So good afternoon. Thank you all for joining us. We really appreciate it. It's always nice to see a full room. So thank you very much and thanks to those of you on the webcast for joining us as well.
So Unlike an earnings conference call, I'm not planning on reading all of the fine print to you all. I've checked the box and I can now go to the much more important part of This is a high level agenda of what we're going to accomplish this afternoon. A lot of you have asked us why do this at our user conference. And quite frankly, it's a perfect place for you to actually see the excitement about what's going on with us. A lot of you ask us difficult questions, things like, well, I hear other companies saying X, Y and Z, I hear you saying something else.
And we really encourage you to go talk to our customers, talk to our partners and ask them the hard questions, because they're really the best ones to speak about the value proposition and the vision, and one's like doing business with us. So that's the point. One note to all of you, you should have received an agenda book with all of your information relevant to the track. If you don't have one, we'll have some in the back. Times and locations are located in that.
There's been one small change, right after this, we're going to go into a cocktail receptionist, where you'll have the opportunity to spend some time with our executives. We have changed that location. It's going to be some place called the Chelsea Mezzanine and we will have people stationed to help you find that venue. To that end, if you don't get a chance to ask your question in this forum, we will be here and we would be happy to field any questions
during that cocktail hour after we're finished.
So the other hour after we're finished. So the other point to make is tonight, you're invited to the Ignition Chamber, which is also known as our exhibition hall. That's really where we're going to cut off kick off the customer portion, the partner portion of this event. And we'd love for you to come and see what's going on up there. That starts at 6 and it is going to be on the 4th floor.
So we're going to actually get started with a little video and then Mark will come up and kick off. Thanks for joining us.
VISTA 14 so far has just been a great year for the company.
In line earnings, better than expected revenues surged 8.7% year over year.
Your stock has certainly performed well. It's up better than 60% in a rather short period of time.
Place the old systems, the legacy systems with just one new solutions, the next generation firewall and we really gained in performance as well as in efficiency.
We don't know what the next 12 months holds. So we need partners who can be flexible enough and change quickly enough to grow units. I feel that how often it works is one of those comments. We've moved into our new campus. We've launched new innovative services like the new version of Wildfire.
Our 3,000 plus Wildfire customers are now also sending to the cloud PBS documents, Office documents, Java files and of
course, Android
that something has happened, that malicious or potentially malicious software has come down to a very specific endpoint. And it gives us a starting point
And we're really excited about the launch of the PA-seven thousand and fifty, which is the world's fastest next generation firewall.
Good afternoon, everybody. Thanks for being here. It's great to see all of you here. I really appreciate you taking the time, especially coming to Las Vegas. I know it's a bit of a trip for folks from the East Coast to join us for our Knight user conference.
This is actually the second one that we've done. Our very first user conference was last year and what we wanted to do last year, it was very was to get together our users in order to talk with them, but more importantly just enable them to talk to each other about things that they need or that the things that they see in the market. And we took all that feedback back to the company and did up with that and it was so successful last year that we were going to keep it going. Last year, we had about 850 folks at the user conference. This year we're looking at just shy of 1900.
So if you have the opportunity to stay over the next 2 days, you'll be sitting with close to 2,000 of our customers and partners in the main ballroom, which we encourage you to do like Kelsey said, We're really just enabling these folks to get together and they're wide open to speak to if you want to spend a time or I say that they'll let me know if they want to talk to you, but they're available, right, if you want to spend the time with them. So that's really why we want to have you here. Last year we couldn't do that because just from a timing perspective, we were in a we were in a closed window. So the ability to do something like this tacked on to it was limited to a little bit about our prior planning this year on our side. So that's what this is about for this week.
And what I wanted to do and what we want to do this afternoon since we have the opportunity with you. It gets you updated on some of the things that are going on in the company. And then most importantly, answering questions that you have, take the chance to get everybody at the same I have with me today a lot of the senior executive staff from the company, some of you who you'll from we've got Mark Anderson, who runs Worldwide Operations down at the end of the table Stefan Tomlinson, our CFO, who I'm sure most of you know, Renee, our Chief Marketing Officer. Of course, we have Nir Zucker, our Founder and CTO. Lee Claret, who runs Olive Products, is with us as well.
Sitting next to him through his hand is Chad Kinselberg. You may not met Chad runs strategy development for us. He was on point for both Savara and the Moerd acquisitions and was also the guy who brought made VMware a reality for us from a relationship perspective. So if you have interest in that, he's a guy to talk with. We also have with us Ori and Nadi down at the end of the second table there if you raise your hand These are the 2 co founders of Cyvera who flew over from Israel last night to be here with us today.
We'll get a little bit of stage with them and they'll be with us all through tonight at the cocktail hour as well. So feel free to introduce yourself or ask questions. And we also have way in the corner back there Raj Shah. Raise your hand Raj. Raj is the CEO of former CEO of Morta Security who we brought into the family in January, who is with us as well and will also be with us through this afternoon and the cocktail hour.
So Please avail yourself with the opportunity to speak to anybody on the staff you like. The other thing we're really delighted about this afternoon too is we have some of our best partners from a distribution standpoint with us that will get introduced in a little while, but down here too. We're going to do a bit of a panel with them and open it up for any questions you may have too, so you can talk to some of the folks who are actually out in the field every day working with not only our technology, but other people's technology too. So what I'll do for the next about 20 minutes or so. So I just want to give you a high level of what we're thinking about as a company, where we're going and then we'll try to keep this as interactive as we can.
Take time during each of the shorter presentations for some Q and A. And at the very end, Stefan and I will fill up questions along with the rest of the team for a while before we break for the cocktail hour. So when we think about Palo Alto Networks as a really unique and compelling company, We think it's got a number of attributes for it. The first is that we're operating in a very large addressable market that's growing. That's true for, I'll call it enterprise network security and it's also even more so true now with the expansion into the enterprise endpoint security market as well.
So large and growing addressable market opportunity for a use case, which is could be simply stated is cybersecurity, which is a very high level high visibility issue in all enterprises today. And we're offering a strategic solution in order to address that concern or problem for customers. We're doing that uniquely we believe with a true platform approach, meaning not trying to it's not a product that does many things or cobbling together disparate piece of technology, but a very ground up platform approach and that's going to be important for us in the future as we roll out particularly things like Savara inside there as and we'll talk about that. And in this platform and I'll give you a visual in a second of 3 points of a triangle, every one of them is next generation technology. I think you're very familiar with the next generation firewall technology.
In Cybera, we found the next generation of endpoint technology and we're wrapping those things together with our threat and we're wrapping those things together with our ThreatCloud technology as well also we consider very disruptive. And we'll talk through why we think that's the case. What that's resulting with for our customers is 1st and foremost superior security. It's better security, but they're also getting fantastic total cost of ownership. And we'll see this run through some of the numbers when we hear from Stefan about lifetime value, and things like that, what our customers have found working with us and continue to find is actually the more they work with us, the better the security they get and the less operational burden they have over time.
Those two things are very important. Superior security and superior TCO I think are the winning formula. That's what we've been doing and that's what we're going to continue to do in the future. This has resulted for us in a very business model, I think somewhat unique again and that we have a hybrid product SaaS business model and you can see that playing through in our subscription services as well as product. And we've been able for over a number of years now to demonstrate the results of this in very high revenue growth, high billings growth and a lot of the benefits that come from the hybrid SaaS model from that and we'll get into some more detail and update you on what that looks like.
But I want to step back for
a second and say, what's the strategic evolution of Palo Alto Networks? And what does 2014 mean? Why Mora? Why SIBERA? What are we doing with wildfire, things along those lines.
So if I go all the way back to 2,008, which is when we introduced our first technology, went to market with it, which is the next generation firewall, which is the firewall, which is a mainstay of one of those three points of the triangle. It was thought of as a next generation firewall company. It was in market opportunity at that time of about $4,000,000,000 for a piece of technology that's very critical for all enterprises where we did something very disruptive as opposed to what everybody else was doing in that market. And the customer needs at that time were really the customers were saying, I'm being invaded by all these 3rd party applications and traffic on my network and it's creating a real problem for me. And the core value proposition for our company at that time was application visibility and control.
The technology is very different. A lot of customers actually didn't know what to do with it other than when tested it. They said, well, I get to see things on my network that I never saw before. So a lot of times people were installing us to provide application visibility and they started to grow into control after like what could you do with that visibility at a time when it really matter.
If I go back to or
if I go back to 2010, what has occurred since we first launched the product, but people are starting to realize what that next generation firewall could actually do. It's a lot more than firewall. All the technology and use cases for that existed already. But there was an acceptance from a customer perspective of what the needs were, which were really about we have all these macro trends driving applications and threat on to the network and that that next gen firewall could actually do something about it in addition to providing just the visibility. And this is what world looks like today.
Sorry, I think this realization came about 5 years ago, but it's really what the world looks like today, which is all these big time IT macro trends that are driving an immense amount of productivity for companies, but at the same time they create the perfect for the bad guys. You have all these 3rd party applications coming on the network and all the bad guys know the best way to get on your network is through an application. So you're no longer controlling your applications. If they can get in there, they can get on your network, then you multiply that by whatever because you have all these mobile computing devices, so even more points of entry. Then you have a complete blurring of the line between what's work and what's home.
So these applications are not even just corporate anymore. And just to make it more difficult, you put everything up in the cloud. So it's not even your own network, right? All of these things are really important. But together from a security perspective, this is why security is so hot, right?
Why it's so important? Why is everybody talking about advanced threats and cyber security, it's because the culmination or combination of all these things has created the perfect storm for the bad guys. And from a core value proposition for us, the recognition or realization from our customers was that they could actually make those applications on the network safe. The first thing is they could actually see them for the first time, then they could actually control them and the ones that they wanted, they can make them safe. And everybody else in the market's value proposition was will prevent the application.
It will stop it. It will block it, right? And that binary approach called let it in or block it just doesn't work enterprises because in a lot of cases they want the applications on the network and they want to be safe. And even if they don't want them on the network, the chances today of stopping them in the first go down because the DAS guys are getting smarter and smarter. So with that backdrop and bringing us up to the present, right, We believe now that we're serving an even broader market, which is the enterprise security market.
It's not just the network, enterprise network security market. With the addition of Savara, which is something we've been thinking about for the better part of 2 years, which is the entry into the enterprise endpoint network, we're now playing in a broader market, which is the enterprise network, which is the combination of those two things. And why is that the case? Why now? Why does it make sense?
Everybody's heard about advanced persistent threats until they're blue in their face, right? But the breakdown of what an advanced persistent threat means is that the threat itself is incredibly sophisticated. It's very focused and targeted on an individual in a company in order to get some specific information in the company. And it's the sophistication of of the people who are trying to do it has gone up dramatically. So those are the three things.
That's what that means, APT means, right? Those three things together have created a scenario where from an enterprise perspective, the concept of security is totally strategic, right? It could be the loss of your whole business. It could be the loss of your reputation. I saw something after Target got in January said like 54% of the foot traffic in their physical stores dropped off.
It was a staggering amount of stuff because of what occurred there. So the idea of security is being really, really strategic to enterprises and organizations, I think is for sure. Like it's I think that has definitely arrived. And the second thing that's arrived or is coming is how do they think about that as companies? And I think I use the word holistic here.
And I mean that in the sense of when we talk to senior security professionals and there's going to be a couple 1,000 of them in the room tomorrow, right? Senior security professionals, they're thinking about their enterprise less and less called, I'm the network guy, I'm the endpoint guy, right, and I'm the desktop guy, particularly the higher level in the organization. So they're thinking holistically about security saying, I have to protect the entity, right? And I'm looking for approaches that allow us to actually protect the entity, ideally in preventative manner. So this is a big reason why when we want to expand into the enterprise market from we've moved into the endpoint space, because I think the walls are breaking down very quickly about buying centers inside an enterprise that are just thinking strategically and holistically called I just got to protect this thing.
The other thing that's and holistically called, I just got to protect this thing. The other thing that's has been evolving very quickly is the actual technology itself. By this I mean, really cloud technology, which we've been utilizing since the beginning of the company for threat prevention, then we did it for wildfire. And now we're going to tie together the Savara technology as well, which is starting to use the cloud a long time ago, we've developed the
methods and
to use the infinite compute power that's available up there at a very high speed manner in order to do things at the network which we've proven for some time and now we're going to do it at the endpoint as well and use it as the brain for some time and now we're going to do it at the endpoint as well and use it as the brain for lack of a better term to tie those things together from a securities perspective. We think the time is right for us to expand into the enterprise security market, not just the network security market for all these reasons. And we're very confident that we're right about this and that the time will prove us right in the next couple of years. All that tied together is an approach for us that's prevention first. And I wanted to highlight this a little bit because I think there's a couple of things about Palo Alto Networks is they're just fundamentally different than what everybody else in this market is doing.
Start with else in this market is doing. Start with philosophical and then go to technology. The philosophical approach is from the beginning, we've believed in prevention, not just detection and fix. Almost everybody in this market today is very focused on detection and fixed.
What bad thing has
happened to my network and I and fixed. What bad thing has happened to my network? And it's the assumption that it's there. Can I detect it? And then can I fix it and remediate afterwards?
And there's nothing wrong with that, right? Because if something Dow is going to be in your network, you'd certainly want to be able to do that. We've taken an approach over time that wouldn't just be better to stop it, right? And nobody's going to stop everything from getting under your network. We're not saying that we can do that.
But we do believe that the idea that you can do high speed prevention that exists. That's what we've been doing with Wildfire for some time now on the network side. And as you'll hear from fire for some time now on the network side. And as you'll hear from some of my colleagues here, the SIVERA technology is all about prevention as opposed to just detection. It's about stopping things before they occur in the 1st place.
And if you could do prevention, right, as well as detection capabilities as well by prevention first, you get to a core value proposition. So in 2014 as company, we think this is our core value proposition for our customers. We've been talking with them a lot. So this is an enterprise wide security platform that's going to safely enable all applications that you want on your network through the granular use control. It detects all known threats and can stop them and it can prevent unknown threats in a faster and faster cycle.
That's going to be for all users on any devices across your entire network all the time whether it's physical or whether it's virtual. This is what when we go out and talk to people, this is what we say, right? And it resonates really well because it really means at the bottom here I put, which is if you could do that, you would have superior security meaning better and better prevention capabilities which is better security And you would do that ideally with ever increasing superior total cost of ownership. And specifically what I mean by that is the continued reduction in operational burden on customers for security. One of the things for sure and if you hang around for keynote tomorrow that you'll hear me say is customers are they don't even know how to keep score anymore, right, on the security battle about put more technology, put more technology, put more technology.
I don't know if I'm winning or I'm losing. And everybody has to spend on security like they have do that because it's such a strategic imperative for them. But there's going to be a point there's going to be some point where companies don't have all the money in the right. They have to make hard decisions about what they want to do and we think a platform approach with this value proposition is a winning formula for those folks over time. And I think we've shown this for sure in the next gen firewall plus what we what are the other things around the firewall we've done in enterprise network security.
But you just can't do prevention, right, with legacy technology. State inspection technology, which we've talked about a lot, is just an approximation in the 1st place to even do detection, let alone prevention. So legacy technology doesn't get you there. Technology and the endpoints don't get you prevention either. And no amount of consolidation of legacy technology is going to get you there either.
I think that's been fairly well proven by us for the last few years. And it's just going to accelerate, meaning the recognition of that we think is going to accelerate over time. And I just came across this the other day, this quote up here. This is from this is a McKinsey report that was developed from the most recent Davos forum and just a few months ago. And they basically went around and talked to a lot of leading companies over there.
And this is what they said about security, right, which is that the traditional approaches are increasingly ineffective, right? They look to be ineffective and it looks like all they're doing for us is their passive measures to let us know what happened already, right, which is usually bad stuff. And then you got to get into the position and say, what are you going to do about all that bad stuff? And that's what the industry has been providing. Let me tell you what bad thing has happened and let me charge you a lot of money to try to go fix that.
To get to prevention, we think you have to have a platform approach, next generation platform approach that really at the end of the day is doing highly integrated and highly automated security processing, so that you have to do less, right? And I'll give you a specific example. For detection capabilities, if you have a lot of detection capabilities in your network, generally what happens is that if they can detect something bad in the first place, you get an alert, right? You get an email, you get a text, you get something on your management system, but you get an alert. Basically, it says something bad happened.
And then it's up to you as the customer to figure out what if anything you can do to try to stop it, isolate it, fix it, all those things become the customer So we think highly integrated, highly automated security in a platform approach is the outcome and that's what we've built here. And it starts with the next gen firewall, which you guys are all I think very familiar with. But basically this is the device because it's the firewall. You have to be the firewall to do this. It's a security device that inspects all the traffic all the time in and out of your network, right.
