you've migrated to PwC.
So tell us about that. Yes.
I've been with PwC for about 11 months. I'm a global partner and a global CISO here. I've been in security for about 15 years.
15 years. You don't look a day over 25. All right. Craig Joyce. Craig?
Hey guys, I'm with Telstra. I've been with Telstra for just over 2 years now. For those of you who don't know who Telstra is, it's the largest telco in Australia. Revenues around sort of $26,000,000,000 I think thereabouts. We have presence in about 22 different countries and pretty big footprint within the Asian region.
Great. Well, thanks for joining us, Craig. And Mike Conley from Foresight.
Hi. My name is Mike Conley. I'm the Executive Vice President of Foresight Hosting Solutions. Been there about 23 years. Foresight started off as a leasing company, but we are a large hosting service, reseller and managed security service and consulting firm today, mostly based in the United States, with services also in Canada.
Great. So I guess my first question The panel, James, if you don't mind, I'll start with you. So, the White Palo Alto Networks is a partner. You may have heard this morning, we announced a Pervasive partnership with PwC, that's starting in the U. S.
And I believe will roll out globally with success and time. But James, tell us why Palo Alto Networks and again, why at this point in time?
Sure. So I think it has a lot to do with how customers integrate security. And I think it was well covered earlier, but to recap, customers look at security from the endpoint point of view, they look at it from the firewall point of view, And increasingly, there's other elements like threat intelligence, etcetera. And we like to partner with organizations that provide customers with a platform.
Yes, that definitely makes a big difference. And maybe I'll move on to you, Craig. So We heard that, service provider is becoming a bigger part of what we do. Telstra is an amazing company, having been down under many times and that with many of your colleagues. Tell us about this relationship with Palo Alto Networks and the timing of it.
Well, I
think it's been a long standing relationship. We've been a partner since 2012. We're the 1st Diamond in the APAC region. So we're obviously seriously committed. I think the appeal for us though is really around getting into Our customers where
they might have had
a whole bunch of technology they've deployed and might have been designed that way for the last sort of 10 years, looking at how we can actually provide some sensible new ways of actually rationalizing consolidating that infrastructure, so then giving a huge uplift in terms of the security capability to actually support the demands of their businesses.
Yes, for sure. So Mike, Foresight is normally associated with data centers and hosting. So and it's relatively young relationship that you have with us. Talk about why I'm
Yes. Foresight is a $1,300,000,000 integrators I mentioned. Security is $300,000,000 of what we do. We have been For all our existence focused on best of breed, in the managed security services and in the cloud hosting business, it is wickedly important because the nature of our customers, the Fortune 102 100 that we eat what we kill. What that means is we are integrating best of breed inside of our own facility.
Our customers buy a result. They come to us and say, Mike, we want you to secure the platform. So to us, you can only secure what you can measure. I know earlier comment was made that you can secure everything that you see. I would tell you that we have to secure what we see and what we can measure because the skill set out there is waning.
Customers come to us and say, look, you take care of the problem. We own the resolve, but we need you to secure it. And we are very, very passionate that if we can't measure it, we can't improve it. If we can't be very, very firm with our customers that a single platform is the easiest way to stay secure, then that's very bad for them and us. So all of our data centers, all of our hosting services are built on the back of Palo Alto, not just the 100 of 1,000,000 of dollars that we resell in products, we're also a very big customer.
Yes. And we really work very well with the 4 sites people. I'll add, I know We definitely go in and leverage your relationships as well as our relationships and there's a very good symbiotic relationship going between field sales teams on Mike's team and on my team.
Yes, it's really important. It's really important because as all these customers go through this big evolution, many of them, we talk all about security in the cloud and the edge, Everyone forgets that our legacy applications still maintain the majority of our clients' IT budgets. They have to go to microservices and move all of that. They are looking for solid partnerships. We are the same way and very few things operate inside every line of a contract.
Palo Alto has been fantastic to work with Because they understand that when you build that relationship, you are buying yourself comfort. But when things go wrong and they always go wrong in large transactions, That customer is going to give you that room to keep going and innovating and it's wickedly important.
So Juhi, I mentioned James was the sole practitioner. You're probably The least security mindset in person here, but IBM is a massive company. And why have you chosen to engage with Palo Alto Networks now?
Yes. So we have been working with Palo Alto opportunistically. So we had a bunch of clients who had talked about it and we love it when they're full in the market. So that was kind of how we got started about 12 to 18 months ago. But I would say a couple of things.
One is, I think the philosophy of Palo Alto being trust oriented aligns very well with what people expect from IBM, right? When we are redesigning their data center or their infrastructure, trust is a given and we need to make sure that we deliver on that. Secondly, much of our business, we have many, many people, but they're all cloud and analytics and cognitive experts. So having a platform from you that we can plug into our infrastructure for our clients or clients' infrastructure was very, very critical for us. And then I also do value this, so it's kind of an implied benefit.
You guys are really serious about education and a go to market model that enables your partners to be successful. And so to us at IBM that was very attractive to have a partner that cares about education, educating your clients and your partners alike. So it's very symbiotic and very good so far. Yes, Sure.
And some of the big markets where IBM is very relevant in, not coincidentally, K-twelve is a massive market for IBM. I know we've had some great Joint success around the world going after that.
I would say that also like looking at your presentation and you had all these dots The world, like most of our clients are global. They start in one country. So I'm very excited that you have so many clients that might be penetrated in country or a department were working with us, we could potentially grow this in their entire business or another part of the world. So I think that's also synergy between our two groups.
Yes, for sure. Thanks, Juhi. So James, let me take it back to you. I mean, PwC is a trusted advisor at the Board level for some of the world's largest companies and governments. The concept of prevention versus just detection and manual remediation, we talked a lot about that this morning.
Give us your perspective really from the partners that are dealing with those large governments and customers and how you think that's going to play out with those big customers?
Well, I think in general, it's important to understand the shift that was alluded to earlier in the comments from Mark others. There is a shift. I think in general there's 2 camps. There's either organizations that pursue a prevention strategy or there's organizations that continue to kind of ride on the older paradigm of reacting and dealing with things when they happen. And you can't put everybody into necessarily one bucket, but in general, I think what we see is that the more institutions rely on trust and branding, the more they have to be pulled towards prevention.
The other piece is that they need solutions that natively allow them to work towards that premise. The average CISO, I think, has somewhere north of 50 different security products in his or her environment, especially if they're talking Fortune 500. And so orchestrating all of that is a significant challenge going on a prevention path.
Yes, sure. Maybe Craig, I'll ask you about the kinds of managed services that we've seen. Service providers deliver to their customers in the past have been mostly network based. Maybe you can tell us a little bit about what Security means to Telstra and then what specifically you're delivering to the customers in ANZ as well as across Asia Pac?
Sure. So security really is a pivotal part of our portfolio. We're trying to build security into every product we release, not just the stuff security specific into mobility, into cloud, all those sorts of platforms, it will be a security segment that sticks through it. In terms of some of the things we're trying to do though to actually shift the needle a little bit is we've made a significant investment in a platform we called Symphony, which is our SDN network. And would potentially see some announcements in the last week or so about that actually going live for the first time with some customers.
And that gives us the ability to spin up our virtual CPE pretty within our network and in our customers' premises and potentially also do service chain stitching to actually bring them all together as well. Now, Palo Alto during the ideation process was the first vendor we actually thought this is great use case here for this. And it really allows our customers now to go to a single portal that can quickly log in with their credentials and in a few clicks they can actually power auto firewall on their MPLS network and actually have it stitched into the network fabric in real time.
And I
think that's a really sort of powerful thing that gives their customers a lot of visibility into what's going on in their infrastructure, but takes away the complexity of having to worry about where they host their staff and dealing with the team.
