Good day, everyone. I am Clay Bilby, Palo Alto Networks' Head of Investor Relations. Thank you for joining our 2021 Analyst and Investor Day. A few logistics for today. Today's event is being webcast live and recorded.
The presentation material will be available on our website after the event at investors. Paloalphonetworks.com. During today's presentation, we will make forward looking statements that are subject to risks and uncertainties, which could cause actual results to differ materially. These statements are based on our current beliefs and information available to management as of today. We will also discuss non GAAP financial measures.
We have included tables in the appendix to the presentation, which provide reconciliations between non GAAP and GAAP financial measures. As always, please refer to our most recent Form 10 ks and the Safe Harbor in the presentation deck for more information. Today's event will run a bit over 3 hours. This includes a 5 minute break in the middle plus time at the end for live Q and A.
We are the next.
The next generation of visionaries, rule breakers,
We were built to perform on the biggest stages,
We innovate to outpace cyber threats so you can embrace technology with confidence and make the next day safer than the one
Good morning, everyone, and welcome to Palo Alto Networks Virtual Analyst Day. We've all been through a lot over the last year and a half through the pandemic, and things were tough, both personally and professionally for a lot of people. But the resilience of all of our employees, the resilience of mankind has managed to get us through all of this. And we thought it would be an appropriate time now to share with you how we feel about the next 3 years going forward in terms of the prospects for our business. But before we do that, I think it's important to recap.
And if you look at where we were 3 years ago, 3 years ago, We were known for the strength and scale of our next generation firewall business. But there was an interesting trend in security businesses. Security companies would find a sweet spot, would find an attack vector with a huge TAM and then go ahead, keep innovating in their swim lane. And over time, they would try and make sure that every customer out there was leveraging their technology to secure themselves. As I observed the market when I came to Palo Alto Networks 3 years ago, I realized that our customers wanted more.
Our customers were ready to take a security company, partner with them as long as they were convinced that, that partner was going to be with them along the entire journey. There were discussions about fragmentation. There were discussions about how integration is required By our customers instead of us doing it for them. And as we've seen over the last many years that The sophistication of cyber threats has gone up. As you've seen, the world has become more and more reliant on technology.
It's almost impossible for most of our customers to actually take on the mantle of integrating all these solutions by themselves and be able to stop these threats while they're happening or mid flight. So towards that end, we set ourselves an ambitious target. We said we are going to be the innovator in cyber We're going to make sure we're relevant in every important field of cybersecurity where our customers need us to be right next to them. With that in mind, we set about our task. But before we did that, we said, well, where is the puck going?
Where do we believe the world is going? Where do we need to be ready with solutions for our customers. While having spent 10 years at Google, having watched the Internet sort of scale and explode in my life, said This public cloud thing is real. Just for the same reason, sophistication in cloud deployment, with increasing sophistication in running data centers was getting higher and higher, And every business is going to become reliant on technology. Towards that end, again, it's impossible for every business to go out there and build the capabilities in house Leverage all those capabilities that the public cloud offers.
So from that end, we took a bet, we took a very active bet that we believe that this shift to the cloud is going to be mainstream. Not only is it going to be mainstream, customers are going to end up on multiple clouds. So we as Palo Alto Networks need to be ready not only to protect our customers in their transition to the cloud But also provide them simple integrated tools, which are best in class so that they can actually protect themselves as we go there. We do not want to make the same mistakes We've made in enterprise security, infrastructure security in the last 20 years. We also realized that This pace of technological adoption was not going to slow down.
Digital transformation was here, and pretty much any company that was getting created For the future, what's fundamentally based on customers, employees, partners being able to access your entire infrastructure, your entire business Remotely from anywhere, which is my app should work from any country, I should be able to access content, I should be able to interact with customer service, I should be able to interact with bank account from anywhere I want. That requires huge amount of technological sophistication, and we believe that sophistication was going to drive the need for Adding to that, given the whole world is watching storage and computer become cheaper, we also made a bet that artificial intelligence machine learning, Whilst big words, they would get embedded in almost everything. They would get embedded in how you see us. They get embedded in how you How things are recommended to you. They're getting better in how we secure things.