So we could do that. In addition to that, it detects all the known threats. So it can safely enable the applications on your network and then it blocks the known threats. It takes unknown threats and sends them off to our cloud, which I'll talk about in just a second. Our newest addition to this would be our next generation endpoint technology.
And the reason I say it's next generation is and there's the education about this from a customer perspective is very similar to the next gen firewall and the endpoint market today. Everything in the endpoint market today is around like malware detection and forensic capability, right? So it's that detect and fix mentality. What Cyvera has done uniquely as far as we can tell, is the only company that's figured out actually how to prevent the exploit in the first place, right? So that's why we think we have with liberty with next generation, this next generation endpoint technology.
So what that does is it's inspecting all the processes files across all of your endpoints. And it's actually using the underlying exploit technique itself in order to block or stop or prevent or misdirect or there's lots of things you can do with it. But basically the answer is it just doesn't get there in the 1st place. And then with our cloud, what doing is we're saying that we can take the information from the network. Now we'll get it from the endpoint as well.
We can send it up to the cloud. We can quickly analyze it. We can correlate it. And based on what we see in the cloud, we are then able to push to the network, which we've been doing. Think of the cloud here for wildfire as an example, right?
We can push down to the network. From unknown threat perspective, the signature back to say, well, now it's not unknown anymore. Now it's known, So now you can block it or stop it once you know what it is. We're going to do that with the endpoint as well and tie those things together just like this diagram shows. So it's this platform approach that is prevention as the answer.
And from a customer perspective, sort of what does that look like? If you're going to be an enterprise security company, you have to be able to take care of your customers across the entire enterprise, right? And that means you got to take care of them in the data center, you got to take care of them at the perimeter, you have to take care of them at the branch office. You've heard us say that before. And now more and more we think that's going to include the endpoint It's just going to be a requirement.
It's not so much a move by an attractive adjacency. That's not why we're market. We think that is going to become a necessity, a reality for anybody in this market has to do this. So the endpoint is in that viewpoint of what the network location is. And you have to be able to do it with a family of appliances that can serve the proper throughput needed every one of those places all with the next generation
technology, which is why we just introduced
the 7,050, which is technology, which is why we just introduced the 7,050, which is a data center use case. And more and more so, you have to be able to do it in a completely virtually, right, not just on a physical basis and that's why we've had the VM series for a while and why VMware was so interested to work with us and vice versa with the NSX platform, which we'll talk some more about as well. We provide those things on a platform basis on a with subscription services. Like that allows us to have a hybrid business model of product in SaaS, which has some great financial benefits for us and then for all use cases. So again, we are unique I think in the ability to go into any enterprise, no matter what their use case is.
When they think about security, whatever the use case is, we can answer that use case for them and with the same platform expand over time and you can see that from our lifetime value which we'll dig into a little bit later or some than you've seen before, the lifetime value of being able to do that and more and more so, particularly in the larger customers, selling the use case just called cybersecurity, right. So when I said it was strategic and holistic, a lot more of our conversation these days are not based on the traditional buying cycle called, I'm in the market for IPS, help me with that. I'm in the market for a firewall, can you help me with that? The more and more they're based on, I've got to solve this security issue across my entire company. Can you help me with that, right?
And I'll call that use case cybersecurity and the answer is yes, we can definitely do that. All based on top of our proprietary PAN operating system, which we get rev once a year with lots of features and functionality to power this whole thing from a platform perspective. So you get this great security and you get this total cost of ownership benefit. So I just grabbed 4 quotes from customers. We have literally thousands of these of very happy customers who are working with us primarily because of the next generation nature and flavor of the security platform.
But this ever decreasing operational burden thing is a big deal. And I think it's going to become bigger deal over time. And this is the kind of things they say when they work with Palo Alto Networks, which is I'm in a better spot than I was before and it's actually costing me less to be there. That's a very compelling value proposition and one we're going to keep driving over time with this platform approach. And it matters because we're in a huge market, right?
The market opportunity for us is the network security market now plus the enterprise endpoint market, which is by a lot of estimates in just a few years' time, is a $20,000,000,000 market opportunity. It will take us time obviously to address the enterprise endpoint side. So those are some big 5,000,000,000 is a big number, but we have to work our way into that. And also customers, this viewpoint about about just the enterprise as opposed to different buying centers that's going to take some time to work itself out as well. But it gives us even a bigger opportunity than one we've been in before.
And no matter how you slice and dice the numbers from where we are on a revenue basis as a company, we're in single digits, right, in the total addressable market opportunity, where we think the ability to double, triple and even more from our market share is entirely possible us in a very acceptable period of time, because the customers really like the security and they really like the total cost of ownership. And we've demonstrated this over time, the ability to do this. Our model is very simple and an expand rate. We can address any enterprise security need for folks. We have been able to put a lot of customers into the funnel if you will at the top of this land strategy.
We have over 16,000 enterprise customers today, we're making over 1,000 a quarter for 9 quarters in a row. We would expect that we would continue to have rapid customer acquisition. It's a big world. There are a lot of enterprises out there. We are under distributed in a lot of cases around the world today, particularly outside the United States, meaning just brand recognition, feet on the street, the ability to touch customers in the first place.
So we think we have a great opportunity to continue to put a lot of customers into the top of the funnel, which is critically important because of the next point, which is once we get them, demonstrated the ability to expand them. So the one I threw up here was a 2,009 cohort, which is the reason we used 2,009, which came to market in 2000 that cohort is actually higher than this one, but it's such a smaller base. I'm not sure it really matters. But the 2,009 cohort is currently at over 6 times their initial purchase and lifetime value with us and that continues to grow and as Stephane will get into some detail, the cohorts are following suit with that. And that's resulted in very rapid revenue growth for a company that I would say is at scale.
We're operating well north of $500,000 in revenue run rate today that implies a substantially larger bookings number. In order to do that given the slowdown model that we have today and still growing as you see at 48% year over year revenue growth for the first half of this year. So, earlier I sort of started with this view at a glance, but we can really simplify this in just three for calling the network. The first is our philosophical approach that then leads into technology is a prevention approach. Very different than what everybody else is doing in this market today.
And the idea of being able to stop things as fast as you can or as quickly as you can if they're happening is very, very compelling with customers. You can't do that without a next generation platform underneath it. Next generation is the 3 components I showed you and definitely from an integrated perspective of the delivery of that cybersecurity solution for folks with a platform view and that results in the superior security with ever decreasing operational burden over time. And we think these are the 3 things that are defining for the company and these are
the 3 things that will
be more and more for our industry whether you can actually stack up to these three things is something that's going to play itself out we think in relatively short order in a matter of years in this business. And we don't think that rail stacks up. So we think we're going to be continuing to grow pretty quickly with that. So that's going to wrap it up for myself. I'm going to do some Q and A at the end with Stephan.
So I don't want to take this time right now. But one of the really important things for us or probably the most important thing for the company is We're a technology company. We're very, very technology driven. We have fantastic go to market capabilities and motions and teams, But
we really start
and end each day with technology, what's the customer going to want and what's the customer going to need. And that's what the reason while we did a couple of these acquisitions because we found fantastic technology in Mortar, we found fantastic technology in Cyvera and we're building fantastic technology.
So I thought it would kind
of be helpful if we heard from Nir for a little bit, who is our CTO and founder, who had a vision 8 or 9 years ago, and we're really working rapidly into some of that So I'd like to introduce Nir. Thanks.
Okay. Thank you, Mark. Thank you everyone for coming here. I'm Nir. I'm Founder and Chief Technology Officer of Palo Alto Networks.
And I want to spend the next 25 minutes Talking about what are the requirements from the next generation security platform, meaning what do you need to have what we believe you need to have in order to be next generation security platform provider. Okay. And I'll try to speak less than 25 minutes, so you can also ask a few questions at the end. So Mark showed you the platform. The platform has 3 components.
It has a network component. It has a host component and it has a cloud component and we started building that platform 8 years ago. And one interesting thing about building a platform is that you cannot decide one day that you are a and then become a platform. Meaning, if you haven't built it as a platform from the beginning, it's not going to be a platform. You cannot take a point product and make it a platform.
I think we've proven that. We've proven that our competitors, which have taken their existing products and kept trying to retrofit it again and again and again by adding this blade and that blade and this function and that function are still only growing 2% year over year, Okay. And we're going 50. We're going faster than them in absolute dollars. And there's a good reason for that.
It's that you cannot retrofit what you have to become a platform. Okay. You have to start from the beginning and you need to have a platform mindset in order to build a platform. And what does it mean to have a platform mindset, it means to have a very long vision of where you want to be and build towards that. And you small and you start with 1 component and one function, but you build it in such a way that it can become a platform and it can encompass everything that you want it to encompass, okay?
So we started building the network component, the next generation firewall about 8 years ago, just over 8 years ago and we started building the cloud just over 8 years ago. Back then the conventional wisdom was to be best of breed on the network side you need to be individual component provider, meaning you have to be a standalone IPS, you have to be a standalone firewall, you have to be a standalone disk and a standalone that. And also the conventional wisdom for taking malware and understanding it and making your network or even you're also being able to detect and stop it was that you need to have 600 people in the Philippines sitting down and doing it for you. And we changed both, okay? We created the network component of the platform to be able to do many different things in we call a single pass engine, which we'll talk about a little bit later.
And we also created a cloud based component that can take malware and automatically convert it into whatever the network needs in order to block it the next time it comes in. And we've been doing it for a long, long time now. And since then we've been adding more and more functions to the network and more and more functions to the cloud and we did it in a way that didn't change performance or for our customers, which shows that it's a true platform, right? That's one thing that the tool platform needs to provide, which is the ability to do more and more and more and more and consolidate more and more and more functions without reducing functionality existing functionality and without reducing performance. So one of the first things like Mark said when we started building the platform, we decided that we're going to be a prevention platform.
Meaning we decided that it's going to be hard, it's going to be we had to fight a lot of fight for that against very strong competitors, But our philosophy was we are going to prevent attacks. We didn't want the customer to wake up in the morning and see that 70,000,000 credit card numbers were stolen and then have to call preventative professional services guy, IR and incident response guy to come and investigate it for 2 months to tell them how they got screwed. We wanted to make sure that they didn't get in the 1st place. Okay. And that's our philosophy and that's going to continue to be our philosophy.
And there is a real argument in the industry between those that think that you need to prevent things And those are things that you need to detect them and then have people come in and tell you how you got screwed. And I guess both approaches are valid because customers are paying money for both and we strongly believe in ours. The second thing that we decided from the beginning with our platform is that we're going to safely enable applications. We're all going to go to the CIO and tell them that we're here to protect them against the bad nations and the bad actors and the bad criminal organizations and all those that are trying to attack We're here to enable the safe use of applications. We are here to make sure that you can use not just email and web browsing.
We're here to make sure that you can use SaaS applications like salesforce.com. We're here to make sure that you can use box.net and we are here to make sure that you can use SharePoint and you can use Office 365. I mean, back then there wasn't Office but Gmail and Google Docs and applications like that and we're here to make sure that they're being used in a safe way, which means that Whatever our competitors do for web and e mail and for files, we need to do for everything, okay? And we're still the only ones to do that. When you talk to our competitors, they'll be very happy to sell you an application blade that's going to block SharePoint for you.
They cannot scan SharePoint for viruses. They cannot scan for export vulnerabilities, they can all take SharePoint documents and run them through their sandbox, they'll be very happy to block it for you. And our approach has always been and it continues to be that the platform and all the different components of the platform need to work across all applications. That's what we mean by safe application enablement. Our job is to make sure that enterprises can use applications in a safe way.
And that's what we're selling them, okay? Now focusing on the network component. Our philosophy is that the network component needs to run everywhere. All traffic all enterprise traffic needs to be expected at the network level. And that includes Internet traffic, that includes data center traffic, both internal data center, which is a very big market an external facing data center market, which is a pretty small market, branch office traffic, cloud traffic, if you host your applications in the cloud and of course traffic coming out of mobile devices.
All that traffic has to be inspected and has to be in the same way. And this is another philosophical difference between us and our competitors. Our competitors believe that for on the Internet gateway, you need to inspect traffic in a different way than you inspect it in the branch office and in a different way than you inspect it in the data center. And We think that it has to be the same. For example, some of our competitors, actually most of our firewall competitors, if not all of them, will tell you that, Yeah, in the Internet gateway, you need this Palo Alto thing of safe application enablement by but why would you need it in the data center?
Well, it's clear what they're saying it. They're saying it because they even run at a gigabit speed when they turn on all the different functions that we do on the Internet gateway. But in reality, the enterprises today cannot treat their internal network differently than they treat the Internet. They've got to assume and they are assuming that's what they're telling us. They're assuming that the bad guys are already on their network, that some of their endpoints have already been taken over by the bad guys and they need to protect their own data centers, their own crown jewels, their own applications the same way from their own user network, the same way they protect their user network from the Internet, because the bad guys are already on their network.
And our competitors are insisting again and again, no, you don't need to do that. The bad guys are not on your network. You can put a regular stateful inspection firewall there. No, you don't
need the IPS. You don't need
to look at all applications. You don't need to look for command and control connections. You don't need to look for malware in the data center. You don't need all that. Just put regular file, it's going to be fine because your network is and our approach is very different.
And then there's always the question of do you really need to be the firewall everywhere, meaning does or is there room for 2 devices or 3 devices or 4 or 5 devices? And in some places, it might make not an economical sense, but It might work if you put multiple devices like maybe the Internet gateway. I don't think so, because we believe that everything needs to work together for superior security and we can talk a little bit about that in a second. But Yeah. Correct.
We can put 5 devices in Internet connection, but in the data center, you can't. Because in the data center, your firewall connects to multiple networks inside a data You have different physical networks or different virtual networks inside your data center. So the firewall has physical many physical links coming out of And if you want to beat the IPS for example and you don't want to be part of the firewall then you're going to have to put an IPS on each and every of these physical links, if you want to do prevention. If you want to do detection that's fine. You can take a single IPS, which is really an IDS and like an octopus send your arms to different networks and monitor them.
But if you want to be in line and you want to prevent stuff, you have to sit on all those leaks. So does it make sense to put a firewall and then send IPSs behind it? Nobody does that. If you want to do prevention, you have to be the firewall. Only the firewall can do prevention.
And this is why some of our competitors insist that you don't need to do prevention, that you need to do detection and then call IR, incident response people when you find something, Because they're not the firewall, what can we do about it? Okay. What do you need to do at each of these locations? Well, malware is trying to get in. So you need to look for that malware.
How do you do that? Traditionally, you do it with sandboxing and The proxy does it traditionally, so you have to replace them if you want to be a next generation firewall, which is part of the next generation security platform. You want to look for command and control connections. If the malware is already on the network, you want to look for that malware communicating with the bad guy. They do it over something we call command and control connections and that's traditionally done by the IPS.
Every network location has to do that. You need to look at DNS traffic. Malware, one of the Akiva of malware is trying to resolve the domain names of where the bad guy is because they don't use fixed IP addresses. Those can be blocked easily. So looking for that, that traditionally can only be done by the firewall because the firewall is the only device that sees all the DNS traffic.
You want to look for URLs. You want to look make sure that Users are not going to URLs of websites that are known to be hosting malware or that there is no communication with well known command and control infrastructure that are based on URLs on HTTP, which is the vast majority of them. And for that you need to be the URL filter. You have to do all those different things at each network location, at the data center, at the Internet gateway, at the branch office for mobile traffic and at the virtual data center, at a cloud based data center, if you want to be a next generation security platform, you have to do all those things. Well, there's only one proven way of doing all those things at each and every of these locations and that proven way is the single pass engine.
All our competitors, which started with 1 point product, usually a firewall, sometimes a different product and then started adding blades on top of it, I've been proving again and again that it doesn't work. It doesn't work. When we go to an IPS deal, They don't show up. The only people that show up in IPS field are the standalone IPS people. The power people that have an IPS blade, the UTM blade that does IPS, They never show up.
They know they cannot win against a standalone IPS solution. We can, we win, we have proof of that. When we go after APT deals, only the APT guys show up. The firewall guys, they don't show up. When we go after content filtering deals, Only the content centering guys show up.
The traditional firewalls that added all these different blades, they don't show up. This consolidation approach, this let's take different components and put them together on the same platform, they don't work. And they also don't work in the other direction. We have seen blade providers like an IPS provider or an APT provider now adding more and more blades to their solution, right, an APT provider adding IPS or an IPS provider adding APTs or anti malware, it doesn't work either. The approach of taking a blade and adding blades or taking a firewall and adding blades, those approaches have been proving again and again not to work.