Yes. Especially in Asia Pac, I find that security practitioners that exist in market are few and far between. So I think a lot of big companies are going to look more and more to providers like yours.
Definitely, I think the other thing that PowerEdge has been really good with is helping us establish a security academy within Australia. So it is the 30 or 40 graduates we're through in the 1st cycle. And it's really around trying to fill the bottom of the funnel and not the top and actually making sure we can actually grow out the capabilities domestically, but then potentially into Asia as well. And your organization has been great as a key sponsor of that.
Yes, for sure. So Mike, one of the things that Foresight is famous for us having a meat eating sales organization that is monocular looking for more and more growth. So Talk about us in that context, if you will.
Although he's joking, it's true. We started off really as a reseller. We're moving best of breed products, not just Palo Alto. But what we stress to our customers is that in the security world, stop buying all these endpoint products. It does not make you more secure.
You can have the greatest endpoint products and but there's 700 new ones coming out of the valley every year. Everybody's got a Different cure on how to solve this security problem. But at the end of the day, back to the passion, the statement that if you can't measure it, you can't secure it. And that is core for these customers. So we stress on them, beat up your partners, beat up hard on your key partners that understand it's a platform.
When you have a platform, you can now secure it because A, you get to see more and measure more. B, you get to hone your internal skill set. And C, you get to work with core providers like you folks and us, PwC and IBM that have a commonality of what happens when breaches occur. And Palo Alto gives you that platform for us in translating that into real numbers. Year over year, we have grown more than 300% with Palo Alto of my $300,000,000 in security of my one $2,000,000,000 So it's not like I grew from $0 to $3 These are substantial numbers.
But again, it's around the passion of stop going out and buying all this endpoint. Those that have the manageable, measurable platforms are going to win this game and they're going to make you more secure. Go push on them and they'll learn anything.
Amen. Amen. I'm
in. Made us good money.
So, Juhi, I've heard Ginny Ramnani talk about being Security really being one of 4 focus areas for IBM. How do you see building a partnership with Palo Alto Networks sort of helping become part of your ecosystem play out tactically as we roll out this out around the world?
Yes. So, so first of all, we have an IBM Security division that carries the security mission, right? So that's one linkage point between us. I also think that the group that I come from Global Technology services were 40% of IBM's revenue and there clearly our alignment around the data center transformation as well as endpoint Management with you guys is a very strong linkage. Now we have to deliver and grow, but it's a very good technical linkage.
We also have a very, very large number of outsourced clients that outsource their complete IT to us. And they many times they I think the point that Mike was making, they don't care what's protecting their infrastructure as long as it's protected. So I think that's another area. And then the last area I'll mention is IBM has a very strong Internet of Things strategy. And looking at some of the new things that you all are bringing to market, again, we have a framework, it's software and services oriented.
If we can match it with some of your product and assets and have a solid subscription and support kind of a model, I think those could be some really, really Good ways for us to find some early wins and scale.
Yes, totally agree. Terrific. Thank you. So I think one thing that I mentioned earlier in my talk, We've built, I think, this execution machine out there in our field sales organization now, 1800 subject matter experts strong, really covering All through Australia, all through Foresight's business, most corners of the world that PwC and IBM sell into. I think We actually bring a lot to the partnership as subject matter experts in the field because we do sell everything we sell through partners.
These are the prototypes of our partnerships for the future and I really appreciate you all taking the time to do this. I'm going to unleash you to the hounds here and ask If there's any questions from the audience that, that, of course, Sterling is the first question. So question from Sterling at JPM.
Curious for those on the hosting side, when you're looking at the virtual implementations, one of the things that we're trying to wrap our heads around is When you have to protect using virtual firewalls versus physical appliances, what's kind of the ratio? In other words, How many virtual instances do you need to replace a physical firewall appliance? If there's any way that you've looked at it in your business, that would be great.
So I think it's an interesting one. So the legacy way of actually doing things with these great big firewalls and sticking in front of everything in your data center environment makes sense when you own the data center. When you start actually looking at cloud providers and actually trying to put virtual instances in there, your architecture is probably going to shift a little bit. It might actually be smaller, containable security domains. We try and restrict the bias radius if something goes wrong.
And when you're actually doing and segmenting things down and actually having smaller virtual appliances, It doesn't really actually cause you much in the way of paying around that. In terms of price performance, really if it's designed appropriately, you shouldn't actually see any impact to it.
Hi, Michael Turits from AIMG. So it's for Craig again at Telstra. So historically, we've thought of Palo Alto is being a bit more enterprise focused and some other vendors, especially the ones that have done network, more focused on the service provider market and telecom market. The ways in which Palo Alto has changed in terms of their products that they've rolled out the 7,000 series, has it become more appropriate? Or is it the network is changing and getting more software
I think it's a little bit of both. In terms of the big boxes at the service provider level, which we can then segment up and use for customers, they make great sense in our hosting environments.
But from
the start the Palo Alto devices had great API integration. They've been built to do software defined networking. And we're trying to leverage that as much as we possibly can at the moment. And it gives them a real head start against a lot of the competition where they're trying to bolt this functionality in after the fact.
Excellent. Thank you guys for joining us. Very useful. Maybe a question for Ms. McClelland about Working with someone like Palo Alto Networks when IBM does have a pretty broad portfolio of security solutions as well, how does that work out?
Does it limit the ability of you to really push the network's platform story, if IBM is kind of pushing a platform intelligence story of their own or could the 2 really coexist?
Good question and I'll give you an honest answer. I think there are many of our A very big chunk of our business, like I mentioned earlier, is outsourced to IBM, right? And that scenario, IBM gets to make the decision on what's the right solution for our customers. And I think having given that much of our practitioners are focused around data in systems and storage and networking, Palo Alto has been very attractive to all our project executives because It's a plug and play kind of a module. I'll call it plug and play.
I hope I'm not saying anything offensive, but it's more integrated. So I think that's been very attractive. And then frankly, on the other side, there are we're seeing a lot more pull in the market for Palo Alto. So there are clients who want to have a say and opinion on what they want, which nowadays more and more clients Why not? So we think of this as a very strategic partnership for us and Having this, it doesn't mean we won't work with other partners, but we definitely see this as very strategic.
Did that answer your question? Thank you.
Hi, this is for James. James, in both this role that you're in now and your previous role, you've obviously dealt with a lot of different vendors And you've all talked about Palo Alto sort of pulling ahead. Who's sort of falling behind from your perspective in terms of what you've worked with over the years?
I'm going to punt a little. I would say, no, in fairness to others, I'm going to I will tell you a little bit about what I think the Palo difference is and where I think others are struggling. So I do think there's a significant to state the obvious to a smart group, pattern and opportunity for consolidation and security. So I think the smart vendors are anticipating that and really have a crisp vision around product roadmap and feature integration, rather than maybe just growth purely through acquisition. And we all know that in software companies, it's very challenging post acquisition to figure out which features live, which dive.
And there's a whole DNA aspect to that that goes down. I think the good to great security companies have a vision for that that starts before they think about the feature or even the acquisition. Actually the vision for the business. And I think that's those are the companies that I tend to like to work with.
All right. Well, I'd like to thank our panel members for joining us today. Thank you, Juhi. Thank you. James, just a follow-up.
Thanks, James.
All right. Now I'd like to welcome up my brother from another mother, Rene Bonvani, our Chief Marketing
Okay. Now I have 2. Good. Well, first of all, thank you very much for making it out to Las Vegas. I know you all love the place as much as I do.
But I get to put on the show and you have to sit through it. It's also good to see a lot of you back. We've been at this thing for quite a number of years. And I always enjoy this part of the 4 day journey that is called Ignite A Lot. I had to spend some time with you and And Ian answered some questions.
