Good morning or almost good afternoon, everybody. Hope you're doing well. My name is Hamza Fodderwala. I'm the cybersecurity analyst here at Morgan Stanley. With me this afternoon, we have Mr. Nikesh Arora, Chairman and CEO of Palo Alto Networks. Nikesh, thank you so much for joining.
Thank you for having me.
All right, great. So, before I begin, just a brief programming note. For important disclosures, please see the Morgan Stanley Research Disclosure website at www.morganstanley.com/researchdisclosure. With that, Nikesh, let's dive right into it. So I think you sat up here five or six years ago, and you wanted to go on this journey of building the first evergreen cybersecurity platform. If you look at what's happened over the last five years, the revenue base has gone up multiple times. Market cap has, I think, almost 5x, $100 billion, or as of yesterday's close, at least. And you're a leader in over 20 categories, whereas five years ago you were largely in firewalls. It seems like now there's a little bit more skepticism.
Now? There should have been skepticism then.
So, I'm curious, just one, take stock of the last five years, and what do you think you have to do for the next five years to maintain this sort of evergreen platform strategy?
Well, first of all, as I said, thank you for having me, and yes, five years ago, we set out on a journey to see if we could actually adjust the paradigm in cybersecurity to see if companies can survive for longer. And we had 2% market share, an industry that spends close to $200 billion a year, possibly have 5% or 6% now in that market. The question now really is, it's not a product innovation question for us anymore, which is what the big challenge then was. We went out and acquired about 19 companies in the last five years because we had technical debt. There were companies out there who had better products in certain categories than us. We bridged that gap, as you highlighted, about +20 categories where we lead.
The real question now is, how do you take that, and how do you get every customer to buy the entire platform in three of the categories we play in, which is cloud security, network security, and SOC? So over the last five years, we have been able to insert ourselves and get them to buy one or two out of the four or five things in each platform. Now, the question is: how do I go in and get the person who has one to go to five, who have two go to five, or go in and sell the entire five together? Because we believe, at this point in time, we're uniquely positioned to be able to do that. You know, in network security, for example, nobody has SaaS, SD-WAN, hardware firewalls, software firewalls, cloud firewalls in one integrated capability.
There are people who are doing really well in certain categories, but nobody has the entire gamut. Take the case in SOC. We can do that. So we think we have a competitive advantage at this point in time across the three platforms, and now is the time to strike.
Right. Maybe just to go back to the last earnings call two weeks ago now, so, I. You know, you had to cut the guidance, the billings guidance, by about $600 million. Over half of that was because of some weakness in the Fed, and then I think the remaining 40%-50% of that was this new platformization strategy. One, is my characterization correct? And-
I'd like you to be more optimistic than that, but you started off with any sentence that's out, just cut something in the financial news; it doesn't sound good. But other than that, cut cost sounds good, but cut guidance doesn't sound good. We accelerated our platformization strategy.
Okay.
You want to grow to be a bigger company-
Mm-hmm.
in a certain period of time, and given you guys are strong, long-term investors who want the stock to double or triple in the long term, I'm sure you all appreciate that.
Fair enough, but just, just to zone in on the Fed side of things.
Yes.
What was the reasoning there? Because, I mean, from what we hear just more broadly from the federal vertical is there's a lot of focus on cybersecurity, so why the weakness of Palo, I guess?
Let me parse that out for you. First, there is no problem with demand. Cybersecurity demand continues. If you read the newspaper or whatever you read, you see every day there's a new sort of breach out there. There is more activity. There are nation-states who are constantly on the offensive. So the demand function has not, is not going to abate. The question is, for us, the two things that we said: one, to drive this notion of going from one or two products in a category to having a platform approach or a platform sale, which eventually gets to a better security outcome for our customers, we have to get aggressive in the market. And part of that is accelerating the customers being able to transition from some legacy vendors, and you can decide who the legacy vendors are.
But every customer has some vendor that they would like to transition off of, and we go ahead and say, "Look, we can help you transition as long as you're adopting or adapting to our platform approach." So that's kind of one part of it. We sacrifice short-term billings or short-term revenue in the interest of longer-term growth and more growth in the future. The other part was very specific to Palo Alto, where we had certain aspirations of staffing on a certain key contract that we were working on with the federal government, which didn't materialize. So we had to decide to de-risk our numbers from that contract, so we took it out.
