So greetings, everyone. Welcome to Palo Alto Networks Investor Track at Ignite 2015, which is our annual user conference. I'm amazed, I was joking with somebody who get RSVPs and we had a great RSVP, but frequently There's a very large portion of the audience that doesn't come. So I'm thrilled to see the turnout here. We know that this is a big time commitment for all of you that you all came in on a plane.
And so our objective here is to make this experience as meaningful as possible. So thank you very much. For those of you who are listening on the webcast, If you're interested in the agenda, it is posted online. For those of you in the room, several of you have asked me about the Wi Fi pass word. So it's Ignite 2015 with a capital I.
And hopefully that will help you. Although no surfing will be very upset if you don't pay attention. No, just kidding. So with that, Head of Investor Relations always gets stuck with this extremely exciting slide. The good news is they're not going to make me read the safe harbor, but there you have it.
So for those of you who are here, at the conclusion of the formal presentations, we invite you to join the executive management team for drinks for a little while. And then we hope that you can enjoy the balance of the user conference. Tomorrow morning, the keynotes start at 9 and go. And then in the afternoon, there are technical sessions and all kinds of things. And we welcome you talking to our customers and partners and finding out a little bit more about us in-depth.
So with that, I will turn it over to Mark. But first we have
We're currently serving over 19,000 enterprises. And at the same time, we're selling more stuff to those enterprises. They realize the value of the platforms and they're using our technology. What they're seeing is they're for the very first time, they're getting just the visibility of what's happening on the network. And from that, they can get control over that.
So it's really an enabling technology.
My pleasure and I'm excited to introduce the new PA-seven thousand and fifty, the fastest next gen firewall that we've ever produced. In fact, it's the fastest next generation firewall in the market. 100 percent channel centric and
we will remain that way.
We're very excited to announce 6.1. It's our latest release for Pan OS. We've packed this release with 30 new capabilities.
I think in the case of Palo Alto Traps, the answer is clear. The effectiveness the security solution on the endpoint has proven itself.
Personal data on your iPhone may be up for
Cover new malware targeting both Apple Computers and iPhones.
The malicious software is called Wire Lurker.
Something like 350,000 users May so far have been effective.
Four leading companies Fortinet, Symantec, Max, Chief Alpha Networks, all very much involved in the battle Cybersecurity, if we can share threat intelligence information that we would usually consider competitive and proprietary for our companies, that's going
to be to the good
of all of our customers.
The President urged Companies to
share information Despite the growing threat of international hackers.
The Cyber Threat Alliance, which includes companies like Palo Alto Networks and Symantec are going to work with us to share more information under this new executive order. One of the really big emerging companies in Silicon Valley that is so Please welcome Chairman, President and CEO of Palo Alto Networks, Mark McLaughlin.
Thank you. Thanks so much for being here for the Analyst Day for Ignite. This is our 3rd annual conference that we've had for our users and it's just been a Resounding success for us. So we hope that you'll partake not only in today, but you can stay for the entirety of Ignite and I would encourage you to do so. When we started it 3 years ago, we thought we'd have a couple of 100 people here.
We ended up with 1,000. Last year, we had just about 2,000. And this year, We have over 3,000. So it's growing very quickly in popularity as our customer base continues to grow. And if you have the chance to stay through at least tomorrow, you'll get it can mingle with everybody and get a chance to see what we're talking to customers about, more importantly what they're talking to each other about.
So we also Through the course of the day, we're going to do a few presentations for you. But we have a cocktail hour this evening when it's done, like Kelsey said. There's a lot of Palo Alto executives here, all in the back Back there, but we have John Spillios who runs North America Chad, who runs business development. We have our Head of HR, Wendy, our General Counsel. You don't want to talk to him.
We've got let's see, I thought
I saw Christian Henschow in here. He runs EMEA for us. Ori and Nati, who are the founders So Savara are here with us again this year. They're back there too. Raj is back there.
He was the former CEO of I'm blanking that. Morta, yes. I'm sorry about that. I'm getting my names mixed up here. But so Raj is with us as well.
So anyway, please take the opportunity To mingle with the executives during the course of the day, Rick Howard, our Chief Security Officer is back there as well. So lots of folks here. You're welcome to talk to all of them, Okay. So, what I wanted to do today from an agenda perspective was go through what's happening at a high level from a cyber security perspectives in the market. I think there's kind of 2 things happening there and I'll address them 1.
But the reason I wanted to do that was there's stuff that's happening for security wise is very important. And I think from an investor perspective, there's a concern of where you're going to bubble, right, from a security perspective as well. I think those are 2 Separate related topics, so I'll address a little bit about that. Then we're going to hear from Nir Zuk, who is our CTO and Founder. You're all pretty familiar with Nir, I think, About Palo Alto's platform approach and why it's winning and why we would expect that to win in the future in the context of what's happening in the security space.
Lee Claret, who runs products, will talk with us about the platform and what we're doing with that. And then we'll hear from Mark who runs all of sales and customer support on a view from the field what's happening when we are talking to customers and we're trying to sell Concept and more importantly, the actual platform itself. And then we're delighted to have with us some of the leaders of some of our largest The distribution partners who are in the back of the room with us today, they'll come up in a little while with Mark and we'll have a panel discussion with them. You'll be able to ask them some questions as well as As to what Palo Alto Networks is doing from a go to market perspective and why it's important for them. And then last but not least, of course, we'll hear from Our CFO who will go through the business model, which is fairly unique product, SaaS business model and then update you on some of the key Financial metrics as well.
Okay. So I think everybody is pretty familiar with call out there, but for those who are not, just at a glance quickly, What do we think we have here from a company perspective? We think it's pretty unique. And we think it's unique because we have a true Platform, we'll talk about what that actually means, a true platform at a time when it really matters, when security is very important and it's going to last for a long time. So and because of that, we're seeing this be quickly become a reference architecture for the future for enterprises.
And that's measured in a lot of ways, but we have very rapid customer adoption. And we're capturing market share very quickly. And importantly, because of the time we live in and this platform technology we brought to market and what we're doing with it, we think we can continue to capture significant market share. And We think we can capture more market share than anybody's ever held in this market before. And we'll talk a little bit about that as well.
That platform Produces this hybrid model we talked about, which is generating very high revenue growth and a lot of it's recurring in nature. You can see that when Stephane gets into the deferred cash flow. It's a very nice model with the high cash flow generation. And very importantly, increasing leverage at Scale. So we've been increasing leverage through the model consistently.
We think we will consistently continue to increase leverage into the future, particularly as we Continue to scale the business, which is actually pretty sizable and we'll talk through that right now. So this is how we think about the company, primarily from an investor perspective, obviously from a customer perspective, you'll hear more about that in a second. But just at a glance, this is how we think about things. And as an executive management team And as a Board, to attain our position in the market we have today and to continue to grow our position in the market, this is how we think about things. There are things that really matter to So we think about those.
1 is the time, timing that we live in. Timing is important, right, when you're trying to bring things to the market. The second is, What is the problem that's trying to be solved in the first place? The philosophy about what the problem is and how to solve the problem It's very critical on what you ultimately build to solve that problem. The third is consistency.
Even if you've built something to solve the problem, it has to be highly consistent for Enterprises everywhere because where it's inconsistent will create an issue from a security perspective. The next is that platforms. We're using that word all the time. Lots of companies use that. We think we have a real platform, a unique definition around what that is and you'll hear a lot about that.
From NEAR, the platforms matter, like they win. And when they win and they win in large market segments, that gives you a chance to capture a lot of market share. So we think that matters a lot. And then you can have a fantastic Idea, fantastic technology and a great time in history and just screw it up on execution. So we know that execution matters, particularly when you're operating at scale.
So we really care about that. And the last thing is results, like the way we can judge whether our philosophy and our platform and our execution are working is What do the results look like, right? So we'll spend some time from a result perspective because we watch those very, very closely.
So if I start at
the highest level, the time we live in, right? Some of this sounds pretty obvious, but I think this is why security is getting so much attention. The time we live in is one in which everything that matters to us is completely digital now. It's the digital age, right? So money, it's very rare to touch real money anymore, it's even in a credit card.
Most of your money is in a bank account that you look at with And you just hope that it's there the next time you look at it, right? Access, your identity, healthcare systems, things that get you services. The ability to get basic services like utility and water, those things are highly controlled through SCADA systems these days from a digital So you just trust that it's going to work. Safety, next time you get on a plane, you're hoping that the air traffic control guys are doing their jobs, right? So and a lot of that is computers, Right.
So we live in this highly digital age where things that we used to touch a lot physically, we don't anymore, which means we just trust that they exist And we trust that they're going to work when you need them to work, which is great because there's a lot of leverage in that. The problem is that the trust in that is quickly eroding. We see all these breaches and headlines and these attacks. What's really happening, I mean, why is this really hitting a nerve is Because the undercurrent is this is attacking the very trust on which the digital age is built in the 1st place, right? So if you felt like Tomorrow, when you check your bank account that it may or may not be there, right?
You would go take all your money out today, right? And if you felt like you couldn't get access to certain Tomorrow, you'd be really worried about that, like from a healthcare perspective, are you going to get on the plane or not, right? So what's at risk For all of us right now in the face of all these breaches is it's going right to the heart of the digital society Of blowing up the trust. And if that trust goes away, it's chaos, just total chaos, right? So that's why security It's such a big deal and why we're hearing about it all the time left and right because it really matters because it's right at the very heart of all of our systems today.
We're seeing this at the highest levels in government. You saw a little clip there from President Obama. That was about 2 months ago. He came to Silicon Valley and hit a Cybersecurity Summit, it's the 1st presidential summit that's not been held in Washington DC in 50 years, right? So he came to the heart of Silicon Valley, the heart of technology in the United States To talk about cybersecurity and intersection with privacy, but when he showed up, he showed up with an executive order, right, and the executive order did certain things The cybersecurity, right now in our legislature, there's tons of bills.
See what happens, right, tons of bills working their way through there, they get done. That's because The government recognizes this trust issue that if the trust erodes in all these systems, we're in a world of hurt, right? So that's why we're seeing such attention at this The highest levels in the government and that's on a worldwide basis. We're seeing that in the military, right. Traditionally in the military, For the very longest time, since you thought about theaters of war, it was land and sea, right?
And it was only in the early 1900s That's a whole aviation came around where you got air on top of that. That took until about 1950 by the way to be its own theater from a warfare perspective in United States and now it's land, sea and air. Well, now there's a new one. This is the patch of the U. S.
Cyber command, right? So cyber is its own theater of war now, right? So there's land, sea, air And cyber. I was just at West Point, my alma mater a little while ago, and the Army stood up a cyber branch, Just like there's infantry and field artillery and aviation, that was one called Cyber. Cadets are graduating in May into the branch of Cyber, they're going to wear this patch, right?
So things are changing very dramatically in the military as well. All again because this is so important to What's underlying society today. And then we'd absolutely see it in business. This is in the boardroom context globally, not just the United States, Globally, when I travel around, I talk to Boards of Directors, which I do quite often, and senior executives and companies. Cyber is one of the top three items being discussed in the Today, lots of top down here.
Why? Because the recognition that the security It's so important for these companies for their reputation, for their business models, maybe even for their very existence, depending on how vulnerable they From an external perspective on how they deal with their customers, right? So it's a super top of mind issue and it's not going to go away, right? So security has become I've been using a term with some of you, you like it or not, I don't know, but doing fabric, right? It is woven Into major technical decisions now, all of them.
It's woven into major business decisions. It's woven into national security and diplomacy. And as a result, it's pervasive. It's important. It's pervasive and it's long lasting.
So to the point I mentioned a little earlier about
Where are we from
a security perspective? I don't know about winners and losers in the market, right? We'll sort all that out. We think we're definitely a winner in that market. But security is going to be around a long time.
Like this isn't going away anytime soon. All this anxiety here about the spending that's going on as a result of this. This is not going away, right? Because back to what I said, this goes right to the heart Of the trust on what our society is built upon. So the idea that this is going to get fixed quickly or that it's going to just abate over time, like yes, we used to worry about that, we don't worry about that anymore, I don't That's the case whatsoever.
So I think it's going to be with us for quite some time. And that creates opportunities for folks who can do something about it. So the second thing I said that matter is And the reason for that is what you think the problem is and how you intend to solve the problem is going to dictate almost entirely what do you do about it, right? How do you think you're going to fix it? And what are you going to build, right, in order To get things done.
So we think that ideas matter a lot in this and we think we're kind of against the grain on this, by the way, because we're very prevention oriented As a company, and I want to explain why that is. And it's because behind all these headlines that we're reading about, it's a battle. But the battle is a it's a math battle, right? What's happening is the cost of compute power is going down. It keeps going down.
That's not going to stop either. It's going to keep going down, right? That's a good thing generally for productivity purposes. But in cybersecurity, what that means is the cost of compute goes down, The ability for a bad guy to launch an attack and launch a successful attack just gets easier and easier and easier, right? So they can launch more and more attacks and more and more of them become successful.
And This is what the curve looks like. And as long as the curve looks like this, it's going to be easier for those guys to do those things. So with that in mind, What we think is if you want to ensure failure in this battle that's going on, then stick with that dynamic. Keep that curve just the way it is. And in the face of an attack and breaches, do more of the same, right?
So Stack up legacy technology, which I think is fairly obvious now, failing left and right. 3 years ago, we knew on a customer and say, your legacy technology is going to protect you, and we get a lot of pushback on that. Like we'd have to prove it to them by running AVRs and things. We're very successful in doing that. You go in today and say, Your legacy technology is probably not protecting you in the face of these attacks.
People are much more open to that, right, because Read about it in the papers left and right and Mark is going to talk to you. I mean, Anderson is going to talk to you about like what are the commonalities in these attacks? What are people doing in those networks and how do we take advantage of those commonalities to sell the Palo Alto solution. But if you want to ensure failure, keep doing more of that. Keep stacking up that legacy technology because when you do that, the next thing you're going to have to do is keep adding more people, right?
Because none of that stuff works together and it just puts more and more burden on the humans, which is the least leverageable resource that Anybody has in this battle, right? And you're going to end up with this Congo line just keeps getting bigger, more people to operate them and try To catch the stuff that falls through the cracks, what do you do with the 2,000 alerts I got today, right? That's a problem. What we have to do is turn the cost curve on its This is the answer. We think the answer, right?
Change the dynamic of what's happening out there. And what we mean by that is we have To make it such that the cost of a successful attack keeps going up and up and up. Ideally to the point where nobody wants there to be successful attacks, There will be, right? Ideally to the point where if somebody is able to launch a successful attack, it works once. It works one time, one place, and it doesn't work anywhere else anymore.
Because if that's the case, then we've completely reversed the dynamic here. Today, the bad guys take a piece of malware, they use it here, there and everywhere, again and again and again and again across the world, but willy nilly and it works in a lot of places. So it's Cost effective for them to do that. Then they take a variant of the malware and they try it again and it works again in a lot of places. So it's cost effective to do that.
So if you can change the dynamic, which is It doesn't work. It works maybe once, right? And then you have to start all over from scratch. You have to write brand new malware. That's not easy.
That's expensive. And that will change the curve on the ability to actually get successful attacks launched. And the only way to do that, we think, is leverage. You You have to get leverage into the system. Lots of ways to get leverage into systems.
I'll talk about a few of them. The one that's most important, we believe, from a technology solution perspective Is prevention, right? Now nobody's going to prevent everything. So Palo Alto never goes in and tells the customer we're going to prevent everything, right? That's not reasonable, right?
But what we do believe, We're telling customers and they believe it and they buy it, is it is very possible to do a very high degree of prevention. And the way you do a very high degree of prevention is you have a very good prevention capability at every single point Where an attack has to be successful in its life cycle for the attack to be successful. There's a misnomer or misunderstanding in cyber Security that all the attacker has to do is get in. That's not a successful attack. What the attacker has to do is get in and do a lot of other stuff to be successful.
And Lee will walk you through what that looks So the idea here is to get a prevention capability every single place where the attack has to be successful. And it's a good capability. And you make it better and better and better. And all those capabilities are native to each other. They work tightly integrated together.
They're completely native to each other, so that it's highly automated. So you get highly automated prevention at every one of those points. And then in addition to that, It's shared. You get an ecosystem, which we have, a very fast growing ecosystem of customers where when we do prevent something, everybody gets that right away, Right. So it's shared.
So the next thing that comes over your network is not an unknown attack, it's a known attack and we can just stop it right there. That's Right. So we think that getting prevention in a highly native automated capability like we have from a platform It puts leverage into the system and it changes the math. And even if you do that, then I said consistency matters as well. You have to do it everywhere.
And you'll hear Nir talk about this quite a bit. You have to do exactly the same thing with the same capabilities in the data center and The perimeter and at the branch office and then the mobile devices and then you have to do it whether I'm operating on prem or in the public cloud or in the private cloud or public cloud, it doesn't matter, No matter what where you are and how you're deploying, you have to have 100% consistency from a security perspective because the place where you're inconsistent, that's where you're going to have a problem, So what we defined or what I just talked about is a platform. And we believe we have The platform that does this. It has capabilities at every single step of the attack lifecycle. Those things have been natively integrated Together, we constantly improve them.