I want to do 2 things. I want to talk about what it takes To drive a machine where we acquire that many customers, where we grow our business that fast and how we apply science, data and relentless focus and alignment with our sales teams with our channel partners, with our hosting partners to get to these results. This is non trivial. This doesn't happen a lot in the industry when you grow that fast and you do it at that scale. So that's the first part.
The second part is now what does that mean from a customer's adoption perspective? We would like to share a number of these parameters that we hold very dearly and track very closely to and what does it take to improve on these metrics. You saw Mark, for example, talk about lifetime value expansion With our top 25, what do we have to do to get there? Is it just sitting back and waiting for these things to happen? Or is it a lot of hard work?
And of course, it's going to be the latter. And then I'm going to tee some things up, how to think about how our customers use our products, because I know you guys are dying to know what We are going to say about what people use, right, subscriptions and so forth. But I will tease you and then Stefan will follow me And he will tell you even more detail about what we're going to do. So that's going to be the presentation. I want to start with story.
Now some people would like you to believe that this prevention thing, this enablement thing was their story. For those of you who track this very closely, this is what it looked like 7 years ago. This was a snapshot of our website 7 years ago. I remember putting those pictures up on the website and that's what it looked like. Now two very important words identifying and controlling applications and preventing threats.
This prevention story is the DNA of the company. It is not a marketing slogan. It is not something that you can just repeat. It doesn't work that way. It has to be in your technology.
It has to be in the DNA of you do. And over time more and more of your customers will follow this. Now this is a Steady pattern. We said next generation firewall, other people say those things too. We say prevention, now other people say these things too in their marketing.
Their products haven't changed. Their technology hasn't changed, but they've adopted these words. They're saying platform Just like we have said for the last years years years, we have used that term not to say a collection of things, but to say something that is natively integrated and automated and has complete control over everything. These are very, very important principles in how we tell the story. Others would like you to believe they have this too And they call that marketing.
Well, this is not about marketing because at the end of the day the proof is in the pudding. When we put this to the test which is what every one of our customers does, it doesn't matter what my website looks like. It doesn't matter what the brochures look like. Because in the end, the customers will test the product in the lab and that then yields the success rates and when we do this And this is then yields into the growth that you see relative to our competitors. It's important though that we keep reminding the industry of what makes us different.
Now to do that, thought leadership is very important. You have to get to the table. You cannot just put a website up or Monjour reps into the market is a good luck have added. It is a lot about how do we get at the table and how do we get there with conviction. What is it that makes us different from everybody else?
Now what we cannot be is a company and this is again a choice that just benefits or profits or that's leverage from breaches, right? That is on our business. Our business is not I have to say told you that something went wrong. They should have used our technology. That is not who we are.
Who we are is very thoughtful, very deliberate about using technology and the way that the technology works as a way to help people prepare and put a prevention platform in place rather than wait for something to go wrong. To do that, we have a very big voice out there. Millions and millions and millions of people come to our blog to read about things we know. And the blog is not about, oh, Trump got hacked Again, the front hotels got hacked again today, which is by the way the news, but that's not what we would put on our website or on the blog. Our story is about how to apply technology to do certain things.
And everywhere, this is true. We help with through a partnership with the NYSE to educate directors and officers of public companies on how to think about cybersecurity. And in fact, Mark used the example of the EU formalizing laws for disclosure. Within weeks, we had an addition ready of that handbook for European companies so that we can have A conversation with those executives about what it takes to do this. That's part of the fabric that we have to put in so that the market understands what the role of security is and what the role of Palo Alto Networks is to help people get to that prevention posture that we believe everybody should have.
You're seeing it today at Ignite, right? Well over 3,000 people that show up here. You're seeing it in our user community, 7,500 people have now in the last year joined our user group community. We have 122 chapters around the world where people gather on a very regular basis to share best practices in how they use our technology to put prevention in place, to put a platform architecture in their organizations. We also have a very big voice in understanding and disclosing Things that happen in the industry, right?
We find things. We discuss things. We do very responsible disclosure with the vendors involved and we then describe to the market how these new techniques are working. And it makes a lot of difference. It makes a lot of difference when you do this because customers are really better off.
In all of these cases, we're not just publishing or going to these publications with a story. We're actually going to them with a resolution. There is already something done in our technology to help people protect themselves against what we found. That is the responsible way of doing it. It's very easy to latch on to things that are wrong, not what we do.
So in this case, There are big differences that we make. So for example, when we started to find the first New malware on iOS where non jailbroken iOS machines that was shocking news. But the good thing is when we announced that find, we also had protection in place for our customers But the moment that it was announced, the difference was that one of our largest customers here in the U. S. Saw that the part of the network that he already protected with Palo Alto Networks, but within minutes was in great shape because it was protected.
The part that wasn't had to be brought down for a number of days no longer allowing any iOS devices on that network and there were many, until they found a way to deal with it in the legacy technology. So it's not just about making lots of noise. It's also then bringing the solution to these enterprises. Now all of that is great, right? Lots and lots of stories, lots and lots of people clicking on your website, reading your blogs.
At the end that counts for nothing unless there is pipeline that it helps Mark's organization to go and close deals. Between Marc and myself, we've been at this at a relentlessly rate. But as you can see, I've been doing this for Quite about the company and we always hark back to the 2009 time frame when the company was very, very small as you know. This is the machine that we built, a very predictable machine of demand generation pipeline creation, where we build a big head of steam for the sales teams to go close in terms of business. More and more of this pipeline is done in conjunction with our resellers, with our services partners, with our hosting partners.
And this is a great leading indicator, right, of how we are going to land this quarter and the next three quarters. So this is part of the instrumentation. This has all been instrumented Even before we had customers, we laid out all of the structure underneath in such a way that we could deliver on the expectations of growth. We didn't have to find this out midway that we didn't have an infrastructure. We invested very heavily in technology in data sciences, in big data to make this happen.
And we built a very predictable machine when it comes to pipeline and the alignment to our billings and our business growth. Then you got to scale, right? Because it's one thing as Mark said, right, to do this at scale, But now the velocity in this, right? Because running $1,000,000,000 or $2,000,000,000 if you grow 5% is a very different story than running a $2,000,000,000 billings run rate when you grow north of 60%. I don't think there's many CMOs in the world or heads of sales that have ever enjoyed that.
And when I say enjoy, I really mean it. There's nothing better than to have the velocity at that scale. But it also means you have to keep everybody very busy. So Mark Anderson already said 1700 events on a quarterly basis. These are just numbers for 1 single quarter.
This is not This is 1 quarter of activity and we measure everything. This is not I hear these stories all the time. We put more money into sales or into marketing or we're kind of behind on Palo Alto Networks in marketing as if Money can buy you this. This is years years years of fine tuning a very well oiled machine that has been together for many, many years get to this scale. By the way, not just a marketing machine, but a machine that spans everything from product to product management to everything.
This is not just about marketing or just about aligning sales and marketing. This is about the company being focused on this. So when I said we measure everything, I measure every minute we spend with our prospects and know exactly what we spend it on. And therefore, I can be highly predictive in knowing what how many minutes I have to spend with them, so I can move them to becoming an opportunity. And that science is very unique in the market and we do it for everything.
And we grow these numbers as fast as we put the business in. So yes, Do I have to generate more leads? Of course. But I also have to make sure that those leads grow in value to the company, right? So the growth is not just can I get more people to show up, it's can now get people to show up that have more money in their pocket than the guys who came in last year?
And that's the beauty about scaling. Okay. So when we do all of that right, what does it mean for customers? What kind of customers are we now attracting? And what does it mean?