Got it. Got it. So, what was the thought behind saying the word spending fatigue? Because obviously, demand is strong. So I think someone-
I think, let's be clear, because there's cybersecurity spending fatigue. Now, you have to get it in context. Demand continues to grow. Bad things continue to happen at a faster and faster pace. But customers buy more and more cybersecurity. Cybersecurity spend goes up about 5%-8% a year. It will continue to do so. But they're getting frustrated. They're getting frustrated because they're getting breached more, they're less secure, CISOs are being held accountable by the SEC, there's possibly one of them might go to jail. So there is frustration. I spend more money. I try and get the right thing done for my organization, yet I don't get the outcome, but the spend is there. So fatigue in the context of spending more money and not getting the outcome, not in the context of I'm done spending. That's not a choice.
Fair enough. Fair enough. On the Platformization strategy, so, obviously you're trying to accelerate your ability to consolidate with your customers. I know you've gotten this question a lot, but why double down this now? Why, you know, call this out on your, on your last earnings call?
Well, look, as you know, about six months ago, I signed up for another five years with Palo Alto. And as I did five years ago, I sat down and looked at the business, looked at the fundamentals, say, "Where do you go from here?" And I'm of the firm belief what got you here is not gonna get you there.
We seem to be doing really well right now. Now's the time. If you wanna make big moves, now is the time to do it with a three to five year horizon in mind. So I spent the last 6 months reviewing. So far, I've gotten to 300, I intend to get to 2,000. I sit in my conference room, and every rep has to dial in and explain to me exactly what they're gonna do with each account. Quite illuminating, by the way. I was told people in enterprise don't do that, but since I don't usually do enterprise life, that's fine. So I went through the first 300 customers so far, and I discovered a lot of interesting things. A lot of customers have some part of our platform from Palo Alto.
A lot of customers are either in one category or two or three from a platform perspective. There's lots of room. So we started expanding that, that sort of scope, and now we do them, possibly another 15, 20 this Friday. We do them once or twice a week. 500 reps dial in to watch how this thing goes, and then they go prepare, and they do this. So I learned in that process that we're not, we're not pitching to our potential in every account. We should be, we should be stepping up. And then I figured out the key detractors are customers are stuck in legacy vendors. Customers are scared of executing a transition because cybersecurity sort of is not simple, it's complicated.
So we have to do different things, and the different things involves going in, giving them transition support, going in, helping take off the economic risk on the table. So that's what we decided to do. And now, because why not now? The longer I wait when there's, when there's a profitable strategy that is being executed by one vendor, you get about two to three years of a competitive advantage. Eventually, we all flock to whatever strategy is working. If you look in the history of cybersecurity, any company that has run really well for three to five years on a growth trajectory, all of us go try and converge on them, try and take their business. And you can , we have other people sitting up here, you'll see. We're all chasing each other and trying to get into their sort of profit pools.
For now, we believe we have a competitive advantage. We should go out and go execute against it.
So there's three different areas where you're trying to platformize. So, you know, I read your LinkedIn post last week and some of the comments...
One out of three. I have two more, but-
Oh, yeah, I'm looking for-
pace them up a little bit. Yes.
Okay. How is this different from traditional bundling and discounting? Just walk us through how it works, how you're trying to ease switching costs for customers, et cetera.
I apologize. People are having lunch, you're asking a question, which is gonna bore them to tears, but I'll try and answer it.
Very important.
Do you want me to do it? All right. Okay.
Please. Yeah.
All right. Okay.
Or you can read his LinkedIn post.
No, no, no.
yeah.
Oh, this is a setup for me. I apologize. Yeah.
Yeah.
Okay, got it. Got it. Yes, this is totally different than bundling. That's what we, that's what we wanna say, right? Okay. Look, bundling is an economic bundle. You say, if you buy one thing from me, you buy the second thing, you can buy the third thing, it's for free or it's part of the deal, you're gonna go spend differently. Cybersecurity sort of works differently because chief security officers and CIOs, they don't get into trouble of buying the best in a category. You go, you buy something in the top right of the Magic Quadrant Gartner, you don't get into trouble. But for us, it's different because we actually have to prove the value of these things working together. Because the customer already has the other use case. They have perhaps three or four vendors or five vendors doing network security.
