Thanks very much for joining us to our tech annual tech conference. We have a wonderful schedule for you for the next few days. We have over 540 registered investors. We have 135 companies. I just want to remind you, I'm gonna start from the most important part. Make sure to join us today at 4:45 P.M. for the reception. It's gonna be on the 32nd floor, the panoramic level. And, the one-on-one meetings are on the second floor, third floor, and twelfth floor. Watch your schedule, and if you have any questions about your one-on-one schedule, just see the corporate desk, corporate access desk, one level below here.
With no further ado, I would like to welcome CEO Nikesh Arora of Palo Alto Networks. Thank you very much for joining us today.
Good morning, everyone. First of all, we have to wish him a happy birthday. It's his birthday today. Happy birthday.
At a certain age, you don't celebrate anymore until you're 80, and then everyone celebrates for you, so.
That's great.
Nikesh, thank you. Thanks, very much for doing this, and I wanna start from a vision question, a long-term question. The question for investors is: How will Palo Alto look five years from now? How is it gonna be different from now? What is the main message when you sit down with big corporates that look at your roadmap and how the company is gonna shape up? What's the message for your customers of where you wanna be years from now?
Yeah. First of all, thank you for having me, and good morning, everyone. Bright and early. So if you look at the technology landscape, you look at the cybersecurity subsector, we're one of the few subsectors of technology which does not have a large player. Our customers are still buying north of 20-30 products for cybersecurity. We're only, like, 6%-10% of budget of any company's IT spend. So to have to manage 20 or 30 vendors in 6%-8% of IT spend is untenable, which means a lot of the onus of integration, a lot of the onus of connecting all these things lies on the customer.
Our view always is, now, why should there not be a much more integrated, amazing set of products that works for our customers, so they don't have to do all the integration themselves? Five years ago, we were in two Magic Quadrants, which is enterprise geek speak for great products, top right in Gartner Forrester. As of this morning, we're in 24, which means we have proven to the market that we can have great products in 24 different categories. Our view is that the customers should not have to stitch them together. We should deliver a stitched platform. If you look historically, this is possibly where the age thing shows up. You know, I started my career at Fidelity Investments a few years ago. We have 22 systems, which used to connect into one CRM system. I don't think they have 22 anymore.
It's this thing called Salesforce or Oracle or Microsoft Dynamics does it for you. So you look back and say, "Yeah, 30 years ago, you had so many disparate systems, which are now one platform." You think about your HR systems, used to have 15 of those. They're down to one called Workday. You look at your financial systems. I remember writing code in Hyperion, right? Now, you have one financial systems platform. So it is feasible, and the industry has proven that there are platforms that can be created, and our aspiration is to be the platform for security.
Got it. So just to put it in reference, what Nikesh just said, yesterday, we hosted the dinner, and the Bank of America IT group was there, and they said that Bank of America budget is $11.7 billion IT budget, and of that, $1.2 billion is spent on cybersecurity. So certainly, a major part of our investment annually. So
Can you send them our way?
I can maybe send $1 billion. I'm not sure about the other $0.2 billion.
We'll take it.
You spoke now about platform, and you coined the phrase platformization, and other companies said the same thing after that. What does it mean? With the word platform, what does it mean for Palo Alto?
So look, the word platform for us means that you don't have to stitch multiple products to derive the solution that you want. That allows you to have consistency, low cost of ownership, much more efficient security operations, that allows you to get the security outcomes you need. And we've gone from 24 products to effectively what you call three platforms. A network security platform that allows you to have every bit inspected across infrastructure. You don't need anybody else's product, except for us in that category. A cloud security platform, which means when you're moving your applications to public cloud, Google, Amazon, Microsoft, Oracle, IBM, you could use one cloud security platform from us, and now with our new product, XIM, a singular platform for your SOC. So for us, that means on average, each of these platforms consolidate anywhere from seven to 12 vendors.
If you go down from 20 or 30 to three or maybe four, we don't do identity. That's a good start.
Yeah. And what are the benefits outside of complexity, reducing complexity, what are the benefits, financial benefits maybe, or what are the benefits for customers? Is there any technical benefits, meaning system efficacy, et cetera, et cetera, or is it just about price? Is it just about-
No, no, no.
bundling, discounting?