The only approach in the market that works is this, okay? So if you look at the complete picture of what you need to do and what different companies have, there is very clear conclusion. And that conclusion is that you have to start building your platform as a platform from scratch. It has to scale. It has to be able to run at tens of gigabit per second in the data center.
It has to be small enough to run at the branch office. It has to become virtual and it has to do all kind of things and across all applications for you to be able to call yourself an enterprise security platform. Okay. Now that we talked about network, let's talk a little bit about the cloud. Okay.
So In the cloud actually one second, one more thing about this slide. This slide talks about prevention. So this slide talks about who can do prevention, How fast can they do it? I mean, can they do it fast enough to be in the data center? And can they do prevention at all?
And across what can they do the prevention? So let's talk about cloud for a second about the cloud component of the next generation enterprise security platform. What do you need to do in order to be a cloud provider, in order to do to be a security, a next generation security power provider in the cloud, in the next generation threat cloud? So the role of the cloud is simple. The cloud collects information from the network and now from the host as well, takes that information, crunches it, finds batting, comes up with signatures to detect those batting, very quickly turns around and sends them back to all these different devices, both network based and host based for detection.
Okay? So on the network side, the cloud would be collecting applications like executables or Android applications. It will be collecting documents. It will be like Office PDFs. It will be collecting access to URLs to check whether they're good or bad, DNS traffic to see if the DNS traffic is going to domains that are well known to be malicious and so on.
On the network side, you've been collecting applications, deutables, Android applications, iOS applications and others, you'd be looking at access to operating system functions, crunching all that information, coming up with signatures and searching them back to both the network and the endpoint for enforcement for prevention. And if you look across the industry, different vendors can do different pieces of it. There's only one that's been proven to be able to collect all that information. And today we do it within 30 minutes, come up with signatures and send them to all our customers for prevention. Okay?
That's the only approach that's been working in the market. And last, I want to talk about the endpoint. So first, why do you need an endpoint? Why do you need endpoint security? Why isn't network plus cloud enough?
And the answer is that you cannot see everything on the network. Sometimes bad things get on the network, not even through the network, like through USB keys and others. And there are attacks that cannot be detected on the network. The most sophisticated attacks can in some cases only be detected on the endpoint. Is the endpoint enough?
No, because some attacks cannot be detected on the endpoint. Some attacks can only be detected by the network, if those attack, attack things that you cannot run endpoint security on them like POS, point of sale systems, routers, switches, printers, multifunction devices and others, okay? So there are really 2 high level ways of getting on an endpoint. The first way of getting on an endpoint is by getting the user to install something, getting the user to download an application and install it because they like it. Can be Angry Birds that takes all your e mail and sends it somewhere.
It can be some movie player for Windows that the user because they want to see a new kind of movie and that movie player is actually a piece of malware. It could be a USB stick that you throw in the parking lot and hope that one employees will pick it up, stick it into a laptop to see who it belongs to and what happens next. So that's the first way of getting on an end user machine is by getting them to install something. And how do you detect that? Traditionally, you do it with antivirus.
For the traditional antivirus, You do it with sandboxing, taking vegetables and sandboxing them. You do it with what's called IOC based. This is like next generation AV, indicator of compromised based detection and you can do it with whitelisting, right? Whitelisting says what you can run. So if you haven't seen it before, you can't run it.
The other way of getting on user endpoints, which is the 3 other bullet points that you see here on the slide is really what the most sophisticated tax use, which is exploiting vulnerability. So you find a problem, we will talk about it a little bit more. You find a problem with some application running on the end user machine and you exploit it and then you get to run something on the end user machine and by that you get the malware without user intervention, the user didn't even know that it happened or maybe they know that something is wrong. They don't know that malware got installed. And there are really 3 different cases there.
The first case is when you exploit a known vulnerability, something that as a vendor you know about and or a malware that is known or at least from a known family is installed on the end user machine. This is the simple case. This is for the This is more true for the widespread attacks. And in those cases, we can detect them using traditional network IPS, host IPS, Again, IOC, next generation AV based detection and whitelisting, okay? The more sophisticated attacks exploit unknown vulnerabilities and they use malware that you've never seen before.
They use both completely new vulnerabilities that nobody knows about and they use a piece of malware that's very different than anything you've seen before. In that case, the only traditional technology that works is white listing, Okay. Because that malware that you see there is still not something that was approved by the enterprise to run and therefore the white listing service can block it from running. And then the most sophisticated attacks and these are the real dangerous targeted sophisticated attacks are those that only can involve malware. In those cases, the bad guys exploit the vulnerability on the end machine and they run something inside memory and that's it.
Nothing ever gets installed on the hard drive. Nothing ever touches the OS. There's really no way to detect it like that. And we've been looking at the markets, as Mark said, for the last 2 years, we've tested every solution on the anything you can think about, any startup that has endpoint security that is talking to you, we tested their solution and one company stood apart from everyone else. The reason they stood apart from everyone else is because of their ability to do all those different things and they can do it in a way that doesn't change the way end users work unlike whitelisting and micro VMs and all the other approaches, which might work for some of these cases, but really change the way end users work.
The cyber approach doesn't change the way the end user works. You just install on the machine, the user keeps doing what they did before and it just works. And then more importantly, this last row over there. The most sophisticated attacks, which don't even involve malware, they exploit vulnerabilities and use in memory programs, they never make it to disk. They can bypass everything else on the market.
The only solution we saw in the market that can stop them was Cybera And it's extremely difficult to do that. When we talk to our internal people, which are not dumb either, we have very good. Security team, they just said, look, we don't know how to do it. Okay. We don't know how to do what Cybera does, which is detect the most sophisticated attacks on the endpoint.
Okay. So the next thing I want to do is to talk about what Cybera does. And yes, it's probably better if Ori and Nati were here, it will be jet lag. It's now midnight in Israel. Okay.
Ori, Nati, can you maybe introduce yourself? Okay. I think it works now. Move forward a little bit. Yes.
It works. Okay. So both co founders of Civera. And why don't you tell us what's so special about Civera? What is it that you do?
Okay. Thank you, Nir. So in order to explain why server is potentially different than any other endpoint security solution, we'll start by having a look on that pretty simplified flow of targeted attack. Whether the attacker is aiming gaining access to critical infrastructure and destructive or to gain access to sensitive data assets. He will always start by looking for vulnerability in the organization system.
Then he will look for a way to utilize this vulnerability to practically exploit this vulnerability which is not simple thing at all and then after finding a way to do it he will inject the malware to the endpoint, to the server, to the whatever system in the organization just to initiate the attacks. In terms of numbers there are 1,000 you can see the number on the screen 1,000 new vulnerabilities per year on any operating system. When it comes to the malware, the last stage of the initiation of the attack, there are 100 of 1000 new malware a year, practically millions of them, millions variant per year and it's very, very hard of course to know about all of them. But when it comes to the exploitation to the way of utilizing the vulnerabilities of the system, there is a very small group of techniques that are utilized by their partner for a decade and a half now. And this group is something that if one can deal with to be able to practically deal with all the vulnerabilities and all the malware with our prior knowledge.
And it sounds almost obvious And the reason that no one did it until now is just because it's very, very hard. It requires sorry knowledge not only in security, also in operating system and hardware and the rest CPU CPUs are working. And again, if one has the ability to deal with that, he can prevent attack without having prior knowledge on the malware without having power knowledge on the vulnerability itself and it will prevent the attack before the malware is running meaning it will prevent the attack than trying to detect it after the damage already was initiated. So let's have again the look on the same flow in this time in terms of the existing solution. So when it comes to the first stage of vulnerabilities, the Alstom host based security solution trying to provide virtual patching, automated patching, trying to deal with these vulnerabilities, but they will cover probably only the non vulnerabilities and more than that there's a lot of production implications of using these solutions.
When it comes to malware, again and it's also already an old news, it's very hard to deal with the unknown malware. It's very hard to avoid the fact that the attackers can easily reverse engineer the system in order to bypass the security solution and for those of you who are going to stay here we will show a lot of demos in the upcoming days. And again, basing on signature of the entire knowledge won't help you in preventing an attack, but only maybe to be tested. So that's the reason Cyzera went to exploit techniques prevention. There is no off the shelf solution today for that specific layer, again, because it's very hard to deal with that.
Severa is the only product that has the ability to deal with the exploitation of vulnerabilities with the way that attacker utilizes vulnerabilities and therefore has the ability to deal with all the malware and vulnerabilities on the endpoint with a minimum CPU and IO resources. So that's at again a description of Saivar and
I hope it creates value.
When I met Ure Nati about a year ago for the first time, one of their investors is a military buddy of mine and he brought in for a meeting. And it I think we made a click because what I saw back then is that they're trying to do in the endpoint security market was exactly what I tried to do in the network security market 8 years ago, go after big incumbent vendors that have been using all technologies that just don't work anymore and doing this in a very disruptive in a way that is very simple to explain, right? I mean, on the network side, you just do everything across all applications with a single pass engine. What's the problem? And what they're saying is, well, don't look for the vulnerabilities.
There are too many of them. Look for the ways the vulnerabilities are being exploited. Both sound easy, both work and both are extremely difficult to execute. And that's why I like them. And Uri, why did you guys decide to join us?
First of all, I think that as Nazzi said, what we're doing is substantially different. And we've got a very very strong feedback from customers understanding the need for something which is substantially different. And they really appreciate what we're doing and got it. Now we understood that if we want to solve the problem, the big problem, we have to do it on a multi layered solution. And we look for partners or partnerships.
And once we dig in, we found that part of the network everything that just happened, everything that's happened from the beginning of the Panel until now is the same philosophy like ours and it makes sense for to dig in and we they didn't saw that the technology is a perfect fit. And more than that, again, the culture, understanding that what we have to do is something substantially different, not the next generation of a very small leap, but a big leap and joining Panalto Networks doing that together where they already did it on the network level and now doing that on an endpoint level, combining that together and producing a totally new security solution for enterprises, we thought that that makes a perfect fit. And that's why we chose that after a lot of consideration it was made perfect sense for us.
Okay. Thank you, Urie. Thank you, Nati.
Thank you very much. Urie and Nati will
be around here today during cocktail hour and in few days, if you have any questions, of course, you can ask
them. So to summarize,
the next generation security platform has 3 components. We believe we have the best one on the network side and we've proven it again and again with our growth rates and with market share taken from the incumbents. We think we have the best cloud and I think we've proven that again and again. We are the only cloud that's able to generate signatures that go within 30 minutes and actually help the end user to prevent bad things getting through the network. We've been doing it for many years now.
And I think that now with the acquisition of Cybera, we have by far the best next generation endpoint security technology and this is something we still need to prove to you, but we will. So we're about a minute over time. Do we have time for a few questions or?
Please. This is going
to be webcast,
so I
need to give you a mic. The other thing is, You're all taking pictures of the slides and keep e mailing me. They will all be posted as soon as we're done. So don't stress. It's all good.
Here you go.
Hi, Nir. A question on Cyvera. Does Cyvera need to coexist with Wildfire
to be effective? Or can
you have Cyvera deployed on the endpoint and not have Wildfire on the network? So Wildfire is a sandboxing technology that looks at incoming files, executables, documents and other things and tries to make a decision whether good or bad. And it works for the most part. Sandboxing technology as good as it gets cannot detect everything and you need multiple layers. Cybera is a technology that can detect exploits.
So they can now detect an executable getting on an endpoint. That's something that the sandbox can do. But if an exploit on the endpoint tries to happen to be exploited, for example, an exploit in Adobe Acrobat or in some Microsoft Office another application, they can detect that very well. So they complement each other. Okay?
And you cannot use one really without the other, meaning There's no 100% in any of them and together they provide very, very good protection.
I guess just a follow-up on that point.
You're on. Okay. Just a follow-up on that point. If this is one piece of functionality on the endpoint, are other pieces of functionality on the endpoint that you need to have a broader kind of protection layer?
I think that if so the answer to that is that if you only have an endpoint solution that is completely separate from the network solution and from the cloud then yes, you need to have other components on the endpoint. I think that if you combine your endpoint solution with the right network solution, where they can share information and each can complement each other by looking at the things that they are good at looking for, then you don't need much more. You need a little bit more and we do plan to offer that more as part of the endpoint client. Yes.
Nir, just a point, you talked about exploits and then you talked about memory as opposed to vulnerability. So I just you just clarify that with regard to Cybera? Do they do the in memory block the in memory?
Yes. So When you exploit the vulnerability, you also need to run something after that, okay? And usually what is an exploit? An exploit is a small piece of code that the bad guy gets to run on the endpoint as part of the exploit. You exploit the vulnerability and you get to run a small piece of code.
Usually that small piece of code does one thing, which is go out to the Internet, download the actual malware, install the actual malware and then run it, okay? And that gives you an opportunity to detect that malware, for example, using white listing services and other things, which Again, they put a lot of burden on the end user, but they can detect it. With Cybera, Severodon solution on the market that affects the exploit itself. It doesn't affect the malware that the exploit brings in. It affects the exploit itself, even if that exploit exploits a vulnerability that's never been seen before.
And the way they do it is by looking at the tools that the bad guy needs to use. There's no other way for them. They need to use in order to perform the exploit, okay? So it doesn't matter if a malware actually gets downloaded and installed or this piece of code that the bad guy got to run as part of the export was big enough to perform what they wanted to perform, Cybera will detect it. Actually, Cybera, Another thing I really liked about the Cevera solution is that they can detect failed exploits.
So even if
the bad guy, which happens
a lot, they try to exploit a vulnerability and they fail they'll try another one and they'll fail. Even if they try to exploit a vulnerability and that exploitation fails,
they still need to use
the tools. They still use the tools to perform that exploitation and the Savera tool can detect it. So it's the only tool we've seen that can detect all exploits including the same
So we have time for probably one more question. You want to take it from over
there? Hi, Nir. I watched some of the videos on Sivera's website and the implication was in some of them that you can actually run systems unpatched because of the technology that Sivera has. This seems like
an incredibly valuable technology. Why were you able to buy it?
Why isn't an operating system company interested in this? And I guess follow on question, do
you have to instrument operating system to
get this to work? Do you have to instrument the software application to get it to work?
So I don't want to get into too many technical details about how Cybera works, but you instrument things that are at very, very low level, sometimes even below the operating system like memory access and things like that, as well as some operating system related things. In terms of working on unpatched system, so essentially when Microsoft comes out with a patch, What they really do is they fix the vulnerability, right? So there is a vulnerability in Microsoft. They come out with a path to fix it. You don't need that with Sebera.
Sebera is running on the box. There's just no way to exploit that vulnerability. And that's a very powerful thing. Your question was why an operating system company didn't wouldn't buy it and I don't know if they were interested or not, but I think Uri said they wanted to come to Palo Alto Networks. And I don't know.
I mean, I don't know if they had an offer from operating system company or not. And it certainly makes sense that an operating system that cares about its customers and maybe that's what the issue is We'll be doing that. Yes.
Could you just real fast Just talk about signatures. You mentioned a lot of like signature, signature lists. What does that mean?
Signatures and signature lists. Yes.
There's a lot of talk about that in the industry. And Mark, I think this is again a prevent detection versus prevention argument. So it is true that number 1 signatures have bad And the reason signatures have bad reputation is because according to our statistics, 40% of the malware we're going to detect today using wildfire. And Lee will tell you how many pieces of malware we're going to detect statistically today with wildfire. 40% of the malware we're going to detect today with wildfire will not be detected by any of the major AV vendors a week from now.
So even a week from now, they will not have signatures to detect 40% of what detect today. So signatures certainly have bad reputation. On the other hand, to do prevention, Signatures is the only mechanism that works. You cannot do prevention without signatures because Signatures are the only mechanism known to us and to the industry and to everyone that can run at 10 gigabit per second with sub millisecond latency. And prevention requires high speed, low latency, real time in order to work.
So the only way to do prevention is signature. Question is how do you bridge the 2? How do you bridge the fact that signatures are generally bad and the fact that you need to do to run signatures at least for detection? The answer is it's simply for prevention. The answer is you use other things for detection.
You use sandboxes for detection and we have a completely customized virtual machine that we developed ourselves to do sandboxing. You can use DNS based tricks that we're doing. You can combine it with some of your URL filtering technology, which we're doing. You can collect a lot of information from your customers into a very, very big Hadoop database and runs a bunch processes on it that are designed to detect even more bad things. You can do a lot of things to detect bad things, but they take time.