At the scale that we run with 30,000 plus end customers, we have 2 opportunities. 1 is to get more from them and the other one is to add more to that number. And those as you probably understand are different dynamics. For me to acquire a new customer is different And for me to acquire $1 extra from an existing customer, we're doing both. And let me be very clear both are extremely strong growth drivers for the company.
What we know is that our customers are adopting us because we are a preventative platform. We don't have to go argue U. S. Case for U. S.
Case. We have to win the business of course when we introduce new new technologies such as traps or aperture or autofocus. But when you already have a seat at the table that's a great position to start with. So yes, acquiring more customers is great because it gives us a long runway on expansion and I'll get back to that in a second. We also know that customers in certain strata are incredibly profitable and incredibly strong when it comes to security.
2 teams or 2 groups that we have called out in the past is the Global 2,000. These are the 2,000 biggest security spenders in the world where we now have 53% of those organizations last year that was 47%. And half of those people that have already adopted us as the as their firewall and many other use cases also uses for wildfire and APT. So you can imagine these are very, very demanding companies, right, Because it's not good enough to show up with a product you have to be best of breed. And What Lee and Nir said to do this, right, you have to win the POC even though they love the idea of platform And they love the idea of prevention and they all do, but you still have to win the bake off.
It's not a free ride. And so even though we've had these customers for some time, we still have to go back and win those deals. The same is true for Fortune 100. That number of course was lower last year. It was around 80%.
And here even a higher percentage of these folks use Wildfire because they even more so need the best APT part of a platform. They don't buy standalone. Standalone is very 2000s. That's not what people are buying. People want to buy this ASK platform.
And something I'm very proud of here because we measure everything is the NPS in this group. But these are the toughest buyers, the toughest organizations in the world when it comes to vendor management. If others were as honest as we are in revealing their NPS to you, right, whether that is Oracle or EMC or Cisco, They would dream of a number like this. This is an amazing number when it comes to Net Promoter Score in the biggest companies in the world. Now our business continues to be highly diversified, no concentration.
I didn't put any last year number on this thing because it fundamentally hasn't changed. Our go to market strategy has not changed with one exception, which is over the course of the last year, different teams including my team, Lee's team, Mark's team have hired practitioners from these industries into their into our organizations and that is to even better serve the needs of these folks because we know that the requirements on financial services companies or public sector or education or high-tech or energy are different. And the folks on our teams are folks that come out of that business that understand how to implement architectural changes including the change in risk management in these organizations. Our data center business has done very well. When you become a platform, you become more and more relevant.
The myth or the story that is oftentimes said is, Yes, we're a great platform for doing application inspection on the perimeter. Not true. But this of course, we do that, Let it be no mistake, we do a really, really good job at that. But the relevance of a platform can be measured And clearly how many things are being used in the platform, but also where is it being deployed. And having now more than 40% of our business and after Q2 come out of that data center part of the business is important and relevant.
Now Wildfire clearly a well performing product, the number one APT product in the world. And again, Specifically, in those higher end organizations, right, much higher adoption rate there than across the board, which is good. Good. Then that's something new. This you've never seen this.
We've alluded to this, but I use the word by the penetration. Penetration rate is a metric we believe is much more relevant at the scale that we run for the things that our platform performs. This is when the cameras come out because this is new stuff. Thank you, Keith and Ruth. Yes, This is when we start to think about our business of what would be a better way to describe how our Technology is being adopted and we believe that penetration rate is a better metric.
And Stefan will put a finer point on this. So if you think about the evolution of this, people adopt this as a platform. This is what a platform vendor should show, right? Great adoption across the board of the different subscriptions. Now some of these are much newer.
And so for example Traps and VM series are relatively new. URL filtering threat prevention much more mature. But this is what a platform vendor should show you, right? So all of the rhetoric aside, right, this is the proof. So that is one way to illustrate that.
And Stefan will make the next step because I'm sure you guys are dying to hear about attach rates. That's the next one. Good. One more thing, device refresh. I've been asked this question many times.
How do you think about this? Well, as many of you have speculated, device refreshes occurs somewhere in the Security business occurs somewhere between 4 7 years. And so I challenge ourselves to understand what is going on here. And I want to put one data point in your head. I want to go back to that 2,009 cohort, the cohort that we always reference to as representative kind of our 1st year of being in Sirius Business, those customers, what have they done with their devices?
I'm going to put a number on top of this that shows you that by now because they are probably kind of in the middle of this cycle at the Apex, what they do. And they refreshed about 65% of their devices, which is what you would expect, right? It's smack in the middle. Now here's the good news. They've refreshed their devices with more valuable, more expensive devices that from a subscription perspective also has more expensive subscriptions attached with them.
So this is great because not only have these people maintained their relationship with us As you will see in a second, they've also grown their total business with us. But the devices that they refreshed were refreshed to bigger devices with more not of course not enough, but in dollars higher subscription billings back to us. So That's a data point and we in the future may decide to update more of this behavior. Good. And then finally, the point I made, right?
The 2,009 cohort has shown This is not just about maintaining the number of devices and refreshing them after 4 to 7 years. It's also about expanding the use of our technology over and over and over again. So that's it. A journey that these customers make where over time they not only wait for things to occur, they force their hand. They make us more and more relevant.
They add new things, things that attach, things that don't attach. And because we see this dynamic now where Attach and non attach is both showing very well. But we will introduce a new way to think about this. And penetration rate is a very important way think about our business going forward. Now the final conclusion on this, if we were to perform, We have an opportunity the way that the 2,009 cohort performed over time with us, we believe that there is an opportunity to expand the lifetime value in our installed base another $8,000,000,000 But if we continue to delight our customers to work really well with our partners to continue to innovate in our platform as we do then there is an amazing amount of opportunity ahead of us in that installed base.
Put on top of that a lot of work that we're putting into acquiring more relevant customers In more parts of the world, I think you see how proud we all are of being in Palo Alto Networks City. And with that, I'd like to move the show over to Stefan. Thank you very much.
Okay. Thanks again for joining us today. So you've heard about the vision, the products, the great go to market capabilities that we have and the great marketing machine that we've built. These are all dynamics that set us up very well for sustaining growth and increasing profitability. Now we look at growth and profitability in a framework.
And that framework consists of different stages of growth. We're clearly in high growth mode right now, and we anticipate being in high growth mode for years to come. Growing at greater than 30% is something that we feel is very achievable. In many ways, it feels like we're just beginning. We have a very large market opportunity in front of us, $18,200,000,000 today, growing to $22,000,000,000 by 20 19.
We have approximately 9% market share. Now the previous high watermark for market share has been greater than 30%, and our goal and plans Call us for achieving greater than 30% market share as quickly as possible. Now a significant market share opportunity doesn't necessarily translate into success. You need to have the right platform. The platform that we offer that you've heard about earlier today, it provides the superior security protection For both network and endpoint, we tie it together with a threat intelligence cloud.
This is our unfair advantage. Now when you couple the platform offering with a great go to market capabilities and we have this land expand and retain model, It's driving outsized growth. You look at the billings and revenue growth rates, they're very high. Our revenue CAGR since we've gone public is 54%. That's 7 times greater than the rate of the market growth.
A couple of our larger competitors aren't able to actually even achieve market growth. So we are differentiating on a number of fronts. But as many of you who are familiar with the story understand, it's not just about top line growth. We're committed to growth and profitability. We've consistently said that this isn't a trade off.
It's a balancing act. So since 2012, while posting industry leading top line growth, we've been expanding operating margins and free cash flow. Now let's take a look at the trends in the business. When you look at billings and revenue Over a multiyear period, one thing jumps out. At scale, we're actually accelerating growth.