No, it's not at all about price and discounting. That, that's the whole, Let me give you two examples. One, when I started six years ago, I met one of these CIOs who had a $1 billion budget in cybersecurity, and they proudly told me, it was a bank, they said, "We have 11 endpoint agents that run on our endpoints, on our laptops." So I came back, and being a neophyte in cybersecurity, I went to my Chief Product Officer, "Why do they have 11?" So what happens is, you deploy one, it collects a little bit of data, analyzes that data, delivers a security outcome. The next one does something else, third one does MDM, fourth one does EPP, fifth one does EDR. It's all three-letter acronyms. We do to protect our jobs, so you don't understand them. Don't worry about them. He had 11 endpoints.
Their laptops would take five minutes to boot because there were 11 endpoints running on them. So I asked him, why couldn't one endpoint collect all the data, analyze all of it, if nobody's done it? So we went back and said, "Why don't we have one agent that collects 200 MB of data, and we analyze it in the cloud and deliver the ten security outcomes you want?" Now, that's a lower cost of ownership 'cause it takes us a lot less money to serve that capability. So it's not about discounting or pricing, it's delivering the capability at a lot lower cost because you're consolidating across ten different times or ten different rollouts of doing that. That's one part of it. I'll give you another example. Imagine you have those ten endpoints running, and you have other products running in your infrastructure.
If something bad happens, all of us will find some variant or some version of that bad thing, right? It's like having 20 sensors in a room and, and having one bad actor, and all 20 sensors going to 20 different products and saying, "I found something bad." Then the customer's job is to stitch those 20 pieces of information and say, "Was that one bad thing or two or three?" So give you an example. In our XSIAM product, we, we consolidate alerts across multiple vendors. Sometimes we consolidate 152 alerts to deliver one incident, which means the customer has to go respond to 152 different alerts, instead of saying, "There was one security incident we had." So in the long term, it's impossible to do this manually, stitch it yourself.
Bad actors can get in and out of company's infrastructure in about three hours now. It used to be days, went down to 11 about two years ago, it's down to three hours. I can get in and out of the company, exfiltrate a terabyte of data in three hours. You have to be able to find me in there, stop me, stop me from exfiltrating data in three hours. You can't do it.
Got it. When you sell a platform, it's different than selling a point solution.
Yeah.
So as you transform to a platform, what kind of changes do you have to make to your go-to-market and customer service organizations?
Yeah, look, when you go from selling point solutions to a platform, you have to focus on four or five thousand customers and keep that relationship going, that they like one product, they buy the next one, they buy the third one, they buy the fourth one. So we showed some statistics in our earnings call. About 51% of our top 5,000 customers have at least two platforms in Palo Alto, and 13 have all three. But that means we just landed. We haven't fully expanded all of them in those customer bases. We've discovered anytime we land with one platform, and we fully expand to it, it takes our ARR from $200,000 to about $2 million. So you see a 10x improvement from landing and expanding into one platform.
That goes to $14 million if it's all three are there, right? So it can go up to 70 times, depending on the size of the customer and what we can do. So we see the benefits of delivering more ARR or revenue-
Mm-hmm.
is very high, if we can actually go persist in the customer and actually expand the footprint and deliver the entire platform. So that's a lot better than having to go sell many $200,000 deals. So conceptually, this is why about nine months ago, we pivoted and said: Look, let's go focus on the top 5,000 customers and try and drive platform across them. Having said that, our team is still landing in the next 57,000. We have 62,000 active customers at any point in time. They're still landing the other 57,000 customers, and then they get incorporated, we try and drive a platform for them. So the only way we can go from, what are we? $3.8 billion in ARR to $15 billion, to triple, is to go triple the number of platforms we've deployed.
Does it mean that you need to do more system integration now or team up with more system integrators? Because incorporating or deploying a platform is so much more complicated for a corporate.
Yeah, it's less, You're right. Look, the deploying a platform means that a company has to commit, saying: I'm gonna take out these nine vendors, rip them out, and put Palo Alto in there, which is complicated, which requires some degree of systems integration work. We have people who help, but that is why in the last year and a half, we have been striking partners with the likes of Accenture, Deloitte, IBM, Infosys, Cognizant, and all these others, because they're becoming a bigger and bigger part of the channel architecture in terms of deploying the solution. So, yes.
Got it. How does it work? So platformization, by the way you discussed it. Platformization is mostly a market of large corporates at this point, so that means the smaller customers, etc., they continue to buy point solutions. That's the way to think about the market for in the near term?