They give highly automated prevention outcomes that goes faster and faster and we share that across the Customer base, which is growing at very dramatic rates, right? So we put leverage into the system to change the dynamics of what the Fundamentals are of what's going on in the cybersecurity battle. And like any good platform, you would want this to be extensible, Right. And we've proven over time that it is extensible. Actually, we're always doing 3 things with the platform.
The first is we're extending its capabilities Depending on what the situation requires. We've done that with Threat Prevention, with UR Filtering, with GlobalProtect, with Wildfire, Now with Traps. And you'll hear Lee talk about additional extensions, right? The second thing is we continually enhance every A portion of this because we can't sit still. We have a great prevention capability.
We have to make it better and better and better and better. And Lee will talk about how we continue to do that as well. And then we want the ecosystem to be bigger and bigger and bigger, which means we're going
to have lots of customers in here.
We're going to share all that information. And in addition to that, we're going to have great technology partners To help us in that as well. So we'll talk through that as well. We know that platforms win. Like we think by analogy, when you think about Companies that have successfully come into large markets and done what I just talked about, I mean, different dynamics, right?
But put a platform in place that really works, like these kind of companies, What has happened, they've been able to capture very significant market share. And for us, that matters a lot because we're in a very large addressable market With low market share today, although we're captioning at very rapid rates. And because we think of this time being so important and long lasting, like I Talked about securities not going away. And we think we have this platform I just described to you. We believe that we can capture not only Rapid market share, but we think we can capture more market share than anybody's ever had in this industry before because it's been a very fragmented market, Right.
All those legacy point solutions I talked about all trying to do one thing or two things and not doing them well at all, let alone doing them together. But platforms win, and they win in A major way from a market share perspective. And we're confident that we're going to be able to capture a lot of market share here. And we can see that playing out. Like You'll see lots of metrics today from Mark, Anderson and Stefan.
But the one obvious one is just the customer count. We've got almost 23,000 customers today. We've been adding over 1,000 net new customers a quarter for 13 quarters in a row. It just continues to it continues to defeat upon itself in a great way. Obviously, this is good for business, right, when you see these kind of numbers.
But when you think about it as security professionals, like Nir thinks about it and Lee thinks About it, right. And Ori and Nadi and all of our really smart technical people. The reason they love this chart is not because it's good for business. They love this chart because of all of the Threat intelligence it brings. When I said it's really important to have the extensibility enhancements and share it, right?
So how do you get that prevention to be done Really fast on a broader and broader basis is you try to see everything you can on a global basis in every single vertical and bring it to bear for everybody. So I don't have to scale out my own network, which is a completely futile attempt to keep up with cybersecurity. I cannot do that. There's no way For one company to keep up with us, right? But when you can bring the ecosystem to bear, now we have a chance, right?
So when they see this chart, they get very excited about Because it's how this is the sharing pool of threat intelligence that's out there. So that's why we like to see these numbers continue to go up into the right. And I also said, you can have It could be a great time in history. You can have a fantastic idea and a great technology and just blow it, all right? So we know that execution matters, Which
is not an easy feat
for us. We're operating at over $1,000,000,000 right now on run rate and growing at very high rates, right? We're adding 200 plus employees into the company every quarter, right? We have customer support that has to keep up. Our customer SaaS scores, you'll hear about, are the highest in the industry.
These are not easy things to do, right? But we care a lot about execution and we think about it a lot. So we invest aggressively and we'll continue to do that across the company. And facing this opportunity to make sure that we get execution right, which means scaling well because we want to make sure that we capture as much of this opportunity as we can As fast
as we can,
but we keep it over time as well because we know that happy customers buy a lot from us and you'll see some of that from Last thing I talked about was results. Results matter, right? So how do you keep score of whether we're more right than more wrong on this Philosophy and platform. One obvious way is look at the market. So what I did here is I just grabbed Juniper, us Fortinet, Checkpoint and Cisco.
And all they did was they took the last 12 months trailing revenue and added them up, right?
Because some of us are
in fiscal years, other ones are in calendar Just to give a sense of size, right? So this is just the last 12 months of trailing revenue, added them up. And as you can see from this chart, Palo Alto is the 4th in just about any second Yes, Rick. About to be the 3rd largest provider in this market. So we're a pretty big sized company, and this is revenue.
And obviously, sales are much ahead of this, right? This is revenue. So we're a pretty big provider. This is our ideas are working in the market, but way more important than the size. I mean size matters, right?
But a bit more important than size is Growth rates. So then this is the growth rate over that period of time for all these companies.
And you can
see, our ideas and Our platform, it's working out in the market, right? Our growth rates are showing that the market is coming very rapidly to Palo Alto Networks. The most interesting thing about this chart when I look at it before was it looks to me like we're in a fast trajectory to be number 1, right, just mathematically, Right. When you take a look at this, given our size today and the relative growth rates, and we're playing for the marbles here. So we intend to be the biggest provider here.
Now size is great. There's lots of ways to measure success. But back to what I said before is, we think We've got the opportunity because of the time we live in and the platform approach that I think is obviously working in the market to capture more market share than anybody's ever had here before. And these growth our size and growth rates would suggest that we're on a fast trajectory to be the number one provider here over time. So and that's what we're playing for.
So we're very, very focused on that.
So back where I started, at
a glance, we think we've got a great time to be piloting networks, Right. And it's not fleeting. Security is not going away, right? The anxiety about security, I don't mean that in a good way, but If you're a provider, right, the bad news is the good news. This is going up and it's going to be around a long time.
So we think we've got a time In which a platform that fundamentally changes the math, it changes the dynamics of what's happening in the market is absolutely critical and we believe we've got that platform. And it's a great business model as well. High revenue growth, hybrid SaaS model, generating lots of deferred, lots of cash And increasing the leverage at times. So we are at a time in this market opportunity, not only are we growing really well, But we're increasing the bottom line as well too because we think that's ultimately what companies are supposed to do. And we definitely want to prove that out from a model So I'll wrap up with that.
Thank you very much again for your interest, for being here. We really appreciate it. I know it's a lot to get people to come on planes to do something like this. So we use your time very efficiently. Make sure you stay for all of Ignite if you possibly can.
And we will end today with Q and A. So if You hold your questions. We won't do them after everyone just to break up the flow, but we'll definitely get to Q and A at the end of the day and reserve time for that. So with that, let me introduce Nir, who I think you all know is our CTO and Founder. Thanks.
Thank you, Mark. So as Mark said in the introduction, what I want to talk about is the platform. And what is the platform? Why you need the platform to secure networks? And why is the platform going to win?
So I'm going to win. So to start with imagine this scenario, imagine the Secretary of Homeland Security coming out with a statement basically saying, We have determined that we cannot stop the terrorists. They are going to succeed. And therefore, we're going to shift all our budget into crime scene cleanup, Right. This is what's going to happen in the streets of America if that happens, right?
Government go do your job. That's your job is to protect us, Not to clean up our malls after someone did something there. And this is kind of what we're seeing in the industry today. What we're seeing is firewall vendors, Firewall helper vendors coming out and saying we've lost to the bad guys. They've won.
You should focus on detecting the attacks as quickly as you can and then remediating That's what we're seeing. And the question is why? Why is that what we're We're seeing from our competitors. Why are our competitors trying to convince the market that you can't stop attacks and all you can do is Tech them and we're going to give you the best detection. We're going to use big data to detect your attacks and we're going to provide you incident Response services to clean it up.
And I really think it depends who you are. Look everybody can detect attacks, okay? Some vendors detect attacks better than others. But let's assume that everybody can detect attacks, which is probably the case. The biggest question is, what are you going to do when you And it really depends on who you are, right?
So starting here from the right, if you are in the CSI business, Yes. Meaning you wait for someone to call 911 and report that there is a body and your job is to come in and figure out who attacked you And why you're being attacked? What is it that they stole from you? Then that's what you're going to do, right? You're going to wait for one of your Customers to find out or to receive a call from the credit card company and credit card issuer.
And the credit card issuer is going to tell them, look, we've seen hundreds of thousands of people that shopped with you Having their credit card number compromised and you're the common dominator to all of them, so maybe someone stole credit card numbers from you. And there you're going to call CSI and you can all know who CSI So in our businesses, you're going to call CSI and they're going to come in and say, oh yes, they stole credit card numbers from you, 70,000,000 of them and it's kind of too late, but that's all you are, that's the best you can do. Or you can be like Inspector Clouseau over there from the Pig Panther, who sometimes is really, really, really lucky at stopping the bad guys, But that's if you're in the right place at the right time, right? If you have an IPS for example and the IPS somehow had a signature for an Sure for an attack because the attacker decided to use an exploit that everybody knows about then sometimes you get really, really lucky and you'll be able to stop the attack, but Usually not. Usually you'll have to call CSI to come in and clean up the scene for you.
And you can also try to be Jack Bauer, right? You can try and go and stop Each and every attack before it happens and do whatever it takes. You can use traditional and non traditional methods to go and stop the attack and actually stop them. Now I'm not saying that we can stop all attacks and I don't think we can stop all attacks. I don't think the Department of Homeland Security Can stop all attacks.
But what I think we can do and Mark talked about it is we can make it so expensive to attack by stopping the vast majority of attacks that it won't make financial sense for the attacker to attack you, okay? And this is really our Our goal is to increase the price of an attack to a point where it just doesn't make sense to attack. And the only way to do that is to beat Jack Bauer, Right, is to go and stop the attacks, whatever it takes before the attack happens. So the question is, why isn't anyone there? Why isn't Talking about it.
Why are we seeing our competitors coming out and saying, no, you can't do it. All you can do is detect and remediate, detect and clean up, sometimes you'll be lucky. And I think that the answer to that is that in order to stop attacks, you have to be in the position to stop an attack, right? You need to be able Stop attacks, right? David Caruso from CSI Miami is not in a position to stop attacks.
He's always being called after the attack has already happened. Chuck Bauer is in a position to stop attack. In our world, in order to stop an attack, first you have to be everywhere, okay? Because sometimes The attack will happen or you'll be able to detect the attack or you'll be able to prevent the attack at the perimeter. Sometimes you'll be able to do it at the data center for north to south Sometimes we'll be able to do it in the data center for ease to waste traffic.
Sometimes the place to detect the attack and to stop it will be in the branch office. And by the way, you don't detect and prevent Attack at the same places. Sometimes you'll detect it in one place, but the time you've detected it some time has passed and you have to stop it somewhere else where the attacker is right now. And you have to and sometimes the right place to detect attack or to prevent attack is on the endpoint and sometimes it's in a virtual data center and sometimes it's on Amazon and sometimes it's in a SaaS Application that Hacker was going after, but the bottom line is you have to be everywhere in order to stop the attack. And if You aren't anywhere, you won't be able to detect all attacks and certainly you won't be able to stop all attacks.
So you have to be everywhere and you have to be there all the time, which means you have to be the Firewall and you have to be the endpoint. The only network device that is everywhere, meaning in all these different places that I talked about and is And is in a position to stop attacks is the firewall. Other things are either not in a position to stop attack because they just listen to the network, they're Running in line or they aren't anywhere or the most common cases they're both. There are devices that listen to the traffic and they're just in few select locations. They're not everywhere that you need to be.
And of course, you need to be on the endpoints because that's where the attacks actually happen. And some of the steps of We'll talk about it later. Happen on the endpoint, if you want to stop an attack and at the time you know about the attack, the attack happens to be on the endpoint, you have to be on the endpoint to stop it, Which I think really explains why many of the competitors out there aren't even saying that you can stop attacks. The reason they don't talk about stopping attacks Because they know that they are not in a position to stop attacks. The world really is working down to 3 different companies, okay?
They are the firewall helpers. Their job is to sit behind the firewall and help the firewall do its job. And every few years, we have a new firewall helper that everybody here likes and Likes to buy, likes to cover, likes to recommend the stock and so on. And then a few years later they disappear, right? In the mid-90s it was ISS, IDSS, Right.
Everybody loved ISS. Their stock were flying high and they disappeared, right? And then it was your filtering, right, WebSens. And then it was proxies, Blue Coat and now it's APTs, right? And the reason these companies Come and the reason this company is go is because all they can do is sit behind the firewall and help it detecting attacks.
They can't stop attacks. And because they cannot stop attacks and because ultimately what the customer wants is to stop attacks, they don't want CSI to come in and clean up the attack. They want Chuck Bauer to go and stop attacks for them, those companies disappear. Now unfortunately for these companies is that they were dealt a really, really bad hand because they don't have a firewall. So that's the best they can do.
And that's why the CEO of APT Companies would come out and say, You cannot stop attacks, sorry. All you can do is prevent all you can do is detect them and then you can call the Ghostbusters or CSI to come in And clean up the attack. That's the hand that they were dealt, okay? So that's what they're going to preach. But that doesn't help anyone, Okay.
Detecting the attack after the fact and bringing in CSI to clean up the scene doesn't help anyone, which is why we don't we think that's like History shows those kind of companies will come and will go. Now what about the traditional firewall vendors, right, the Checkpoints of the world. What about the UTM vendors, the application excuse me, the UTM vendors, The blade vendors, there are different names for that. The problem that they have is that they have lemons, okay? And those lemons can't make lemonade, because what they did Is they took a bunch of different components, usually from different places and stuck them together in a box on top of a firewall.
Again, some call it UTM, some call it a blade architecture, hardware blades, software blades, software UTA modules, hardware UTA modules. The common thing to All of these is that these are separate products that were stuck together or were crumb together into a single device. And I'll show you now why they can't stop attacks. They can barely detect them and they cannot stop them. And the reason for that, let's look at one example, okay.
All the UTM blade vendors claim that they have a sandbox And they do. They have 0 market share, but they have a sandbox. And the reason they have a 0 market share is not because the sandbox doesn't work, it's because it's useless. And the The reason it's useless is because it's UTM or it's a blade architecture. So let's say that your sandbox has just detected a piece of malware trying to go to the network.
You might think that this is where your problem then, hey, I just detected the malware. No, this is where your problem actually begins. And the reason this is the moment Your problem actually starts is because of what you need to do when that malware came in. So usually at the time you see the log tells you that the malware just came in, it's too late. But let's say that it's not too late.
Let's say that the attack is still going on and you have an opportunity to stop it. Now the malware is already in, you can't stop it there. But there is another phase that TAC is currently running and you're a firewall, right? I mean, you're UTM, you're a firewall, you're everywhere. You have an opportunity to stop it.
What you need to do at that point is to take that piece of malware you just found and create prevention mechanisms from it, right? You need to A piece of malware and create anti malware signature from it and distribute those signatures to all your network and all your endpoints. You want to take that piece of malware, Look for the command and control connection or the probing connection that the malware generates when it's trying to connect back to the bad guy and distribute those Command and control signatures to your IPSs. You want to take this malware, look at all the domains that the malware is trying to resolve to figure out where the bad guy is And send those domains to your firewall, so that your firewalls can block these domains and your firewall can block any attempt to resolve these domains. And then in many cases, in almost all cases, the malware will be using HTTPS to communicate with a bad guy to download more pieces of the malware, what they call droppers.
And since HTTPS is involved, URLs are involved. So you want to take those URLs that are involved and add them to your URL filtering solution. Well, if you're a Blade vendor or if you're a UTM vendor, you can't do it because your anti malware comes from Kaspersky and your URL filtering comes from WebSense and your IPS is something that you bought a long, long time ago and nobody knows how it works and your firewall is completely separate from And domains, you don't deal with domains, you leave that to some other vendor. So you can't do it. So your customers end up having to do it manually.
Your customers have to take And do it manually, which takes many, many hours, if not days for each malware, which means that your customers need to hire armies of security experts And run them all the time and it just doesn't work. So nobody does that, okay? A UTM vendor can't do anything about it. They have lemons. They have a bunch of different products from different vendors that they just come together into a single box.
How can they do that? They can't. So they can stop the attack. Even though they know about the attack, they just found a piece of malware. They're in the right position to stop it.
They don't have this thing that It allows them to take the malware and reprogram the infrastructure to stop the malware. They can't do it. That's what platforms are supposed to do, okay? When you have a platform, a platform can take a piece of something new you just Covered somewhere. I gave you an example of a sandbox discovering a new piece of malware.
It can be a URL filtering solution discovering a new website that's Infected. It can be many different things. But a platform allows you once you discover something bad to immediately take it And convert it into prevention mechanisms and distribute those prevention mechanisms to all your endpoints and all your networks In order to stop the attack while it's happening, okay? That's what platforms do. And how do they do it?
That's the 3rd approach. That's the Palo Alto Networks approach. And how do you do this? There are really 5 steps that the platform has to take in order to stop attacks. The first thing that the platform does And that's probably the only common thing here that other vendors do as well is to stop non threats, right?