Take a look at billings. For the full year fiscal 2015 and for the first half of twenty sixteen, both billings and revenue growth have accelerated on a period over period basis. Now what's driving that growth in part is due to our existing customers Buying more of our platform and existing customers make up about 2 thirds to 3 quarters of our business every quarter. And the remaining balance come from new customers that we're adopting in the quarter. The geographic strength of revenues continues to be very strong.
The Americas theater, which is our largest theater and for the first half of twenty sixteen accounts for about 70% of the business, grew 58% on a period over period basis. EMEA and APAC also have very strong growth numbers. EMEA clocking in at about 39% year over year and APAC clocking in about 57%. Each of these theaters provide great promise for future growth. The visibility and predictability of our business has increased And it's being driven in large part by the platform adoption that we've alluded to.
Products, subscriptions, support, it's all been great. Now what you're seeing here is deferred revenue. We have $929,000,000 of deferred revenue on the balance sheet. That's grown 74% year over year. The healthy growth in the subscriptions and support business, coupled with a very strong renewals business the fact that we're selling higher unit ASPs that some of the subscriptions are attaching to are some of the growth drivers of this deferred revenue, and the result is better predictability and visibility in the business.
You can also see contract lengths have been operating in a relatively stable range. Over a pretty long period, it's range from 1.8 to 2.1 years, 2.1 being the latest quarter that we just posted. Now these top line trends have influenced our profitability profile. We've made a conscious decision to grow operating margin and free cash flow. If you look at the first half of twenty sixteen versus the first half of twenty fifteen, operating margin has grown over 500 basis points on a year over year basis.
Free cash flow is 700 basis points. The power of the hybrid SaaS model that we have is playing out in both the top line growth and the bottom line. So again, it's not growth or profitability. It's growth and profitability. The people who are responsible for executing the business are our employees.
At the end of our fiscal at the end of the first half of fiscal twenty sixteen, we have 3,343 employees. About half of those, call it roughly 55%, are in sales and marketing and the balance are in cost of sales, R and D and G and A. Proportionately, these metrics haven't changed on a period over period basis and reflects the investments we're making in the business. We're investing across all elements of the business, but proportionately, we're putting more in sales and marketing, mainly because we have low market share, a differentiated platform and sales productivity is increasing. This is a time to put our foot on the accelerator to continue to drive growth and take market share.
Now let's talk about some of the growth drivers in the business. Where you can really see the power of the platform taking hold is in the composition of our billings. Since FY 2012, you can see very strong growth Across each of the core elements of the platform, product growth has grown over 43% has over 43% CAGR. Subscriptions and support have grown even faster than that. In fact, if you take a look at fiscal year 16 in the first half, our subscriptions and support business, which we call services, is operating on north of $1,000,000,000 run rate.
Now the platform story doesn't work unless you have a great innovation engine And that innovation engine has to be spitting out brand new products, which we call new product introduction. Over a multiyear period, we've been adding more elements to the platform. As an example, in the next generation firewall part of this slide here, you can see that product billings has grown 44 on a year over year basis for the first half of twenty sixteen. That's driven in large part by the new products we brought to market, the mid range PA-3000s, Our seventy-fifty-seventyeighty data center type chassis, that has helped expand our wallet share within our customer base. We've also added 4 new subscription services recently: Aperture, Autofocus, Traps in our VM series.
We are also getting great traction from our existing subscription services, wildfire, threat prevention, URL filtering and GlobalProtect. So this platform is responsible for the growth that we've seen. Now there are other growth drivers in the business. With the robust services offerings that we have, which comprise both Subscriptions and support, any business that has that type of profile needs to be looking with a very critical eye on support renewal rates and subscription renewal rates. And I'm pleased to report that we have very high renewal rates across the board.
So for subscriptions, they're at about 90%, supports approximately 100%. These are extremely high and they're very stable. In fact, they haven't changed on a year over year basis. Our renewals business is the gift that keeps on giving. It's a driver of growth and operating margin expansion.
And the other element of renewals business is it has a compounding effect. And as you'll see in later slides when I show you about the LTV impact of the renewals business, it becomes very apparent how critical of a component this is to our future growth. Now with the services business taking up more of a proportion of the total business, You can really see this play out over a multiyear period. From FY 2012 to FY 2015, in those 3 years, As more elements of our platform are being adopted and more subscriptions are being adopted in the high renewal rates, You've seen a services billings mix shift over that time period where it's taking about a 12 point share of that mix. Many of you who follow us listened to our last earnings call.
For the first half of twenty sixteen, The services mix component was 63% versus 58% for the first half of twenty fifteen. So that mix shift is becoming even more pronounced over time, and that's all goodness. And the reason why that's goodness, Think about the impact that it has on margins on a longer term basis. Let's start with gross margins. Over that same 3 year period, You've seen a 500 basis point pickup in gross margins, which is largely driven by the adoption of more subscription services.
Subscription services have software type gross margins. So this is a tailwind for the business going forward. Now the mix shift on the mix shift for services does have an impact on our operating margins. As I mentioned on our Q2 earnings call, because of the nature of services billings, When services billings are billed, it goes into deferred revenue and it gets recognized ratably over the life of the contract. Commissions expense gets incurred in period.
So there is a natural timing mismatch. So there is a near term depressive effect On operating margins, and you can see it play out on this chart. Longer term, as more of that revenue comes off the balance sheet, That will be accretive to operating margins. One thing to point out, we are looking at doing an amortization project of commissions related to any services revenue that comes in. We're currently doing an evaluation of that.
And the soonest that we could adopt that would be beginning FY 2017, which would take care of the timing mismatch. So stay tuned on that front. We'll probably address that in our Q4 earnings call. Now one of the most important things we think about in terms of running the business is the dollar contribution from our installed base and new customers. And we like to refer to that as share of wallet.
Historically, we've shown the subscriptions attach rate as an indicator of share of wallet. Now you can see that over a period of time from Q4 'thirteen to Q2 'sixteen, The subscriptions attach rate has increased very healthily. And as of this latest quarter, Q2, it's at 2.3. Now there are some limitations to the subscription attach rate. First of all, we have 8 subscription services, only 4 of them attached to a device.
So the ones that attach to the device, I'm sure you're all familiar with, but I'll click off, just for completeness. Threat prevention, URL filtering, GlobalProtect and Wildfire, these attach to the devices. Now what the attach rate also does not address is the dollar contribution. And the dynamic we've seen in the business Coming out with our mid range PA3000 in our higher end chassis, the 7,050 and the 7,080 products, The dollar contribution when those subscriptions attach becomes very high. So there's a limitation with the attach rate here.
And then we also have 4 subscription services that have no concept of an attach rate: Traps, VM Series, Aperture and Autofocus. So given the fact that We're looking at wallet share as a more meaningful indicator of the business. We're going to be sunsetting the attach rate metric at the end of our fiscal year. We're going to be focusing on penetration rate and LTV. And when you combine penetration rate with LTV, you will get a better sense of the traction we're getting in the business in the wallet share.
So the penetration rate slide, which you've seen before, and I'll briefly go over, shows a number of things. First off, Our threat prevention and filtering services have a very high penetration rate. Threat prevention is at 88% and URL filtering is at 72%. The stability of the penetration rate is key, mainly because the metric is a customer penetration rate. We've added over 7,500 customers since the last fiscal Q2 of 2015.
So we're able to monetize those new customers by having them buy at the same rate as the prior customers, the same rate of threat prevention and filtering. Now when you look at the earlier or less seasoned subscription services out there, the Wildfire, GlobalProtect, VM and Traps, they have lower penetration rates, but you've seen them increase over time. We think that there is a very significant upsell and cross sell of those subscription services into the installed base of our accounts. Wildfire as an example, a year ago was at 23% penetration rate. That's ticked up 10 points.