No, actually, what's interesting is, you know, more and more, if you see there are companies which are also delivering that integrated capability
Yeah
at the low to mid-end of the market, and there's things like Arctic Wolf, Expel, you know, ReliaQuest. All these companies have decided that their small customers cannot handle this multitude of products and the complexities. They actually are delivering managed services at the low to medium end of the market. So economically, it's a lot more profitable for us to operate at the customers who are willing to spend $10 million, $20 million, $30 million of TCV with us than in a $1 million TCV range. But that's pure economics and math.
I wanna maybe drill down a little bit
Sure
to your success with next-generation security. So last quarter, you grew ARR by 47%. What are the components of this growth? What, what are the parts that are growing faster, and where do you see more success or a better demand, etc.?
So if you break it down to the three platforms, look at network security. You know, five years ago, there was one player in something called SASE, and it was winner-takes-all market at that point in time. In five years, I think we're the second largest player in SASE. Nobody expected that we'll be a player in SASE. We do roughly about 40%-50% of the business of the largest player in the market every quarter, give or take. So it's a fast-growing field. What's fascinating for us is, for the first time, our SASE customers are replacing other firewalls and bringing us back in to build the platform. The good news is we can land at the firewall hardware, we can land the firewall in the cloud, we can land with SASE.
It makes us the only player in the market who has the full network security stack, from hardware, software, cloud firewalls to SASE. Nobody else in the market does it. The good news is the next question people ask me in platformization: Who's your competitors? Well, network security, if you want a platform, there's only one that can stitch it together. So there, our fastest-growing pieces are SASE and software capabilities that sit on our firewalls and our network stack. Cloud security is a robust market, a little more competitive recently, with some of the startups you're hosting here, but we're still approximately 50%, 30% larger than the next player on the market. In cloud security, this is where we integrate about seven acquisitions put into a platform. You get one pane of glass, it's all stitched, one, one code base.
And the last but not the least, our SIEM platform, which is kind of the category where you're seeing inflection point now, and I'll go back to that in a second, is XSIAM. We did $400 million of TCV in 15 months in their product. In the history of security, nobody's done $400 million of TCV in a brand-new product that we've launched, ever. So that's where we announced this quarter, we are buying IBM's QRadar business, which is part of the same category, which should allow us to go work with them across thousands of QRadar customers to be able to convert them into our product, XSIAM.
Mm-hmm. So maybe I'll start with XSIAM. What does the acquisition give you? Why did you buy the assets from IBM?
Look, the biggest challenge we discovered in platformization, when you go to a customer and say, "Listen, I have something that works. I'm very nervous if I take it down, it's not gonna work. Whatever you put in there is not gonna work, and the risk is that, you know, if I tell my other partner that they're gonna be out, they walk away, and then I'm left in the middle with not being able to execute your platform, and they've sort of abandoned them." The good news is, now I'm on both ends of the transaction. I already have the current install of QRadar. I'm their new partner in XSIAM. I can manage this while I'm implementing this, and I can do a very smooth transition from their current infrastructure to mine.
The good news is, we bought the business, but we outsourced the business back to IBM, so they're running it. So nothing has changed for the customer. It's the same people, it's the same operations. The only difference is now we control the contracts when the deal closes, which means we can go to the customer and say, "Your contract is Palo Alto, you're a QRadar customer. Run it as long as you want. We're gonna work with you on the transition, we're gonna make it seamless, and we can make the economic timelines match
Mm-hmm.
for you." So to us, that's great, and, you know, I think it's probably we're paying $500 million. That's not a lot. You know, some people have paid billions of dollars to buy into that business.
Yeah. So staying still with the smaller parts of your business, I'll just ask a question on Cortex before I go to the larger parts. Cortex, you, you mentioned, Previous quarter, I remember discussing with you, and you said that now you feel that you are at par with standalone endpoint companies that have a platform. Talk about the Cortex success. What is the kind of deployment you're seeing? Kind of, what is the kind of demand you're seeing from customers? Where can you fit yourself in the market?