We've been stopping non threats forever. All our competitors have been focused on stopping non threat forever. If you know about it, you should stop it, okay? Now comes the unique part to Palo Alto Networks, the part that I just haven't seen anywhere else. That part talks about the next step is collect information from both And the endpoint into a central location, we call it a threat intelligence cloud, so that there you can find new attacks.
What information do we collect? As much as we can, as much as our customers are willing to send to us. Today they are sending to us all the files on the network. We call that wildfire. They send all the URLs that their end users are accessing.
We call that PANDB or our URL filtering service. We ask our customers To send DNS information to us. And every release of our product, we add more and more and more things that we're asking our customers to send to us. They send it from the endpoint. They send it from the network all to a central location where that information can be processed.
And that's really step number 3. And I'm going to talk more about Step number 3. Later, but step number 3 is this magic thing that takes this information and somehow in all that information Text things that you've never seen before, right? I mean, it sounds weird. How do you take information and in that information you detect attacks that you've never About before.
I'll show you how. I mean there are multiple ways of doing it. I'll show you at least 4 of the ways that we're using for that. And once you detect the attacks, once Once you detect those attacks that you've never seen before, you just detected a new attack, a new threat. What you want to do with it is to convert it to all those different prevention mechanisms I talked about before and very Quickly distribute them, not just to the customer where the information that led you to discovering the attack came from, but to your entire customer base, Right.
You want to disseminate those prevention mechanisms to everyone in to your entire customer base. And then the Next step is to stop this attack that was unknown until a few minutes ago. Now it's a known attack. It might be in a different phase. You might have discovered it in Phase number 3 of the attack.
And now the attack is in phase number 7 and Lee Clark will talk after me about those different phases. But since you're the firewall and you're the endpoint, you're sitting Everywhere and you have all these different prevention mechanisms and you reprogram them, you have a good chance of stopping the attack at Phase Or 8 or 9, right? If the attack is at phase number 7 in my example. This is really something that's unique to Palo Alto Networks. You can't get that in UTM.
You cannot get it in a blade architecture. You can't get it, of course, if you're a firewall helper. To do this, you have to be the firewall, You have to be the endpoint. You have to be deployed everywhere and you need to have full control of your entire technology. You need to have what we The single pass engine.
You need a single engine that you can reprogram with all those different things, so you don't have to wait for Kaspersky or WebSense or any of your partners to reprogram their prevention mechanisms in order for you to be able to stop them. You need to do what Palo Alto Networks has been doing for the last 9 years been selling for the last seven and a half years in order to do that. And nobody does that. Nobody has the technology to do it. They're all stuck with an old firewall and a bunch of blades Sitting on top of the firewall that don't even talk to each other.
And that's why we're winning. That's why we're winning in the market. And that's why platforms Winning the market. So the next thing I want to do in the last 8 minutes I've left is to talk about step number 3, which is How do you detect things that you haven't seen before? How do you know that something that came in that you have no information about is bad?
Well, there are multiple ways of doing it. On the left, URL filtering for example is a good way to do it. If you provide the URL filtering service to your customers, That means that every time an end user at any of these customers visits a website that you've never seen before, The firewall has to query the cloud and say, I've never seen this URL before. What is it? You do it usually for HR reasons, right?
I mean the answer that you're expecting is, it's pornographic Content, it's banking, it's healthcare, it's gambling, it's weapons related. And then you make an HR decision whether to allow it or not, right? I allow my I don't allow my employees to go to pornographic Websites to weapons and gambling related websites, I allow them to go to financial services and healthcare. As a side effect Of knowing about all these unknown previously unknown websites is that you can have automated Processes go and visit that website and check whether it's good or bad. How do you do it?
With the sandbox, with other ways. But the bottom line is whenever a new website pops up Any of our end users, any of the end users of any of our customers that are using our Jura filtering service go there, we know very quickly where that website whether that website That's good or bad. And if it's bad, we'll immediately reprogram all the networks and all the endpoints of all our customers that subscribe to these services in order Stop a potential attack that might come from that website. We'll even of course program them to block any access to that website if that access hasn't happened yet. The second way in In the cloud to stop to detect a task that you've never known about before is sandboxing.
Not going to get too much into it. In the sandbox You take whatever it is, a document, an executable, you open it. If it does something bad, then it's bad. If it doesn't do anything bad, then it's probably good. And the 3rd approach in the cloud is by collecting domain names from our customers, we can correlate those domain names that we've never seen before to domain names that we've not That we've seen before that we know are bad.
We see where they point to when they were created and other things. And we can very quickly determine that our malware domains even though we've never seen them And there are other things that we do in the cloud that are similar to these in order to use the information we collect from our entire customer base To detect things we haven't known about before. And again, the important thing that is unique to Palo Alto Networks is that extremely quickly that information turns into prevention mechanisms that are To all our customers to all their networks and all their endpoints such that if an attack is going on right now and We can stop it at whatever phase it is at this moment. Lee will talk after me about an exciting new thing that we're doing, which is very big for us. And that thing has to do with Okay.
He will explain to you what's the customer direct customer revenue of the thing is I don't want to expose too much. But given that, remember, our goal is To make attacks expensive, okay. Our goal is not to stop attacks. Someone is very, very persistent. They'll eventually find a way to Okay.
That's a given. The question is how much money they'll have to spend on the way. And if the amount of money they have to spend on the way It's so high that it makes the attack economically unreasonable. They just move somewhere else, right? So we think that One of the effective ways to do it has to do with the fact that attackers are lazy.
Bad guys in general Lazy, right? I mean, the reason people become criminals is because they're lazy. If they weren't lazy, they were doing what we're doing, which is work. Because they're lazy, they're criminals. They're Trying to find shortcuts to attack you.
And the nice thing about it is that what they tend to do because they're lazy, at least in our world, In our cybersecurity world is to take something that was done before and modify it a little bit. Meaning, it's extremely rare That an adversary would be developing a new piece of malware from scratch, deploying a new command and control infrastructure from scratch and doing Everything from scratch. Number 1, they're lazy and number 2, it's extremely expensive to do that. So what they do is they buy toolkits on the Internet, Either the Internet or the dark net for developing malware, for developing exploits. They take a piece of malware That was used in the past that they modify either used by them or used by someone else.
They modify or they use something that's already existing. If we can get them to a point where they have to develop everything from scratch with each and every attack, and remember they need many attacks in order to be successful against a specific target then we win. And the question is how do we do that? Okay. How do we force them to do Everything again from scratch, every time they want to attack someone.
And the answer is, I hate the term big data, but we'll use the term big data here. The answer is big data. And big data is something that's been used too much. Everybody that has a huge database claims that They're doing big data. That's not big data.
In reality, big data is not having huge database. In reality, big data is about having a lot of information about what's good and And what's bad and determining giving something new whether it's good or bad based on that information. Right? Your car manufacturers are doing it today. Your car manufacturers are collecting a lot of information about your cars.
It's easy for them to collect information about problems, right? If you drive your car into a dealer and you say my engine blew Then they can read all the sensor information, all the log and send it to the car manufacturer and the car manufacturer can see, okay, this is what happened before the engine blew up. That's useful. But it's much More useful if the car manufacturer also get a lot of information of what happens when the engine doesn't blow up. That gives them more information about what is it that was leading to the engine blowing We're using it in cancer research today, right?
What they do is they take genome sequence of sick people, they take the genome sequence of healthy people and they find genes or whatever That is causing this disease. They don't know how the gene is causing the disease, but they know that if they see it in a lot of sick people and they don't see it in any healthy people, then it might be a gene that 1st, we can use to identify the propensity for having the disease. And number 2, maybe through gene therapy, we can see we can cure the disease, Okay. The same thing can be done in security. If we collect enough good things and we collect enough bad things, I believe that given a new thing we can very quickly tell whether it's something that we've seen in the past.
Meaning whether whatever it is based on something that We've done in the past. And if we can do that, we can force the bad guys to develop a new thing, something new from scratch Every time they go to attack us because if they're going to reuse something that was used in the past, we'll know about it immediately. Now to do that, As I explained, you have to collect not just the bad things which a lot of vendors out there collect, right? I mean if you're an APT vendor today, your customers will be sending you all the bad It's as important to collect all the good things on the network, the non malware. So you can very quickly compare the non malware to the malware given a new thing I know whether it's an attack or not.
And Lee will talk more about it in his segment and much more about it, I think during the Ignite conference. So If we do that, I'll reuse the slide that Mark was using, we can get to a point where we can drive the cost of a successful Hi. And drive the number of successful attacks down. And to do that, you need to be a platform, Okay. You need to do the things I talked about before.
You need to be the firewall because you have to be everyone in the network. You need to be the endpoint. You need to have the single pass engine. You need to control all the aspects of your technology, so that if you detect something bad With one technology, you can reprogram the entire network and the entire endpoints, another set of endpoints to stop that thing. And that's a true platform.
I don't know about any other company that has that. And I truly believe that there is an opportunity for someone in our space to take a market share In our space to take a market share that you've never seen before anyone taking in this industry, If you have and of course for that you need to have a platform. If you can show customers that you can stop attacks and you can make it so expensive to attack them. And as Mark said, we certainly intend to do that. Thank you very much.
So next will be Lee, our Vice President of Product Management, who is going to tell you what we actually
All right. Yes, I always have the pleasure of following Nir and Getting to explain the things that he says. So today is no different. In fact, every day of my life is spent doing this. So you heard both Mark and Nir talk about prevention, which obviously we believe very much in as And from a product team perspective is what we wake up every day thinking about how we get better and better at that.
You heard Nir explain why A platform is required to do that. And so what I would like to do today is to basically go one level deeper and describe a little bit more about how we do that at all stages of the platform, talk about some of the unique ways in which we approach this and along the way, do what Mark was talking about of Getting to give you a preview of a new service that we're announcing to our customers this week at Ignite, talking about how we are constantly raising the Raising the bar in our prevention capabilities. And finally, talk about how we're expanding the ecosystem. All right. So to get started, I wanted to give you just a quick refresher on something we've talked to you about before, which is the attack lifecycle.
Now I'm not going to go through all the details of this, but it is important as a backdrop for understanding Our approach. And at a high level, there's a couple of important points I want to make about the attack lifecycle So the first thing is an attacker doesn't just have to do one thing successfully in order to carry out a successful attack. The attacker has to carry out a number of steps. What I've shown here is 8 different steps, although sometimes it might be more or less. But typically, it's a significant number of steps, all of which have to be successful for the overall attack to be successful.
The second key thing to understand about this attack lifecycle is that the attacker does have some flexibility as to how they combine things together. They don't necessarily have to go through steps 1 through 8 in order. They can do them in slightly different orders in some cases. And in some cases, they'll actually repeat steps multiple times in order to avoid another step. Now why are those two things so important?
Well, the first thing is it tells us that we have to do prevention at all stages of the attack. Why? Because if we only focused on The attacker is going to find a way to combine other steps to get around that one prevention technique and you will not be able to prevent those attacks. So 1st and foremost, you have to be doing prevention everywhere. The second thing it tells us is There's a very interesting compounding benefit of doing prevention at every step.
Now what I mean by that, imagine if at step 1, We could prevent 90% of exploits. 90%. Stop 90%, 10% go through from a percentage That wouldn't be great actually. It's a lot of attacks that are getting through. What if in the second step we could do 90% prevention as well?
Well, because of the compounding, the benefit of doing 90% twice means you get you actually get to stop about 99 Under the attacks. Now imagine you keep doing that across this entire attack lifecycle. The compounding effect is amazing at raising the prevention rates. So if we can do prevention everywhere and everywhere we make the prevention better, that is Opportunities that the attack lifecycle gives us, okay. So what does that mean?
Well, We built a platform for all stages of the attack lifecycle quite simply. So what do we do with that platform? 1st and foremost, we do prevention. Everything we do focuses on how we not only detect, but we prevent everything that we can. This is across the different three stages, the three elements of the platform.
But even within certain within features of a element of the platform, we're constantly focused on how we can do prevention. We're constantly focused on how we can do prevention. 2nd, we've come to understand that tightly integrating these different functions Together is one of the best ways to raise that prevention capability. As Nir talked about with Wildfire, Wildfire doesn't just make us Better at malware prevention. Wildfire makes us better at URL filtering.
It makes us better at IPS. It makes us better at blocking known bad domains. It makes The rest of the platform is smarter as well. And so we're constantly looking at how we can integrate and automate these capabilities together. And lastly, we built the platform To apply to all applications, all users, all devices all the time.
And the reason this is So important is because attackers will find the weakest entry point into a network. They're not going to attack the hardest point, they're going to attack the weakest And so if the platform doesn't apply to every stage of the attack lifecycle, the attacker will find those weak And they will take advantage of it. Okay. So now what I'd like to do is walk through each of these three aspects of our platform, Go into a little more detail about what we do and why it's unique and along the way, as I said, share with you new services, Improvements to existing services and extending the ecosystem. So let's start at the top.
Let's start with the threat intelligence cloud. Quite simply, what this does is it ingests information as much as possible. We use this information to discover new threats And then as rapidly as possible, we disseminate that information back down to both the network and the endpoint to do prevention. In its simplest form, that is what the threat intelligence cloud does. And in fact, this is one of the areas where we've shown great execution at being able to extend the capabilities of the platform In a highly automated integrated way.
In fact, one of the great examples of how we've done this is Wildfire. Wildfire launched a little bit over 3 years ago It went from basically no customers using it to today 5,000 plus customers using Wildfire. And what it basically does is It is the service that collects as much information as we can. It started with executables. We added a bunch of other file types.
We've added URLs to it. There's a whole bunch of analysis in the cloud itself in order to do what Nir described as if it does something bad, it's bad. It's a little more complicated than that or sophisticated than that, but that's basically what it does. And then when it finds something bad, it quickly reprograms that infrastructure, both the network security And endpoint security infrastructure. That's what Wildfire does.
Now aside from the business success with Wildfire, From my perspective, even more importantly, is the success of Wildfire in terms of its technical capabilities. And in fact, if I was standing here last year, I would have been talking about how great Wildfire was scaling because we were able to see roughly 250,000, 300,000 unique samples every day that we were analyzing inside of Wildfire, Which at the time actually seemed really great, but guess what, over the last year Citi, processing capacity of wildfire and the amount of information we see every week has grown 1500%. Last week, we analyzed well more than 20,000,000 unique samples within wildfire, Unique, no duplication. And out of that we discovered well more than 200,000 new unique pieces of malware And of that, the majority of it when we discovered it, nobody else had seen before. We were the first.
In fact, we actually track that last metric over time and we find that even after a week, Most of the malware is still only discovered by us. Wildfire is able to process a mass That information, find new targeted unique threats that no one else is seeing. Now from the customer perspective of this, imagine trying to be an end user building out capacity to process 20,000,000 samples every week. Imagine you somehow figured out how to get there and you're looking at this curve thinking about what investment you need to For the next year. It's not possible.
We can do it because we're aggregating across the entire customer community. We can do it and we can plan out for the next year, the next 2 years the capacity we're going to need To be able to continue to process everything that we see from our customers very rapidly, find the threats and disseminate the known bad disseminate the information to then prevent them and reprogram the infrastructure. We can do it because we're doing it for our entire customer In addition to that, there's another benefit that's probably even more important to our customers. It's the network effect. Every time we add a new customer to Wildfire, everybody else benefits because we don't just reprogram the infrastructure of the customer that sent us the malicious file Begin with, we reprogram everybody's infrastructure.
So I tell customers, whatever you send us, you're going to benefit from the 4,009 199 other customers using Wildfire today and they're going to benefit from you and every time we add more customers, it adds to that ecosystem, it adds to the network effect. Now this is Wildfire. One of the interesting things that Wildfire has given us is a massive amount of data, as you can see. And so we asked ourselves the question, can we use this data to do something other than what wildfires initially intended to do? Can we use this data to find the most important threats, the targeted threats, the advanced attacks?
And let me give you an example of what I mean by that. So this is a real example. The only thing I've changed is the name of the company. So Company A is made up obviously. Everything else actually is true here.
So Company A represents a Fairly large enterprise in the United States that was somewhat recently breached very publicly very bad. Now We were able to get a copy of a piece of malware that used Net Attack. We weren't on the network, but we traded and shared and things like that. So we Got a copy, but we ran in Wildfire. And Wildfire did exactly what we would expect it to do.
It identified it as malware. And what you see in the little dots there, these are just a handful of what is actually a pretty long list of what we call artifacts. Artifacts are the things that we See, when we run a file in Wildfire, we analyze, we collect everything that's unique about that and we store it. This is just a sample of what we would Now this particular piece of malware is basically a fake VPN client. Somebody tricked the user into downloading it thinking it's a real VPN client.
It actually was a piece of malware, The machine, the attacker had control of the machine, they used them that compromised to then move laterally within the environment to steal a whole bunch of data. That's basically how this attack works And that adversary down there did a lot of damage with this. Now interestingly enough, When we're looking at that, we're also looking at a different company, different industry, different piece of malware, Slightly different set of information. We ran that particular piece of malware. But do you spot the commonality?