If I can show that I am better, cheaper, faster, and more effective in my stitched platform approach, then there is something to talk about. So for us, this is about actually going and demonstrating value from the integration, as opposed to creating an economic construct. It's actually, the economic construct hasn't changed for us. The economic construct is still the same. You consume, you pay. We don't give away a whole bunch of stuff, all you can eat for free. This is not a buffet. So you have to pay for what you consume in our platform, but the key is, can I demonstrate the value of my platform? So that's why it kind of differs from the traditional enterprise bundling approach, where you've got everything as part of the big license. I don't really care what you eat, what you don't, I get paid. We don't do that.
Okay.
Is that helpful?
Yeah.
Okay.
Maybe just go into some specific examples. So, you know, the average enterprise is using 50-100 different security tools. So you've got three platforms that you're selling. There's the network security-
Yeah
SASE side, there's the SOC automation, that's security operations center, and then there's the cloud security side.
Yeah.
This is, again, the platformization strategy is not necessarily new, it just seems like you're doubling down on it. Can you give us any examples where you've launched this effort in the last six months to 12 months and where it's been successful?
Yeah. So look, we didn't. It might seem like we transitioned overnight. We didn't. We have been trialing various things over the last six months, right? We've trialed, we bought an enterprise browser company called Talon. Went to our customers, we were thinking about getting them to test it and charge for it. We decided to give it as part of the SASE product to try and get customers to consume it. When it comes time to go for renewal, they'll pay for it, but for now, we decided to seed the market with that. That became a very interesting approach. Large consulting company, you know, they actually became a SASE customer first. They loved what they saw. They expanded that to a global remit. Now, we power every one of their consultants off their laptops with Prisma Access. They just replaced-...
all their firewalls with Palo Alto because they wanted to see the benefit of what they get in remote access in their data center. So we've ended up consolidating nine vendors into one platform for the consulting company, and that's just one of our platforms. We haven't done the second and third one. We're in discussions with a large company, where we're actually trialing out and saying: Listen, we'll give you soup to nut cloud security across the board. We'll just index this off of your cloud spend, so you don't have to worry about what to use, what you don't use. You can use all of our cloud security products. It's indexed off of your cloud spend, so you'll always be able to manage it, but you get to consume all the cloud security.
So we are trialing out and executing on a whole bunch of these. What's been fascinating is in the last two weeks, as much conversation has happened in your community about our platformization strategy, more interestingly, our salespeople out there, 3,000 of them, are coming back and saying, "Oh, the customers wanna talk about this." So clearly there is some product market fit and resonance out of the market, where the customers wanna talk about platformization, they've all heard about it, they've all read about it, and thank you very much for amplifying the message, positively or negatively, because they all somehow seem to know that Palo Alto has embarked on this platformization approach, and now our conversations are: How do we get to platformize in our enterprise because we're tired of the vendor sprawl?
Yeah, I mean, the value, the, the value of consolidation, I think is clear in terms of cost, integration, et cetera. But I think the, the debate has been coming up around what is the right balance, right? There's always been the spectrum of platform versus best of breed in cybersecurity. There's been other companies that have tried to go this security super suite approach, you know, Symantec, Cisco, et cetera, come to mind. Why is Palo Alto going to be successful, perhaps where others have not been?
Look, we live in Silicon Valley. Every company that's been extremely successful has destroyed some legacy thinking, whether it's Uber or YouTube, you pick your favorite tech innovation, disruptive company, they all came up and challenged the existing thesis. So, you know, we're not gonna wake up every morning saying, "It happened to everyone, it happened to us." We think the time is now because nobody ever tried this with having great products in 21 categories. In every other case, it was an economic bundling concept as trialed by enterprise security. We're saying: We're gonna have 20 great things. We're gonna make them work together, and we've demonstrated that all those 20 things sell on their own merit. It's not like it sells only because it's part of this bundle. It sells on its own merit.