It takes about 5, 6 minutes to run something in a sandbox before you know if it's good or bad. You cannot do that in real time. But once you do that and once you know it's bad, you can turn around, generate a signature very quickly such that the next time you can prevent it. Okay. So I think that the argument again on signature and signature basis in detection and prevention argument.
Yes, the best way to do detection is not to use signature we don't use signatures for detection. We use many other things including customized sandboxes and other things for detection. But for prevention, the only thing you can do is to use signatures. And unlike the AV vendors, we come up with signatures within 30 minutes after we see the bad thing or less in any of our customer networks. So when we see something bad on a customer network, we'll know about it very quickly using our cloud based technology and within 30 minutes, All our customers that subscribe to the wildfire service will be protected against that thing with the only way to protect against that thing, which is signatures.
Spend more time with me thereafter. So with the appreciate that.
Thank you, Mark.
With the addition of Severa to the mix too, I think you'll see us looking different as a company too as we go to market. So I was going to ask Renee, if he would just join me quick 10 minutes up here to talk about a few things about how does Palo Alto look today and what it's going to look like in the future a go to market perspective. So, let's kind of make ourselves comfortable. Yes.
Okay. Let me just start
off like what's How are customers using us in their networks today? And how has that evolved over time? So what have you seen?
So I've been with the company and this is my almost my I think my 6th year. And I can tell you when we started the company and started selling, we were used as a helper. People came to us and said, you can help me solve one thing. And 6 years later, we have become not only a piece of the infrastructure, in other words, we have become in well over 3 quarters at the time the primary firewall in all those implementations. But in addition, we're doing a lot of other things in addition to firewalling.
So the use case that we have seen evolve is doing multiple security functions in multiple spots on the network. One of the key things that we track is the adoption of our technology not just on the perimeter, but also in the data center as well as in branches. And today about half our business is on the perimeter, but 35% of our business is in the data center either a core data center, an Internet facing data center or cloud data center and 15% of our businesses in branches.
What's the velocity of
The data center is rapidly taking this share. The credibility we had to have to do that really came when we introduced the PA5000 series. And with the launch of the PA750, there are additional use cases that we can fulfill because it's the only next generation firewall that can run at 100 gig plus and do all the security functions. And this has been a crusade almost that we had to do for years because there was a firm belief that you had to have more security functions on the perimeter. And as it turns out, the data center is just as vulnerable and just as prone to attacks as the perimeter and therefore, it isn't good enough to run 40 gigs or 80 gigs of simple traffic control on the data center.
You have to have a next generation firewall in the data center. So with this
sort of platform approach and we show the sort of the we call this the Holy Trinity by the way. So if you're a customer on the receiving end of Palo Alto Networks from a marketing standpoint starting Monday or whatever the deal closes, What are you going to hear?
For the last 5 years, the story has been one of enablement versus prevention. We have said, we are all about application enablement, making it safe and use those applications. And we are against preventing applications in the 1st place, because the traditional answer has always been to make application safe, you have to prevent them. Now, Interestingly enough, we're doing almost like a 180 here on the malware, right? We're going to say, well, prevention is the Holy Grail for malware and for attacks, because it is actually crucially important that prevention becomes the leading story versus the approach of detection and remediation.
This is not going
to be trivial because the market has been conditioned just like it was 5 years ago to not believe that it could be done. In a lot of ways, my job for 5 years been as an evangelist saying that it is actually possible to make application safe to use. And the fact that even today we shield stow the baby with the iPad, right? We still have to explain to the market why it is critically important that enabling an application and making it safe is different from blocking it altogether. What customers are going to see is a value proposition that is both that should be focused on the applications being the good guys, the malware being the bad guys.
And while we enable those applications, we can prevent everything that that and that will be seen in a massive rollout throughout our own organization as well as our channel organization in the days to come, in fact starting tomorrow. I'll do it tomorrow when we have 2,000 of our best customers here in Las Vegas to start going down that path. Last question
I was, there's been other network companies over time that have I think from a minute said, hey, there's an attractive adjacency aspect of the endpoint hasn't really worked out for them. Why do you think that's the case? And what do you how do you rate
Yes. We thought about this long and hard. So 5 years ago when we started to really seriously market the next generation firewall, everybody said, well, why would Nobody cares about firewalls, right? It was a market that almost didn't grow and there has been almost no innovation and why do you even care? Well, because we're very, very different.
And today, it feels exactly like that again in the endpoint market. We've seen years years years of the same technology. We've seen traditional network based vendors buy some of the technology or taking out of open source and do something with it. In the belief that by doing the same thing over and over again, it would somehow be different, right? And it wasn't.
This approach is as disruptively different from the traditional endpoint vendors as this. Now, there is something else though, because the technology is only one part of this. The other part that we're very concerned about is, has the buying motion changed? In other words, traditionally, when we came to market, the guy who took care of the firewall was typically a networking guy. And what we were able to do with the next generation file was transcend the 2 worlds of network and security.
We could bring those 2 worlds together and have a conversation about security in the firewall and making it safe to use applications and all these use cases. That was a trend ending conversation because the use case was that all these applications came onto the network, all these mobile devices came onto the network. So all of a sudden the tribal differences between the networking guys and the security guys went away. Well, today, we believe that those tribal differences between the networking guys, the security guys and the endpoint guys will go away because the pressure is so much on the security of these organizations that if you solve it in different ways, you still do not coordinate. And the conversation about securing enterprises is no longer a bottom up approach where the networking guys get to decide one thing and the security guy something else and the endpoint guy do something completely different.
That is the case and We clearly have to take care of the operational implications of doing business with us, but the decisions aren't going to be made there. The decisions are made top down our folks who from a political perspective or from a policy perspective make those decisions and transcend by the tribal wars that you typically see in organizations. Again, that is a firm belief that we have. And when we were in consideration for the acquisition of Cybera and when we talked to our larger end customers, they all were very appreciative of somebody coming in who can do this, not through consolidation necessarily, but by bringing the security functions of these different things together. Okay.
We'll throw it open for some questions for Renee or myself, anybody has any questions? Rob? Yes, Ron, get it back there. Hi, Renee. Just a couple of questions.
Maybe give us some perspective in general on increasing customer acquisition costs that we're seeing in securities. A lot of companies are running at pretty negative margins from a sales and marketing perspective? And then number 2 from a marketing perspective, how you cut through fund in the marketplace, especially since you mentioned that the buying motion has changed and it's becoming more political?
I am pleasantly surprised when some of the other parties in the market say that they don't spend enough on sales and marketing, clearly marketing, because it would somehow imply that we're doing something that is very easy to replicate. Marketing is not something that you can just solve by doing it with money. Throwing money at marketing is not necessarily the right thing. In a lot of ways, we care about one thing. We care 1st and foremost about the story that we tell, right?
It is exceedingly important that you tell a story that is differentiated, right? The fact that everybody now says they have a next generation firewall, doesn't mean that they have a next generation firewall. It means they're following our marketing. The fact that they come up with an idea that just by spending more on advertising that is going to help. I don't think that's true.
The one thing that we have done very consistently is stick to the story because it's still differentiated regardless of what people say. The way we do this is we measure marketing spend incredibly well and between Mark Anderson and I, we run a very lean machine and a very old machine when it comes to demand generation. So at the end of the day, that's what matters, right? And with our channel partners having a complete closed loop on the generation of opportunity is much more important to me than having billboards at airports and all that kind of that's not the kind of marketing we profess. We are extremely focused on digging up opportunity and going after it and sticking with that story that has helped us so
Bankroll, all questions. Right behind you there. Jason. Yes, we'll go to Jason. Okay, sorry.
Sorry, we try.
Okay. We'll get you both.
Thanks. Sorry. Jason Nolan with Baird. Renee, could you talk about the go to market? How it's morphed over the years?
How you expect it to change? There's a wildfire there's going to be a Savara overlay and how that would impact the channel?
Yes. Jason, We have been 100% channel since day 1 and we have never polluted that model. We haven't taken deals direct. And our go to market model, you should always think of as a high touch sales force, who educates customers, who helps with the implementation, who helps with the consideration, but our deals, our transactions are done with our channel. And the beautiful thing, the leverage that we start to see in our business is that our channel is stepping you'll hear from some of the channel partners how we have grown within their organization.
But regardless of how we build our own kind of specialization in the sales force to go have cybersecurity conversations or infrastructure conversations. It is always with a channel partner in tow and that is sacred. That will never change.
I'm giving Kelsey a heart attack, but last question. Just if you could follow-up on this significant market for next generation firewalls, which I've heard about for at least 5 years, but haven't seen too many of that work. 1 of the first people that swore they had the best product that was just outstanding was the source fire. And they claimed that they competitively killed you and many, many others. And You'll really never know because who knows what goes on at Cisco by the way.
I think we summed that
up, yes.
I just want to know Cisco has
this big market number for
kind of a reason, but how many times do you replace a source fire from Cisco and I mean did they ever really have that platform that they've showed at prior meetings.
Yes. So one of our biggest source fire replacements actually sits in the room here and he can identify himself being asked in the meeting. But we have let me put it this way. From a next generation firewall perspective, we have never run into Salesforce Fire in the day cost or That is a myth, right? What Cisco bought was an incredibly good standalone IPS product.
Which is the attempt to aggregate Traditional legacy technologies to sell the funds. Okay, thanks for the question. So we talked a bit about the vision, the platform, bring together. What I want to do next and then we'll take a break quick break after that is ask Luke Clarity come up. He's the guy that actually has to build everything and make it work.
So maybe we could talk a little bit about what you're doing from a platform perspective. We mix that. We're just powering through. There we go. All right.
All right. Thank you, Mark. I don't get to be comfortable.
Well, thank you very much. As Mark said, I have the enviable job of trying to turn what Nir so eloquently describing the requirements into something that actually works and can be deployed on enterprise networks around the world. So, it all sounds really easy, but in fact, of course, it actually is fairly challenging to turn that into something that really is integrated natively that does what it's supposed to do and as a platform, not as individual pieces and all of that, right? So what I'd like to do is really sort of talk to 2 things today. 1 is just talk to the pieces of the platform and give you an update on where we are with that and some of the most recent things we've done that really show our ability to continue to execute on all of those areas.
And then 2, give you a little view into the what makes it a platform in terms of how we integrate those three pieces together and how each of the three pieces makes the others more intelligent and better. So this is the picture you're going to get sick of it probably by the end of the day of what the platform looks like. And the 3 pieces, starting with the network security piece for the next gen firewalls. This is as Nir said, this is very much where we started. And over 8 years later, I think probably the most interesting thing to me is we're still finding very compelling ways to innovate in this area of the product line.
And I'll walk you through a few of those today. 2nd is how that ties into the cloud and how we can leverage cloud to make everything else more intelligent. And this is actually something we started from the very beginning thinking about and using. Of course, many of you recognize this primarily or associated primarily with wildfire, but there's actually other aspects of this. But I'll give you an update of where we are with that.
And lastly, on the endpoint, which I think is certainly one of the things that everybody is very interested hearing about how we turn those requirements into actual product that Cybera has already developed as well as how we take that forward. So on the network security side, every about every year we have a major new release. We also typically have a mid year minor release as well. And each of these really moves the needle forward on what the network security element of the platform is capable of doing. Most recently in January launched 6.0, which when we went back and looked at how much was actually done in that release over 70 features were implemented in 6.0 across Panawest and Panorama.
Many of these very innovative new capabilities that no one else has on the market today.
Of course, this is also the release where the PA-seven thousand
and fifty was released. And it's Just to put this in perspective, a fully loaded 7,050 has 12 times the processing power of our previously highest end platform, the 5,060, 12 times. And by the way, the 5,060 was already faster than anything on the market when you actually turned everything on. Why this is so important is, in data center environments where there's a lot more consolidation happening, requirements are going up, clearly important there. Service provider space, of course, and even on the Internet gateways, we're seeing large enterprises have faster and faster requirements there.
And lastly, just recently announced the integration with VMware's NSX platform. So NSX is there the platform they recently rolled out for software defined data centers. This is basically the orchestration tools and the and all of the other capabilities for bringing other technologies into that environment, automated, etcetera. And Just about a month ago, we launched the our integration into that, which is very which is highly unique and actually expansive in terms of what we're able to do in the data center, okay? So when you think about the data center, the PA 7050, the 5,060, the 5,000 series, A lot of what that's doing is looking at traffic coming in and out of the data center and trying to secure that, which is an incredibly important thing to do.
What the VM Series does with the NSX integration is it looks for traffic that is moving between applications within that data center. The jargon would be east west traffic for obvious reasons. And where that's important is, as these environments become highly dynamic, more and more of the applications are able to communicate with other applications directly without going back through a central control point. And so that's where the extension onto the into the VMware environment really makes a lot of sense for us. So given how important that is, I just want to walk through quickly how that works.
So Many years ago, even before we get to this slide, many years ago, the way the data centers were deployed is every application was deployed on a separate physical server. Every server had a wire that came into it. That wire would route itself to some physical separation to make sure that one application couldn't talk to another unless policy allowed it. Along came virtualization. And with virtualization, you put multiple applications on the same physical server.
But because of security concerns, all those applications couldn't talk to each other. They were basically put onto the network and routed back to that same central control point as they always were Over the last couple of years, what you've been hearing is under typically the umbrella term called SDN. But the term we prefer software defined data center is what you're seeing are all these enterprises saying, well, why do I have to send all the traffic back on to the network when its destination is to a VM that's sitting on the same server, why can't they just communicate? And along with that all these ideas of and why can't I just automate that? Why can't it just be dynamic?
And why can't it be self-service? And so all of these concepts roll up under software defined data centers. And the virtualization companies, VMware and others, they can do this. But there's basically no enterprise that actually uses these capabilities because up until now there's been no way to secure a highly dynamic software defined data center. And so, let me walk through what we're now able to do because we can now actually safely enable all of the things you see here.
The first is, in order
to be deployed into this environment, you can't be disruptive. And so, what we found and what we've been able to deliver through the VMware integration is a way of transparently being integrated onto the hypervisor, in such a way that you don't have to change the physical networking or the virtual networking in order to provide the security capability, okay? And when we talk about the security capabilities, we're talking about all of the same things
that we do on all of
the other platforms. So we didn't dumb it down in order to get it to fit into the virtual environment. We found a way to do all of the same safe application enablement functionality and threat prevention in a virtual form factor. So that is the first thing you have to do to secure these environments. The second is, these are very to be fully what everybody wants these to be, virtual machines can be turned up, they can be turned off, they
can be moved in seconds.
So how do you keep up with that? It is not possible to have operators changing policy real time every time a new VM has to be turned on or moved around. What we found a way to do is we found a way to abstract that sort of physical layer change, which is happening all the time, abstracted into what we call context or more specifically dynamic address groups. But What this does is it basically allows you to specify in a security policy your SharePoint VMs, okay? Very simply, here's all my SharePoint VMs based on attribute.
And then every time a virtualization operator wants to clone those virtual machines to expand capacity. This is a process that happens all the time. It takes seconds. They can do that. Those new virtual machines automatically get added to the same policy without any human intervention, because this context understands, oh, these are just more machines that look like the other ones that are defined by this policy.
And so every time there is one of these changes, the policy dynamically adapts to it without requiring human intervention. 3rd, we tie in 3rd, we tie into the automation. So with the NSX management platform, we can actually now have our technology, our solution automatically deployed down to every physical host in a virtualized environment. As part of that provisioning, all of the necessary initial networking and initial management configuration can be done such that the DN Series then automatically connects back to Panorama to download the rest of its security configuration and everything stays in sync from that point forward.
What this allows you to do just
to put in simple terms would be a virtualized data center with 1,000 servers, each server running maybe 10 VMs, 10,000 VMs. The deployment of all of the VM Series, 1,000 VM Series, 1 per physical host, can simply happen automatically through the NSX manager. So we're basically leveraging the automation tools that are already there from VMware, tying it into both the VM Series as well as Panorama for automating all the things that have to take place. This solution is so unique that two things happened. 1, we were announced as the VMware Partner of the Year for the work we did on jointly with them on this.
And 2, As we announced recently, we actually are doing a joint go to market with them on this as the only partner that's doing that joint go to market with because one is unique, but 2, it's so important to enterprises for taking advantage of all the virtualization capabilities that they want to. Okay? Switch gears to the cloud for a second. So just to level set on the Wildfire cloud, It's interesting a number of sort of questions we get relative to this. First of all, to understand like This is an incredibly scalable environment.