Over time, we think that wildfire can be between threat prevention and filtering from a longer term model standpoint. GlobalProtect, you're going to hear a lot more about this going forward. We've made some great innovations on that and there should be an upward bias to that penetration rate. Our VM Series, you guys know the story to backwards around the movement of workloads to the cloud, and the other dynamics that Lee discussed. So we think that there's going to be an upward bias there as well.
And with Traps, we're just getting started. We have about north of 300 customers. We have close to over 30,000 more customers that we can be selling Traps into, plus all the new customers that we're going to be acquiring. Now coupling penetration rate with LTV gives you another insight into the power of the model. When you look at LTV, we start with the 2,009 cohort.
Now you saw this slide before but without any of the numbers. So our 2,009 cohort has spent 11.8 times more in lifetime value than their initial buy. The cohort math, the way that works, We look at it from a land and expand standpoint and a renewal standpoint. Now in that land and expand bucket, which accounts for a little bit over 8 times. That is benefiting from us selling more higher end products in appliances, more subscriptions and more support.
And for the 2,009 cohort, It's also benefiting from a refresh cycle of the original units that they bought. So the power of those four dynamics is playing out. And then you can see the compounding effect of our support and subscription renewals business in the 2,009 cohort. This is becoming a very important part of our business. And in conjunction with the land and expand, we feel like We're very well set up to continue to monetize each cohort.
Now taking a look at each cohort, another powerful story emerges. Each cohort, the growth continues to accelerate and increase on a year over year basis. You can see the 2,009 cohort is 11.8 versus 8.6 that we showed last year. And the later cohorts, the 2010 is at 9.3, The 2011 is at 5.6, so on and so forth. So the robust nature of platform adoption is playing out in the cohorts.
And when you do all of that cohort math, as you've seen before, and you use 2,009 cohort as the anchor cohort, And you assume that the later cohorts buy to the same level of the 2,009 cohorts, which when we do our own modeling, That's what the trend looks like. There's at least $8,000,000,000 worth of unlocked value opportunity within our installed base that we can go and monetize. So with that as the backdrop, I want to now transition to some planning and modeling points. From a capital allocation standpoint, we have a number of near term investment areas that we like to share with you all today. And the first starts with our innovation engine.
So with research and development, we're planning to extend our capabilities for next generation firewall, cloud and endpoint capabilities. We're looking to continue to build out our threat intelligence services, which is a great competitive weapon for us. In sales and marketing, we're looking to expand our share, ramp endpoint capabilities. We're also looking to scale through partners and enablement, And we're definitely focused on increasing our world class customer support. From a G and A standpoint, we're looking at investing in cloud and infrastructure and data center expansion to support the growing subscriptions business that we have.
And as we shared with you about a year ago, we have a new headquarters facility that's coming online in FY 2017 to support the overall employee growth. Now from a multiyear planning standpoint, there are 5 categories I'd like to cover with you today. Seasonality, what we've said historically is our Q2 and Q4 should be the strongest sequential quarters. When you look at the profile of our business, especially on a billings basis, we're north of $1,800,000,000 run rate of billings. At some point, and it's been hard to call, but at some point, we will have a more typical Q4 to Q1 revenue and operating margin pattern.
When that happens is unclear, but at some point that will happen. Our non GAAP tax rate Starting in FY 2017, it's going to be improved from 38% to 31%, which will structurally translate into a non GAAP EPS pickup. Our cash taxes are forecasted to be between $10,000,000 $25,000,000 per year. We don't anticipate being a significant cash taxpayer for at least 5 years. From a CapEx standpoint, we have what I'll call a normal run rate for the business on a go forward basis, which will be approximately 5% to 7% of revenues.
In FY 2017, We're going to have about $100,000,000 more of CapEx in the business related to the new headquarters facility, but that's more of a onetime item. And from a stock based compensation expense standpoint, we're going to remain competitive for the size of the company that we are and the growth rates that we're posting. So I'd like to wrap up with our framework for growth and profitability, which is applicable for FY 2017 and beyond. I'd first like to start by stating that relative to our earnings call that we had in Q2, there's no change to The balance of FY 2016. We believe that we'll have approximately 40% free cash flow margin for Q3 and Q4 and an 18% to 19% non GAAP operating margin exiting Q4 2016.
But as it relates to the longer term health of the business and where we are today. We are squarely in high growth mode. And as I said before, We anticipate being in high growth mode for years to come. In high growth mode, We're looking at free cash flow margins of 35% to 45%. Now we've been operating at the midpoint to the high end of that range And we would naturally be in this range for sure.
Now with FY 2017 coming on board, we'll probably be at the mid points to the lower end of that range just for that year due to the CapEx build for FY 2017. But still, this business is throwing off a lot of great free cash flow. Operating margins, we're anticipating expanding on an annual basis 100 to 200 basis points per year. At this point in the company's life cycle, given the fact that we have 9% market share in a TAM that's growing to 22,000,000,000 With increasing sales productivity in a differentiated platform, We're not striving to maximize profitability right now. We are striving to balance growth and profitability.
Now longer term, in the distant future, when our growth rate declines a little bit, but it's still greater than the market. We envision our free cash flow margin to be 25% to 30% and operating margins greater than 30%. So with that, that concludes my part of the presentation. I'd like to invite the executive team up on stage. We'd be happy to answer any questions.
Thank you very much.
All right, great. So we'll kick off Q and A for anybody who's got a question.
Saket Kalia from Barclays. Thanks very much for all the detail, Especially on the penetration rates. I want to 0 in on wildfire a little bit more because the 10 point increase is very impressive. So two questions. First is, a little bit more talk about the partnerships, whether it's Proofpoint, whether it's Splunk, whether it's Tanium.
How important are those partnerships to improving that penetration rate is the first question? Then secondly, maybe more for Stefan. You were nice enough to show us kind of the renewal rates on maintenance versus subscription, little bit of a lower renewal rate on subscription. Could you maybe rank order some of the subscriptions that maybe have higher renewal rates versus lower? Thanks.
Lee, do you want to cover the?
Yes, I think the partnerships are important. I mean, they're mostly in the sense that wherever we can find a good opportunity to partner other technologies that serve our customers better, we want to go to that. We're trying to provide the best solutions to our customers. And so the ones we talked about today are some of those key partnerships. With Proofpoint from making e mail more secure, Tanium and Splunk in terms of response and instant and forensics and things like that.
We think those are very important. In a lot of ways, I think, it helps in the sense that picture I drew where wildfire of the middle of a lot of different things. Absolutely, that comes back around and helps with the growth of wildfire as more and more of our customers view it as the center of sort of programming
of a
lot of different things, including our
own products. And just before Stefan jumps in, I just note as well that What's important, that's about threat intelligence, meaning we have an insatiable desire for the intelligence. With the those just a relatively recent. So when you look at the growth in wildfires, that wasn't driven by partnerships, it's just driven by the efficacy of wildfires.
First off, we're extremely proud of our 90% renewal rate. It's one of the best in class that's out there. There are some instances where a customer will trial a subscription service, use it for a year or 2 and not renew. We haven't really broken it out from a subscription basis of what the renewal rates per subscription are. I will tell you that, writ large, our customers are renewing at a very high rate and they're renewing most of the subscriptions.
So perhaps in the early days GlobalProtect maybe didn't have a renewal rate that was as high as it was in the past, but We're seeing that trend reverse.
Mark, for you and also Nir. Nir talked about identity and access management being sort of on the periphery and you're partnering with everyone there or at least agnostic in that space. And then in the CASB space with Aperture, you and I had talked about this before and not really being a space and being built into the product. Is that how you feel about the CASB space now? And are you seeing pretty good adoption there?