So when we started in the XDR business, the endpoint security business, we were number 14 out of 14. That was three years ago. This morning, Forrester released their Magic Quadrant. We are number two in technical capability and competence perspective, the leadership quadrant, after Microsoft, actually, surprisingly. So we have made technical progress in the last three years for going from number 14 to number two, technically, and from scale and breadth perspective, we have north of 6,000 customers. I think it's down to a four player market now. I think the other 10 are kind of gone or will be gone. For the most part, you can count them off. In the four, I think it becomes a three player market at some point in time, which is not bad, you know? We're used to operating at 4% share in the security industry.
If we can be a three player market, we should have likely more than 3%.
Yeah.
Any category I get more than 3% share, I'm happy.
What's the synergy between Cortex and the rest of the portfolio?
So look, 85% of the enterprise data is inspected either at the endpoint or in a firewall. 85%. So if you want to understand what's happening in a company, 85% of that is there, the rest is possibly in other point products and in the cloud. If I have access to 85% of the data, I can analyze it using machine learning models to deliver security outcomes as fast as I can. So that's the imperative, or that's the rationale for us to be in that business. We already have 40% share in the firewall business. With, you know, reasonably large share in the endpoint business, we can actually become the security operations solution for our customers. This is why XSIAM does well for us, because we have access to all this data.
Got it. I wanna go back to Prisma Access and SASE. A lot of new entrants to the market, right? We have Microsoft and all the other firewall companies. What do you think is gonna be, Or how will the market look like on two vectors? Number one is, will the other firewall companies be able to also sell on top of their firewall, SASE? Is it, is it this is the main selling point, or are there any other factors that can drive success? And second, when we talk with Fortinet or with Microsoft, they talk about a very low pricing level. So do you envision price erosion in the market?
So that's, I was gonna be glib, but I won't be. It's too early in the morning. So, let's start with the SASE. First of all, SASE is a very large market, and the way to understand it is, if you think about the two or three things going on, one, this whole cloud revolution, AI revolution, forces half of a company's traffic to go to public cloud now. If you thought you could stay away from the public cloud, now with AI, you have to go there because nobody can actually manage to run and host their models on-prem in their data centers. Those things are gonna be way further along. So even the reluctant companies who didn't wanna go to the cloud are storing their data in the public cloud to do AI.
So it's possibly good for your friends in public cloud and the guys with AI models. That understanding, which means your network architecture has changed in the company. You used to have a data center, all the traffic went there, you inspected in the firewall, it was contained. Now, half your traffic is sitting in some other part of the world, which is sitting on a public cloud or a SaaS application. So with that change in architecture, your network boundary and parameters have expanded. You have to do it the same way you did in the data center, you do it on the edges, which is what SASE does for you.
Every store you walk down in Union Square used to have a small modem, and possibly, you know, when you went and gave your credit card, they sometimes hold the thing up in the air trying to get signal because we weren't able to charge you. Now, every store is talking about AR and VR in the stores. They want very high bandwidth in every store. They wanna be able to show you the thing through visualization, which means you need a lot more technology in every store. Every $5 Burger King store needs a large tech stack, so which means that's gonna create huge deployment of SASE in other words. So let's go, it's a big market, A. B, there are two players, I'd say, which have proven their SASE credentials in almost every scenario, right?
We are in stores, we are in consulting companies, we're in the federal government, we're in manufacturing companies, we're in defense. So we're we have north of 4,000 customers deployed. We have north of 15 million endpoints at any point in time using our SASE product, plus another 50 million using our VPN product. So yes, are there 10 more players in the market? Yes, there are. Are you gonna see price erosion? Possibly, but price erosion requires monetization of space and consistency in the quality of products. That's not there yet. I'm not suggesting it's never gonna be there, and the question is: can you stay one step ahead of everything? So our SASE product, you know, is the only product in the market now with Enterprise Browser integrated into it.
We're gonna launch AI capability, AI access capability, so any AI app can be inspected using that. So we'll just stay on the innovation treadmill, stay up there. It's not a trivial decision. The average SASE customers take about 6-9 months to make a decision, and they run it through the ringer. So it's not like: I have it, you can buy it from me. You have to actually run it through the motion to make sure it works, because it's not just a security product, you're actually outsourcing operations to somebody else, which is a different ballgame.
When we spoke with Zscaler last quarter, they are trying to differentiate by saying, "We're gonna eliminate the firewall. It's, it's a Zero Trust. We're gonna eliminate the firewall. This is, That, that's where the market is going." Do you share the vision?
It's a good question for them. Look, I don't know how you eliminate a data center firewall.
Yeah.