Now, we're saying, "What if you could get it all to work together?" If you go back and think about, some of us who are older, you know, 20 or 30 years ago, there was no concept of a CRM, and companies had their own seven different applications that did some version of CRM. There was no concept of an integrated HR system, integrated financial system. I remember I started my first job as a Fidelity Investments on the finance side. They had seven tools. Now you have an integrated financial system, and you say, "Wow, that makes perfect sense." Oracle CRM or Salesforce or Workday for HR or ServiceNow. So why should that not happen to cybersecurity?
What evidence do you have against it, that there is not a need, where every company shouldn't have to go build this themselves, hire hundreds of engineers, and try and stitch this platform on an individual basis? It shouldn't. The only problem is it's never been there before, so you presume it's not gonna be there in the future. We think it's gonna be there. It's going to be us.
Yeah, maybe the pushback to that would be-
Sure
... the risk level is high. If you don't buy the best solution out there in the market, you can get breached, whereas that doesn't exist in the ERP market or the CRM market or what have you.
There's no risk if you have a crappy ERP system?
I mean-
The risk-
... the risk level is not that you might get breached and, you know, end up costing you tens of millions of dollars. I'm sure there's some risk, but-
If you can't ship product in time, you have a bad ERP system, your top line goes down, you guys murder them in the stock market. So there's-
Fair enough
... that risk. So there is a risk. I mean, yes, but that's why we got to prove our - we have to earn our, you know, our place in that platform on individual merit for each category. We think the time is now. We've demonstrated we can go get 3,000 SASE customers in a span of two years against all the existing players who've been around for a long time. We've demonstrated we can get now to 6,000 XDR customers against all the existing XDR players in the market. We've demonstrated we can have 40% market share, hardware firewalls, 50% market share in cloud firewalls and software firewalls. So we've demonstrated each of those categories we win, in respect to whether they're in part of a platform or not.
Now, what we're trying to say is, how do I create ubiquity across my customer base and try and focus them on integrated platform approach or not?
Got it. Last couple of questions on the platformization topic-
Sure.
Then I might open up to the audience. So, in each of these platform domains, network, SOC, cloud, there's like 10-20 different products. Is the platformization strategy more to consolidate within those individual domains, or would it be able to drive cross-pollination between those separate platforms?
Look, it does drive cross-pollination, but, you know, this is where if you load everything into one thing, then it becomes an either/or. That's a riskier strategy in a sense, you're talking about risk. So everybody understands the value of having a cohesive network security platform. Everybody understands the value of a cohesive cloud platform and possibly a SOC platform, and typically, in every organization, there are three distinct individuals or personas who buy those three things. Like, there's a chief security officer running the SOC, there's a CIO who's responsible for development, there's a CIO who's responsible or chief infrastructure officer responsible for network, the network and network security. So we've, we've gone from 21 capabilities to trying to focus people on three platforms. Maybe in a few years from now, when we're sitting here, we might do that again. You know-
Yeah
... the second quarter of the fiscal year, in five years, we'll say, "We're going three to one," maybe. That'd be a good use case, but then we'd be sitting here having the same conversation. No, but to see if we are trying to consolidate them on these three platforms, and the idea is to make sure the customer doesn't have to do the stitching.
Sure. Just looking at sort of the impact to the guidance. So you talked about next quarter billings being in the low single-digit range, then back, you know, towards 10% by fiscal Q4, the July quarter. And then you said in the back half of fiscal 2025 or the first half of calendar 2025, you'll be back to a mid- to high-teens billings growth. So this is really going to be a 12-month headwind, it seems.
Yeah, but remember, if you think about it, if I'm trying to go to a customer and saying, "You got legacy vendors, let me go take them out and deploy Palo Alto," then typically, you know, our sweet spot will be people who have 12, 18 months left on their existing contracts for us to go take them down, put a transition plan together. And hopefully, in 12 months that we're doing this, we'll start lapping these 12 months that we've actually given away. So we should see, you know—Typically, our deals right now are gonna be first year free, pay me for two, three, four, five. But at some point in time, the first year free is gonna go away, and I'm going to start getting paid for the deals I do now. So we expect there's a 12-month lap.