And then I'd love to hear if Identity and Access Management could be core to what you guys are doing longer term from a platform perspective?
Sure. Sure. I'll start off and then throw it over to Nir. So I think on the CASB side, that's just the kind of thing where when I was talking about frameworks and then platforms, right? And the consistency is you have to do security where the need is and then you have to do it where the data is, right?
So a lot of times, is not going to come to the customers and talk about topology of networks. We're going to talk about security and where's your data. And who knows where it's going to be in 5 years, right? But the platform has to be flexible enough to get you there. So from a CASB perspective, I think that's one of those examples to say, hey, look, some of your data is in 3rd party SaaS applications.
It's just not going the network.
So
we better be able to do our thing there and that's why we're in that space today. And there were companies there who are to give this visibility into that, which I think are rightfully features of what a real platform would do. So that's how we think about that. And that's in our market today. I'll let Nir speak to Yes.
On the IAM side, yes, there are synergies between the two markets and we're certainly becoming more and more enforcement for identity. It's just that there are many identity vendors out there, some legacy, some new ones and there's no clear leader And we need to work with all of them. We also think that there will be some new leaders in the space for example Microsoft And we'll certainly need to work with them as well.
Thanks. Just a question on endpoint probably for Lee or
for Mark and then a
question for Mark on M and A. So on the penetration, I'm not asking I guess for you to predict sort of when where does penetration go on the endpoint side, but does that need to be 30%, 40%, 50%, 60% of your customers, does that have to be a big number in terms of penetration over time for you to sort of have the platform complete and include that important component? And then I guess I just had a sort of a philosophical question on M and A both as well related to the platform, which is Do you, does having to develop a lot of stuff yourself or keeping the platform pure keep you from doing large deals, dollars 1,000,000,000 deal, buying a big revenue stream, buying a public company, for example, in security?
I think on the first question, Nir or Lee can jump in on this on the endpoint side. As Nir was saying, we went through what are the requirements of like you got to be in a position to play the position. In order to actually do prevention, you definitely have to be the firewall and more and more we think that's helpful to also be the endpoint just because attacks are happening there as well. So if you can do prevention both with the network using the firewall and with endpoints, it's just better. So we're committed to that, right?
And we're trying to convince customers of that as well. I think they understand that in the standalone space called endpoint security about There's already have it right now. We want to do a better job of prevention. It's really the intersection that of bringing that into a real platform that should have juice for us, right, to say, look, we're very unique on that. We're doing something special on the endpoint, but we're the only ones who actually have incorporated that into the entire platform.
And we would expect as a result of that, the debt business will grow nicely for us over time because people just would understand that. On the M and A side, the way we think about M and A is the platform view. So if we think about not a topography thing, where is data and what are the threats and what the threat landscape looks like, that has driven all of our roadmap for 10 year period of time. So there is never and we're not quick on the trigger from an M and A perspective, right? That's primarily because we're not trying to roll up the security industry.
We're not trying to do everything for everybody. I think without exception, every company that's ever tried to do that has failed in doing that right. One of the things that we hear from our customers on this point is they appreciate our focus of trying to do things that we can do extraordinarily well for them. And when we try to do something in It's easy to understand why like for example with CASB space as to why that feature should be part of the platform. This can change over time, meaning depending on whatever we're talking about in the future, can change and what could be parts of this platform and some of those things might be more impactful, right, as far as what the threat landscape looks like or the kind of threat intelligence that we may need or where is data these days.
So but usually our go to motion first is to build something because of this native capability that's highly automated. The next Go to is partnering, right, as we've seen. And then in a few cases, we've purchased our way into either a new market like endpoints or into new where data repositories are like the CASM.
Thank you. Jason with Baird. I wanted to comment on Threat Prevent. At first, at almost 9 out of your 10 customers, the network effect of threat intelligence is powerful, of course. Where are you today versus your competitors?
And I'm asking in what you see, how much do you see and your ability to update? You said it's 5 minutes now, where is that relative to your largest competitors? Yes.
So let me set that up and I'll hand it off to either nearly. So The 5 minute updating is actually related to all this stuff working together, but primarily wildfires, the brains of the platform. So we say if we have seen what is an unknown threat and then turn it into a known threat and done something about it, then we can update the ecosystem in about 5 minutes, right? So that's what that statement is. We're wildfire is the that does that, but it's all the capabilities working together that lets us unwind an unknown threat and turn it into a known threat.
So that's what we what we mean by the status.
Yes. In terms of speed then, industry standard is still roughly every 24 hours. In some cases, in emergencies, you see 8 hour updates and 4 hour updates and things like that. But for the most part, nothing is approaching It's also important to note what it is that we're able to update. So we're updating for malware signatures being able to detect and prevent that malware from ever happening again.
We're also updating URLs and DNS and command which is very important because that allows us to not only prevent the malware, but to prevent later stages of the attack. Even in the cases where the malware was first seen somewhere, it was detected, we then have the ability to prevent the later stages of that attack and of course provide that protection to everybody else. So the content of the updates is very unique to us and then the speed of updates is unique as well. Okay.
So just to make
it clear, threat prevention is more about replacing a traditional IPS and anti malware gateways for detecting known attacks, attacks that everybody knows about and you need to go and stop. As you mentioned, the penetration rate is close to 90%, which means that close to 90% of our Customers are using us as an IPS. Where is that compared to the competition? I mentioned in my presentation, we only see Cisco and McAfee today competing on We don't see Check Point. We don't see Juniper and we don't see Fortinet competing on IPS business.
I don't recall a single deal, a single deal where we competed against them. I mean, I'm sure they are. They don't get to our level, but I just don't recall a single deal where we competed against them as an IPs.
Thank you. Just a quick follow-up if I may on share by geo. You showed the U. S. As 9% and major geos, EMEA, Asia at 4%, 5%, not surprising for a high growth U.
S.-based company. Should that narrow over time? Or is there some type of headwind for U. S.-based companies selling network security products?
I think we can capture a lot of market share in all of the theaters. I think as you correctly note, a company that starts in the United And over time works its way internationally, it's not surprising that these other countries would take a while to catch up. And then on top of that, We've just had this fantastic growth in North America. I remember I joined the company 5 years ago. I told the executive team, hey, we're going to shoot for fifty-fifty, right?
It's a big world out there and that was a metric that if we had managed to, I'd shoot myself in the head today, right? But just because Americas continues to grow at scale at such enormous rates. So it's hard to catch up to that when it's that size and it's growing that fast.
Your questions?
Yes, okay, in the back.
Hi, Asafim Mabaloni from UBS. Thanks for taking the questions. Just two questions on go to market Mark, specifically on the product side for Traps, what needs to happen from a go to market to really open up the floodgates to get that number from 300,000 to theoretically 30,000? Okay.
Yes. I'll ask another question. So,
I think right now we have
an overlay team that covers The global sales team that are subject matter experts, both salespeople and sales engineers for Traps, I think their job is to work on large opportunities at those 300 and many more prospective customers, but also transfer skills to the field sales team, because really Traps is an extension of our platform And it's a big part of the platform to sell that our core sales team sells with partners every day around the world. I think Functionally, like what we're doing is very different than what everybody else is doing. So getting better at explaining that and then proving that in the wild, I think it's something we will to get better out. I don't know, Lee, if you have anything to add? No.
Just a quick follow-up. You had mentioned that about 55% of the sales force is fully ramped. And I can appreciate there's been a kind of hiring happening in the last couple of years that potentially would depress that number. So is there an aspirational target that you're trying to hit 60%, 75% in a particular timeframe? And if you can help us think about that as to How that should play out?