How do you take 10 Gb of throughput running your data center? If your Visa, your Mastercard, you're running transactions in a, at such volume that you don't even wanna go to public cloud, because public cloud has higher latency than a data center. What do you do with a data center firewall? Get rid of it? How? How do you get rid of a firewall in the public cloud? How do you get rid of a, So I don't think it's an either/or scenario. I think there are different horses for different courses. You need high throughput, high bandwidth, hardware, which is the cheapest form factor in the world even today, to do traffic inspection sitting in the data centers. You need software firewall sitting embedded in the public cloud. What do you do?
When I've got, you know, applications talking in Google Cloud with each other, what are you gonna do, put it there? You've got to have some inspection between the two. What do you do around AI models? So you will need, Fundamentally, a firewall is the ability to inspect traffic, right? Wherever the traffic goes from point A to point B, if I can insert myself in the middle, I can see what's happening, what's coming from here, where is it going, is there bad stuff in the middle? That activity will still be alive forever because volume is growing 2x-4x every year. If you say the volume of traffic in the world goes up 2x-4x every year, the act of inspection is needed for every bit of traffic. That's what security is about.
Now, which form factor it's done in, depends on your deployment, whether it's done using a SD-WAN box with software in the cloud, or it's done in a firewall, it just depends on what becomes cheaper to inspect. If you talk to Fortinet, they're deploying SASE and firewalls.
Mm-hmm.
Right? If you talk to Cisco, they're doing the same thing in router boxes. So I think that's a bit of a-
Got it.
Competitive comment.
Yeah.
It's fine.
Is there a synergy between your firewall revenues or firewall sale and your SASE sale? Is there-
100%. 100%, yeah. The synergy is that, look, once you, There are two parts, three parts, right? One is you wanna get in the traffic flow, number one. You get into the traffic flow by putting a firewall or putting a SASE endpoint in your laptop. Two, is you have to be able to inspect and stop bad things. Right? And three is, if you find something suspicious, you have to go analyze that data and give a signal saying, "There is something going on, and we gotta go figure this out." Now, you wanna do it consistently for every bit of traffic. You can't say, "Oh, for this bit of traffic, I'm using vendor X. For this, I'm using vendor Y, and for this, I'm using vendor Z.
Let's all try and figure out all this bad stuff together." Because you want to run consistently the same way. So our benefit is we run the same analytics across any form factor. You buy our firewall, you get the same analytics, you buy our SASE, the same analytics, you get the same pane of glass to do the governance and the security policies. So that's the benefit of having it. That's the whole point of platformization.
I wanna switch maybe to Prisma Cloud, another big opportunity for you. You and I had here a discussion two years ago, and there are a lot of startups in the space, and you look at the market today, and most of these startups are having difficulties, serious difficulties, rounding down or valuation going down in rounds. And the question is: How will the market look like in your point of view, like five years from now? We know it's gonna be a giant market. It's gonna be a big market because that's where applications are going. But from a player's point of view, how will the market look like? Will you have the same competitors you're having today, or do you envision entry of other players to the market?
So what's fascinating is in security, you discover there are two very large categories of products. Let's call them, one is called hygiene, the other is called real-time protection. Hygiene is setting the configurations, figuring out if something's stupid, somebody left a door open, somebody left a window open. You check the configurations, make sure nobody's left anything unconfigured or badly configured. Real-time protection is when you see bad things, you can stop them in production from doing bad things to your enterprise, your infrastructure, right? Which is typically what happens on XDR endpoints or firewalls or in the SOC. You stop bad things from happening. The cloud security industry has been heavily biased towards the hygiene factors. If you look historically, there have been companies that have come and gone. We had Dome9 that got bought out by one of the vendors.
There was DivvyCloud, there's Aqua, Orca is here. There's a whole bunch of companies. So what has happened is over time, the companies have come and gone, and you discovered many of the larger players have started creating cloud capability in the market, which is fine. This is what part of the course is gonna happen. But I think the bogey shifts to the real-time protection parts more and more, as opposed to the hygiene parts. The hygiene parts are commoditized, because all you do in hygiene is you're basically taking APIs from Google, Microsoft, Amazon, Oracle, IBM, and saying, "Here's all the configuration data. Let me go give you a way to make sense of it." Hygiene is cheap to do, so the price... There's always pricing pressure on the hygiene part.