That's why we've said we come back after 12 months to the better trajectory than we have had in the past, but there's gonna be a 12-month period in which we're gonna be executing on this strategy. We'll keep executing that after, too, but, you know, one-time, 12-month adjustment around it.
Yeah. And the key point really here is this is an account penetration strategy, so these are largely your existing customers who have shown a willingness to already consolidate-
Yeah
-with Palo Alto.
Yeah.
Not just any, you know, right?
I think one of the things with in financial terms what happens, which is fascinating, is as we keep driving this strategy, we've become an 85%-90% recurring revenue company, without calling it an ARR company. We've become a software company because we've traditionally come from a hardware background. When I came, I think 30% of our revenue was recurring. We're in the 67% range now, and get to 80%-90% recurring without making a big brouhaha about turning into an ARR company, although I don't know if ARR is still popular or not.
I mean, last year you said TCV is back in fashion, so I don't know.
TCV is always back in fashion. TCV like-
You like cash up front.
I like cash up front.
Yeah.
I like TCV, I like RPO. All the other stuff is adjustable.
Fair enough. Anybody in the audience have a question? We got one back here. Just wait for a mic. Is anyone here with the mic?
They weren't ready.
Mic person? Okay, I guess we'll wait for... But we have a question here in the middle. We'll wait for you. I'll just move on to my next question. The other, aspect, I think, that, that's been, of, of some concern in, in relation to the, to the billings revision, we'll call it, won't call it a cut, fine-
Go ahead
... has been free cash flow, right? So a lot of the free cash flow is driven by, you know, three-year upfront billing. So what gives you confidence that you can maintain this high 30% free cash flow margins that you put up?
Look, over the last five years, our annual billings, as a proportion of our total billings, has slowly been creeping up because people have been taking annual contracts. We have been financing a lot of deals with PANFS . This is north of $1 billion. So eventually, that stuff has to get collected. So we have been, you know, possibly 25%-30% of our billings now are annualized, and then that starts lapping, gives us, again, it's kind of like recurring revenue. We know that a lot of that is already being collected on an annual basis, so those things begin to lap. The other thing you've seen, we've driven a 1,000 basis point improvement operating margin, which eventually falls to the cash flow line. So those things help.
That gives us comfort that on a cash flow basis, we'll stay true to the mid-30s+ guidance we've given in the past.
Got it. Got it. Maybe one quick follow-up on that. I think you also renegotiated your, your cloud contract-
Yeah
with GCP. So any way to contextualize how that's driving more savings?
Well, the more you spend, the cheaper it gets, sort of like going shopping with your spouse. So, yeah.
Fair enough.
We spent a lot of money in public cloud, and as a result, we've been able to negotiate a better deal, which makes us more confident that we can sustain higher gross margins, because eventually, it's the gross margin line, which means better operating margins, which gives us comfort in our operating margin guidance, which gives us comfort in our free cash flow guidance.
Thank you for the math there. Appreciate it.
Yes.
We have a question.
Thanks for telling. I'm financially literate, barely.
Hi. So the question is for Nikesh around the $15 billion long-term target. Has your thinking in order to achieve that change with respect to M&A? Like, is that a very organic number, or in the last six months, especially with this new, newer platformization approach, do you have to be more aggressive and maybe front-load the early years, or how do you think about that? Thanks.
So, you know, that's assuming normal activity, and normal activity, if you look at our history in the last five years, is, has ranged anywhere between $500 million-$2.5 billion of M&A, which is mostly product innovation-oriented, as opposed to revenue-oriented. Because for the most part, for us, we feel comfortable buying companies where we can take them, put them on our go-to-market machine, integrate them technically, and go out and sell more of that. I struggle with buying things at 8x-10x revenue multiples, giving them a premium, then I... basically spending the next years executing on the behalf of people who've got rich on those shares, as opposed to my shareholders.
So unless I find something that is compelling strategically, that we can actually take the two together and generate more value, I am generally cautious, is possibly the right word, of looking at large deals. So yes, the $15 billion is assuming normal M&A activity, which we have been demonstrating for the last five years.
Oh, we got a question here.
Hi. So you spent about $600 million on Talon, and you're now gonna essentially bundle it with a SASE product. What should we read into the enterprise browser market based on that assumption, and what strategic vision do you have for Talon, given that strategy?