Yes. I tend not to think aspirationally about that because we are adding dozens and dozens of sales team members every month into the sales organization and working really hard to train and enable them. I think one of the factors that we have working in our favor is Our sales attrition is very low. I think it's a market low. Now is probably not a good time to have How about the networks come off of your resume, I would submit.
But it's something that we certainly focus on. I think it's a culture around creating a winning And a positive environment for people to feel comfortable working in and be successful at. But I would see it moving up kind of marginally over time.
Thanks. Karl Keirstead, Deutsche Bank. My first question to maybe Mark and Mark. One of my takes from this event last year is all the love that you guys were showing to the big distributors. You had Westcon and Dimension Data, etcetera.
With the passage of the year, can you just give us an update on how that's played out? If you can be specific sort of what portion of your sales are being driven by those partners and where was it a year ago? And then my follow-up is to Stefan. Just to clarify on your operating margin guide of 100 basis points to 200 basis points assuming your growth stays above 30%. I presume that's not assuming any change to the accounting methodology for The sales commission.
So is it true that if you do make a change, you might get a step up in fiscal 2017 after which you would be on a +100 to 200 or put it another way, it would be £100 to 200 apples to apples, if you understand what I mean. Thanks.
Yes. So I'll start off Mark and maybe you can finish up. So I think Carl, if you think about what I've talked about over the last 3 years, I've always tried to talk aspirationally about where I think our partner ecosystem is going to go. And I think 3 years ago, I yearned for a day when we would have Fewer, bigger global distributors. And last year, I came up here with Dolf from Westcon and dropped the mic on that, because I think we really have, we've narrowed our distributors to Arrow, Westcon and primarily in EMEA exclusive networks And they transact the majority at the distribution layer of our the vast majority of our the business that we transact.
Now Dimension Data is not so much a distributor. They are like a global systems integrator. I brought them up last year because it was a new relationship and We've rolled out nationally across the U. S. And internationally across the world and we're doing very well with them.
I think they are turning on Their managed service called uptime with us all around the world and we're engaging with their field sales reps like we are with many of our large resellers around there and frankly like we will and are starting to with some of the big resellers and GSIs who are up here on the stage This year?
Hold on. So for the second part of the question, we're still estimating what the full year tax would be for commissions change because remember the commissions amortization would only be hitting the services portion of the business. So currently the 100 to 200 basis point annual operating margin improvement is inclusive of any accounting change we would make. Now if it turns out that the commissions, amortization project has a massive benefit to us, then we would possibly we kind of relook at that as additional year for FY 2017. But at current rate and speed, the 100 to 200 bps annual improvement is inclusive of any accounting change.
Hey guys. John Lucia from JMP. It seems like there is an increased focus on At the company, I think a lot of your growth in recent quarters has come from subscriptions sold to the installed base. My question is on new customers. If you look over the last year, how has billings growth in new customers trended?
And then looking forward, how do you keep your sales force focused on new customer growth when they have the subscriptions to sell into the installed base, maybe it's more low hanging fruit there.
Sure. I'll take the first, Mark. So, we really don't when you have the platform play and you're trying to really get the point across for prevention for We're going to tell that story whether you are a brand new customer or whether you're an existing customer. So it really falls out between the teams who are attacking a new customer opportunity, telling the entire platform story and trying to find the intersection point where we can earn some trust from the prospect to get started and earn some of their business versus an account manager sort of role, which is you're an existing customer. We know exactly what you're using our for over time, we're going to have a very good understanding of what your network looks like and what the best opportunity is we can talk to you about how to extend the prevention capabilities inside of there.
The result of that is they're both strong. We're getting good penetration rates both in The new and existing customer base. Mark, I'll let you take this now.
Yes. I think if you think about the typical sales territory, most of them have existing customers and prospective customers. And so there's probably a good balance of focus from a typical named account sales team that might have 80 accounts in their patch, probably 20 of them are customers. They're focused on growing those, of course, as Mark just mentioned. But the other 60, they're looking to break in and they're looking to for ways to come and improve the outcomes that we can deliver to our customers.
From a motivation standpoint, I think our comp plan has done a great job motivating people to sell product And our sales management infrastructure has done a good job of reminding our sales teams that I know you get paid the majority of your comp on selling product plus initial, but let's not pass the gas pump. Let's make sure if the customer is willing to commit for 3 to 5 years, let's drive that sale. And I think our numbers
are going
to prove out that we're doing well in both.
We have time for one more.
Excellent. Thank you for the day. I was hoping to dig into through the opportunities that Mark brought up earlier. One was IoT. A lot of talk about IoT.
It's going to be billions of devices. Not a lot of specificity on how that actually translates into market. Should we think about Palo Alto's opportunity there? Is it the like all those industrial controller firewalls that they actually have in place that you guys are going to start going into that market, where does that relationship with Honeywell fit into the whole thing? So maybe you could give me more specificity on sort of how you actually monetize And the other question is more competitive around cloud.
One of the questions I get most from investors is why does an AWS do it? They own the network, they run the network, why wouldn't they Protect your own networks. So maybe a question for Nir, like why AWS and Azure don't turn out to be more of a competitor versus a new platform for you guys Just to
hear your question. I'll let Lee take IoT and Sergey take the cloud one. So
in some ways, IoT has sort
of been going on for a while in terms of the things have been proliferating, but the idea of actually needing to secure this infrastructure is relatively new. But ultimately, it's going to come down to a number of different locations where security is really important. One of those is securing the structure that all of the things generally connect into, which increasingly gives cellular mobile infrastructure for a lot of these things, right? When you think of automobiles, when you smaller devices and whatnot, even increasingly like oil wells and pumps. And a lot of them connect into the Internet through cellular connections, some of them through wireless connections.
And so the first opportunity from a security perspective is that first half that they connect to and providing security from there. The second piece is they almost all connect into some back end infrastructure that is controlling them and these are largely data centers, Next generation data centers, private cloud data centers, but they're connecting back to some infrastructure that's providing a lot of control systems for running them. And There's definitely an opportunity there to secure both the connections as well as that infrastructure that they're connecting back into. And then of course, you can kind of even extend that out to SCADA and industrial control system environments and whatnot that are also involved in Lattice. And again, there's opportunities to secure that infrastructure and the security capabilities we have.
So multifaceted in terms of what the opportunity is and where we need to be in order to provide the security.
And just I'll put one just Example on that, some of our larger customers in the utility space where we are already providing security for their networks, Like the corporate IT sort of thing, those conversations we're having now are them saying are non corporate But the SCADA side is in the stone agents from literally from a security perspective and that is a huge concern of theirs Now they're looking to say what can we bring over from best practices what we've done onto the SCADA side of these things because they're really archaic.
And the same is true for car manufacturers. Many of them are our customers and they use us both to secure their own IT environments as well as data centers where They run applications that connect with the cars. And we also think that long term, like we said, service providers, specifically cellular service providers, are a great target for securing IoT. We think that unfortunately IoT will not be secured by software running on the IoT itself even though it might be in some cases the right or the best thing to do. It's just not very practical.
Now regarding your competitive question about AWS getting into security business, We believe that security again has to be uniform and you cannot secure your AWS implementation differently than secure your Azure implementation differently than secure your own data centers, secure your users traffic, your branch office, your main Internet connections. And I'm not sure AWS or Amazon will get into the business of being a full blown security vendor securing everything across the entire infrastructure. And therefore, most enterprises will continue to buy from a dedicated security vendor such as
ours such as us. Great.
We're going to have to
end it.
I know we're over time. So thanks for sticking with us. So thank you everybody for being on the panel here. That is going to end the webcast portion. We will post the slides for everything that you saw today.
So folks who can't Not physically in a room to be able to get that and we'll end the webcast portion of the session now.
Great. Thanks.
Great. And with that, we