It's a good start because people are still configuring, but as you go into production, you have to start doing real-time protection and production, so I think the industry moves there. Where, again, you know, that is where we're putting our bet on XIM in the cloud, for the cloud. So we build cloud security capabilities in our XIM capability. We think over time, the enterprise converges the enterprise security and cloud security into one pane of glass in the SOC.
Yeah. You mentioned you made seven acquisitions. How streamlined
19.
No.
Prisma Cloud.
Yeah, within Prisma Cloud.
Yeah.
How streamlined is the solution? Have you managed to integrate all these seven acquisitions into a unified experience for customers, et cetera?
Yeah. Yeah, I think we, we did that in the first instance. We could have done a better job. We relaunched it by doing a better job. So our volumes grow 30%-40% a year based on consumption, our customers' cloud data that we have to inspect. But because of the competitive nature of the industry, there's been tremendous pricing pressure, which I expect on the hygiene side. You'll see the bogey shift towards the production side. So the market hasn't grown at the same rate as the volume has grown because of pricing pressure and competitive behavior, but I, I think the long term, it's gonna be great.
Great. How, Same question I asked you about Prisma, Prisma Access. How synergistic is Prisma Cloud to the rest of the business?
Well, look, at the SOC, or take endpoint, right? You have this product called XDR. It's basically a detection response agent that sits on your endpoints. The same agent now sits against your cloud workloads, or cloud VM, the cloud hosts.
Yeah.
Right? So you don't need two different agents doing detection response for different parts of your infrastructure. The synergy is there. Our XDR agent works both for cloud security and for enterprise security, right? We ingest the data into our SOC and XIM. We don't have two different XIMs, or we don't have two different SOC management tools, one for enterprise and firewalls, one for the cloud. They all go in the same place. So it's very hard over time. The customer doesn't want two different installations, saying, "Oh, this is all my cloud traffic, this is my on-prem traffic." Because eventually, many of these applications talk to each other. Because a lot of the legacy systems are still sitting on-prem.
So, you know, if you have a beautiful mobile banking app, it still has to go touch an on-prem data center or some legacy data that's sitting in your infrastructure. You need to be able to inspect that application across both infrastructures.
Firewalls. So the market went through the market itself went through a period of elevated demand and then a period of absorption. Talk about the outlook for firewall, overall firewall growth, and we spoke a little bit about it, but is there a different environment going forward than Forget the last three years, it was different, unique. But if you look at the three years prior to that and the next three years or the next four years, do you, do you see different environments, or is it gonna go back to what we've seen before?
Tal, as you will appreciate, I've been very consistent that the underlying firewall market grows at 5%-8%.
Yeah.
Sometimes it goes 0%-5%, sometimes it goes 5%-8%. There are all kinds of extraneous factors like supply chain issues, pandemic, or price increases because of supply chain that happened. All those are getting normalized, and you're discovering that the underlying growth is still 0%-8%, sometimes closer to 0%, sometimes closer to 8%. I don't think that trend changes. The confounding factor, as you know, is as the migration to the cloud happens, it puts a damper on hardware, and you should see the benefit in software. So, you know, our software firewalls grow three times the space than our hardware firewalls because we've seen more volume in the cloud than we're seeing in hardware. I think the industry grows at still at 0%-5%.
I think the question is, how many vendors are selling as much software firewalls as they're selling hardware firewalls? The traffic is growing. The volume is growing, the pricing pressure is not there. It's like it's, you know, firewalls are adequately priced, and there's like. It's not like that, it's competitive, that people go win a firewall because of price. They win firewalls because of existing install base, because of competence, capability, and comfort of the customers for that capability. So I think that market goes from 0%-5% range. I don't think it changes. I think the individual companies in the market, it depends on who's taking share from who, because there are still some dinosaurs in this market, which we appreciate, and some of the other players get more share. But I think it's a steady business.
The value we see is once you have a firewall, what else can you do? So, you know, we've launched IoT, we've launched advanced DNS recently, and launched WildFire. So we have more advanced capability to sit on top of the firewall, because once I'm in the infrastructure, the customer shouldn't have to deploy more sensors to do more things. The rest is all software. So the hardware acts as a control point and a sensor, enforcement point. I should do a lot more software capabilities that sit on the hardware. To give you an example, you know, every company is now, on average, 20% of their employees are using AI, some AI app. And the AI app is very, you know, tempting. It says, "Hey, take your beautiful marketing blog, upload it, and I'll show you how to do a better job as an LLM," right? Which means-...