Now I'm going to show you on the next slide some recent statistics that really sort of drive this point home. But the use of a cloud based architecture was done very specifically to enable the scale that we believed was required to deal with the amount of threats we're seeing. 2nd, everything about it is highly customized, tuned, hardened. In fact, every month, we are actively making changes to this environment to stay ahead of the attackers and adapt to new ways in which attackers behave and new malware that we see. And the fact that it's in the cloud allows us to do all of those things without impacting our customers and without asking them to have to go do all of these themselves.
We're able to do it all proactively for them. Now that's what it does. From a scale perspective, I want to give you an idea of on a typical day what we see in wildfire. So today probably we're in the midst of seeing about 280 1,000 unique files. So all the duplication has been removed.
These are unique files that are going to be uploaded from over 3,000 customers from around the world. And just to translate that, that translates down to 3 files every second are going to be submitted up to the cloud for analysis. From those files, we'll see typically about 30,000 of them will be new malware that hasn't been seen before. And as Nir said, of those, about 70% will not be detected by the leading host antivirus companies at the time that we detect it and most of them will still be undetected a week later. Now from a scale perspective, Over the last 4 months since 6.0 launched and the new file types were released and everything else, we've seen a quadrupling of the number of files submitted to the cloud.
During that quadrupling of files that we receive, Our ability to process these files in less than 6 minutes hasn't has never been compromised. What this means is, we can scale the cloud as much as we need to. And we can do it real time, all of which is completely transparent to our customers. They simply keep sending more and more files to us and we continue to build out the processing power to scale with that. Incredibly powerful.
This is something you cannot do by deploying appliances on prem. You want to scale that times 4, you'd be deploying 4 times as many hardware platforms as you did before and then trying to figure out how to load balance files across them, which simply wouldn't work, Okay. Now the last piece of the platform is the endpoint. And I want to try to walk through how a targeted attack actually works to try to give you a sense of what exactly it is that it does. It's so unique.
So, just about every endpoint looks like this. There's an operating system and there's a number of applications running on In addition to that, every single one of those operating systems and applications has bugs or from an attacker perspective, vulnerabilities that can be taken advantage of. So, as an attacker, The first thing or for a target attack anyway, the first thing you're going to do is you're going to either take advantage of a known vulnerability or you're going to discover a new vulnerability that nobody else knows about. Now, this alone doesn't actually do anything. You have to actually be able to take advantage of the vulnerability.
You have to be able to exploit the vulnerability. In order to do that, there is a handful less than 20 exploit techniques that an attacker has at their disposal to leverage that vulnerability. Without these techniques, the vulnerability doesn't do anything. All of that is to deliver the malicious file or the malicious payload that the attacker then uses to carry out their attack. So as Nir and Natsi were saying, There's literally thousands of new vulnerabilities every year.
There are millions of new malware every year, But the exploits, there's less than 20 and new exploit techniques are found on the average of 0 to 4 every year. Okay. So, Sivera's approach to this is disable the exploit techniques, disable the toolkit that the attacker has to use in order to carry out their attack. If you take the toolkit away, there's no attack. That's what they do.
And again, the reason why this works is because there's only 20 or so of these common exploits techniques and the attacker has to use at least 1 often multiple of these techniques in order to carry out their attack. So again, you take away the exploit techniques, you take away the attacker's ability to actually do something bad, okay? Now this is actually quite hard to do, but we'll leave that for a different session to go into all the details exactly why technically speaking this is so hard to do, other than to say no one else can do it. If it was easy, somebody else would have done this. It's like next gen firewalls.
If it was easy, somebody else would have done built one over the last eight Okay. So leveraging that as the starting point of exploit prevention, How do we build this out as Nir was talking about into the more complete endpoint security solution? The first piece will be extending this out for malware prevention. This will be tied tightly to the wildfire cloud. So tying endpoint to cloud in order to be able to deal with a malware problem.
And we'll do that in a next generation way. We'll do it in a way that is highly unique and highly leveraged with the rest of the platform. The other aspect of this, which is already in the Cybera product, but it's something that will continue to be built out is the forensics capability. The forensics capability is very important because what it allows us to do is anytime we learn about something on the endpoint, it allows us to share that with the cloud, which means the rest of our security researchers and allows us to share it with from a signature perspective with the
rest of our customer base.
So speaking of sharing, how do we take the 3 pieces and combine them together into an integrated platform. First, information sharing. This is a very important step and something that we've done a very, I think, very good job of scaling out as you saw with the numbers before of being able to share unknowns and information associated with those unknowns with our cloud environment. And this is something that we will continue to build out in order to get more and more information consolidated into a single place where our threat researchers can start to correlate and understand even more about the advanced attacks. The second component of this is very rapidly sharing everything that we learned, turning it into actionable signatures that are then distributed as quickly as possible, today less than 30 minutes, down to all of the network devices and all of the endpoints around the world.
So detection in one corner of the world leads to prevention across the entire customer base. That is something we're doing today, but extending that to endpoint is going to be something that will happen very rapidly. Lastly, there are a number of things that can be shared from endpoint to network and vice versa for real time sort of operational support. For example, if wildfire detects something on the network, being able to immediately share that with the endpoint to turn detection into number 1 prevention, but 2 understanding more about what that looks like when it was truly run on an endpoint as opposed to what it looked like when it was run-in a sandbox. And so we see ways of integrating all three points of the platform together.
And these are all things that are either working today or will work in the very near future. Okay. So with that,
I'd like to open up for some questions.
Hi, Sterling Auty from JPMorgan. With 30,000 new malware a day and you're talking about signatures, is there a theoretical limit? Do you eventually run into the same signature burden that traditional AV vendors ran into? Good question. Certainly, so far, we haven't run into that.
And we the 30,000 we filed with wildfire plus the 50,000 plus that we see from other sources combined together. And so far there's been no issue with being able to turn those into signatures, 1, very quickly, but 2 from a capacity perspective. The way the single pass engine works is, it's hardware based, which allows us to do things at incredibly high speeds even as capacity and number of signatures increase.
Thank you. Keith Weiss from Morgan Stanley. As the guys have to put all these technologies together, how do you ensure that when you buy Morita and when you buy Silvera, it doesn't become what Mark was warning us against being that consolidated solution that bolt on solution that's just a component of
a bunch of acquired
parts. It's a great question. And I think we as a company, as a product organization, we this is one of the reasons why in a lot of cases focus a lot on organic growth is to make sure that everything we do is very tightly integrated and we don't end up with sort of the bolted on different pieces. Now with Mora, one of the things we're able to do is 1, bring some really smart people that understand the attack lifecycle very well. And our starting point is going to be integrating of their ideas as new capabilities into the product natively as opposed to trying to bolt new technology in.
In the case of would allow us to do is actually extend our platform in a very unique way that makes a lot of sense, and is not bolted on, but rather ahead of time knowing like how are we going to tie these pieces together once we have all of them. And so that's really the answer. And outside of that, I'll just be very careful attention from Nir, for me and from the rest of the organization to make sure that when we do these things, we do them in highly integrated ways, not bolted on ways.
Probably have time for one more question. Sure. We have one. Scared you all away.
Thanks, Kaczynski. Lee, Nir mentioned doing some other things on the endpoint besides the exploit prevention that Sivera is doing now. So A, I wasn't sure if
when you just talked about
the actual prevention of the malware, If that was what you're talking about or what those other things might be and how much of an overlap that might be those other
things might have with traditional malware prevention?
Yes. So I think the so near term the absolutely the taking what Cybera has done with exploit prevention and extending that to malware prevention is a very obvious and important next step on the endpoint. And so that absolutely would be one of the top priorities that over the next few months. The other is doing that in a way that is unique and differentiated by tying it back into the cloud and leveraging all of the goodness that Wildfire has built up and being able to share that back to network security as well. So That's where a lot of the focus will be on near term in terms of how do we extend the core capability to include some of these other requirements.
Forensics is the other area. Again, this is very helpful for a number of reasons, including being able to gather information, including information that you're only going to see where the end user actually interacted with the malware. Being able to gather that as forensics can also be set up to the cloud for better threat intelligence gathering and better response. Okay?
Okay. I think we're going to take about a 5 minute break. There is water out and there are snacks out in the hall. Okay, guys. Woah, okay, that's loud.
Sorry to do this. But the good news is that the next time you get to do this, you'll all have a cocktail in your hand, which might make it a little more enjoyable. We'd love to get going. The balance of this afternoon is actually going to be a presentation by Mark Anderson. And then we're very privileged to have 2 of our distribution 3 of our partners, I will do a panel and we'll close with Stephen.
So I So Mark, take it away.
It's bad enough that Stefan and Mark don't let me out of my cage very much to talk to you guys, that to hide me from the tools. They're going to help me communicate with you. I think that's going too far. Well, good afternoon. My name is Mark Anderson, folks.
And So really happy to talk with you this afternoon about the reality of what happens in the street with all these amazing things that Nir and Lee McLaughlin talk about. What happens in the street really, I think, matters to you guys the most because it allows the team that I work on to drive revenue. And you guys have very high expectations from us a revenue growth standpoint. And so we Mark and I designed this team when I joined just short of 2 years ago, worldwide field operations with that in mind because We do have a massive market that we're going after. We needed to have alignment between the two teams that I primarily manage, the presales teams, so it's the men and women that design the solutions that interact with customers that go out and sell and close the POs and ring the bell when we get the order.
With the post sales team, the global customer support organization that picks up the phone when problems happen, the men and women that go out and do the professional services that teach our customers how to deploy and consume our solutions faster. So it's one unified organization with a common goal and that's driving customer satisfaction, because what do happy customers do? Okay. I get a lot better response when I'm talking to my team, but I'm going to give you guys a hall pass, all right? Of course, happy customers buy more.
So let's talk about the go to market. You heard a word of this land expand, extend. Stefan is going to talk a lot more about the real economic value that's derived from this very simple go to market. We have to keep it simple, land, expand and because it's a massive market and it's all about taking share and taking share really fast. So what do I mean by land?
So to me, land means when one of Renee's geniuses in marketing puts on one of their 500 events that they do a quarter and they talk to all kinds of people that are interested in our solutions that are tired with the firewall cartel them that a daisy chain of old technology is better than what they have, what they can get from this new company called Palo Alto Networks. Those leads end up on an inside salesperson's desk. That inside salesperson really sets up a call or sets up an appointment and we go in and talk about our solutions. We send typically an SC, technical sales engineer and an account manager. We have beside us an enabled and motivated partner, and we tell the story like Nir talked about before.
We tell the story of what is pretty disruptive technology differentiation. Inevitably they believe us or they don't believe us. Either way, we have to prove it out by doing a technical proof of concept. And when we do that technical proof of concept, For me, it's one of the most gratifying moments of being a sales guy. It's sitting in front of a CISO or a senior executive that's really proud of their infrastructure that thinks it's impenetrable because they've got defense in-depth circa 1999 with a conga line of devices that are very, very hard to manage.
We tell the story and we prove that story out. We get a PO 85 plus percent of the time. So we typically start in a small corner case, maybe a maybe it's an EBC deployment and we prove ourselves out in their environment. And then we apply our sales focus to extend that to expand that relationship, to sell into some of the dozen use cases that you heard Lee and Renee talk about earlier today. So landing, expanding and extending.
Extending is really just adding more functionality onto the platforms that we've already sold. So, We sell a customer a firewall implementation because that's the problem they're trying to solve today. And they like the fact that we can solve that problem with a platform that has got future scalability, not only in terms of the traffic that's going to grow for them, but also the problems that we can help them solve on this platform as they decommission old IPSs or old web gateways or old firewall devices or excuse me, FireEye devices. So it's a really fun environment to be in because when you've got this technology leadership and you're a sales guy, you walk into an account, you're chest puffed out, you feel confident because you know you've got the men and women back in Santa Clara supporting you with some very differentiated technology. So the growth that's required from you guys is really being driven by this very simple go to market.
And we're so of course, we're going to be hiring salespeople. I stood up in New York talking to you guys a little less than a year ago, and I talked about in building out our go to market capability. At that time, we had about 443 salespeople, SEs, channel account managers from around the world on the team. And by the end of this fiscal year, so by the end of July, we'll have almost 900 people. And these are people that we're taking a look at geographies in every pretty much every quarter of the world that we're allowed to sell technology to and building coverage.
We're working with the best channel partners in those areas to build a go to market strategy together and go out and try to find opportunities to have that conversation with customers, prove that technology out with those customers and make it happen. So I talked last year about investing in capacity, investing in capacity certainly from a field perspective, really important for us to understand the capacity that we're building out in the channel. As you heard before from Renee, 100% of our business goes through the channel, very much a channel focused company. So we needed to get better at teaching our channel how to tell the story, how to solve these problems. And so it's really a combination of the 2.
The field sales team though from my perspective, I'm going to talk about this proven models for productivity. This is kind of the 3rd go around I've had here. I worked at Cisco in the '90s, as some of you know, worked at F5 for 8 years up until a few years ago. And this strategy is time tested. It really is.
It's building out a coverage model to be able to extract bookings from customers. It starts with the quarterback of the team and that's the major account manager, global account manager or the regional sales manager RSM that covers the geographic territory. That salesperson, man or woman, has a dedicated SC all around the world. Everywhere, they've got at least one dedicated sales engineer. The SC is the lifeblood, I think, of our organization.
I think it's the most important job in the sales organization. It's a technical sale and you need to appeal to people on a technical basis to prove that this is a better way, this is a better mousetrap. We also have an inside sales team that sits in call centers in Santa Clara, in Plano, Texas, out in Singapore where we just opened up our new office last week, in Japan and also in Amsterdam where our international headquarters is based. These inside sales folks, they do a number of functions for this team. They set up appointments from the marketing events that Renee does.
They do the renewals for the account team because they're better and more efficient at being able to leverage the tools that we provided for them to do those renewals. They move sales opportunities from market qualified leads to the point where it needs to be put in the hands of a partner salesperson or a partner SE or one of our account teams. This is a really focused team environment where there is a huddle. There is a huddle between the quarterback and the rest of the team and they talk about strategy and how to prosecute their territory, Whether their territory is 2 accounts or whether their territory is 1 16th Chicago, it's a territory and we expect out of this. And one of the things that I've learned over the years is really to build a model like this that maximizes productivity, you have to have the resources, the tools and the process to make it happen.
And that's where the channel team comes in. We didn't have a channel team 2 years ago. We had a few folks that worked with channel partners. Today, a few months ago, I hired a worldwide leader, Ron Myers, who's here today. In fact, Ron, this morning and I hosted our 1st ever Global Distribution Council to bring our global distributors together to talk about what's important for us as we build out this business in the next 5 years and how we can be the best partners for them.
This channel team has really gone up from hardly anyone to now dozens of people around world that are teaching our partners how 1st of all, how to be efficient in doing business with us, but also how to tell the story and why they should invest in resources for their business to focus on Palo Alto Networks Solutions. Around everybody is the sales operations team. They instrument the tools, the processes that we have within sales so that we're compliant and we can certify our quarterly results to you all. They're designing ways to help managers be more effective in managing the personalities, I guess, is a good way to put it, that some salespeople have. Are they good forecasters?
Are they bad forecasters? Because We have to be good at predicting our business right down to the territory level. Every week on a Friday afternoon or a Monday morning, an account manager sits with his manager and talks about their commit, their commit for the week, how they did against their commit for last week in a 13 week quarter, how they did, how they're doing for the month that we're in and how do they feel about the quarter that they've given us a forecast on at the beginning of that fiscal quarter. We apply the same discipline to our partnerships. So when I sit down with folks at AccuVon and at Dan Burns Company, we talk about what's their commit for the quarter, what are they going to deliver for us and we look at the pipeline of opportunities that we have and we agree on the number and we go out and prosecute that with them, like we do with our partners all around the world.
And then finally, we've got Brett Eldridge and his team, global customer support, that provide the services to help make these customers happy. It's a fairly simple model, applying that going from a couple of 100 people to 4 43 people to approximately 900 people. It's a simple process, but the devil is in the details. And I think having the experience that not only I have, but the team of people that we're teaching and we're putting around us is making the growth a reality. I mentioned customer satisfaction because really important.
Obviously, you're going to have happy customers. We started benchmarking ourselves against other people in our space a few years ago and measuring the customer satisfaction. As a small company, it's hard to really invest in this, but I got to hand it to McLaughlin when he started. He opened up the wallets for global customer support. Today, we have over 200 people in many of those same call centers that I mentioned to you earlier that are picking up the phones in the markets using local telephone numbers and delivering very high quality support to our customers and to our partners.
Almost every day when I'm out in the field, I get somebody that just comes up to me and says that we do a great job. We're better than the people that we compete against or the HPs or the IBMs of the world that are much larger companies. So from the very beginning, this business was built to scale. It's a massive market. We all know that.