Look, what's fascinating is, post the pandemic, it became abundantly clear that people want to access every app that their company offers from wherever they are, right? Whether you're sitting here, you want access to everything, or at home, or traveling. That market in the past used to be a VPN market. You dial in through some VPN, and you get there. That technology has been very old. We've seen a bunch of breaches and vulnerabilities around it recently. That market has eventually migrated to SASE. Now, the interesting thing in SASE is most of SASE requires an agent to be deployed on your laptop. There are three scenarios which becomes very hard. One scenario is mobile devices. Most of us carry mobile devices. 50% of our companies don't protect our mobile device access or don't give you full access to your mobile device.
2, it becomes harder if you're trying to use your home computer. I don't want Palo Alto software downloaded on my home computer because I don't want Palo Alto to see everything I do on my home computer. I love Palo Alto, but, you know, there are certain limits to what I'm going to let them into. So, you know, on a BYOD case, you don't want that agent sitting on there. And third case is there are people who have multiple companies. They work for contractors. They will work for multiple companies. They don't want to have one company's agent on the laptop. All those three use cases were. We were attempting to serve as an industry with a poor use case called remote browser isolation, which is somewhat a not-so-great user experience, if you will. It's possible it works.
That whole market gets revolutionized by having an enterprise browser. The way enterprise browser works is basically that's your, lack of a better word, portal or access to any application enterprise, and you can deploy all kinds of controls on it. You can apply DLP controls on it. Nothing can cut, paste, you can't forward anything, you can't download anything. We can control the browser for or the company. The customer can control the browser for every one of their employees, for your home computers, for your phones, for your contractors. So I just think it's a game changer as it relates to remote access. It's a game changer as it relates to being able to deploy controls, and now the fun part will begin when people start trying to access AI.
The browser, because it's unencrypted, can see everything you're doing, and that gives us much better control characteristics vis-à-vis something that you intercept after encryption, which is many people don't allow you to view encrypted traffic. So it's a game changer from an access perspective. Six months ago, nobody was talking about it. Now, I can tell you, I was in New York last week. There's swaths of employees and contractors say, "We'd like to deploy a browser instead of an agent." I think it changes the way the market thinks about remote access in the future.
We will come back to audience Q&A later on. I just wanted to spend a little time on generative AI, because I know, yeah-
Sure.
It's been a big topic over last year. One, how are you seeing Generative AI change the threat landscape? And then secondly, can you remind us how you are using Generative AI in your product portfolio to help consolidate the market further?
Sure. So, generative AI for us will fall into possibly three categories. Category one, bad actors using generative AI. That happens on the consumer front, on the enterprise front. On the consumer front, I'm sure you read about a deepfake video where somebody got inserted themselves into a Zoom call and got a bank to transfer $25 million. That is doing the rounds. It's kind of interesting. So there are generative AI follies that are going to happen on the consumer side, which you can think about as an enterprise use case as well. Bad actors will use generative AI. They'll, in the most basic way, you know, get the LLM to write a phishing email, which will come to you with a malware link, and you're going to click on it, and it'll steal your credentials.
So it's just faster bad actor activity, which we have to be prepared for. So it's gonna feed the overall cybersecurity demand. There is no fatigue, a lot of money will be spent in cybersecurity, right? The second category of generative AI is how do we protect our customers against problems created by generative AI, which fall in three categories. One, are employees accessing AI LLMs or AI apps? We have to stop employees from loading proprietary information, all kinds of stuff. So we have about 100 million customers we protect on access. All those users are going to need protection against generative AI. It'll just become another subscription that sits on top of our access products. That should be low friction to deploy, low friction to sell from a subscriptions to our customer perspective.
The second category will be the AI firewall. If you deploy an LLM in your company, we're gonna have to make sure we surround the LLM with security protection so nobody can inject prompts, nobody can manipulate your LLM to give the wrong answer. No bad stuff comes out of LLM. No, no phishing links come out of your LLM or bad malware code is transferred to your customer. So we'll have an AI firewall. And third is, it's more of an architectural thing. If you go deploy AI in your company and move everything from cloud to AI in the future, you're gonna need a cloud security equivalent of AI security posture management. So those are the three product categories. We highlighted that in our earnings. We're possibly three months away from being able to put them into production for our customers across the board.