Both of these files when you run them Create this installer. Exe in the temp folder and specifically temp microVPN installer. Exe. Now You may wonder is that was that interesting? Turns out this is actually highly unique across the 100 of millions of good and bad files that we've ever seen, that is unique.
How do we know it? We know it because we store 30,000,000,000 artifacts like these from all the files that are analyzed. We know whether they're associated with good or bad files and we can very quickly correlate Information. Now we went out and talked to our customers about this and said, so imagine we could do this. Every single one said that would be fantastic Because you know what we can do with this information?
We know a lot about Company A and the breach that happens. And because of the association, we now know a whole bunch about Company B that we otherwise wouldn't have known. The malware in company B by itself is malware. But when we can tie it back to the malware used in the company A breach, All of
a sudden we know a whole
lot of information about the adversary, what they're after, how bad they are, how sophisticated they are. So all of our customers said that would be really great. Can you automate that? Right. Imagine trying to do this manually.
That's what we did. This week at Ignite, we're announcing a new service called AutoFocus. This service will take All of the information we have through wildfire, through our Eurofiltering Pan DB service, through Our threat prevention service through feeds that we get from other sources, combine that into one location, do all the correlation, Automate a lot of the processes that you just saw me walk through manually there in order to find the targeted and unique events that are happening on our customer networks. In order to prioritize the stuff that really matters separate from all of the noise. Now, while we do that, there's actually interesting side benefits to this.
We also get to provide our customers with context Around these interesting indicators of compromise. So very quickly, indicators of compromise are typically IP addresses, URLs, the Things that the FBI issues and says if you see this IP address is bad, they don't tell you anything else. Imagine we could provide our customers with, oh, That indicator compromise is associated with this adversary. We typically see it in these verticals. We typically see it with these other things as well that you might want to look for, Right.
So build the context around these other pieces of information and that would include incidents as well, providing the context to understand how all of this works. So this is autofocus. Now just to show you this in a little more detail, let me walk through just a very quick demo so you can Get a feel for what the customer is going to see. So this is a sample. This is actually the malware used in the target breach.
And what you'll see is when I click on the connection activity, the first thing that is highly unique about this particular piece of malware Is that it connects to private IP addresses. So private IP addresses are addresses that you can't get to across the Internet. So why is that interesting? It means the attacker was already in the network and this malware was designed to connect to To a server that they already knew where it was and what IP address it had. In addition to the private IP addresses they connected to, We noticed a very unique service activities, process creation that if you look very closely has only been seen in 2 Pieces of malware and has never been seen in any good files that we've ever analyzed, meaning it's highly unique to this particular attack.
And what we're able to do with that is we're able to create tags of that information and those tags are then used to identify any other Piece of malware or file that carries that same process activity. So anytime we see another piece of malware that has that same process, We can immediately correlate it back to the target breach and know that it's related to whoever launched that attack. Now just to contrast that, commodity malware is also interesting to be able to identify in And segment off and say that's commodity, I know what to do with it. In this particular demo, we'll search for the clues malware, which is a Very prevalent, malware family as you'll see in a second. It's tagged, which makes it easy to find, pulls up The samples, and you can already see 1,900,000 samples.
These are unique samples, by the way. So that's how many different variants So this single piece of malware exists in the world. And if you look at the statistics, the thing that's really obvious about this is it's everywhere. It's everywhere from a time perspective, it's everywhere from an industry perspective, it's everywhere from a global perspective, you'll see in the map in a second. That basically gives you the two ends of the spectrum.
Now what we're able to do with this platform, as I mentioned before though, is Everything that I just talked about can be uniquely tagged by our threat researchers, by our Unit 42 organization, but also our customers can do the same thing. So very much like wildfire, there is a community and network effect that we will be able to build around this service, where our Customers, their security intelligence operators will be able to actually come in and add to the intelligence we have within this platform and share it with our other customers. And because of that and very much like wildfire, we will initiate this access to the service as a community access meaning we'll open it up Free to our customers for a period of time and helps in building that initial network effect. And then from there, we will move to a New service will be selling this fall. Okay.
Fantastic. So that's the new Extension to the security platform, the new service offering. I now want to talk about how we continue to focus on enhancing the prevention capabilities in Platform. And for this, I'll talk about what we're doing from advanced endpoint protection with Traps. And Traps is obviously critical because Several of the attack lifecycle steps happen on the endpoint itself.
And so endpoint security is very important. 2nd, It's primarily important because we've built new technologies that really focus on new ways of doing prevention, Not the old stuff that clearly doesn't work. And of course, tightly integrated with the threat intelligence cloud. Now to talk about Traps, I want to take a quick step back because I often get questions, what's an exploit and what's malware? And this is my attempt to simplify it down to the core of it.
An exploit is basically, the use of software vulnerabilities to run the attackers' code. Now usually the attackers code in these cases is relatively small, designed to perform just a few tasks. Often the task is connect to the attacker and give the attacker full control. As an example, probably the most recognized exploit used in a breach is the RSA attack. That exploit was delivered as part of an Excel file.
When the user opened up the Excel file, it looked like a normal Excel file. What they didn't realize was in the background, the exploit was compromised the machine and giving the attacker full control of their machine, which was then used to move laterally within the environment, get source code, Exfiltrate it. That's an exploit. Exploits can be delivered typically in files or over the web. Malware is a little bit different.
It's basically the full application does lots of bad things whatever the attackers program the malware is able to do. And malware is what we hear more about. It's more prevalent from a volume perspective. And it's like the example I showed you with Target. Malware, actually multiple pieces of malware were used to carry out the target bridge.
So why is this important? It's important because the legacy approach to endpoint Security. Pretty much 100% of the legacy approach has been focused on 50% of the problem. It's And focused on malware prevention, not the exploit prevention. And even the 50% that it focuses on, it's not very good.
No. I don't have to tell you that because the vendors that actually are in that space have told you that publicly. A year ago, one of the major vendors in the They said that they thought they could prevent 40% of malware. I actually think they might have been being generous, but it's okay. 40% is not good.
There has to be something better and that's Traps. First of all, we focus on both And malware, both are important, not just one. And as you know, with exploits, we focus on blocking the exploit techniques, which allows us to prevent even attacks we have no prior knowledge Malware has primarily been wildfire integration, which is a great way to prevent malware and to find new malware that we haven't seen before. And this week, we're sharing with our customers the latest Traps release where we're extending both of these capabilities. Exploit prevention is we're adding 3 new exploit prevention modules.
These modules are designed to prevent techniques That we are starting to see in development that we think somewhere down the road attackers will actually start to weaponize. And so we're building the techniques in advance of these techniques actually being used in the wild, exactly as we told you we'd be doing when we first brought the On the malware side, we're enhancing the wildfire integration to better handle unknown applications in addition to known bad and known good. We're adding execution restrictions, which allow us to only allow files to be run from known good locations, signed applications as well, Basically reducing the surface area of attack. And finally, we're adding the first of behavior based detection and prevention mechanisms on the malware Think of it like the exploit techniques on the exploit side, but for malware, we're adding the first of these modules that focus on the actual techniques without regard to the actual file itself. So building up and enhancing the prevention capabilities and finally, Extending the ecosystem around this platform.
The ecosystem is very important because it helps our customers leverage the full power The platform and tie it into other tools they have. We have this with partners like Splunk and Aruba. And extending that ecosystem simply makes our platform more permeable and Simply makes our platform more permeable and spread across our network more easily. And so I'll talk about that in the context of the next gen firewall. But first, I want to reiterate something a couple of very important points about the next gen firewall.
1st, To actually do security, you have to do security, which sounds like a really obvious statement. But it's surprising it may be surprising to you that Many of the network security products, particularly firewalls, actually don't have core competency in security. Nir talked about this actually. Many of the security techniques are outsourced, They're OEMed, but they're not core competency. 2nd, in addition to doing the things of preventing known attacks, detecting unknown and that loop that Nir talked about, The first thing you actually have to do is you have to reduce the surface area of attack.
This is really important And it's a concept lost on a lot of people. The reason it's important is because if you don't do this, the attacker can evade Steps 2 and 3 very easily. If you allow me to run Tor across your network, I can do anything I want to Because Tor uses proprietary encryption. Do you allow me to run Ultra Surf? Same thing.
Do you allow me to run encrypted BitTorrent? Same thing. There's a set of applications that are just bad that use proprietary encryption to bypass all of the normal network security capabilities. And so the first thing you have to do from Security perspective is you have to reduce the surface area of attack. You have to limit what applications your users are allowed to use to just those applications that business Actually needs.
And once you do that, you then obviously have to safely enable them. And part of that for things like SSL and SSH includes decrypting them, Which is something that Palo Alto Networks was really the 1st network security vendor to do. This is important because you decrypt SSL, you then apply all of the same network Security functions to that traffic, do you apply to anything that's not encrypted? That has to be done. If you want to have any Hope of doing decent prevention and from a network security perspective, you have to do that.
And these are all hard security tasks to do. 2nd thing you have to do is you have to do in the firewall. You have to do in the firewall for 2 very simple reasons. You have to do in the firewall because prevention has to be in There is no form of prevention that's not done in line. 2nd, It has to be the firewall because the firewall is the only device that is deployed pervasively throughout the infrastructure at the data center, at the Internet gateway, at the branch office, In front of cloud applications.
And so the combination is what's really important here. The combination is what a next gen firewall has to be able to do. Now I want to focus on the last aspect because it's very important. This idea is that the next gen barrel has to apply to all Traffic. There's a couple of trends that are very important.
First is cloud computing or virtualization. As applications have moved from static servers to dynamic virtualized servers within the private cloud, As they then move up into the public cloud as well, and in some cases move into SaaS environments, the common thing about that is the application is moving. And in order to provide the same network security capabilities to those applications, you have to move with it. So from a private cloud That's why the NSX integration with VMware is so important. It's how we move to the east west visibility and security within that data center.
It's why our integration with Amazon and other public cloud providers is so important because when the application moves up into the cloud, the same consistent security has to move with it. And When the application moves into a SaaS offering, we have to apply the same security capabilities to that traffic as well. Similarly, from a mobility perspective, so you have applications moving out the network, but you have users moving off the network too. Users taking laptops and traveling, All of you are either on a laptop or a mobile device right now. In either case, you're not actually on your corporate network Receiving your normal corporate network security capabilities, but you should be.
The same network Security functionality should apply to all users and all devices all the time, because otherwise you lose Several of those steps in the attack lifecycle where you have a prevention opportunity. So the network security has to follow the user. This is why GlobalProtect is so important. This is why granular application segmentation on mobile devices is so important. This is why it's so important to secure Android Devices from the malware that exists out there that we're seeing every day of every week.
And so it's in this last point Where we have a new technical integration partnership where we're extending the ecosystem with AirWatch. AirWatch is the leader in enterprise mobility management. Over 15,000 customers use them to manage their mobile devices. We have great mobile security capabilities that need to be applied to all of these mobile devices. And so the technical integration that we'll have with them will allow us to leverage their management capabilities with our security capabilities to extend The security, the full power of our platform to these devices.
They'll be able to manage our GlobalProtect app. They'll be able to share context from these mobile devices with us. We have more intelligent security policies applied to mobile devices. And lastly, they'll be able to integrate directly into Wildfire to detect and prevent new Android and mobile malware. This is a technical partnership that we'll be introducing to our customers this week that we expect to be available in our products, the late summer timeframe.
Okay. So as I look ahead, There's a couple of very important things. First, the right platform, the right foundation. This is important because it allows us to build up New capabilities that allows us to enhance the prevention capabilities we have. It allows us to extend through the ecosystem partners.
And I believe we have a proven record of being able to execute on that very successfully in all areas. And I'll remind you that we actually have a very strong pipeline of new capabilities that we're coming out with. I shared with you the things that we're introducing to our customers this week, But the pipeline for this year has never been stronger for new innovations, products and software releases. And with that, I'd like to say thank you. And we have a 10 minute break.
Yes. Please feel free. There are drinks and snacks out in the hallway. If you'll take about 10 minutes, then we'll come in and we'll resume the program. Thanks.
Just the switch on the bottom? I don't know how that happened.
Thank you very much for coming back so quickly. We appreciate it. So It's my pleasure to introduce Mark Anderson, our Senior Vice President in Charge of Sales and Operations. Mark, take it away.
Your mic doesn't work? Yes. That's Mark
All right.
Let's see. I know some Irish tunes. Okay. So with that question, I couldn't agree more with the that Mark gave about this being the right time in history for our platform. We're definitely seeing that play out every day.
And what I'm hoping to share with you today is what What we're doing to take advantage of this incredible opportunity that we have in the marketplace. So we've heard we saw this exact picture from Mark. We know for sure The breaches have been massive out there in the last year since I talked to you. So without question, we know that the legacy Technology just isn't working. And the consequences, the public shame and humiliation that's coming from failure to protect your assets, your customer information, your Intellectual property has never been higher.
So without question, we're seeing that from time and time again. Even when President Obama came out to Silicon Sally to confer with CEOs of companies like American Express, Kaiser, PG and E on a panel. Oh, yes, and my boss, Mark McLaughlin on that panel. So for without a doubt, as a company, we've never been more relevant. And we're really working hard in the field To leverage that relevance to our partners and to our customers.
And we're seeing CSOs get more and more power out there. When I joined Palo Alto Networks 3 years ago, CSOs were often little department, usually in a different office somewhere off campus. You're doing their own thing. I see one of my friends CSOs back there. He might be a little bit different.
But we saw CSOs didn't Budget and often they had a hard time imposing their will on the architecture. But today that's very different. CISOs have budget. They have money. They have teams.
They're relevant. They're not only reporting to the audit committees, they're actually reporting to the Board themselves every quarter. And the smart CISOs that we're seeing out there Our imposing centralized architecture designs and that I'll tell you is very good for Palo Alto Networks and our platform. And if you're a point product, a box Selling company in that conga line of firewall helpers, that's bad news for you. So, for sure, this has been a massive Driver from boards that we're seeing every day, boards are imposing their will on executive leadership.
And it's really playing out in terms of This do different leave behind architecture that follows the incident response teams that go in, they hang around for a couple of months, make a few $100,000 in services, we're more and more becoming part of the leave behind architecture, that reference architecture that stays, that our sales teams are being trained on every day on how to build and grow and develop those relationships. So Out there, we see 3 common traits, basic traits of every single breach that we're involved in. Number 1, it's typically a port based Stateful inspection firewall that it happens upon. These things are either open or closed and usually they're open. Number 2, They're surrounded by firewall helpers.
As Mark said, the Conga line of devices like IDSs, IPSs, proxies, web Even sandbox point devices out there don't just do it. They are disconnected. They're a massive pain in the ass to manage. They're expensive and Complex. And number 3, this just overwhelms the security teams.
They're often understaffed anyway to begin with. And as I mentioned, it's very complex to manage. It's also you're managing your teams that need to be trained on 3 or 4 different Command lines or user interfaces, 3 or 4 different maintenance contracts that you have to think of and manage renewals on. It is It's a mess. And it's obviously, it's what's it's contributing to the breeders that are happening So we're winning our outsized share of these new customers.
We're expanding our existing customers Because we are the platform. We are that leave behind reference architecture that can not only detect known and unknown things, but can prevent them, As you've heard my esteemed colleagues mention earlier today. And I can tell you that our partners around the world, our customers are obviously grooving off This, you're going to hear some data from myself and from Stefan on cohort information that really is proving this out more than just the revenues that you guys see and that we report every quarter. So what we're doing about it is we're building, I think, over the last 3 years a go to market Sheena, I really want to kind of level set with you to understand what I mean by that. And so think of this the core of this Team as quota carrying heads.
These are the men and women that are major account managers, global account managers, RSM, major account managers, global account managers, they manage a list of accounts, generally not more than 10 to 15 accounts pretty much anywhere in the world. RSMs have the geography in a typical in a particular area, not including those global accounts. So for each one of these quota carrying heads, we dedicate at the very least one systems engineer or sales engineer. You can see the ratio that we have here is actually 1.2 SEs to every quota carrying head. That's because we've got specialists around the world that focus on Malware focus on endpoint technology.
They're really the subject matter experts in the field that help our field sales teams close big deals. They transfer knowledge to these field sales teams and they get involved in some of our biggest and most strategic customers. So this is the sales team that we call the sales The account manager and the SE. Oftentimes, when I'm traveling in the field, I'll be in the passenger seat and behind me in the back Of course, there's always VSC. Sales guys always driving, typically a Type A.
And they're sitting there arguing about directions just like my wife and I do. So like an old married couple, think of that sales As an old married couple. Supporting that sales team is inside typically centralized in one of our major offices in Plano, Texas, Santa Clara, California, in Amsterdam for the EMEA team, and Singapore and Tokyo for Asia Pac is As a ratio to that quota carrying head, 6 tenths of an inside salesperson. So we don't just have inside salespeople that do everything. We've actually decided to Different functions that an inside salesperson can do.