Towards that end, we as Palo Alto Networks had to become smarter and better with our data So that we could actually provide meaningful insight and meaningful actionable events to our customers because otherwise the notion of manually trying to solve these problems Was going to take too much time. And last but not the least, all these trends, we're going to create a more intense security landscape, Wedge has come out true in spades. We've watched all the hacks of the past few months, if not years, where hacks are getting more sophisticated, more widespread, So with that in mind, We have been working hard for the last few years trying to deliver on our bets. And we think we've done a tremendous amount of work and made tremendous amounts of progress. We have actually fundamentally anticipated the need for network security transformation.
We went ahead and built a whole SaaS portfolio From pretty much scratch, we had 26 engineers years ago. Now we have 600 plus people working on that topic because we believe as People move to the cloud. You are going to continue to see this transformation happen. And for those of you who believe that transformation is only pandemic related, let me tell you, That train has just left the station. We're just getting started.
This thing is going to be a mega trend for the next 5 to 10 years, where we will see networks reengineer, Transform and continue to look at how to build a more sort of global network where every employee, every branch, every office, every consumer becomes part of the extended network of the enterprise. Towards that end, we have worked hard and vigorously towards making sure our solutions, which are Built on best in class network security technology where the company was founded has been extended not just to the public cloud use case For the hybrid use case, but also the remote work use case and to basically a diversified infrastructure where you can deliver the capabilities across the board Consistently without having to solve the problem with various point products, and it is our commitment that we will continue to do that over the course of our As new ideas come along, as new technological transformations happen, Palo Alto Networks will be there to be able to continue to transform the network security paradigm. We have actually built a comprehensive cloud security platform from scratch. In the last few years, we Got an early start by doing a season of acquisitions because we were behind the 8 ball.
We need to catch up. We had to pay technological debt. We went ahead. Instead of trying to build it ourselves, We canvassed our customers. We talked to them, asked them what is working.
We went out, found those amazing entrepreneurs. We had them come join Palo Alto Networks. They worked really hard towards integrating their solutions. I think we are one of the companies in the industry who has done a great job of not only acquiring the best companies out there, But also being able to integrate them in a fashion where the people stay with us, they're motivated, they lead, they want to win, and we make sure that we truly integrate the products. Our Prisma Cloud platform, which is a combination of acquisitions being integrated and a lot of homegrown organic product development, It's now one of the largest or the largest cloud security platform that has been created in the last few years.
We declared that we have $300,000,000 in ARR in Prisma Cloud. Is something very proud of, but we still, again, believe this is the very early innings of cloud security as in the next 10 years, 50% of the compute out there gets to public cloud. Believe we'll be right there protecting our customers as they make that transition cloud. And last but not the least, we set about looking at security operations and trying to figure out How to actually take that field, take that area and apply more artificial intelligence, more machine learning towards that and more automation because we believe The only way to solve the security ops problem is actually to deploy technology towards our problem. I know there's a lot of conversation around the world that We have scarce cybersecurity talent.
There aren't enough people in the world because we need to train people. I think, yes, that is important. But what I also believe is We have to deploy a lot more automation, a lot more integration, a lot more technology because the bad actors are. They're going to out innovate us if we are not careful and making sure we're deploying and using the same techniques that are being deployed by people out there against our customers and against us. Now you don't become a leader in cybersecurity without being innovative because one great insight for cybersecurity companies, over 2,000 companies are funded every year and the reason is because the bad actors are always innovating.
They're always looking for that one attack vector, which you missed out on. They're always looking for a way to compromise their entire infrastructure or compromise Even more exciting for them is to compromise a fundamental piece of supply chain because that allows them to then penetrate various companies and various customers of ours out there. So towards that end, we actually made a very clear commitment at Palo Alto Networks to make sure that we will be the innovation leader. And as we shared with you in the past, We have delivered 65 products in the last 3 years, a lot more than the company delivered in its entire existence to them. And across these three commitments of Solving the problem of network security, solving the problem of cloud security and solving the problem of SOC security.
And I'm excited to say that we are continuing down that path And we intend to be there scanning the market watching carefully to make sure we are creating the solutions for our customers as new threats emerge. As a consequence of all this work, we are now clearly well established in 3 platform categories. Platform categories were actually, to be honest, are full companies trying to compete with us in the strata of SASE use case for network security. There are firewall companies out there. There are SASE companies out there, And we believe we are the largest network security business in the world as it relates to securing our customers.