When Nir designed the company thinking of the cloud first, He designed with designed the company with much, much greater targets in sight. And certainly, I would hope that you would feel that that's indicative of the changes that we've made. A year ago or so, I stood up here and talked to you about quite a large number of changes that we've made in the field. Geographic leadership, right up to the theaters, we've made some changes. But I'll tell you today that the majority of those changes are done.
The framework is built out. We have theater leaders in each geographic theater. There's regional leaders that in some cases are vertically specialized that are managing teams or hiring teams. We built this team with A lot of people that I've worked with in my past, people that I know and trust that can do the job, people that know but it's going to be around the next corner, the $1,000,000,000 corner or the $2,000,000,000 corner. These are people that I feel really comfortable with in scaling to this size and beyond.
By no stretch is $1,000,000,000 target for us. We're really focused on market share and I feel that just in the last two quarters having grown from, I think it's 4.3% market share according to 5.2% market share. Now I want 50% market share. Now, Niro, I know, wants 50% market share. Stefan would be happy with 40% market share.
But we're going after it and we're following time tested go to market models that I think will get us there and I feel very confident about that. Really super excited to be on the verge of closing this acquisition with Cybera. I can tell you that the team members that I talked to, once it became public, we're just blown away with the connection opportunity that we have to expand our platform to the to the real estate where the majority of the bad things are detonated. So I think there's a real sense of excitement about what this means to expanding the story that we get to tell. I also going to be spending pretty much all week here and probably 50% of my time is going to be dealing with either Cybera team themselves, customers of ours that have approached me to ask for some introductions to Naki and Ernie.
And we're just dealing with the influx of questions. Just today, as I was trying to eat my lunch, a lot of the questions around the analyst table were about Cyvera and the market that you have. And I think the same guy asked the question, why didn't Microsoft buy them? But they didn't buy them because they don't have Near working at Microsoft. And the and I'm saying that in a joking gesture, but I truly mean it.
So once the deal is complete, I think you'll see us set the ground running and how we're going to organize to go out and prosecute this market. We have a team of really good network folks, really good security folks. We don't have a lot of endpoint specialists, so we're going to build out a subject matter expert team globally to go after this market. I expect that in the next few quarters that we'll be hiring dozens of people get a really good aggressive start at it and cover it from a single person going to report to me. We'll announce this at the end of this week.
This person is going to manage this team. They're going to have the same ownership and accountability that every field sales team member has at Palo Alto Networks. There'll be a lot of systems engineers that will be working with customers to teach them how leverage this very disruptive platform. So super excited about the combination of these two companies. I agree wholeheartedly with Nati when he talked about the culture parallels that exist between the two companies, it's going to be a tremendous opportunity for us.
So For me, as I look at the expectations that we have, what my board plan is, what I know you guys expect from us on a quarterly basis, I realized pretty quickly a few years ago that we had to build out capacity in our market and not like I said earlier just in hiring salespeople and SEs to cover the geography, but really to leverage the world class Next Wave partner program that the company already had. We've made some really important innovations in that in the last year, really very much committed to that brand and to the programs that you'll hear from 3 partners that will be up on the stage with me in a few minutes, I think has been very effective. But when we inserted in this space 7 or 8 years ago, only the smallest regional partners would do business with us. We weren't big enough. We had a funny founder that would get up on stage and wave his arms around a lot.
But we just had at that point, some kind of future leaning thoughts from partners. But if you look at companies that did embrace that technologies, companies like an AccuVon that started only probably 4 or 5 years earlier than we did in 2,002. So that business has grown to be a $500,000,000 business. The time when we started doing business with them, Dan's company was a small regional bar based out of Denver. And today, they do over $500,000,000 they're without question our biggest partner in the world to put it in terms of perspective of scale.
And I think of those salespeople on Dan's team as extensions of our salespeople and that gives us capacity. All of our partners aren't growing as fast as Dan's business is. Some of them are doubling or tripling each year, but still that doesn't give us enough capacity. So we really have to build out this capacity and we can't just do it with people and with partnerships. We've got to do it with tools and tools that are going to drive efficiencies so that we can automate the quoting process, do all the nuts and bolts things that have to happen behind the scenes to make doing business with Palo Alto Networks as easy or easier than doing business with or a I won't say checkpoint because Anir will kill me if I do, but doing business with a much bigger company.
Question, we've had to focus on finding global distribution partners, companies like Wescon and Arrow that have global footprints that can help us not only deal with our global customers that want to buy in multiple theaters, but really allow us to be more consistent in how we apply these programs and these tools out so that the customers have a pretty consistent touch no matter where you are in the world, really very important for us. And I think you'll the next time you hear from me, you'll hear some real results with numbers about the benefits to our business, our shareholders and to our customers with these global distribution partners. So at the end of the day, it is about channel capacity. It's about us figuring out that the capability, the sales capability and capacity that exists when you add all of our partners together is greater than the number that you guys expect us to do every quarter. And to do that, we've really had to step into a new model for partners, a model that doesn't alienate or move us away from the Acuvants of the world, quite the opposite.
We're still applying more resource and more focus with Acuvon and a lot of our legacy partners than we ever have. But we also invested a ton of focus in global models, global SIs like dimension data or global SIs like I talked about last year on stage with NTT Com Communications, formerly known as Integrales. Simon Church is going to be up here with me in a few minutes. But that was a big bet for us and it was an even bigger bet for Simon as I'm sure he'll tell you because he had legacy business partners that were generating a lot of money for his business on a quarterly basis with renewals and whatnot. But also, business partnerships that can build out managed services solutions.
So today, from Telstra, from NTT Communications, from AT and T and Verizon, you can buy a managed service solution that runs on Palo Alto infrastructure. We've worked with these we've worked through these vendors. We've convinced them of the value of a next generation enterprise architecture and they've trusted us enough to build a solution and a service to sell to their and we think this will be a bigger and bigger opportunity for us as we go forward. So, big partnerships, Global partnerships equal scale and capacity and that's clearly what we're after. Let's talk about 3 quick deals here.
Going over the first one, this is one that if you were here last year, you may have seen up on the screen. I was really excited at the time because It was a large media company in the U. K. That was building out a new go to market solution away from the traditional broadcast solution that they had to people's televisions, to computers, to mobile devices. This is a new revenue stream for this company and they needed to build out a new data center deliver on it.
So they had to choose a partner that was a next generation provider that could deal with the proliferation the very devices that they're streaming their content to now and secure that content from any bad people. This company last year spent $2,900,000 with us in this project. We included professional services to make sure that they implemented it correctly. We got a resident engineer there to make sure that everything runs smoothly. We've got dedicated support teams and premium support to make sure that when the phone rings, we know the name of this company and what their design looks like.
The reason I'm putting it up here today because it really exemplifies the land and expand strategy of our go to market because just in the last four quarters, we've almost doubled the LTV that we've done with them. Lifetime value of total billings or bookings that we do with the customer is an important measurement because it shows us how successful our go to market strategy is of narrowing the focus of field salespeople and partners in every geography down to a smaller list of accounts or a smaller piece of geography so that the touch that they get from us and our partners allows us to be much more successful. And in this case, it certainly was the case. Just in 1 year, we went from 0 to 2,900,000 1 year later we go from $2,900,000 to what is that up to $5,700,000 Is that right, Stefan? $5,700,000 So and we're still scratching surface with this company.
This is a huge U. K.-based media company. 2nd account is a high-tech manufacturer right here in the U. S. The use case was I wanted to put this up here because it really tells a very good story of us competing head to head against FireEye in the market.
FireEye does have a good point solution. They clearly have taken advantage by scaring the shit out of people all around the world about the bad world that we live in. We're out there competing against them with, I think, a more elegant solution and a platform that extends pretty soon all the way to the endpoints. It was a head to head competition. Frankly, we were feature deficient before we introduced PAN OS 6.0.
Once we delivered this version of code, the customer returned the FireEye gear to its rightful place back at FireEye and cut us the PO for $1,400,000 This was an existing customer, but This is a great example of what sales focus does. And us salespeople, we're pretty simple beings. We're very programmable. And when you put a comp plan in front of an account manager or an FCE that motivates them to continue to sell to these customers that have shown us that they believe in our story and believe in our solution, you'll get your return from that. And clearly, that's what's happened here.
And again, at this account here, we are still just scratching the surface. There's entire Cisco environment to go after that the team is going after right now. And I think Dan's team is as well. And then finally, this is a great deal, a large military deployment right here in the U. S.
It was a significant deal. It was an 8 figure deal for us. The team worked really hard, really over the period of about a year, but was able to prove to this account In their quest to safely enable applications for greater than 1,000,000 men and women in this branch of the military, They needed to have scale. They needed to have manageability for the applications that were the most used by the men and women. And they needed to have a partner like Palo Alto Networks.
So, it was a much greater than $10,000,000 deal, leveraging all the technologies that we had today, prevention, URL filtering, and of course they engaged us for professional services and premium support. And this is just the first phase of this deployment. So we expect this deployment to with the right amount of focus and certainly the right amount of execution after the sale to be a gift that keeps on giving as we continue to earn this So, really just in closing, this is the this to me looks like a marketing slick that our competitors would use. They use a slick that talks about speeds and feeds. But to me, what I see here is a connected suite of products, physical and virtual, working together as a platform in a way that solves problems for our customers that need to be solved today because of the way the world has become.
It's filled with apps running on personally owned Ipads and iPhones that run on corporate networks that works that represent a great opportunity for the bad guys in the world to do something bad. And to be able to deal with this new reality that we live in, you have to have an orchestrated, a connected and a coordinated platform to be able to meet with the audit committee or as I understand now about 50% of the publicly traded companies in the Fortune 1000 in the U. S. Have got security and safety committees, where the CISO sits in front of the Board and explain to them what the heck happened. I know I don't like to see my customers on CNBC talking about a massive breach and $100,000,000 worth or 100,000,000 customers with information stolen.
I certainly don't want to see that. We get the opportunity to sell this platform with some pretty amazing partners. You heard Lee talk about VMware. Let me tell you the response in the field with that partnership with VMware is very impressive. One of the questions I had at lunch was how quickly are people moving to embrace this new technology because there's decades of people getting trained on checkpoints management platform, blah, blah, blah, blah, blah.
At the end of the day, bad things are happening on those networks And those customers are designing solutions with VMware to virtualize their data centers. And these are the biggest accounts that are doing this. The largest largest data center users out there. So when we pick up the phone today from a marketing program or just to try to get an appointment, One of the things that will get us an appointment with these large accounts that don't do business with us today is talking about our relationship with VMware. We have partnerships with Citrix in the field.
We work together to sell the NetScaler solutions. And our partnerships with Aruba and their ClearPass, the ClearPass integration that we've done has been really impressive. And I expect more and more contribution to the top line and of course the bottom line by integrating these partnerships with this amazing lineup of solutions. And I know that our partners are excited about that as well. So just in closing, I'd like to say Thank you guys for your support and for your attention.
We're building this business for long term scale. Customers are really embracing the concept of a platform that's coordinated and automated. And to really drive this home, I thought it would be appropriate to bring up 3 of our partners up onto the stage just to have a pretty informal panel to talk about kind of what we're seeing out there. So if I can, invite Simon Church
up
to the stage. Simon, come on up. Simon gets to be comfortable. So Simon is the CEO of NTT Com Security, formerly Integralis. Simon, thank you so much for joining us here today.
Maybe we have Dan Burns from Acuvant come up. Dan Burns, co founded Acuvant. Today he is the CEO And I can't say enough about this great American story of a business that's being built. And Dan, thank you for your partnership and for coming up today. Dan is a humble guy.
He's not going to brag about growing his business to $500,000,000 in a very short amount of time, but He's done it from my perspective by being a great partner. At F5, we were a partner from Dan almost from day 1 and delivering great service to make us customers happy. So I really appreciate that. And then finally, let's have Bill Corbin up from Wescon. Bill is EVP of some fancy title, is it Technology Alliances.
He's like chief cooking bottle washer. So guys, thank you very much. As you know, Westcon is one of our global distributors. I would say that we've got the biggest bet with you guys globally. Maybe if you don't mind, Bill, we'll start with you.
Let's just talk about the security landscape that we see out there. I mean, everybody opens the papers and reads the bad things hearing that's happening from China, from Russia. Just from an industry standpoint, what do you see out there that kind of gets you up in the
I guess the threats are a good thing for business. But we're seeing the security business as super robust right Everything that's going on within the security arena is bringing opportunity to companies like Palo Alto and West Town, Acubon and NTT. We're seeing the change is a good thing to be honest. And the change that our partners are going through and the change in the way that the end users are acquiring security technology is driving us to behave differently and to evolve our own business to support them.
So when you say evolve your business, maybe talk about some of the things that you do for us that will enlighten this crowd?
We do just about everything for you guys, Mark.
Like Mark said, we're distributors. So we're in
the middle of the supply chain. So we provide training certification for all the partner base, obviously logistical services around the world. We operate in over 80 countries and we can deliver products and solutions seamlessly across borders and do local transactions in local currency. So we do just about everything.
So today, as an example, if we do a deal with Acuvon or NTT Com Security for that matter, and that deal needs to be fulfilled in India, in Singapore, in London, the K and in Paris, France and in New York, We would work with those resellers or systems integrators and the business would all be done through
Drew Westaff. Yes. So we
can take a single PO and
we can land the solutions and the technology in any country around the world and make that recoverable if possible depending on if it's a country that we actually operate in and we're in most of the countries at this point in time. So, what we try and do is take what you guys do with the end users and make it seamless and easy to deliver technology to your customers around the world. And you do a great job. Customer.
Thanks, Bill. So from a landscape standpoint, Simon, how about yourself? What you
seeing out there? We're definitely seeing I mean, what we provide is solutions.
So we
marry managed services with technology such as power and networks technology and a sort of full service consulting portfolio, everything from CISOs and Fortune 500 companies through to offensive security guys, deployment guys, audit, remediation guys. And the big thing we've seen is the shift in the industry from being the traditional perimeter based security business to a more threat based business. And we've certainly seen a massive uptick in business in the last 18 months or so in working with large nationals, large multinationals in, I said, rewiring the way in which they deal with the security landscape and the risk landscape. That's, I would the main area that we see. And then you comprise mobile BYOD, the shift to cloud, virtualization, all those new areas to interact with those organizations.
So our ethos really is working on the basis that you have been breached. Whether you've been breached or not, you work on that basis and then take a very much risk based approach.
Well, I know you've got assets in every corner of the world as well under the NTT umbrella. So it's a great global view. Dan, the landscape has changed a lot since 2002 and you started with a 3 legged dog and a blind rat, I think. What are you seeing these days? Because it does feel to me like things are changing faster than they ever have before.
Yes. In terms of the compute landscape and the endpoint landscape for sure.
Yes. So a lot of things. When we started the company in 2,002, what we There were a lot of pockets of small players here and there. And I had always sold to the enterprise clients. And when I sat down with CSOs or CISOs, excuse me, what they told me was They needed a company with the depth, breadth and wherewithal to do it all.
And so that's what we really founded the company on was bringing all of that talent and that intelligence to the forefront as quickly as possible and building a national organization that could match up with the likes of the largest organizations out there. I think probably echoing some of the things that Simon and Bill have already said. But what we're seeing out there is being a Chief Information Security officer is probably the most difficult job in the world. I really believe that and I think I read somewhere that the average tenure of a CISO is about 12 months. Right.
Not a fun situation
to be in. But what's going on
out there is, It's just getting more and more complex, right? As a CISO, you've got to worry about dozens and dozens of regulations and standards, right? You've got to know those, you to understand those. You got to make sure you're abiding by those, number 1. Number 2, the threats and vulnerabilities increasing dramatically every single year they're piling on top of each other.
And then number 3, you've got all of these new little niche players coming up saying we've got the silver bullet for you, right? And what we're seeing is our clients saying, hey, please help us demystify this really, really complex situation. And so we see more and more people not trying to go it alone anymore, but reaching out to Yes. So are you a bank or an IT company? Are you a petrochem's company or an IT company?
So of expertise. And if we can mutually provide cool environments for our guys to work at, and we suffer positive attrition with our consulting services, for example.
Well, you guys really earned the title of value added partners in your respective domains for sure. What about just the industry trends? I mean, we are hearing a lot you heard a lot today about virtualization, software defined networking. These sort of bigger trends towards cloud and Amazon Web Services is now everywhere. I mean, how do you guys think that affects your businesses?