So this 6 tenth of a head is a bit misleading because it's actually several different functions. So we have inside sales people that are experts at taking marketing opportunity from a partner, from Renee's magnificent marketing machine and turning that into an appointment. We've got inside sales reps that focus on renewals. Their job is to renew at least 100% of that quarter's available to renew
for their
territory. We've got Inside sales SEs, we've got inside sales channel business managers. We have CSRs, inside sales reps that actually have their own quota and drive their own productivity. Except for the CSR, all of these inside sales reps are dedicated to make that core team more productive, Just like the rest of the company is. Ron Myers, I hired him a year and a half ago.
I'll talk a bit about channels in a bit. But We have again as a ratio from that one quota carrying head, we've got about a third of a channel team member. And these men and women around the world, They focus on treating our channel partners like customers, making sure that they're compliant, making sure that they're enabled and trained and certified to be able to be as effective and productive and efficient as possible for our team. They work together with our sales team members to manage pipeline. They work together to drive This is a very symbiotic relationship with this core sales team.
Behind all of us in sales for sure is the Kind of engine room of this go to market machine, the sales operations team, they're the ones that are putting the nuts and bolts together to devise automated Planning tools like territory plans, account plans that we can share with executives when we're going on sales calls, We can strategize with our colleagues around the sales organization. We can share best practices. There's tools to automate commission accounting. And believe me, when you're a sales rep, Knowing if you do this deal, I'll make this much money is really important to you. These are things that 3 years ago, I came here, we were a small company focused on driving R and D and building an early sales team out.
All these things were done manually. So the sales ops team, I'm very proud of them. They've done a very And then of course behind all of this is our global customer support and engineering team, 300 men and women around the world in those 5 support centers that really have become a competitive advantage and I'm going to talk more about them in a bit. So let me double click on the sales team coverage and show you how we're tiering out the market Starting from the top, we've got 50 global accounts around the world. We've built comp plans to make sure that the team in Hong Kong Isn't going to argue with the team in London or the team in New York about a major bank that's based in all three of those geographies.
We've got Tools to help them share best practices and collaborate and communicate with one another, so that it's one team facing the customer. We're acting And fighting higher than our typical weight. And then as a superset to those global accounts, we've got 2,000 major accounts. Major account manager teams cover these 2,000 major accounts around the world. The Productivity that these teams contribute to us, I think is world class.
A typical major account manager or global account manager is doing When they're fully ramped in the U. S. Upwards of $5,000,000 a year, Right. So in EMEA, it's obviously a little bit less than that. In Asia Pac and Japan, slightly less than EMEA.
But we know that when a rep starts to do a lot more than this, it's time to split their territory. And I'll show you how we do that in a little bit. So below the major accounts, we have what we call named accounts. And we've identified that there's 20,000 of those around the world, again, in all 4 geographic Theaters. As opposed to the touch that's required for the global and major accounts, which is typically High sales touch, working with large systems integrators, global distributors, very much a field driven model.
The touch for these medium Size accounts is a little lighter. It's definitely with the sales rep, but they're working hand in And with partners to take to outsource many of the tasks necessary in the lifecycle of an opportunity at these accounts. And these aren't small accounts by any stretch. So these could be accounts Like universities often are found in these named account territories. Universities are one of our bigger verticals.
We do 7 figure deals every quarter around the world with universities, not just in the U. S. I see John Spilotis nodding over there. He loves universities because we crush it at universities. If my 2 daughters are any indication of what might come out of a university from users using applications wrongly, then I think it's a great use case for universities.
But we certainly also call state and local government another great vertical for us in this named account territory. So we're really just in the last year or so, really starting to think a lot more about vertical alignment in these tiers as well. In the majors, it's BFSI, it's Service Provider, A major increasing and ramping focus. It's U. S.
Federal. It's energy is a great vertical for us as well, especially with a lot of SCADA deployments there. So thinking horizontally and vertically in these is really important. It's something that we do every day. And then finally at the bottom, we've got 150,000 excuse me commercial customers out there that we approach with a very different go to market model.
That's Typically inside sales led. It's typically partner led where the cost of sale is significantly lower. And therefore, we can pass Margin on to partners, but we can certainly get better and better leverage as we prosecute this tier. So I think It's a targeted coverage model. It's thoughtfully rolled out and delivered as we add the kinds of sales resources that we're Every quarter, we're trying to do this in a very thoughtful way.
And I think it is ripe for repetition and And it helps us really to predict what these teams can do, because we are building out this team pretty dramatically, as I mentioned. Those of you that knew me before I came here, 3 years ago, the team that I inherited, sales and marketing was about 300 people around the world at the beginning of FY 2012. Today, we will finish FY 2015 in the 1500 Men and women in sales and marketing, in that range, a little bit less. And that growth comes from literally taking a sales territory that Think of that the core, the nucleus of that chart I showed before and splitting that sales story when it gets too big, right? We take an account manager that has 20 accounts.
We split that territory into 2 10 account territories. And we do that everywhere. We're doing that in Poland right now. We've done that many times in the U. K.
But when I think of opportunities where we've thoughtfully split territories and we've generated tremendous Activity, I was in Australia about a month ago. Mark was there the week after and Nir was in Australia 2 weeks before. That will just give you A highlight to the fact that this team is very switched on. When I joined, we had 3 teams doing less than $1,000,000 a quarter. Now in Q2 of FY 2014, that business has grown tenfold.
The team is at 42 people, I think, is where we are right now. We hired a new leadership About 1.5 years ago, aggressively hired some of the smartest, best impressive people in that market. And we're just getting going. I mean, the week that I was there, we had I had an event in Brisbane one day, an event in Melbourne the next day, an event in Sydney on a Thursday, Lunch events with 30 to 40 customers, dinner events with 40 to 50 customers. I put on £5 but it was great to see these Very switched on customers, very interested in what we have to say at Palo Alto Networks, where we're taking our business and what we're doing and building a more and more relevant relationship with that team.
Same thing 2 weeks earlier, I was in the Middle East in the United Arab Emirates, Abu Dhabi and Dubai, that team there 2 years ago didn't even have an entity. So we weren't really selling. We were selling anecdotally through Local partners. And the team today just in the UAE is 8 people and we're doing about $8,000,000 a quarter, very, very switched on people, a few ex Cisco people, a couple Full of ex Juniper people, really smart. And I would put them up sales skill wise against almost any team in the world, in terms of getting me in front of CEOs, CFOs, CISOs, CIOs, every meeting I had, I found customers that were willing to listen to what they can do to have the best security.
They're willing to pay premium prices for the premium solutions out there and they love the platform story. But I guess my favorite leverage story has got to come from our home base in Northern California. We 3 years ago, we had 3 sales teams doing about $800,000 $900,000 a Order just getting going in the Bay Area, the cradle of innovation for technology. And I remember talking to the team back then, You're kind of waving my arms and saying, here's what the future looks like. Here's what we're going to apply.
We're going to apply this go to market model. We're going to divide territories. And I could see the reps thinking, oh my god, my territory is going to get smaller. My territory is going to get smaller. And It's going to get smaller.
My territory is going to get smaller. And one guy who's actually one of our best reps today, came and talked to me afterwards and he goes, dude, I've only got 75 accounts and I'm getting every opportunity in every one of those accounts. And I said, listen, if we do our job well And we thoughtfully split these territories. You'll make more money and the company will benefit from the productivity that more teams can apply to this Geography. Well, that same team in Q4 of 2014 With 11 teams did $14,000,000 of productivity just in 1 quarter.
That guy, I won't mention his name because he's one of my favorite reps and he's still doing a great job for us. Has 4 accounts now. He's complaining because he has too many accounts. So we'll probably take him down to 1 or 2. And he was at the end of the first half.
So 2 quarters into our fiscal year, he was already in the $12,000,000 range for the year. So this is what having the best platform out there does for you. You hire smart people, you put them in territories, you give them opportunities. And I can tell you that we're tracking by far the best people we ever have. And it's never been difficult frankly because I think people in this industry get We're doing, but just a great example is a guy that I've known for a long time is sitting in the back of the room, Ross Palazzari.
Ross, wave that big Media handiers, there you go. So, Ross Polizzare, this is a guy that I knew him back at even before Cisco days, but he ran channels for Canada at Cisco. He ran service provider for Cisco after that. And his last job was the President of Avaya Canada running A multi $100,000,000 organization, almost 1,000 people. He came and joined us to be a Director of our Enterprise Business in Eastern Canada.
So I'm super excited about what Ross is going to bring to this team. But that's just an indication of the quality of the people that are coming here, like Mark McLaughlin, Actually, I did 4 3 years ago to take jobs at a smaller company because of where this company is going. And we all absolutely feel that every day. And it's playing out in fully ramped quota reps. For the first time in Q2 of FY 2015, we had 55%.
So more than 50% of our reps were on fully ramped quotas. That's up pretty substantially from Q2 FY 2014 when it was only 42%. So this really plays into the leverage, right? We're hiring people that have a longer career They're not startup junkies like they may have been 5 or 6 years ago, but these are people that are coming to a destination That they want to call home for a long time. At the same time, I think the cycle of change that frankly this leadership team has imposed On the team in the early days, it's really slowed down.
So we're seeing fantastic voluntary attrition numbers at record low levels, Right. But at the same time, the team is still very much focused on managing bottom performers out. So we feel there's a lot more leverage to be gained by more productive The reps here. But at the same time, we're still aggressively investing. This isn't a metric that is the be all and end all for us, but I think it's very important.
And of course, it's without question playing out with When you have teams that are now focused on fewer and fewer customers, you are going to get customer growth when they're focused on targets And you're going to get product growth. So our teams with these fewer and fewer customers can go deeper and wider in these accounts. And let me tell you what I mean by deeper. This is the cohort slide that we same format that we put up in the pre IPO roadshow, right? This is our top 25 customers.
And just as a refresher, the gold box is the quarter in which they made their initial purchase with Palo Alto Networks. The blue box is each subsequent quarter in which they made another purchase with a repeat purchase with Palo Alto Networks. You can notice there's a lot more blue boxes Up there than there are white boxes, which are quarters where they didn't buy. And I think that's because, again, it's a great platform. It sells into many use cases in In enterprise, we're growing in relevance as a company.
And we're the focus that we're applying on these enterprise customers, Especially the large ones is really playing out. So look at the buy in and how the buy in has changed just in the last year. A year ago to get into the top 25, you had to have a lifetime value or a sum of all the products and services that we've sold you as a customer of $4,600,000 1 year later, It's up over 60% to $7,400,000 So that's an impressive ticket for the top 25. This grows for sure every The multiple of that initial buy to the lifetime value has grown pretty dramatically as well. Again, This is the sum.
It's grown from 21.3x to 32.2x. So that LTV has grown Over 50% as a multiple, which is I think very impressive. And then I know Stefan is going to talk a lot more about this in his talk, but We look at these cohorts all the time. These cohorts every year, they grow every single quarter, quarter in, Quarter out. Just the 2,009 cohort as an example is already today for all of our customers large and small regardless of vertical 8.6 times that initial buy that this cohort has.
And this is all being done when we really haven't had a product refresh to go in and churn this customer Base width. So most of these purchases are I mean, all of these statistically purchases are incremental purchases. Again, Shows to the power of the platform. And the unlocked value in this base of cohorts is much greater than $5,000,000,000 So, yes, we're definitely focused on getting new customers. We're going to do that every quarter.
I think at some point, we'll probably stop talking about acquiring 1,000 customers a quarter because it just happens Now with the effort that we're putting forth to do this, we're really also very much focused on getting the unlocked value out of these customers by Driving that expansion mindset with that more and more focused sales team. I think these numbers are impressive. And a big reason why this is happening without question is our customers are are very happy and happy customers tend to buy more, right? So the team that Bread Algiers has built out and global customer support has just done an incredible job. And it's not just the people.
Oftentimes people think, well, we've hired 300 people. It's more than that. It's the culture that exists around customer satisfaction and success. It's the business tools that we're using, the business process that we're imposing on this team. And the results are unbelievable.
I mean almost 9 out of 10 for a customer satisfaction 4, to put it in perspective at Cisco and F5 in the 90s and in the last decade at F5, we worked our butts off to get it Into the high 8s, right? And that took a long time to grow it up to 8.7, 8.8. This is world class. Same thing with Net Promoter. In our industry, a Net Promoter score or the score that reflects the customers' willingness to recommend you to a friend or a colleague.
In this industry, 50 is considered fantastic. Our Net Promoter Score is off the charts for our industry. So I'm really proud of that team and what they're doing for us. And believe me in the field we feel that every day that they're behind us and helping us. And Traps by the way the cohort numbers I just showed you Don't include traps, right?
So the sales team is absolutely excited about extending this platform To the very real estate as Nir put it, where these breaches are taking place, right? So we're really excited about being able to extend our sale. I mean the guys And APAC and Japan that don't have subject matter experts yet, these guys are chomping at the bit To get at this technology. So the team that I've built out in the last 6 months, the subject matter expert overlay team, Primarily is in the U. S, Canada and EMEA.
We made that decision for a number of reasons, but for sure We wanted to make those initial implementations go very well. We've got great support resources in those geographies. We can be sure For that, the early successes that we would be having selling this solution would go very well and the company would learn more and more about How to make them go even better, just like Palo Alto Networks did in the early days. And you heard Mark McLaughlin talk on the last Couple of earnings call, we have had commercial success here. We had dozens of customers that deployed the technology in Q1.
We had our first ever 6 figure deal. Q2 last quarter, we Close to 7 figure deal and I had the good fortune of being involved in that sale. It was with a large kind of healthcare system in the This is a customer that was just beset with CryptoLocker ransomware about 1.5 years ago, that they were almost grinding to a halt. They really couldn't provide services to their patients and to their employees. They came to Palo Alto Networks because their board imposed It's WIL on them.
Go do something different, replace this legacy technology and do it now. So Palo Alto Networks showed up with a great partner. We demonstrated our platform. We installed the platform and we helped rid them of their major issues. And as soon as we came out with Traps, they actually approached us and said, hey, our McAfee subscription is terminating in this timeframe was in the last couple of months.
What about Traps? So we went in, installed Traps the demo. Demos went really well. And we were able to close a 7 figure deal, tens of thousands of endpoints at this customer and they're deploying it right now. So This is something that we're all very excited about and something that I think is going to be a big add to our business in the coming years.
I talked a lot about the business partnerships that we have in previous years. We're going to have a great panel after I talk. Our Regional partners, our national partners, the partners that helped us get to where we were say 2, 3 years ago, still very important to us without question. I mean these partners many geographies they're still growing 100% year over year every year. But for sure, I look at the prototype partners like Acuvon.
Acuvon started in the early 2000s, Couple of people and a 3 legged dog and now 15 or what is it, 13 years later, they're $1,500,000,000 business 1500 people. I wish all of our partners could grow the way Acubon has, but they don't and they can't. Maybe some others in other geographies will. But to be able to get the capacity, the scale that we need to grow our business It's the way we are 100 of 1,000,000 of dollars incrementally every fiscal year. We need to find and develop broader partnerships, Partnerships like Dimension Data.
Matt Jide, who's Head of Security, is going to join us on stage here in a bit. Dimension Data has been really impressive. At F5, It took us 2, 3 years to break into Dimension Data before we were relevant enough to them to get them off the Cisco heroin, right, Matt, they took about a year to vet us. And then within 1.5 years, They became our largest reseller at F5 and still to this day, I think they're among the top. So I'm really excited about what Dimension Data is going to bring to us as a partner.
Matt's going to talk a bit more about that on the panel. Same thing with large telcos. Not only are they big customers that That we're selling our solutions into from a customer relationship standpoint, but they're also important partners, not only reselling our But selling managed services that use our technology to share with their customers, Verizon, AT and T, NTT in Japan, BT in EMEA, Really important and we're dedicating resources to make these partnerships successful and they're scaling very impressively. And then finally, from a global distribution standpoint, On the stage at this event last year, we announced the global partnership with Wescon. I can tell you how fantastic it is.
You're probably not going to believe me because I'm a sales guy. So, Dolf Westerbos, the CEO of Westcon Group is going to be up here talking specifically about the Success of that partnership, but it's been fantastic for us. It's been a massive expansion. Geographically, number of partners and And revenues have been terrific from that distribution agreement and arrangement. All right.
So just double clicking a bit on partner coverage. So, Ron's one of Ron's first official duties was he realized that we were getting 80% of our productivity out of 20% of our partners. So his decision was we're going to keep investing aggressively in hiring channel business managers around the world, but focus them exclusively on our focus partners that those partners that are doing the vast majority of our revenues, right? That business that group as a business last year grew 100% year over year. So Tremendously good decision.
Thank you for that, Ron. And then with that group, when we roll out new solutions like a year or so ago, this Big data center implementation with 7050s. When we bring out Traps and we just tap the shoulders of these focus partners, We can very quickly mobilize, certify, train them on both technically and from a sales standpoint and get them out productive out on the street You're spreading the gospel for Palo Alto Networks. I want to talk a bit about sales enablement. This is something that's near and dear to my heart.