We'll start previewing them in the next eight to 10 weeks with our customers. So that's kinda what has happened. And within that, we will also have copilots, like everybody will in the future, which make the complex parts of deploying security easier for the practitioners, because there are 7 million jobs that have not been filled in cybersecurity. It's complicated. And third area, Generative AI helps is reducing costs, vis-à-vis automation and summarization and natural language interface. We're gonna launch a project next month, which approximately should give us 2% headcount savings. We're gonna ramp that up with other projects. I think in the next 18-24 months, most companies are gonna be looking at about 10% headcount savings on a conservative basis by deploying Generative AI.
... Wow! Okay, okay, a lot there. 'Cause I think a lot of what you've been talking about is using generative AI with XSIAM to automate security operations.
That's Precision AI.
Yeah.
In our business, we make a distinction between generative AI and precision AI. I don't know if you guys read recently, I think, an Air Canada chatbot just gave away free medical support for a ticket because it decided somebody else was doing it, and told the customer of the airline that they'll cover their medical expenses, and then the airline had to pay up. I think Chevy had some LLM sell a car for $1 because the person negotiated really well, ended up in a bidding contest. And imagine you're a bidder, bid against me, and it ended up getting the price down to $1. So there's a bunch of hallucination. You really don't want your security software hallucinating. Just saying. You know, it's like imagine a physical security guard turns the gun around. This is not a good idea.
We try not to use Generative AI to tell us what to do in security. We use it to try and look at trends and what happens. We use Precision AI when we know the answer, which are, in old parlance, called machine learning models. We run 3,000 machine learning models in our AI SOC product, which has been extremely popular as we know.
Yeah. Well, I, but I think what I haven't heard you talk as much about is how you're securing Generative AI, 'cause that's a big problem.
Yeah.
It seems like that's something that's already driving some pipelines.
Well, it's driving conversation, you know. A non-delivered product to market can generate pipeline, but until we deliver. So we expect we'll have the product in the next few months.
Yeah, and that would be your AI security posture management, that would be-
It'll be AI Security Posture Management, AI Firewall, and AI Access.
AI Access. Okay, got it. Got it.
The reason I don't feel uncomfortable sharing that, because on an AI Access perspective, it'll just become another capability for our customers, where they already use our Prisma Access product or our GlobalProtect product for firewalls. They'll just sit on top of it, decide it, saying, anytime AI is accessed, we'll intercept and deploy controls.
Got it, got it. I think we had a question down in the middle, but I'll just sneak in one more while we get the mic there. But, do you also foresee a scenario where, you know, AI obviously drives more data, more traffic? Could that also incentivize perhaps an accelerated refresh on the hardware side? Is that something that you're seeing?
Look, I'll take a slightly different point of view, that there's two parts to that. One is, I think it's important to understand, at the most basic level, a firewall inspects network traffic. Network traffic is generated between users and their companies. It's generated between applications by consumers. So in general, network traffic is rising between 2x-5x a year. Think about it. Everybody, now you deploy AI, more people will be accessing AI. You'll be sending stuff back and forth. All that traffic needs to be inspected. The way it gets inspected is through hardware, software, cloud firewalls, or SASE. Those are four ways to inspect network traffic, right? Between all those. So in general, that category is gonna continue to see strong demand as long as we expect traffic to go up.
In general, more AI, more data gets deployed, you will see more demand for cloud security because it's very hard to do AI LLMs on-prem. You can, it's just harder. People will, you know, people who haven't moved to cloud will move to cloud now. So all these models are gonna sit in the public cloud with all the ringfencing that happens. So that's gonna keep driving the cloud transformation game. All the bad actors using Generative AI, you'll want much more real-time responses, which will drive Precision AI in your SOC.
All right. Tom, go ahead.
Thank you. Perhaps just elaborating on the re-platformization strategy and incentives you're offering to customers. How are you prioritizing those efforts across areas like SASE or endpoint or SIEM? I mean, I know the answer is all of the above, but you know, how you know, can maybe give some detail around how you're targeting each one? Thanks.