And what do you see just in the security market as it relates to your businesses in the next few years as a result. If I can sort
of jump into that one, but obviously my parent or my major investor, NTT Communications, part of the entity group, the largest ICT company on the planet, acquired us or majority of the shielding and us originally to help them secure their cloud network and data center infrastructure. So, the ethos there is that irrespective of what their sales guys and their consultants sell to the clients, it has security embedded. So I would say it's sort of two sides to it. Make sure the security is embedded. Or if you don't know security is embedded, then also ensure that you know what assets you've got out there in your cloud and virtualized environment?
Dave, how about you from your perspective?
Yes, absolutely. A couple of
things I'll
try to save a couple for you. It was tough going last. But what we're seeing is finally a shift to companies enterprises actually looking for managed security services in a big way. 10 years ago, that was a very, very difficult thing to sell. Nobody wanted to give up their security.
5 years ago, we started to see sub clients make shifts to outsourcing and managed security service providers. Today, I think it's of the fastest growing sectors in security, period. I think it is. The numbers are there. You can read it.
It's a big part of our business. We'll be expanding globally from that perspective. So, back to the point, it's getting more and more complex. You've got to outsource, you've got to find a good managed security service provider, number 1. And the other thing, I mean, all you have to do is go to RSA can see what's going on.
I mean, it's amazing what's going on.
A lot of clients
are really talking about understanding who the adversaries are, right? Counter intelligence, right? Who is it that's coming after us? What kind of industries they're going after? What kind of code are they writing?
How are they doing the attacks? So that they can recognize this in advance. It's one thing to really understand the threats and vulnerabilities. It's another thing to really understand the adversaries. And so we see a lot of that going on out there.
And I think back to the point that I think Paolo Alto was making earlier, It's not a matter of not having enough stovepipes. I mean, we've got too many, right, as an enterprise? We've got stovepipes coming in everywhere. It's about consolidating all of those stovepipes and really understanding what's there. So secure data analytics is a huge thing today.
Yes, absolutely. Bill?
So I'll echo what both these gentlemen said. And again, it comes back to I said earlier, which is the consumption models around security. And where we sit in the supply chain, how do we supply security in that consumption model to make it easier for you guys to business to make it easier for the enterprise customers to adopt an MSP model. So, that's what we're seeing.
I'd say that's been a massive shift in the industry to that, the shift from CapEx to OpEx And certainly from organic, we've been through that over the last 3 years shifting what was traditionally very much a VAR, centric business based on spiky CapEx to OpEx. And having gone through that, dare I say, valley of death, Now having NTT sitting behind us, it would have been a really scary experience. And certainly, there's a lot of vendors that are sitting out there in the marketplace that are hardwired to Street expectations and it's going to be pretty sporting for them to make that shift over the next few years. I mean, that's again another reason why they like doing business Palo Alto is you've got those models in place already.
Well, it speaks to the bravery that you showed 18 months ago when we sat in the lobby of that hotel in and talked about how to convince integralus to move away from some of your legacy vendors towards the Palo Alto Networks platform. I think having making that shift for whether it's distributors, whether it's systems integrators or resellers, It's very dependent on the partners that you choose for the
future, isn't it? Okay. Yes.
So let's bring it back to the partner Everyone that knows me knows that it always has to come back to me.
What about you?
So let's talk about your relationship with Palo Alto Networks And kind of what you see there and maybe some of the things that you like to share with this group. Simon, how's your Since you
so our business from doing it properly, I would say we played for 6 months previous with over the conversation we had at Heathrow we test it. What we tend to do is have sort of 2 levels of partnership. We have our mainstream partners, which is like a handful plus 3 or 4. And then we have an incubator set. And we effectively ride maturity curves.
And if we can overlay those maturity it means we always get in the sweet spot. So, we played for about 6 months to 9 months with you guys and then we went mainstream football and we've seen our business triple in a year and by far the highest growth business. And I think that's a combination of reasons. Yes, it's sort of traditional resell, but we're into selling solutions to our clients, not just selling reselling technology. We want to really associate NTT Brand Lane with we want to really associate NTT Brand Lane with a solution for X and for Y and for Z here as Z where I come It's also the consulting services.
Associated with managed services, we announced our managed service, security service relationship with you a month or so ago. But prior to that, we're actually been running for quite some time an application profiling service as a managed service whereby All those devices that are sitting out there now that are running multiple applications, we can do profiling on those and allowing organizations to run those applications patients while ensuring that they're safe. So, it's that respect and the flexibility of an ambulance to do been very, very cool. I would say also it's a very rapidly changing marketplace. So, a team that gets it, a team that understands that this is a partnership, not an organization, dare I say, that demands certain numbers and certain programs must be deployed as opposed to things are changing quite rapidly.
So having that agility. And there's also a bunch of what I call if only guys here. They've done it before. And when they've gone, they come here and say, well, if only we've done it this way last time. If only we've done it this way last time.
So, we've got a bunch of if only guys here, which again is very, very cool for us because I think that marries incredibly closely to what we've tried to build in our organization. So, the marries It's a
good one. I'm very, very pleased. Great. Thanks. Bill, as you start to turn on our distribution business in more and more countries now every quarter, do you feel about the relationship?
I know we feel really good about the relationship. A year ago, we sat here and we are transacting in 3 countries. That was Australia, the U. S. And Canada.
And today, we're in the Middle East, Africa, Latin America, Europe and all throughout Asia Pac and North America. So we're very encouraged. We're very engaged down to the country level and partnering on enablement programs and getting the Palo Alto story out. I mean, our business, if I combine it all, and we were lucky to be on board early with Palo Alto in North America, but if I combine it all, we're at a 75 plus percent rate year over year growth. So it's very, very healthy.
When I interviewed with Nir, he told me the secret to getting more partnerships was to tell the VARs and these SIs that they're going to lose the Palo Alto Technologies anyway. So you should tell them before they lose too much business, to I can't do the accent quite right, but before they do too much business, tell them that they should do business with that. And I think that's proven out really with certainly NTT Com Security as well as Westcon because you did have legacy relations, but still do have legacy relationships out there for with the firewall cartel. How do you feel the next 6 to 12 months, because I know we've got really high hopes for this relationship. How do you feel the next 6 to 12 months will be?
I think it's going
to be a bit of a bumpy road to be honest, because we
do have legacy relationships
in the firewall cartel. So I think it will be a bit challenging, but nothing we can't manage through. We really are looking at Palo Alto as the growth engine in the firewall business for us. So that's where we're betting our money.
I'd love to hear that. Dan, how about yourself? It's been a long relationship relative to the youth of your company.
Yes, definitely. I've known Nir and some folks here and for you for a long time, that always makes it easier. So, when obviously, when you guys started Palo Alto, It was an automatic yes, let's get this going, because I knew what you were building. And I knew it was going to be very, very powerful. And I knew that you guys believed in the channel.
The channel is really all about reciprocation. It really is. To make it successful, it's got to be equal on both sides. And I can truly say that with Palo Alto, we bring about 50% of the deals and you reciprocate 50 of the deals or vice versa. And that's a sign of a very, very healthy, I guess, partnership or marriage.
And so, that's always been wonderful. The margins have always been kind of in the top quarter of our partner list and so you're always right in there. Sure.
But still not good
And so those are kind of the primary success factors. So that's always been very, very wonderful. And you're solving problems that our clients are asking about. And so I couldn't be happier about it. I know you've added a lot of people over the years and we've seen that out there in the field where we're just matching up our teams with your teams going out there after enterprise clients and you guys are throwing more resources at it, you get more face time with companies like and NTT, you're going to get more business.
Yes, for sure. Salespeople are pretty coin operated, aren't they? I think when they get the validation in the field and they look across at their Acuvant colleagues, seeing them throw business on the table, leveraging the relationship that you have in 50% of the Fortune 1,000. We want to do the same thing because we know and we trust that your team can take the ball down the field all the way and score the touchdown. So it's a really I think it's a really mutually beneficial relationship in all three cases.
I really appreciate you guys being partners. 1st and foremost, I know our customers do as well and really appreciate what you do every day for that's how we work tonight. Very optimistic about the future for our relationships.
As are we. So are we. Thank you very much. Thank you. Appreciate it.
Thanks.
Yes, last
talk we're going to have this with Stefan who's going to translate all this wonderfulness into some financial detail for us. So I'll ask Stefan. There he is.
All right. Perfect. So you've heard about the power of the platform today. What I'm going to channel for the rest of the discussion today is really about the power of the model. And it's really the model that provides the underpinning around our financial performance, our go to market, our investment thesis.
So when you look at the foundational elements of what we've built here, We've been always a disruptor in the enterprise network security business. But with the acquisition of Cybera and our plans, which you heard from Mark and Nir and Lee, etcetera, we are going to be a continuing disruptor in the overall security landscape. And with that as a backdrop, we're also going to be looking at capturing market share and doing it in a profitable manner. I'd first like to level set. So you've seen some of these numbers, but I wanted to bring it together for you.
Our current total addressable market is roughly $12,000,000,000 scaling to $14,600,000,000 We have about 5% market share. Post the acquisition of Cybera, We're going to be playing in about a $20,000,000,000 market. The reason why we've been able to grow a lot faster than the market etcetera is it starts with the differentiated technology. We have a proven unique and disruptive platform. It's extensible and we have the versatility unlike any other company to have an integrated approach where we sell a platform to any enterprise network security need.
And with Fivera, we're extending that to the endpoints. We've had tremendous traction with acquiring customers. We have over 16,000 customers lifetime to date. In our revenue model, which is another aspect around the power of the model, it's recurring subscription business in a hybrid SaaS model. It's powered by the platform, but this hybrid SaaS model component is one of the key an integral parts of the story, which I'll be getting into a little bit later.
Our revenue growth since we started shipping in FY 2008 through FY2013 has grown 30 times faster than the market. And everyone here is, I'm sure, a student of human nature. Customers would not be taking out the existing incumbent vendor if it wasn't doing the job. And the nature of the threat landscape that Nir and Mark and Lee went over has completely altered the playing field It's created a disruption and it's created an opportunity for our company. Additionally, we've been able to do this in a profitable manner.
The gross margins on our product and our offerings total gross margins as of last quarter were 75% on a non GAAP basis and we're at 9% non GAAP operating margins. We're able to generate these types of margins because of the extensible platform that we have. In this hybrid SaaS model, it's been again a key generator of free cash flow. Over the past 3.5 years, we've generated over $230,000,000 of free cash flow with an average of 22% free cash flow margin. Not many companies who demonstrate this type of top line growth, market share growth can have this type of financial foundation.
So let's look at the trended revenues from inception to date. We've grown 166% on a compound annual growth standpoint and we've been growing much faster than the rate of the market. Our model is powered by landing new customers. And once we get those customers, we're very interested in expanding the opportunity within that customer base. Oftentimes, we're deployed in a very small portion of the network in a pilot and it could be for a firewall project.
It could be for an IDS, IPS project, filtering, APT malware. We have the versatility of the platform to go any enterprise network security need. But then as Mark mentioned, we have this land expand and extend model. The other leg of the story, which is crucial to our business is retain. And we've been able to retain our customers because of the great technology that the team has put together, The overall go to market, which Mark Anderson talked about when we have post sales support, the customer satisfaction levels, those are key indicators of the health of the business.
Now this revenue growth has been driven across a wide range of verticals. What you see here is the lifetime purchase order value of the company. There isn't one vertical on here that accounts for more than 13% of total share. And you can see that every vertical needs enterprise network security. And what we're able to do is we are able to have our platform be ubiquitous across all verticals.
Now let's take a look at what's fueling the Andean of Growth. We've talked about landing and the importance of landing. You can see from the trending here, we have over 16,000 cumulative end customers. Over the past 9 quarters, we've added over 1,000 new end customers per quarter and we estimate that we're less than 10% penetrated within our existing installed base. So the opportunity is large.
And how you see the landing part of the equation translate into the and retain part of the equation, over the last 6 quarters, about 2 thirds of our business has come from existing customers. You have this phenomenon happening where we're adding a lot of new customers to the top of the funnel and they're coming back and buying more. As a CFO, candidly, I'm agnostic about the initial purchase order, as long as it's from the type of customer that has a long tail of repeat buying opportunity. So let's talk about repeat buying and the expansion opportunity, because it is a key part of the story. And it's so important that I'm going to give you 3 examples.
The first is our lifetime value analysis of the top 25 customers. Many of you have seen this chart before. This gives a little bit more granularity in terms of trending than you may have seen before. To level set, in order to be included on the top 25, the minimum entry point for inclusion as of last quarter was $4,600,000 in lifetime value. You can see the nice trend increase over the past prior quarters.
The other element to the chart is the lifetime value, which as of last quarter was 21 times. That means they've spent 21 times more in lifetime value than their initial purchase. And even in this slice of customers, we feel like we are we have a lot more wood to chop in those accounts. So we're not done yet and we expect to see these continue to grow. Now the next slice of data that we'll take a look at is we're going to widen the aperture and we'll take a look at the cohorts.
So this cohort analysis is again lifetime value by cohort and it starts with the most recent vintage first, which is 2013. Our 2013 cohort has spent 1.3 times more than their initial purchase. You can see as you get farther out from 2013, the trending goes up. Our 2,009 cohort spent 6.3 times more in lifetime value than their initial purchase. Now if we do some simple math and we take our existing 16,000 customers and apply the LTV analysis, the patterns that we've seen, We estimate that there's over $2,500,000,000 worth of lifetime value eligible for us to go after in our existing installed base if we did not add one more customer.
So we feel like the extensibility of the platform because it can solve any need provides great footing for us going forward. Now commonly, I would get questions around, well, what's the profile of the repeat purchasing? So the next example is to dive deeper into the 2,009 cohort. And what you see here is in 2,009, the initial purchase split amongst product subscription and support, you can see the ratios. Since that initial purchase, the expansion part of the opportunity has come in 3 forms.
And you can see that the build of the graph here where we have product, subscription and maintenance and support. Pretty powerful. Now the part of the story, which is as important and powerful is the retain part of the business or what I call renewals. So you look at the green bar chart here, we've been able to renew the subscriptions at a very high rate and we also have support renewals. When you combine them all together, the repeat purchases of 5.3x out of the initial is a very compelling story around this engine that we're building.
And this engine has a lot of benefits down the road, which I'll get to in terms of being able to generate free cash flow and free cash flow margin and the profitability of the story. So now I want to pivot. We just covered a little bit of the power of the model from a sales standpoint. Let's take a look at the power of the model from the recurring revenue and hybrid SaaS approach that the company has taken. For those of you who are unfamiliar with the story, we have 4 subscription services: Threat Prevention, Filtering, Wildfire and GlobalProtect.
Each subscription is 20% of the appliance list price per year. Customers opt in
for this.
Now the genius that NEAR embedded in the operating system and which our engineering team and product management continue to proliferate is that all of these subscriptions are actually running natively on the operating system and we're simply unlocking the value via a license key. So the concept of turning on a subscription actually doesn't degrade performance. And it becomes a very elegant way to have expansion sales within the customer base. Now one of the metrics that we use to track the success of our subscriptions as we look at the number of subscriptions shipped per devices shipped in the quarter. As of last quarter, the attach rate was 1.9 and that was up from the prior period of 1.7.
It was up from a prior period of 1.6. One of the reasons around the catalyst of growth for subscriptions is we are achieving to monetize and bring to market value added subscriptions that companies will want to buy. 1 of the biggest areas of growth for us is Wildfire. Wildfire because
of its
unique integrated capability within our platform is a differentiator to the other folks who are in the APT and malware space. We can do both detection and prevention at the point
of the
firewall. And I'm happy to say that in that 1.9 metric, the highest growth was wildfire between the 1.7 and the 1.9, but All three other subscription services increased in that time period. So the power of the model is working. The other leg of the model is the renewals business and we're able to have greater than 90% renewal rates in our subscriptions business and close to 100% renewal rate in our support business. Now with the recurring revenue and hybrid task model as the setup, Cybera is going to add another subscription offering to the mix.
It's going to be different than Threat and URL in Wildfire and GlobalProtect because this is going to be based off of an annual subscription based off of endpoints. Now remember what I told you about the power of the model from a land and expand standpoint? We have 16,000 customers, 3,000 of whom are running wildfire. We have a significant cross sell and up sell opportunity into our existing install base for Cyvera. That's all even capturing the prospective new customers that Sivera is going to bring to the table.
And Sivera is going to be a great door opener for Mark Anderson's team to go out and get more prospects in the door. And of course, Xivera expands the TAM by 4,000,000,000. Now how does this model focus and help with the free cash flow story. Well, it begins with billings and deferred revenue growth. From a billing standpoint, Over the past 3.5 years, you can see the progression, very nice healthy progression on a year over year basis amongst all three categories, product, subscription and support.