Yes, we're growing very fast. I realize that over time as a percentage of the base of the ads that we're adding each quarter, the Hires that we're making today are a smaller percentage growth of that base. So we're still hiring a lot of salespeople, but as a percentage of the base, That percentage is declining, because we want to get more and more leverage out of that base. We made the decision at the end of last year to train our channel partners side by side with our salespeople. So just as an example, we have Power Basecamp, our new hire training.
11 months of the year, we run a Power Basecamp, typically 40 to 50 new hires in each class. 20% of that class is now partners, account managers and SCs from our partners that sit in the same room, learn the same curriculum, hear the project based Methodology of teaching them how to make these things stick, so that they can represent Palo Alto Networks out in the field, Right beside with our partners. Same thing at our SC Tech Summit. A few weeks ago in Denver, the 400 SCs from around the world go for this Annual training, we had 50 partners, mostly American SEs that came and got training again Shoulder to shoulder with our employees getting the exact same roadmap message from Lee and the exact same training curriculum, same certification. And then finally, at our sales kickoff event this upcoming August, there'll be like I mentioned earlier about 1500 men and women from sales and marketing In attendance, we're going to have 500 partners, mostly SEs and account managers.
Again, shoulder to shoulder in the auditorium Learning about Palo Alto Networks for that week, going to the same breakout sessions, learning how to sell our solutions better, so that over time we'll get more and more leverage from This field of engineers and salespeople. So I'm really stoked about that. I think we have the best partner program in the world that Rene Abrah, when he came here 5 years ago, the next wave, we're going to continue to enhance it with enhanced deal registration, pay for performance attributes. And then finally, we're really trying to become easier and easier to do business with as a company with our partners. We've launched a major IT initiative that Should kick off this month actually, I guess month of April, where we're putting the ability for our partners To do pricing and quoting with the CPU implementation configured pricing and quoting.
So it's a big bet for IT. It's an expensive investment, but it's One where we feel that the productivity and efficiency of our partners will greatly benefit us in the long run. So just finally, I'd like to talk a bit about Kind of what it feels like to be a sales rep at Palo Alto Networks. I mean, we do feel when you hear about the power that this platform is having on our customers, We get to sell something that's really important. We get to sell security to help make our customers more secure to defend them from things That our competitors can't defend them from.
When you hear about the investments that we're making in Rick Howard and his team of Unit 42, uncovering major threats that are out there and we're going to continue to invest massively In that. And then finally, when you hear about the Cyber Threat Alliance, this consortium of previously thought of as competitors that are sharing threat intelligence For the greater good. I mean, we do feel at this company that we have a mission that's one of a higher order. And I tell you, it's a privilege to be here. And I think when people Talk about the company, you'll see it the same switched on attitude that they have every day.
That absolutely rubs off on customers, absolutely rubs off On partners. And heck, it sounds like it actually absolutely rubs off on investors as well. So just in closing, really want to let you know that we're very much focused on growth And profitability, because it's a massive and growing opportunity in this market. Number 2, we're relentless about how we're pursuing this in every corner of the world. So not just focused in one geography versus another.
And then number 3, without question, we're leveraging proven and repeatable go to market that we think in the long run we'll have outsized gains and we'll have increasing leverage. And then finally, this only happens because our customers Choose to do business with us. The people that represent Palo Alto Networks, the Lees, the Nears, the Marks of the world, our salespeople in every corner of the world that are driving This attitude, this mission of a higher order. So it's happening because our customers are happy and we're making them Successful. So I'd like to thank you very much for your time.
And now I'd like to call up my partners to come up and have a little panel up here to talk about partner stuff. There's some pictures. Hey, Dan. How are you? Good, man.
How are you? Hey, Matt. All right. Thanks. So my friends up here, we've got Matt Jide, who He runs the security business unit from Dimension Data.
Hey, Matt. Thank you, Matt. We've got Dolph Westerbos, the CEO of the Westcon Group. And down there, way down there, we've got Dan Burns, the CEO of AccuVont. Or AccuVont, or what it's called.
AccuVont, right?
The name is coming.
Yes. Thank you guys so much for joining us. Please grab a seat. So we've heard a lot. I think I appreciate you guys sitting in for most of the One of the things we talked about was the sense that security is becoming mega important, right, just in the market.
And I'd love to get your thoughts on that And what that means for your company. So why don't we start with you, Matt?
For sure, Mark. I think from Dimension Data's point of view, there's several ways we could look at that. So the first way, internally, Within the business, the Dimension Data business, the security business is growing rapidly. It's recognized by executives within the organization. So I think there's that angle.
But then also when we're talking to clients, it's not necessarily talking to the security officer anymore in our client base. And I think that's exciting because we're having to change The way we talk to our clients about security. So we're talking to CFOs, for instance, we're talking to the data center guys, we're talking to their guys that are talking about moving to Cloud and things like that. So every conversation includes security, I think, in the IT world right now. There's a great story we've got.
We're in visiting Clients in the data center in Australia. And as we're walking out, the security guy introduced us to the data center guy. We Wow, some guys from security, that's fantastic. I've got a $10,000,000 budget that I haven't spent for the last 5 years because nobody from security will talk to me. So to me that's the importance Security and having those broad based discussions right across organization.
Yes, fantastic. Dolf, how about yourself?
Well, clearly, we've heard This afternoon already for Mark and everybody else, the relevance and the importance of security has continued to increase. We're hearing it from our customers. And if you look at how IT is becoming more complex, it's getting more distributed, certainly endpoints, but Cloud is becoming much more real in many, many areas. And that means the need for security as part of the fabric, and I think I heard the word fabric here earlier today, becomes really important. And clearly, with the examples, the high profile examples that happened last year, the need for more sophistication around security is really important.
More than a third of our business is purely security. What we do at Westcon Group, we do run a $2,500,000,000 Security business, we represent just about all the major solutions and vendors out there in the market and that business is doing really, really Well for us. So I think that's a good point. Yes, for sure.
And Dan, you've built a whole company around security. So I'm sure I'm not telling you anything that you're hearing. So from your perspective, what do you see it? Yes.
I'll just reinforce pretty much what Zoe already said. And I think everybody sees it and understands that it's pretty obvious. It's not a trend. That's for sure. I mean, it's ongoing.
I mean, this is something that this is an issue we're all going to be trying to solve For many, many years to come, when we look at security and the complexity therein, it's really obvious. And I like To simplify it by saying, there's 100 of millions of threats and vulnerabilities out there. By the way, let me back up for a second. The Chief Information Security Officer, it's the hardest job in the world. I mean, there's no question about it.
And I think the tenure, The average tenure for a Chief Information Security Officer is about 1 year. So put yourself in that situation. It's difficult and here's why, because you have these 100 of millions of threats and vulnerabilities. Every single day, you're trying to protect your environment against that. Add on top of that, you've got dozens and dozens of regulations and standards, whether it's SOX, whether it's GLBA, HIPAA, the list goes on and on and they keep coming.
And then on top
of that, right, you got
to figure out what technology and what partner is going to help solve Problem. And so and it's not it keeps getting more and more complicated. So, Yes, it's not a trend. That's why we're here and happy to be a part of this.
So let me ask a self question of you, Dan. So how has Palo Alto Networks relevance changed for you? It's been
a great partnership. I think the first, there's so many things I can say about it. We've grown the business with you 50%, 60%, 70% plus year over year. I think that last year we grew it over 60%. Now we've got the combination of Akuvon and Fishnet coming together.
There's so many opportunities out there for us to continue to grow the partnership. When I talk to my guys, the field people And everybody, I ask what's the major difference here. And the first thing I see is Palo Alto clearly views the channel as A commitment, channel by commitment. And other partners out there that we've worked with over the years, we call it a kind of channel by convenience, Which is a totally different story. So you guys are committed to the channel.
We see it. We have relationships at our level With you, Mark, Mark and Nir and Brett and the list goes on and on all the way through the field organization, we're just committed to each other's Yes. Global distribution is also a big thing that our clients are asking about. And so with your global expansion and eventually our global expansion and the partnership with Westcom, we'll be able to get a little wider and deeper as
Yes, for sure. How about you, Dolph? You're new to the position, right, about a year and a half ago or I remember first talking to your predecessor about global distribution. I think Mark held them down and I kept smacking them until he said maybe. But thankfully, you came on board and had the cajones to make this decision.
So let's talk about that and what it's meant to you.
It's been Like Dan said, it's been a great relationship and great results this past year. If I just look, we just closed our fiscal year. And we grew together our business 120 plus percent. We're now, I think, doing well over $300,000,000 of business together. So really appreciate And it's great to be here with 2 of my most important customers as well.
So it feels like a really good network. And look how relevant you have become for us. You made us wear suits in Las Vegas. That doesn't happen very often. Suits in Las Vegas.
That doesn't happen very often.
Well, they're required at the high roller tables as well, which I'm sure you have to get.
No, but seriously, we're hearing the same relevancy coming from our customers. Palo Alto is becoming more relevant not just for us but also for our customers. And clearly, you have a great product. We heard a lot I've got that this morning this afternoon from a number of your colleagues. But it's not just about a great product, in my humble view.
It's also about combining a great product with a great go to market And a great go to market strategy. And I think that is what you have. You have both of these pillars here. And you've got a very deep Channel D and A. And it's from the top down, exactly like Dan said.
It's from Mark, you, Mark, from Ron, the regional leads, John here, Christian in Europe, Armando in Australia, indeed a very good hire. And it's just really nice to see that. People feel When you partner with Palo Alto, it's a win win. And that gives me trust to make a significant amount of investments into our business Together. It's not a convenience relationship.
It's a win win relationship.
Yes, for sure. So, Matt, this is a relatively new What the hell were
you waiting for, mate?
The setup you did in the practice was a lot better than that. No, it's so DD was later to the party I guess. We've sort of been partners signed global contracts about 18 months ago. For us, it's a little bit of a different story. Dimension Data is a global company.
We're physically present in 62 countries right now with a reach into an additional 110 or something like that. So Quite large. 20% of my business in the security space comes from the North American market. Many North American companies think That's kind of where the world ends
at the
borders of California and New York. In fact, it's a lot bigger. And we operate 80% of our business outside. It's critical for us that we get a few elements right before we dive into a partnership. And if you go to our website and have a look on the website, we really only advertise 5 partners, Palo Alto being one now.
And that's because we've got to stand up a global services organization to support of Palo Alto to do the consulting around that. We've got a service called Uptime which adds extended SLAs to the platforms that we sell. So doing that across 28,000 people in 58 countries is it takes a bit of time, even for us. So it wasn't A 30 day let's sign this up. The other thing we look at is the volume of business you're doing globally, but then also outside of North America that becomes critical because we've got Aspiration is to own 10% to 20% of that revenue.
So if you're a $100,000,000 company, it costs me a lot of money to stand that up. I can only be Between $10,000,000 $20,000,000 revenue kind of the mathematics doesn't stack up. So it's absolutely getting all those components right. And then I think the final piece was When Ron came on board, we were engaged before that. But when Ron came on and brought that world class channel program to the table, that just changed things enabled us to get to where we're going.
And now we always to mention David, we like to say, if there's a channel program that you think we fit in, we're obviously not important to you. And we Found that whilst we do fit into the channel program, there's also certain things outside that we actively do together, which is great for my business, great for our clients. And I think that partnership, it's not a vendor or manufacturer and an SI in this case, it's a partnership. And We saw that with a client in Australia about 6 months ago where Mark got directly involved with that. There was a few problems With the implementation, it was mainly the user problem rather than installation or product.
But Mark personally called A couple of times I believe and really pushed that deal across the line and that's now leading to a second much, much bigger deal with that Fine. So I think from that point of view it took us a bit of time, but I think we've made we have absolutely made the right decision at the right time for Dimension Data for us all to be successful.
Great. Cheers, Dan. Thanks. Appreciate it. So, Dan, I think the group of people here probably want to hear most about how the knitting together of These two amazing companies, Fishnet and Acubon is going.
I'd love to get your views on that.
Put me on the spot, Mark. Thank you. It's going really well. I appreciate the question. It's going tremendously well.
When you look at that deal that we did Together, clearly, it was a kind of a merger opportunity. We had the 2 companies like in size, $750,000,000 on one side, dollars 750,000,000 on the other side. Combine the 2, you got a $1,500,000,000 company with 1500 Employees and 60 offices across the U. S. And Canada, like minded, very like minded, where we all came from the security fabric and DNA out there trying to solve the same problem.
And so While at one point we were probably relatively fierce competitors, you put people like minded People together in the same room and magic tends to happen and it did. And it's been a wonderful marriage of 2 of the leaders in the industry. We're having a ton of fun. Sales is absolutely Consulting is fully integrated and we're just we're rocking and rolling. Things are going well.
It was pretty stunning to learn how little overlap there was in terms of customers and field sales coverage, which is always important in Kinds of mergers.
Yes, there's 10,000 clients between the 2 organizations with 3% client overlap, which It tells you a couple of things. The market is massive, and the upside is huge and the white space is massive As well. So there's still plenty of problems for us to go out there and solve.
Yes. Well, great. And we're looking forward to doing that hand in hand together. Yes. Dolph, this global relationship that we have, maybe you can give us some Specifics about the geographic expansion that we've experienced because for us it was for sure meaningful that your experts at rolling this out.
Well, it's I mean, we made this decision about a year ago. For us, it was a bit of a bet. Like you said, you need to be big enough, relevant enough. And We said, this felt right. It felt right from a culture, right from a partner point of view.
So we made the bet together. You made significant investments. We made significant investments. We took some risks. You made some trade offs.
You started to rationalize your channel platform. Rather than just going an all out approach, you actually went with let's pick A few very focused partners, and so that allowed us to make significant investments. I think this past year has been brilliant. We now do business together in about 50 countries. And a year ago, that was well under 30.
2 years ago, that was 5. So just to give you a sense of how these kind of partnerships can really accelerate, I think, very rapidly Your profile and our profile around the globe. This year, we'll be doing A lot of expansion in Asia Pacific, 4 new countries next month in Asia and then the rest of Asia later this year. Also next month, A bunch of countries in our fastest growing region, which is Africa and the Middle East. And we were a big, big part of your tremendous story in the Middle East, We feel very proud of that.
And so now to expand that throughout Africa will be very exciting. And just in addition, I just want to say It's not easy for us to bring up another vendor, another partner. Just like you said, it's a lot of work. We have to invest a lot. We have to learn your processes.
We have to learn your customers and your markets and your solutions. It's not easy, but you want to do it with somebody who's interested in your success as well, and that's what it feels like here. And we're in a tough space. So when our salespeople are under pressure, who do they want to gravitate to? They want to gravitate to Partner that they feel has got your interest at heart as well, right?
And I think I'm starting to see that more and more and more. Every one of our regions last We grew well over 100% across the globe. So that's been very rewarding to see. And I look forward to The next road.
Well, that's amazing to hear you say that. Thank you very much for that. So we've got some time for Q and A. If there's anybody in the audience that wants to ask Matt or Dolf or Dan or all 3 of them have any questions. A question from Joel down here.
Obviously, a tremendous amount of confusion, lots of different products being thrown at your customers. How do you see Palo Alto position as a potential consolidator in that market? Obviously, they've come up with endpoint, they've got the network, they've got the Threat protection in the air, but at the same point, a lot of these your customers, the big ones have 10, 15, 20, 30 Security vendors. So how do you guys see that playing out over the next 5 years?
Yes. So I'll maybe have a first shot at. So from us, I think Most of our clients are sick and tired of vendor sprawl. I mean, not just security across the board. They're looking for that platform, as was talked about a lot earlier.
And that's Absolutely. The conversation we're having with many of our clients is that single platform that they can deliver on. Now where it becomes really interesting was when That buy and we're going to start seeing it very soon. The buy moves from a pure CapEx, here's a box deployed in my own data center, to a bit of that with a bit of CapEx, with a bit of utility and maybe Some of it based in the cloud. So as that happens, as that trend really starts to take off, I think as the security industry continues to consolidate, the clients are going to pick a Platform, and that's going to be the winner.
As was mentioned earlier, I look at it, Palo Alto is really the only company that we're working with today that Talks this platform. The other partners are trying to get there and trying to have that conversation, but they get a little bit confused about what a platform is. So For me and for Dimension Data, I think it's critical that we start getting Palo Alto integrated into our cloud platform. So we've got 24 sites around the world where we operate clouds, etcetera. So we're going through that process now of getting that integrated.
So the client consumption model can be what They want rather than what I want and what the market may want. So it really comes custom for us clients, the clients are driven. That's
yes, yes, well said. I think it's interesting. I'll use just a use case real quick. I was at a Global 5, not too long ago and talking to their Chief Information Security Officer and he said, Hey, Dan, here's the deal. Edith from our CEO is to minimize number of vendors.
And he said, guess how many security vendors I have? I said, I don't know. He said, 89. 89. And so I mean, this is just an excellent opportunity for We're scaling that down, right?
The more vendors, the more cost, the more management, the more partnership, the more caring, feeding, all of that Kind of stuff. And Palo Alto was I love the slide, the client lifecycle slide Showing the add on sales opportunity. And for us, that's critical, right? Once you're in a client, you want to continue maintaining that relationship, Having that opportunity to add additional sales on again and again and again, this is one of those rare situations where you truly we see that, right? We see and We live that slide every single day where maybe the use case may start with a client that has something out there.