Sure. So look, on the network security side, what typically happens is it's hard to transition a firewall if somebody bought it last year. Firewalls have six to seven years end of, end of life or useful life. I can't really buy out your firewall if you bought it last year. You have six years more of depreciation sitting in your balance sheet. I can't go take it out and say, "I'll replace it," because it's not very interesting to us economically. What's interesting is SASE, because there, you know, at best, it's a two-year contract. You're probably six, eight, months, 12 months into it. That allows you to take the risk off the table, saying, "Palo Alto is gonna come and deploy it.
I won't have to worry about paying for it until it's deployed, and I can switch off one and switch on the other and start paying Palo Alto." So there, it's a lot easier for us to go disrupt possibly the network security space, SANs hardware, because all those things are on typically one to three year deals. And there we can offer seven to eight vendors, can get consolidated into one. So you better get a better security posture, better security outcome, possibly lower cost. On the SIEM side, in the 15 years, it's been 15 years since there has been any revolutionary change in the SIEM space. All the products in there have were created 15, 17 years ago, and over time, you'll discover they're not set up for AI-based data analysis. They're not set up for machine learning models the right way.
So there, you know, it's more about taking the execution risk off the table, saying, "If I replace this, what's going to happen? I have to pay you for six months while I get you up and running. I still have to pay for this thing there." I'm much more willing to go take the bet because once people have bought those in, they haven't changed them for 15 years.
Maybe to follow up on his question, to what extent do you think the platformization strategy is really focused on the SOC, more specifically on the endpoint? Beause you need a lot of endpoint telemetry to make things like Cortex XSIAM, for example, work. So what is the thought process there?
The endpoint, remember, we were not a player five years ago when I joined. There were 14 endpoint companies at that point in time, we were not a player. There was Symantec, McAfee, Carbon Black, Cybereason, Cylance, CrowdStrike, a whole bunch of others, right? So I think it's down to four... down to CrowdStrike, Palo Alto, Microsoft, and SentinelOne. The other 10 are over time going to get replaced by somebody or the other, which is amazing. It got from 14 to four, and to the extent somebody already has just recently deployed the other three, we will ingest data and make it work on XSIAM. We will take that friction out of the system. We will offer to replace any of the other 10 in the market.
I think we have time for one last question, if anyone has one. We got one right here.
Hey, I wanted to ask maybe, you know, when I think about the platformization with enterprise, you know, I read somewhere that there's about 50-60 tools an enterprise has for security, and you guys are leading in 20, so it means that you will still live alongside other tools. I was wondering, does this affect your idea of being more of a closed system versus an open system, integrating more with different tools, especially when I think about data security lakes that you guys are thinking about making it a bit more closed rather than integrating with more tools. So would love to hear your thoughts.
Okay. So let me parse that out. One, we cover about 60%-70% of a customer's cybersecurity vendor estate today. So to your example, if you have 60 tools, we could possibly replace between 36-40 of them, right? We don't cover the other 30. A major chunk of that is identity. We don't do identity. There's about eight to ten or 15 tools in identity, and there's a few in vulnerability management. We have plans to go address some of those markets. Two, most cybersecurity vendors in the market will give access to alerts and data into SOCs or SIEMs so that customers can stitch them. We do the same. Our data is available to any SIEM or any SOC that chooses to integrate Palo Alto data.
We will accept data from any other vendor into our SIM, even the 10 that you said we want to replace. So to that extent, it's, it's open. You cannot have true open in cybersecurity because true open means the bad actors can see what you're doing. So it's always a bilateral agreement that we have or a deal where we understand what we want to deploy or not. So no, we're not building a closed data lake. At some level, it works better if you use our product because we understand the data that was collected. It's kind of like the difference between first-party data and third-party data. I collect first-party data. I understand it better. I feel much more comfortable guaranteeing the quality and outcome of my first-party data.
If I have to integrate somebody else's third-party data, then that's the risk because I don't know how they collected it. I don't know how good it is. If it's got false positives, you have to deal with the outcome. So that's the only benefit of taking it away.
All right. Nikesh, thank you for coming. I guess I'll see you later.
Yeah.
Thank you, everyone, for joining.
Thank you very much.