The byproduct of billings and because we have a SaaS model, hybrid SaaS model that deferred revenue has been growing. And you can see the mix between short term and long term. 1 of the very nice aspects of the business that we've seen is the average contract length has been increasing, which tells us a lot of things. The first is people want to standardize on us and so they're willing to go do a 3 or 5 year subscription. And the type of margins that come with multi year subscriptions and support very healthy.
So you can see a very nice buildup of deferred revenue. And right now, our deferred revenue balance is over $320,000,000 on the books and that gives us visibility into future revenue streams. So one question that we often get is, well, Product revenue is not growing as fast as some would like. And posting 30 plus percent product revenue growth on a year over year basis is something that we're very much focused on. But I would like to show you an alternative view of how we look at internally as practitioners of the business.
When we look at the health of the business, We look at product and subscription billings together. A new subscription sale is equivalent to a new product sale, but we have chosen to monetize the subscriptions in a SaaS business, in a SaaS model. The growth is increasingly coming from subscription services and we're looking at bringing more subscription offerings to the market. Savera is just one of a number that we're contemplating. So when you look at the subscription and product billings together, that does give an alternative view on the health of the overall business.
Now how does the hybrid SaaS model factor into what I think is probably the most meaningful metric of profitability for our business model? It's free cash flow. Over the past 3.5 years, as I said before, we generated $230,000,000 worth of free cash flow while posting industry leading growth rates. Free cash flow margins naturally will be above operating margin because of the ratable revenue recognition that we have of our revenues. So there's obviously a differential there and we think that free cash flow is an important leg of the story that folks should focus on.
And candidly, it gives us the firepower to make the incremental investments like we're going to be making in Cyvera as we expand sales and marketing, as we look to invest in engineering. It's this model that is powering the overall business. So now in this final leg of the presentation, I'm going to walk you through some of the planning assumptions and our target model. What we told you on our Q4 earnings call from a planning standpoint was CapEx is going to be $45,000,000 to $50,000,000 for the year. We're on track for that.
Our non GAAP tax rate, 38% to 40%, on track for that. And share count dilution is approximately 1% per quarter. We're on track for that. Now once we close Sivera, there will be incremental dilution and part of that's going to be dependent upon the stock price. But it's probably going to be around 1,200,000 to 1,400,000 shares.
Now let's look at Cybera for a moment. It expands our TAM by $4,000,000,000 like we talked about. The revenue and gross margin model, the revenue is going to be a subscription offering. So it will be a recurring revenue stream. The gross margins for the Sivera business should approach software type gross margins, which will be a positive tailwind for us.
So they should approach over 90% once we get to scale. The impact of our revenue model is that billings and free cash flow will naturally ramp ahead of revenue and operating margin. In the timings of billings and revenue, we anticipate them building in the second half of FY twenty fifteen with meaningful contribution to our business in FY 2016. Now from an investment standpoint, you may or may not know, Cybera was a Series B round company. They raised about $11,000,000 of venture capital And nearly all that money was going towards building a world class R and D team.
When you look at how we're treating the Savara transaction, it's almost like where you have to inject late stage venture money into that business to make sure it's successful. So we have outlined an investment plan of $1,500,000 in OpEx, $3,500,000 $25,000,000 for Q3, 2014, Q4, 2014 and FY 2015. And the areas of investment are going to be in R and D, because we're going to continue to extend our lead and build out a great Israeli based Tel Aviv based organization, but we're also funding a specialized sales team and marketing and support in order to make sure that we are successfully resourcing a great company that we acquired. And from a free cash flow standpoint, we anticipate we'll be projected breakeven and cash flow positive in the first half of FY twenty sixteen. So if all of that said, I'm pleased to report that we're not changing the timing of our target model.
And remember, I purposely don't call this a long term target model. This is a mid term target model. But what you can see is we've made some adjustments to the components of our target model. So to level set folks, at the time of the IPO, we said that we would be able to achieve 22% to 25% non GAAP operating margins exiting Q4 FY 2016. The timing is the same And the net result is the same, but the component parts have changed a little bit.
So why they changed? We've been consistently above our target model in gross margin. So the original target was 70% to 73%. Now we're at 73% to 76%. And this reflects the increasing contribution from subscriptions, the hybrid SaaS model and the fact that we're going to be selling a lot more appliances into the data center.
Think the 70, 50 fully loaded, those are very nice margins. R and D, We're currently below the target model. And with the acquisition of Cybera, we're going to be continuing to invest not only in the next gen firewall platform, but with Cybera, we're going to be investing in the endpoints and also the ThreatCloud. So we think it's going to be 13% to 15%, so there's no change. Sales and marketing is being bumped up from 30% to 33% to 33% to 36% in this time period, mainly because we're making a lot of investments not only in Mark's go to market organization for the core business, but we're building out a specialized sales force for Cybera.
G and A, no change from 5% to 6% and we're going to get there through improved efficiencies and economies of scale. So wrapping it up, we feel like 22% to 25% is achievable exiting Q4 FY 2016 like we said before. And with that, I'll bring Mark up So we could do some Q and A.
Yes, if I take time with just Stephan and I, maybe just general questions or From Stephan's presentation and then we can And then we can now you see the team is here as well. So take about 10 minutes for that. End of the day, it's front fill from UBS. Maybe you can just talk a little bit about the pipeline for the seventy-fifty. And for Stephane, on Europe, Your numbers have been great in that nitpicking, but when you look at the actual growth rate in EMEA versus the rest of the world, you're under pacing in EMEA.
Is there anything that you see that is prohibiting that growth competitively or go to market? Can you just talk through your aspirations in the in the EMEA region? I'll take 7,050.
Sure. So the pipeline for the 7,050 is call it tracking to plan. What we typically do with any new product introduction, we make sure that our field sales organizations are prized before we introduce something. So we have a lot of pilots that are currently going on right now. The 7,050 will have application in applicability in the data center, the high end data center.
So we have lots of customers who are trialing it right now. We've started to ship to customers. So we have real shipments that are going out in the quarter, which is good. And we expect it to be a meaningful contributor over the next call it 2, 3 quarters it will start ramping up then we should see a broad based adoption of the 7,050? Yes.
There's a lot of POCs gone right now, but we sold units in the quarter and a lot of POCs gone right now as well. And any question of EMEA, I think two things on that. One is that's been a harder market than the rest of the world for quite some time just because of the macro stuff even though it's still growing at really nice rates on over year basis for us, but it's trailing the rest of the geographies for us. So I think as that improves over there, that will improve for us. We're definitely feeling that like feeling like it's better.
And then the second thing is from a distribution standpoint, that's an area of the world particularly for Checkpoint that they're very entrenched with the channel over there. And frankly, candidly, they threaten them. They As you kind of heard from our valued partners here, not for these guys in particular, but general matter, just mathematically that just doesn't work out anymore. Lots of partners we talked to a couple of years ago said, hey, bring me a new opportunity, I'll sell, but I can't touch my existing base. With our growth rates of just realizing that they're definitely losing business.
It's just somebody else is fulfilling it. That's a fine thought though. And I see that changing in Europe soon where that couple of those stones are going to come out of the dam and it's going to open up just from a reseller perspective for us as well. So I think that's a big next 12 to 18 months for us, so we'll tell that story.
Next question?
Hi. Aaron Schwartz from Jefferies. You talked about the cloud is one of the likes of the platform here. And it sounds like a lot of what you're talking about is delivering or using the scalability of the cloud to deliver back to the on prem platform, which you sold. If we look at the security space, there's another approach of displacing legacy vendors and it's actually delivering more product from a cloud perspective.
How far down the road do you go there over time? And then you also talk about your partnerships with SIs and how much will they take on in selling your product in that based approach over the next couple of years?
Yes. There's a lot of things going on there. One is just the power of the cloud in the first place, right, is massive infinite compute power. So from the beginning of recognizing that that was going to be important for us in constructing that platform, so that we take advantage of all those and it's working. It's definitely you can some of the speeds and feeds that Nir gave you.
And just the difference of what we can do in the cloud versus on prem technology is they're just worlds apart like factors apart and we have lots of data to show that as we run tests against these different kind systems. So that's important and it will be more important for us in the future as we bring the endpoints because we can do the same with the endpoints about processing up there as well. From an SI perspective and folks like that, they understand that. So what we're seeing from systems integrators, some large companies NTT being a perfect example of folks who are saying that their customers or coming in saying you have expertise, you have the technology like from a network perspective and we'd really like to shift some money from the CapEx to OpEx So can you not just outsource like the network, but can you on a managed service basis run portions of our network. But when you do it, you have to provide at least in our world security that is top notch next generation security.
And that's a growth area for we've seen some of our systems integrators who are in this case service providers that are spinning up services using our technology that they're in turn selling to enterprises not small businesses, but enterprises on a recurring revenue basis and everybody wins in that model. And I see that over time, a lot more in global basis. Kelsey is texting.
Sterling Auty with JPMorgan. Stephane, you mentioned the $2,500,000,000 TAM if you never brought on another does that include Cybera?
And then one follow-up question.
That excludes Cybera. So that doesn't include any contribution from them. Okay.
And then Mark on the go to market with Severa, you talked about the overlay, even talked about it in the acquisition call. But curious when you made the comments earlier about talking at the senior security, we know that traditionally endpoint has been purchased by a different part of the organization. What's going to be the main focus of how you're going to try to penetrate those accounts? Is it going to be a dual track approach where you're talking senior and that traditional endpoint buyer? Or is it going to focus on one versus
the other? We're going to do 2 things at the same time. And then the first thing is we're going to build a team, but it will be primarily SC based versus salespeople based because it's a technology sale, it's next generation, all the things we experience with the next gen firewall to go in and talk to the endpoint person because even if we do the second thing, which is sort of get the air cover at the CSO level or CTO level called security for the whole enterprise holistically and you really need the platform and you need this stuff. Somebody at the end of the day in a with no windows in the basement, right? It's actually got to make it work.
So we have to cover both of those. And we'll do that with our major accounts team and global accounts team and we're going primarily first there, right? We're going to we've got 16,000 customers in the company, 3,000 plus in the region of some version of wildfire, over 1400 plus are using paid for versions of Wildfire. That's where we're going to start, 1400 that are using the platform with wildfire because that's 2 legs of the stool. We're going to go right in there and say here's the third one.
When we have that conversation, we already have account managers who have captured mind share from the cybersecurity perspective. Now we need to bring somebody else in to say here's how to complete the triangle the endpoint. But you have to know how the endpoint works, right? And it's you put it on there, it's not going to break anything. All those things are actually very important to get that person to sign off on the purchase.
Thanks. Rob Bovo with Millennium. Thanks, Mark. Just a quick one on the wildfire success. So, when you're seeing the uptake and you talked about the increasing attach rates to your embedded product base, are you being invited into installed customers for bake offs that are specifically attacking the APT opportunity given that FireEye has raised the visibility of it with the marketing message.
Is that how you're seeing that success? If not, How are you cross selling that to justify that momentum? Thanks. We're really seeing 3 things going on there and it's great. The visibility from this whole APT thing is great.
We love that, right? The fact that people are finding budgets and there's a lot of marketing that's being done for our benefit. And what we're seeing there is 3 things. First is, when we're bringing in 1,000 new customers every quarter, the ability on the acquisition of the new customer to sell Wildfire in that initial purchase is really high. We do really well there, in that initial purchase is really high.
We do really well there because a lot of those customers they don't have an answer to that yet, right? They're being sold to and then when you when they're already deciding to purchase the Palo Alto device at one point of the triangle.
So you talk to
them about wildfire and APT which they're and say, oh, I can get that too and it's actually relatively from a value perspective, it's a lot more value for a lot less price. I'll take So that's the first thing. The second thing is, in our existing base of customers for people who just don't have
a solution yet at all, but they're hearing about it all the
time as well. We're at all, but they're hearing about it all the time as well. We already never get to go back and say, hey, that thing you heard about, you already own the base you need in order to have the best, most sophisticated technology. It's not just detection, it's prevention. So we have that opportunity too.
And then the third thing is, We do have folks in our customer base, particularly in larger organizations that they own FireEye already, right? They made these purchases number of years ago or whatever the time frame is, we get to go into them and say, we know you have that right. So, but you're already running our fire wall inside your company. So here's wildfire. If you want to do a compare head to head compare on this thing, this is how it works.
It's technically superior. It does prevention not just the and it's 20% of the list prices of all the devices you've already deployed, right? So if you want to rip devices out of there, just like you buzz with us with IPS and just like you liked with filtering, all this things. Here you can do it again and get superior security with superior TCO. Yes.
So all three of those things are working for us at this time. Rob? Yes. Hi, guys. Rob Owens from Pat Crest.
On the product and subscription
billing slide, Stephen, that you showed, how much of the billing slide Stefan that you showed, how much is the extension in duration that you talked about influencing that growth rate?
It definitely has a factor in that because anytime you do anything more than a year, you're increasing the billings. It's hard to put a percentage on it, but I can tell you directionally From a couple of years ago, our average contract lengths were call it a year. As of last quarter, They were about call it 1.5, 1.75 years. So they've been trending up over time. And that will definitely be that will have a beneficial impact on the gross billings that are And that's why you see growth in deferred revenue and the long term component also going up.
And then second, as we look at the upward guidance the upward revision guidance for the gross margin. How should we think about that? Can you give us color? Is this a function of higher end boxes, cost efficiencies or a mix shift to more services and the add on and the extensibility of the platform?
Well, it's really a combination of all those 3. We are relentlessly focused on driving cost of goods sold down on our platform. And we have gross margin targets and COGS reduction targets on a quarterly basis. So we're very much focused on that. But from a mix standpoint, as we get more traction with the seventy-fifty getting into the higher end data centers, those will have higher gross margins over time as the 7050s get built out.
And then certainly from a subscription standpoint, the higher the attach rate of the subscription that we have that is almost pure 100% gross margin. So that mix shift, all those three things that you just said, will all play Apart in expanding the gross margins.
Walter, Walter Pritchard from Citi. Just a question on the product side with Cyvera. I think when you first came up with the PAND firewall, it was eye opening to so many customers. You showed them things know they almost had to buy the product to be a steward of their company. Can you talk through sort of what you can do in this area to sort of open people's eyes to what they have, what your product will do and therefore the hole that it fills?
And then Stefan just for you on the numbers. Can you give us a sense of you're not selling it as a percentage of the box because Civera is maybe agent based or what have you, but how should we think about deal sizes or if a customer sort of a multiplier something would help us quantify, we get the TAM as something to help us quantify it on a customer basis?
Yes. Thanks Walter. Yes, the I think this we're going to run the playbook, right, that we've been running with the next gen firewall for a while, which is just prove it, right? And on next gen firewall, we do those AV patient visibility reports and we just side by side it and if people test it, it's truly black and white. And we're going to run the same kind of playbook on the endpoint with the SIVERA technology.
And it's starting with the baseline of that the Savara technology when it's tested, which we've done, would have stopped every exploit since 2,009, right? Because it's right it's going at that exploited technique to that. So we can show that from a testing perspective. And then we can talk to customers and say all the malware exploits that you saw in your network, Pick a date, right? If you're keeping track of them, right?
This is what would not have occurred if you had been running this technology. And then go ahead and test it on your network. We'll run some of those exploits by you, right, in a lab environment and you'll see that just stops them. So we'll run the same proof is in the pudding playbook with that. We think that will be successful.
And on the subscription side of the house, It will be a subscription per endpoint. We haven't divulged what that pricing is going to be yet, partly because the deal hasn't officially closed. So we're looking at different models. But there certainly is a cross sell and upsell opportunity within our existing install base. The quantification of that is really ultimately going to be based off of how many endpoints is the technology going to be deployed on.
So I'd just say stay tuned as we close the transaction and most likely on our upcoming earnings call, we'll give a little bit more clarity relative to the size of the near term opportunity on that front.
Yes.
One clarification question for Stefan. Your prior financial target is for exiting fiscal year 2016. So may I verify the time line target for the revised financial model?
Yes, the timing hasn't changed at all. So what we had said was in Q4, FY 2016, we'd be at 22% to 25% non GAAP operating margin target and nothing's changed. So even with all the investments we're making in the short term with Cybera with the TAM expansion etcetera, we still feel confident that we can get to 22% to 25% exiting Q4 FY 2016. So no change.
We're going to have to wrap up because I know we're running over time. So I want to thank everybody for attending. So for the folks in the webcast, this is going to end that portion if you would. Thank you.