Approximately 20% of people are experimenting with their companies. Now, you've got to inspect that to make sure they're not sending corporate data or proprietary data into some public LLM and training it, because that's a bad thing. Now, you have two choices. You go to a new startup who will say, "Let me get in the middle of that traffic flow so I can inspect it." Or I say, "Well, I already have a SASE flow in there. Let me just create that capability of inspection," which means I can go sell another 20% of revenue to each of my customers without deploying any new hardware or any piece of software. So, I think five years ago, the security industry was very orderly. Everybody played in their swim lane, and they didn't mess with the other guys.
You know, we did our firewalls, and some did the endpoint, some did identity. I think, we've unleashed fury in the market, where we're saying: Look, you can play in other swim lanes. So now you're seeing a lot more cybersecurity companies wanna be in other swim lanes compared to the one they started.
Yeah. Financials, you and I spoke about billings versus bookings, and, and, for the right reasons, you say, "Focus on bookings." That's the important part. What, Talk about both things. What do you see in the market in terms of bookings, and what do you say to investors on the billing side?
I think I'm gonna keep saying this until somebody believes me. I think billings is a broken metric. I think for all of you very astute investors, you know the differences, but I can't hide my bookings. Booking is when I go sell an amount of business to a customer, and there's a duration of that deal. If it's one year, two year, three years, four year, five years, the customer says, "I commit to paying you $10 million a year." If it's five-year deal, I get $50 million in booking. This shows up in my RPO. It's services I have to deliver. They've made a commitment. It's contractually agreed. If the customer says, "Bill me every year," my billings are $10 million.
My customer says, "Bill me for two years now, and the other three years when it happen," it's billings, $20 million. If I tell the customer, "Why don't I lend you money, and you pay it back to me?" Then my billing is $50 million because I lent them $50 million, and I got 50. So billings is a metric that really depends on when the customer wants to be invoiced for the services. Now, we've lived in a benign, interested environment for a very long time. 15 years, the customers didn't care. They're like: "Great, you want the money upfront? What discount are you gonna give me?" "Well, you're only making 25 basis points a year for two years. I'll give you 3% off.
You give me the money now." I say, "Great, 3% or upfront is better than 25 basis points a year. I'll give you 3%." Now, they want a 20% discount because their cost of capital is 6%-7% a year, if you're lucky. So nobody wants to pay me a year. Have you ever tried to go to... Like, you go to-- Would you wanna pay your Netflix subscription upfront for the next five years? No. So the world has changed. I don't think we're going back to 25 basis points anytime soon. You guys know better. I don't, but I haven't seen it yet. So the conversation on payment is very different, which means billings is a number I'm trying to manage on a constant basis. The number I cannot hide from is RPO and bookings. I can't hide from that number.
No company can. So any company, and you start looking at billings and companies, it's like you gotta watch out what the RPOs or the billings are. It's kinda where it is. And, yeah, we spent way too much time, And try and going to a customer, you did a $150 million deal with a customer. "Hey, do you wanna borrow $150 million bucks?" Like, "What for?" "So you can pay me upfront." "Really? That sounds like a silly idea." Try going to a CFO saying, "Please borrow $150 million dollars from me. I'll give it to you. You sign a promissory note, and you can buy my services." It's a long and a tough conversation, and unnecessary because all that does is, it doesn't change my business, it just moves $150 million dollars from RPO to billings.
You want me to spend my time doing that? Great. That's a bad idea for investors who want me to be doing that.
Maybe I'll stop here with my line of questions. I have a few more, but I wanna leave enough room for questions from the audiences. Is there any question in the audience? Anyone wants to ask a question, just raise your hand. We should have a microphone going around.
They're saving them for the one-on-one.
Yes. Too shy in the morning. How do you define, You mentioned last, this last quarter, 65 platformization deals. How do you define a platformization deal?
If I sell my network security stack and I have 80% penetration in the customer, it's a platformization deal, right? If I sell my cloud stack, they're using me for multiple modules, it's a platformization deal. As the minimum threshold of $1 million, at least, it's a platformization deal. It's just a metric. Remember, I've said I've got 900 platform deals done. For me to triple my business, I'd need to get 2,500-3,500 in the next five years to triple the business.
Yeah.