You implement Palo Alto maybe in Transparent mode, right behind the other firewall. They start to get confidence. They start to bring it in line. They build that confidence. They start to deploy Across the network, then they add the modules, whether it's URL, anti malware, IPS, the list goes on and on.
And as they continue to develop and add solutions to the platform, we're going to continue to be able to solve Problems through a larger partner as opposed to
a lot of different partners.
Well said. Good question, Joel. Thanks. Yes, Michael?
Hey, guys. Thanks very much. So obviously, last year Great year for spending in security as we move into at least what's year 2 of let's call it accelerated security spend. Is Is there any change in what you see as the priorities for customers? Are there new product areas that they're shifting to?
Any change? Sure.
Okay. For us, We're seeing that it's more of a consumption model discussion for us. They want to consolidate technologies. They want to slim it They want to make it more manageable. I saw a great graphic a few months ago where it was they're looking to cut cost
out of their business.
And I think at this particular time, there was 30,000 this is numbers, I'm not going to get them right, but 30,000 secondurity jobs being advertised in industry and there was only something like 12,000 people coming out of University. So the demand versus supply just wasn't working. So they're looking to consolidate. The fewer platforms you have there, I think The better it's going to be for our clients.
It echoes that as well. And it's really now about consumption. Yes. People are looking for different ways to consume it and pay for it, They on an incidence basis, they on consumption, those kind of solutions.
Yes, definitely. I would say based on that, I think you guys are spot We're seeing a pretty nice spike in managed security service demand based on the consumption issue, right? How do we continue to build Great and higher great intelligent security minds. And in most cases, you got to eventually Outsource quite a bit of that. And I mean that's where the future is going, right?
It's somebody managing these great technologies
and these platforms
for clients so that they can For clients so that they can continue to focus on their core business and what they do. I think that's we're going to continue to see that. I think On top of that, behavioral analytics, analytics in general, we heard Nir talk about, I guess security big data. And so I mean that will continue to be a big trend. So how do you take all this data, right?
You've got pipes and pipes of Information and data coming in from a security perspective, how do you take that data, crunch it, correlate it and produce something meaningful And actionable that you can do something with.
And that's why the promise, I think, this auto focus offer that Lee talked about earlier, I think, comes in really nicely because Customers are indeed looking for that managed service around it and being able to leverage the data that exists already. They don't want to set it up themselves. So it sounded really interesting listening to Lee today. Definitely interested in learning more about it, but that is the kind of stuff That we're hearing our customers are asking for.
That added layer of intelligence that our clients want. So that's really I think that's starting to drive a lot of our Conversations is intelligence, turning the data into information and then providing intelligence out of that.
And hopefully, you heard loud and clear from me, Michael, that we feel very confident about Our ability not only to continue to take share from these box pushers competitors, but also to continue to grow our base.
We have time for one more question.
Thanks. Maybe just back on the consolidation theme. As more like standalone appliances move to 1 consolidated platform, what happens to individual markets like IPS and Secure Web Gateway? And then just how does that impact overall just the overall network security market? Thanks.
I'll let one of you do get this. That was a tough one. I'm
happy to take a shot. I mean, I think IPS is going to be relevant. It's still relevant. We'll continue to be relevant for a while. No question about it.
All the things that we talk about today, whether it's anti malware, malware detection, Threat Intelligence, all of those things are very, very pertinent. What's different with Palo Alto is the holistic approach and their ability to do A majority of this. I think there are certainly clients that I want to make sure I'm answering your question through this long response. There's certainly clients that they've got maybe a little bit more of a kind of niche Centric focus, they'll use just a IPS vendor or antivirus vendor or something That because they haven't seen, right, the opportunity here that Apollo Alto really brings to the table. It's a massive It's a market though and it's growing, right?
What is it, dollars 78,000,000,000 global market Today, growing at 7% to 8% annually. I think there's a lot of problems to solve out there. But I don't know if I answered your question.
Likewise. I don't think I can comment to each of the elements of The security portfolio, but I just want to echo what you're saying then. I mean, we're supporting about 5,000 secondurity customers and customers like Dydata or Acuvant. And we support we sell only about just over 10% today, actually work with us and you together. So just think of that as an enormous opportunity.
And we're not even covering the whole world yet, Right. So just I'm sure there's going to be lots of shifting parts in the landscape, but I think you're well positioned. I think you picked the right partners. I say that very selfishly, I do. And I think there is just a tremendous amount of opportunity still I have.
And customers want to do business with you. So this kind of culture, this DNA, it's not just extending to partners, it's extending to customers. And I think that's what we want. We want a vendor partner that is as motivated to support and be interested in our customers as You guys are. And not everybody is like that, but you guys are.
And that helps us.
And maybe if I could just
have one quick shot at answering that question as well. I think A couple of areas you're talking about IPS and web gateways that becomes very highly commoditized very quickly. I think we're starting to see a lot of that move from a premise to a cloud. So clients are starting to look for a, let's call it, a clean pipe We said they'll clean the traffic before it comes into their network, remove that. However, they're still legislated that they must have an IPF, Yes.
They must have an antivirus and they must have a web gateway. So I do think you'll start to see a lot of that move off prem. It won't be in their data centers anymore. It will be a clean pipe
All right, gents. Thank you guys very much. Really appreciate the time and appreciate the partnership. Thanks, Paul. All right.
I'm going to hand the microphone or hopefully the lapel over to my colleague, Stefan Thomason, our CFO. How about this too? That's even better.
All right. Good afternoon. Is my mic on?
Good. All
right. So you've heard today about And the platform and the importance of that. You've also heard around our go to market model and the great sales execution. And you've also heard from our partners. What I'm going to do today is cover off how this all gets translated into the business model So when you take a look at our company, there are multiple growth drivers.
And those growth drivers Show up in our revenue growth. You take a look at the past 7 full years of shipping, our compound annual growth rate of 140% is 25 times that of the industry growth rate, pretty staggering. And that's due to primarily The platform. It starts with the platform, but then we quickly translate into going to market. And you've heard us reference our land, Expand and retain sales strategy.
These are key elements around how our business model gets built. So even with these growth rates being what they are, we feel like we've only just begun. You take a look at the market, We're playing in a $15,000,000,000 enterprise market today. We have 8% market share in enterprise network security And 0% market share in endpoint. That $15,000,000,000 market is growing to close to $20,000,000,000 over the next several years.
And that is a massive opportunity for us. So you're going to be seeing us playing our hand around capturing more market share. So when you look at where the market share is coming from and where the growth is coming from, We're highly diversified across all verticals. In fact, every major vertical in the world needs enterprise security. And when you look at the profile of our own customer base, we have very limited concentration.
In fact, the biggest vertical that we have is high-tech at 14% of sales Lifetime to date basis. This diversity is actually a great thing. It provides us incremental opportunity for further expansion in those verticals. And as our marketing department with Renee at the helm and our customer success organization that we're going to be building out, We're going to be coming up with programs that are targeted specifically for verticals and we think this is going to be a great opportunity for future growth. Additionally, you look at the great geographic distribution of our revenues.
Every theater here is posting best in class growth, starting with APAC At 36% year over year. EMEA, 46% year over year. And Americas growing at 58% year over year. And It's almost counterintuitive. You have to ask the question, why is our largest and most mature market growing the fastest?
The reason why that's the case is we've been fine tuning and honing our major account sales strategy and our go to market model. We've taken it to a place now where we're ready to take this across the globe. And why that's important, especially for EMEA and for APAC is when you do the screen on where the Global 2,000 customers reside, over half are international. So our major account Strategy will be a key element for us to attack more of the markets and expand geographically. Now let's talk about the primary driver of this growth and it does start with the unique platform Many of you are familiar with the story, but for those of you who aren't, we sell a family of products And subscriptions that satisfy most use cases for enterprise network security.
We've recently come out with our Traps product, which covers endpoint. So tying network security and endpoint security together It's key. We also have new features and functionality that we're coming out with. Lee mentioned that we have autofocus Coming into the mix, that's a new subscription service. That will be incremental growth opportunity for us.
Each element of this platform is both an entry point to a new is both an entry point to a new customer and it's an expansion opportunity for existing customers. The versatility of the platform is one of the biggest assets the company has. And how this versatility plays out It's in our land and expand strategy. You take a look at the customer additions Over the last 12 quarters, we've added well north of 1,000 customers per quarter. And once we acquire a customer, The versatility of the platform, the fact that we can sell to now any enterprise security need shows up in the expansion business.
Over the reporting period that I'm showing up here, you can see that the majority of our business every quarter comes from expansion. Now interestingly enough, if you turn your eyes to the bottom of the graph, the contribution from new business is actually increasing slightly. And that's actually a great data point. There are a few things that are going on there that's driving this. The first is we're selling higher unit ASPs to start with.
With the seventy-fifty coming into the mix, which is our chassis based product and our ability to get more into the data center, we're selling more. Additionally, we have higher attach rates. So higher subscription attach rates are also driving this. And then lastly, the sheer number of new customer As per quarter is also a positive development, which is why you see the contribution from the new customers growing. But very much the land and expand sales strategy is a key component of the model.
And if we take a look at the strategy and how it plays out by cohort, last year when I was up here, we gave you into how each of the cohorts trended on a lifetime value to date basis. And this is what I showed last year. At the end of fiscal year 2013, You can see that the earlier the vintage of Cohort, the greater the LTV metric. And you can see that in 2,009, the LTV metric was 6.3. 2010 had a 5 handle on it.
Where we are today, we have massive growth across all cohorts. In In fact, you can see the progression where the 2010 cohort eclipsed where 2,009 was a year before. So this gives you a further proof point of the land and expand power of the model. The other element that is new this year that we're sharing with you is to give you a sense of the size and scale of each cohort. Across the board, on the bottom, you can see approximate customer counts.
And the great news about this is Enterprises refresh their technology typically on a 4 to 5 year cycle. We've seen just the Yes, early green shoots of refresh hitting the books. But we're at the very early stages, I would call it, in the top half of the first inning. So we have a big refresh cycle coming up in our own installed base, which is yet another growth driver for the business. So we've talked a lot about land and expand.
What I want to give you a little bit more insight into is why Customers expand. And so using the 2,009 cohort as an example, this is the progression of how customers in that cohort ended up expanding with us. So in their In that cohort ended up expanding with us. So in their initial year, what The use case typically was a limited use case selling a few appliances at the perimeter for a segment of the perimeter And we're probably selling 1 or 2 subscription services to begin with. Over time, as our model gets More mature and proven, we start to take more share over the perimeter and maybe we're selling more subscription services.
And then as we come out with new product introductions, like back in the day when we came out with the 5,000 and later on with the 7,000, We're getting deeper into the data center. So we're selling more products and subscriptions as well. And then with the advent of Wildfire to sell the APT And malware solution, that's yet another data point to go into the customer and sell. And we're not even talking about Traps Or auto focus, yes, those will be incremental growth drivers for that cohort expansion. Now The other thing that you see here is the power of the subscriptions model and the services model.
I want to spend a little bit of time walking you through some metrics around the power of our hybrid SaaS model. There are a number of metrics that we talk about on a semiannual basis and this is an opportunity to refresh those. So in our platform for a next generation firewall, we have 4 subscription services: Threat Prevention, Filtering, Wildfire and GlobalProtect. You can see that as of Q2 2015, The attach rate, number of subscriptions per devices shipped in the quarter was 2.2. Now the composition of how each of those subscriptions plays out.
Typically, threat prevention is greater than 80%, Filtering is greater than 60%. Wildfire is approaching 50%, which is by the way, it's our fastest growing subscription. And we see no reason why wildfire can't be in the same zip code of threat prevention and filtering. And then GlobalProtect is the balance. The subscriptions per device increase is a testament to our field sales acumen around selling the value proposition and Selling the power of the platform.
Every time we sell a subscription service
or
I should say most times, we are Typically displacing a physical device of another vendor in the network. And you heard from our panel up here that there's one extreme Sample where a customer had 89 secondurity vendors in the mix. The fact that we're selling a platform is an ability for us to consolidate and provide a more elegant solution. And that elegance of solution and the power of the platform starts with our product management and engineering teams. And we have the best in class in the business.
One final point on the subscriptions per device metric that I just want to highlight to you. Over time, this metric actually becomes less meaningful, because it's an in quarter snapshot. One of the things that we're going to be migrating to down the road is talking about penetration rates. So that will be something down the road that we'll introduce. Another key element of this hybrid SaaS model is the contract duration.
So we sell subscription services and maintenance. And we sell 1, 3 5 year tranches. We've seen What I would call a picture of stability around contract duration, although we have seen, I'll call it, a very modest uptick. And The fact that we're seeing a very modest uptick is actually good news because we are being designed in to the fabric of the work for a longer period of time. And it's also good from a financial standpoint as well.
Our renewal rates For subscriptions are very high, greater than 90%. And for support, it's close to 100%. Another element on the slide that I'd like to highlight is, we have 2 other subscription services that aren't attached to the device, AutoFocus and Traps. These will be funneled into our services revenue stream down the road. And that's going to be And a positive note for our business model.
How that hybrid SaaS model Plays into billings and deferred revenue and then you add the power of the platform, it's very powerful. At the end of the first half of fiscal twenty fifteen, we're north of $1,000,000,000 billings revenue company On a run rate basis. And when you look at the componentry of the billings, you can see our products in the dark blue, subscriptions And support. One thing to note is we're running a $300,000,000 on an annual run rate business for SaaS. And it's the fastest growing part of our business.
Last quarter, our subscriptions grew north of 70% year over year. How that billings how the billings increases visibility is through deferred revenue. And with the majority of our billings coming from our services, deferred revenue has been increasing and we have over 0.5 Now speaking of profits, Palo Alto Networks has really never debated growth or profitability. We're balancing growth and profitability. And that is a hallmark of how we're trying to run the business.
And the two metrics that we like to focus on non GAAP operating income and free cash flow. For the first half Fiscal year 2015, non GAAP operating income was $47,000,000 grew 112% year over Adjusted free cash flow was $152,000,000 growing over 170% year over year. These are proof points that our capital allocation strategy, where we're making our bets financially are paying off. What's typical in this industry is you see companies with very high growth rates and negative free cash flows. We try to build a franchise and an enterprise that's very much focused on delivering best in class top line growth And profitability.
So in the context of balancing growth and profitability, the areas of focus of where we're allocating Capital over the near term, we wanted to give you folks insight into. So from an R and D standpoint, We're going to be putting more dollars into the business to extend our lead in the next gen firewall, cloud and endpoint capabilities. We're going to continue to build out our threat intelligence services, which is both people and systems. From a sales and marketing standpoint, We're going to grow to expand share and we're ramping our endpoint go to market capabilities in a big way. And we're going to be scaling through investment in partners And enablement as well as building a world class customer support organization.
I know Mark Anderson flashed up the customer SAT scores. I can't tell you how great of a business that we're building in customer support. It is a differentiator for us. And then on the G and A side of the house and infrastructure, we're going to invest in cloud and data center expansion to support that $300,000,000 in growing SaaS business and we're going to be building out facilities to accommodate new employee headcount growth. Speaking of headcount, we wanted to give you a snapshot of where the heads are in the organization and give a year over year comparison.
You can see support In operations, 333 people as of Q2 2015. Sales and marketing personnel are at 1155. G and A is at 227 and R and D is at 368. The year over year growth in R and D on a percentage basis is the biggest. And that's in part because we did a great acquisition with Cyvera and lots of those folks were engineers and that's added on a year over year basis.
But this gives you a sense of where the employees are located. And you can also see where we are making the most And sales and marketing and R and D are certainly the areas where we are making the most. So let's talk about the target model. I want to give you a little context about the model and I'll start with the headline. We remain committed to the target model And the timing of the target model.
The context is we came up with this target model at the time of our IPO. And candidly, we didn't think and candidly, we're pleasantly surprised that we're growing at the rates we're growing at this size and scale. It's very rare when you get to $1,000,000,000 billings run rate where you're seeing accelerating growth. Additionally,
Growth. Additionally,
between the time of the IPO and today, We made a meaningful acquisition in Cybera and we were able to absorb in this fiscal year an incremental $25,000,000 of OpEx investment. We're not changing the time frame. So what we've done here is we fine tune the model. And by fine tuning the model, we've increased our gross margin target From 73% to 76% to 75% to 78%. And we're doing that because of We're getting a broader adoption and bigger contribution from our services and SaaS business.
We're also going to be making investments to help build the infrastructure out. From an R and D standpoint, we're not making Change the target, but we are very much keen on increasing our technological lead. So we're going to continue to invest there. Sales and marketing, we're bringing up a touch. We're bringing it up to 35 to 38 from 33 to 36.