This is just a way to keep track. If I'm showing you I've done 65, you do the math. I need about 70 a quarter on average, give or take, in the next five years to get to my number. So if I'm too far off to 65 every quarter, then you know I'm not at pace to get to triple my business.
Another thing that we discussed before was the federal segment. You de-risked your guidance, and you removed federal contribution. First of all, what are the current trends in federal, and how do you see it playing out the next few quarters, few years?
Look, federal is very interesting. They spend a lot of money in cybersecurity, approximately $18 billion-$20 billion a year, but it's a 75% services business. A lot more of that is services, professional services. People do very custom-specific things. Half the federal government is air-gapped. They don't want your cloud processing any of the federal data, so it puts you in a very interesting situation. What happened to us, we had worked very hard for about a year and a half or two to get into the pole position, which we did, on selling SASE across the entire missions in the government and a project called Thunderdome. And we discovered that eventually, it got fragmented, and everybody can make their own decisions. So it, it was a strategy that they had, which got fragmented, and we kept waiting, and we kept trying to sell it.
So now it's gonna happen more organically than as one time. So we just took that out of our forecast because we don't want to rely on a large number stuck in our forecast, which we don't know the third tier, It's still a robust business, true to, you know-
Right.
A large single-digit % of our business comes from the federal government on a regular basis. So it's not like it's a bad segment to be in. It's just there's no big, lumpy deal.
Got it. Another thing you'd spoke last quarter was a $150 million deal in the healthcare space. Can you provide details? I mean, this is a giant contract.
Yeah.
Can you provide details on what are you doing for the customer, how did it start, and what did you replace? So just a little bit of details on your participation.
Well, nothing focuses the mind of a technology team more than a bad cybersecurity incident, right? It's very hard for them to ignore it, and unfortunately, one of our customers ended up in that situation. We have a team called Unit 42, which goes and does incident response. They were commandeered, they went there, and the difference between what we do and what most other people do is we just don't tell you what happened from a security breach perspective. We actually can go implement the solution for you, unlike most people. And given our expansive platform approach, we can cover 75%-80% of the stack and replace everything in short order because everything is stitched and works. So, you know, we were able to see eye to eye with the customer.
Our team pretty much lived there for three months to rebuild the connectivity with the, you know, tens of thousands of pharmacies in the United States, so that, And every pharmacy wanted a net new clean connection, so the underpinning of that is SASE. It's Apollo to Prisma Access now connects all of those pharmacies. They are protected by endpoints, our SOC platform, then our cloud capability. So across the board, it is public knowledge that we're currently working on the next healthcare hack that is going on in the market. It's not as big as the last one, so please don't put any numbers in the forecast.
Great. My last question is just on margins. Margins were strong last quarter, up to 100 basis points. What's the outlook?
Look, I think, if you step back and think, you know, our forecast is to get close to $8 billion of revenue this year, which still makes us the largest independent cybersecurity business with $8 billion. I think we're beginning to hit scale economics from a cybersecurity industry perspective, which is good for us. If you think about the P&L, most R&D costs are between 12%-16% for a company. Most G&A costs are, you know, 4%-6% if you're... Unless you're Broadcom, which is a lot cheaper, but that's a different story. Your majority of your costs outside in your gross margin is cost of sales and marketing and customer support. Like, it ranges anywhere from 40%-70%, depending on the size of the company.
That's where scale matters, and that's where larger deals per customer matter, because if I can do $10 million deals to $1 million deals, I have to still need the same amount of reps to do a $10 million deal, I need to do a $1 million deal. So I think the entire platformization approach, the entire approach towards being a larger presence in our customers is margin accretive in the long term, and, I've heard rumors that people expect AI is gonna deliver even more savings in the future, so I'm looking forward to those. We've tried a few experiments. We see some benefits. I think it's gonna take a little longer than most people think, but it will come. It's not, There are clear productivity instances you can see. It does require a change of behavior.
It won't be like you can take these 500 people and have them go away. It'll be all of us will get 30% or 40% more efficient. The question is: how do we manage that as organizations? How do we take that 30%-40% more productivity out of each individual and turn that into economic value? But I think the prognosis is the margins should continue to see positive benefit over the next few years, both from a scale perspective, cost of goods perspective, and from a cost of sales and marketing perspective.
Great. Nikesh, thank you very much.
Thanks for having me.
Thank you.