And how we are going to get there from here is we're going to be expanding within our existing customers. You've seen that proof point. The expansion sales typically come at a lower cost of sales and marketing. We're going to have a higher percentage of ramp Higher percentage of ramp people are doing more dollars per person. We'll have higher sales coming from renewals And we'll have improved leverage from the channel and lower cost sales regions.
Now over the longer term, We certainly think we can get sales and marketing lower than 35% to 38%. However, the time to do that is not now. With 8% market share in network security and 0% market share in endpoint security In the growth rates that we're posting, getting more incremental leverage out of sales and marketing will come, but it would be cutting off our nose Despite our face to try to do it sooner, we'd be giving up a large market opportunity. G and A, we're not making any changes to at 5% to 6 And again, the overall operating margin target of 22% to 25% remains intact by Q4 exiting Q4 of 2016. At some point down the road, as we get closer to the target model, we'll look at what the long Term target model is.
We've purposely never called this the long term target model because we want to get there first. And we've had a Playbook of making the investments and seeing it pay off and we're marching towards this. Now there are a few other modeling points I want to highlight for you. The first is free cash flow margins should be north of 30% At the target model? CapEx for this fiscal year is no change.
What we talked about on the earnings call was CapEx was going to be $45,000,000 to $50,000,000 this year. While we haven't done all of Planning for FY 2016 yet, we're looking at CapEx to probably be in the range of 5% to 6% of revenues for FY 2016. Our tax rate, our non GAAP tax rate is static at 38%. We don't anticipate changing that. In the near future, our cash Tax rate is going to remain to be very low.
So that covers the modeling points here. And then to summarize, We feel like we have multiple growth drivers in the business and lots of proof points that the model is working. We have a proven hybrid SaaS revenue model That's a key differentiator for us. And we're today, we're generating strong free cash flows. And In the future, we're going to be increasing operating leverage.
So with that, that concludes my section of And what I'd like to do is invite the other members of the senior team to come up for Q and A. So thank you very much. Appreciate it.
Thank you.
While we get things started, Carl Ziegle was joining the dialogue. I'm coming.
Karl Keirstead of Deutsche Bank. Thanks for hosting everybody. This has been really great. My question is on the guide for Free cash flow margins. I think when you say over 30 that's basically reaffirming what you've said before which is that the free cash Flow margin should run 5 to 8 percentage points above your non GAAP operating margin numbers.
But in the last couple of quarters they've run more like 25% above. And it makes that 5%, 8% look a little conservative. So maybe you could help us with how we might model free cash flow margins between now and then because that $30,000,000 looks
a little conservative to me. Thank you.
Yes. So as we get more of our revenues off the balance sheet, we've already collected that cash, Okay. So there's a the differential between the operating income and the free cash flow margins are going to be converging. The other thing is over the longer term, we will be paying more cash tax, which is something that's not in operating margin, Right. So you will see a convergence and that's why we feel like the 5 to 8 percentage point rule of thumb above the top end of our model is reasonable.
That's why we say it's going to be north of 30%. In the near term between now and Q4 2016, I anticipate there being again this very large delta. And as a data point, What we told folks is as an interim milestone that we'd be in the low teens non GAAP operating margin exiting Q4 of this year and then get 22% to 25% of Q4 next year. So there will continue to be a sizable gap between today In Q4 2016, but I see that gap narrowing as we are getting more of the revenue off of the balance sheet.
Yes.
Kelsey?
Hi.
It's Brent Thill with UBS. Stefan, just on auto focus, can you talk a little bit about the monetization and how you expect to price? And then for Mark, just on Traps, can you just bring us up to date in terms of what's happening with Enablement of the field, the reseller community, kind of where you're on the referenceability in live projects going out would be helpful. Thank you.
Yes, sure. So I'll take one.
So on the auto focus, our intent there is that this will be a service, a new service for us. So it'll feel like the service revenue collected upfront recognized over time. It will not have an attach rate concept though, because it doesn't attach to a device. So it'd be more like Traps in that sense and less like the wildfire, for example. We'll start selling this in the fall.
We would expect that the price points around this would be that we'll charge tens of 1,000 of dollars per year for usage of this and in enterprises. And it depend on how many operators in the enterprise use a tool like this, a service So like this, we'll get a better sense of this as we go through the community access program as well, as far as what the uptake and adoption rate of this would be. But we think it's a tool to be useful for The whole customer base, larger customers run teams that have security teams that can use something like this. Smaller companies may not, but that's where partners can come into play to provide as a service for them.
Other question was about Trap?
Yes, Brent, on the Traps build out. So we're really slightly ahead of our hiring Right now for Trap's teams in the Americas and EMEA, a big part of what they do is they enable the focus partners that we've chosen We sell track. These focused partners in many cases are like Acuvon that are existing security partners. In some cases, they're actually focused Endpoint partners that we found and are starting to do business with. So in terms of the POCs, we've got lots and lots of POCs out there.
I don't know if we comment on the exact Number, a ton in the U. S. And a significant amount in the Asia. We even got Customers in APAC in Japan. We actually have one partner in Japan already spun up even though we don't have a resource on board there yet.
So it's ahead of, I guess, my internal expectations and it's going to continue to ramp this year. We'll hire people in Asia Pac, probably in Australia, maybe
Jason Nolan with Baird. Thanks, Kelsey. Question on,
what Nir referred to as Ghostbusters to start. 1 of your competitors has a post breach services business that Sometimes competes with
the channel. So with some
of your partners here I'd love to see where Unit 42 could be someday. Is it services? Is it more marketing? I know know it's the meaning of life, but what else could it be? And then, Stefan, you referenced products by industry.
Are those Could those be items that are sold as modules? Or are they just enhancements
of what you have today?
Yes. So I could I'll take the first question. So this is one of the reasons why I talked about like ideas and philosophy matters. So we're very prevention oriented. We're very technology oriented, No.
In order to get the job done, you have to have people process and technology. We're very focused on the technology aspects and getting leverage from that in order to do the most Prevention is possible. So it doesn't mean that there's not a business out there for incident response or remediation. It means we're not in it, right. And our job, our goal is not to make that stuff go away because it won't.
It should be wise to be prepared for that. Our job is to make it Less. Make it occur less, right? So it's a very big market and people will fit into that market. But we're not in that You're not going to see us get into that business.
Unit 42 for us is a group of really, really smart folks from a threat intelligence perspective, that their primary Task is to make our technology smarter. That's what they first that's what they do mostly for a living. The second thing they're doing in doing that, they're finding stuff out there that's of interest The customer community has seen us do that with Wire Lurker and Coolpad and some of those things that are out there. That's great. That gets notoriety for Palo Alto Networks and the team on being some of the smartest guys in the room around this.
But we don't monetize Unit 42. We don't intend to monetize Unit 42. We absolutely intend to monetize the intelligence that's coming out of that as you've seen with auto focus is a Perfect example of that and things that are going into the platform. But their job is to make the platform better and better.
Then the second part of your question, what I was referencing is more industry related solutions selling. Saying there's more industry related solutions selling, not specific new products or subscriptions Specific to an industry, but it's best practices. And you can imagine across the 22,500 customers that we have, we have some of The biggest logos in each of those verticals, there's a lot of commonality around network topology For structure. And when we have great customer wins and use cases, we're going to start to package that more to have more of a vertical and industry marketing focus. So no new products per se, but it's an ability to go deeper into those verticals themselves because we'll have Best practices and solutions guides.
Sterling Auty from JPMorgan. Stefan, you mentioned Entering in kind of the refresh cycle, what I'd be curious about is maybe some of the early data points that you've seen, what's an average refresh? Is it 4 4 to 5 years, what's the trigger? Is it when the depreciation comes off the books? What triggers the refresh to happen?
And when you look at those early cohorts, How do we think about the number of devices in some of
those customers? So the first part of the question, There's certainly the depreciation element around it, which you when a unit comes off depreciation cycle, that could be a But the real catalyst is when we come out with new operating systems that have great robust features and functionalities, and usually we have 60 to 70 new features Per new OS. So when you have older hardware, we were selling the PA2000 and the PA4000. As an example, if you're running 5 Auto code or lower, you wouldn't have the benefit of having wildfire running as an example. So it's really the catalyst is really the new features The functionality around that refresh discussion starting to happen.
The size, again, it's We're real early days. Oftentimes, in the earliest purchases, it started out with a handful of appliances. Maybe they've bought a dozen or so. Maybe they've bought a dozen or so. And typically those are 2,000 PA-two thousand and PA-four thousand units.
The natural upgrade would be to the 3,000 or the 5,000. And then there's even the opportunity for an upsell to occur Because if they're refreshing those at the perimeter, we could be going into the data center with our 7,050. So not only is there the refresh cycle for the Original units, but then you have multiple new use cases and then you add on Traps and Autofocus and there would be an ability to upsell more. Can I comment on that, Phil? Sure.
I think that I don't know. Can you hear me? Generally, in our industry for many, many years, it's not just Palo Alto Networks. The main reason for an upgrade was speeds and speeds. So the thing is that if you look at the price of security, it goes up significantly as you go up in speed, meaning to go from 100 meg solution to a gigabit solution to a 10 gig solution to a 100 gig solution, the increase is very, very steep.
So customers tend Usually to buy what they need right now, meaning if you need 5 gig firewall today, you will buy 5 gig, you're not going to buy 100 gig. But it so happens to be that network throughputs are growing very, very, very fast, especially in the data center. And that drives a lot of refresh. Just the need to increase the speed because you didn't buy the 7050 when you should have.
A question for each, Mark. So Mark, you first. Just with Traps, can you tell about your expectations for selling it to customers? Are you expecting that to Largely sold through the endpoint groups in the enterprise? Or do you expect that to be mostly bundled in as With your platform sales.
Largely sold through the endpoint resellers you mean? Or Well, you mentioned that you're going Through the
resellers with a lot of your trials. So I'm wondering if you expect that to be your primary channel to the enterprise or if it's going to be packaged in more.
It's going to be packaged in more with our core go to market motion. So I think the major account managers, mobile account managers are going to have already started to engage the subject matter expert teams that we have and presenting them to their customers as experts and earning opportunities to do proof of concepts and ultimately Sales. Same thing is happening in the commercial business as well. From a partner standpoint, I think the real partner Leverage will play out much more over time when the partners have had enough success and soak time with some of these projects.
Okay. Mark, Just in terms of the East West Fire Walling, if we rewind 12 plus months ago, we heard a lot about wildfire, a lot about East West Fire A lot about the 7050. We've seen 2 of those 3 probably exceed our expectations at least. But can you talk about the partnership with VMware?
Yes, sure. I will.
And just one more point
on the Traps thing too. At the end of Mark's team knows how to do this and how to sell the platform. So of course, we're going to talk about Traps to solve a specific problem On the endpoint, but when we tell that story as part of the platform with the attack lifecycle and the prevention, that's where it really gets juice, right. And that's whether you talk about NSX or what they're talking about. Auto focus doesn't matter.
Whatever you're talking about, it's just an entry point. So the NSX really It's going very well for us. If we back away just for a second on what the problem is, right, going into the hybrid private cloud environments and having East West traffic, that's a use case that didn't exist a while ago and now it does. So what we get from the relationship with VMware is 2 things. The first is mindshare, meaning that we've leaned very forward into this go to the cloud, right, and what that means from a consistency Of security and we did it with VMware because there has such market share in that case.
So as an attention getter for us, as a meeting getter for us, The follow-up to being in for us, I would put that close to 100%. Like personally, I talk to customers all the time. I don't think I've had a conversation unless they just We can't stand VMware, right. But even then we can move the conversation to we can move it to somewhere else, right, that benefits us. But Very, very high attention getter for us.
And then follow through is good as well. So I think VMware said recently they have last time they reported, I guess it's getting close to the end of the quarter for them, but they had 4 Customers already, and when we look at that base and say, that's great on the 4 legged sales calls, which we're doing a lot with these guys, we're running over 300 POCs, we've closed multiple deals already with this. 1 we closed last quarter was a Fortune 100 company that was a Small customer pilot networks at the perimeter already. And in a 4 legged sales call where they're buying NSX, we closed a multimillion dollar deal in association with that Purchase that they made. And that got us to the table.
We were able to talk about the data center and virtualization of the data center, What the security needs, we had VMware sitting next to us saying, yes, that's the right answer. So I think that over time it's working and I think over time this could grow into something pretty meaningful for We do have a condition precedent of you got to buy NSX, right? So we're the hopefully a big tail on that dog, right? But it seems to be going pretty well.
And Nick, VMware themselves will tell you that the number one use case that they're selling NSX successfully is micro segmentation. That's a security use case. So that's right in our sweet spot. So we're very much aligned with them in the field as well.
Actually, I think we've run out of time.
I think we've got one
more. Okay.
Darn it.
You guys took a break. You were logged on your break and you're supposed
to be keeping it. I'm going to throw it up in the air and one of you is going to catch
it.
Stay 2 more minutes, Seth. No, I'm just kidding.
Excellent. Thank you for squeezing me in. One question for Lee. Just want to make sure there's reason he's sitting up Just drilling down on
Hi, Candy.
Drilling down on auto focus, it seems like you're trying to solve the signal through The noise problem. So the question is, what's different with this product versus what people get with Wildfire? And what would be the difference in the use case here versus your partnership with Splunk, where you're trying to where they're trying to sort of pull that information and get the signal out of the noise. And then one for Mr. McLaughlin.
We've heard a lot about the value of the intelligence that's being pulled out of all these systems and sharing the intelligence in most of the parts. But you guys are also doing agreements where you're sharing information with other security vendors. And we're hearing about Obama trying to legislate sharing of information. Does that at all devalue sort of the security intelligence that you guys
So I think so with autofocus, there's actually a few use cases. The one that I really focused Today was the sort of that finding the needle in the haystack use case of through all the different things we see, what are the things that should be most prioritized, what The targeted unique attacks. And that's based on wildfire data, but wildfire is just trying to find good versus bad. So autofocus is then How do I prioritize and sort through the bad to really pull out the things that are that should receive the most attention? And so they work sort of hand in hand to a large extent.
Now how that varies from say Splunk, I think Splunk It's more focused on the wildfire side as well. How do they take a wildfire log and just go confirm that it was If malware was successful or not. So again, they're also not focused on what autofocus is able to do in terms of really Pinpoint those unique targeted attacks. There's actually a couple of other aspects to autofocus as well. I talked about context, Which is very important.
So when you have a piece of information, how do you get as much information around as possible? Because that makes the information more actionable. And then there's one that Nir kind of alluded to, that I didn't talk about, which is just the internal use of autofocus within our threat intelligence teams, Unit 42, in order to be able to use it as a tool to create new detection mechanisms that otherwise don't exist. And so there's a number of really amazing things that we believe Autofocus is going to be able to do as we build it out, expand it and get the community going.
Yes. And on your question on the sharing, again, not to repeat the whole philosophy ideas matter, but it really matters about what we're trying to get done. So if you really believe in prevention Like we believe in prevention and you're really trying to get highly automated prevention dispersed as fast as possible to everybody, then you have to share Intelligence, right? So if that's your mindset, then it sort of frees you up in a way. I can tell you when I was I've had this idea of the Cyber Threat Alliance for a while is sort of like a security ISAT, right?
And you got the pitch at the other security CEOs and the first answer is, are you out of your mind, right? Our stuff is so much better than your stuff and so special. And your response to that, which is taking hold is The security industry is changing. And it's changing this way, which is it's not about what you see. It's about what you do with what you see, Right.
So it is to the platform. Like if you had the information, what would you do with it, right, in order to help you as a customer? I think that's changing pretty quickly in the customer community. They're just they're not going to tolerate this anymore. I mean customers are not going to tolerate Tom, Dick, Harry, Susie and Jane come I see a little bit more in DCs to buy all of our stuff.
And we're very confident of that. We're trying to get ahead of that. We're saying, you know what, we see fantastic stuff. Lee showed you a chart Unique samples in wildfire. We'll hold our uniqueness from a threat intelligence up to anybody.
But We're way more interested in what we can do with that and we're willing to share because we think the platform can actually deliver the Eye prevention outcomes. And then that's you're seeing that all over the place, not only for us trying to do that with our own ecosystem. We're trying to do that with the CTA to get the community work together. We're trying to you're seeing a lot of stuff in the government about threat intelligence sharing as well. And on that last one, I think we're going to end.
But at the lunch table, a lot of people are asking me like what's happening in DC with this threat intelligence sharing and all these bills and stuff, that's it. That's the point, right? The reason that everybody is focused so much on sharing Threat intelligence is to do what we're talking about because the sooner you can get that information and data in a highly automated way, the sooner you can make it such the attack is only going to work I think that's the end game. And I wanted to highlight Ryan Gilles is in the back room there. He's our stand up there, Ryan.
Ryan just joined us from the White House. And Ryan is our 1st ever a new Head of Government Affairs for Palo Alto Networks. When you saw President Obama in a little clip said Palo Alto Networks, Ryan did that, Right. So we expect
to have
a lot of relevance in this whole conversation as we go forward. So we're going to have to end there. We're out of time. Thank you very much Sure. With being with us, this is going to end the webcast portion of this.
So we'll