Not only that, as I've shared, we are the largest cloud security business platform in the world with $300,000,000 plus of ARR. And last but not the least, we're making lots of inroads and progress on SOX security, where we believe we have now, From scratch, come to a place where we're 2nd in the industry and an aspiration to get close to the 1st players or the collection of 1st players in the space. We would continue to innovate and continue to make a lot of progress in our SOX security report. Of course, there's a lot of conversation around 0 Trust, so we will share more As part of today's proceedings, about how we plan to establish that we are actually a fully integrated 0 Trust player and have been since the inception of Palo Alto Networks. To our spheres, building great products is one part of it, but if those products don't get to customers And you don't have product market fit and doesn't get validated by the market.
It's just purely innovation for the sake of innovation. 3 years ago, have 2,500 core salespeople. Now we have over 4,000 people selling for follow-up networks. Not only that, we're taking on customers from 5 42 customers over $1,000,000 accounts to 9 21 customers over $1,000,000 accounts. That's interesting, but what's even more interesting is We have started focusing on the top of our customer pyramid where we're slowly trying to make sure that our customers deploy all 3 file auto networks platforms, and Vijay will talk more about How that is making progress, how we intend to continue to make progress, but we're going from $1,000,000 customers to $10,000,000 customers.
So we think For us to continue to grow and be the leader in cybersecurity, we need to aspire to larger and larger deployments across our customers, which is in line with the trend of the industry where the customers want Less fragmentation, less point products and more consolidated platforms which offer you best in class capability, not second, but the best in class. As a result, we had the privilege of sharing with you some targets for ourselves almost 2.5 years ago. I'm delighted to report that we exceeded all the targets we set out except the part where we said we're going to manage to a certain margin, That was necessitated because we needed to continue to invest to drive faster growth. So we've beaten our targets for revenue and billings at the top line handily. Part of that required us to invest in those, and we will share more with you today in terms of how we're setting targets for the next few years and how we intend to leverage Our capabilities are extracting more margins from the business to make sure that we're being financially prudent.
So that was great. That was a quick overview of What's going on for the last few years and why we are where we are as a company and why we feel so confident in our prospects going forward. But what's important is what's going to happen going forward. What are our best for the future? How do we think about what's going to transpire in the next few years?
So what I'm going to do is I'm going to lay out to you how we are thinking about the next few years, And then my colleagues will come and share with you how we intend to make progress against those targets. So the next 3 years, we believe, as I've said, the bad actors are getting More innovative, they're getting more consequent. As I've said, cybercrime has gone from being a hobby to a profession. As you can see, we're seeing a proliferation of ransomware attacks, we've seen the professionalization of that industry, we think that trend is going to continue because it's a lot easier to create disruption Sitting in a remote country or in a basement than having to actually go do that physically, and we think that trend is here to stay. There's going to be more and more Attempts at cyber hacking, at cyber compromise, towards that end, we have to make sure we stay vigilant.
We have to make sure we continue at the pace innovation that we have deployed in the company. But as I said, 3 years ago, we started a lot of technical debt. We've been able to bridge the gap. We've been able to, through acquisitions and organic development, Come to a point where we believe we are at the bleeding edge of innovation in many of our categories. Therefore, we intend to do a lot more of that work organically at Palo Alto Networks Because it's a lot easier for us to use our platforms and build on top than actually try and buy and integrate because now we're in all the spaces we want to be in.
We know that we think over time, solely and steadily, we're observing as we deploy our network security platform, for example, with 9 secondurity services, Customers are deprecating point products. I think that trend is here to stay. I think customers want the integration because as we've discovered with all these attacks, All these ransomware attacks, these cyber hacks that having a lot of point products, which are best of breed, has not protected those customers. What they're realizing is that they need to get more integrated, they need to get ahead of the curve, and we will demonstrate today how we have eaten our own dog food and being able to Take that capability we deliver to our customers, deploy it internally and get as close to real time threat detection and prevention at Palo Alto Networks. We also believe we're still in the early stages of deploying AI and machine learning into our platforms.
I think we need to get more and more consequent as an industry Of being able to leverage the data and being able to deploy it in our solutions across the board because that's the only way we get to autonomous security or real time security. In line with that, from a point product solution perspective, it's going to be harder and harder for smaller vendors to be able to go And actually solve the large problems that our customers have because everything is getting integrated, everything is together, it works in synchronicity and that's why it's very important for us to make sure Our integrated platform is available and we at Palo Alto Networks stay at the bleeding edge of trying to solve those problems. And last but not the least, it's my personal opinion, Talking about opinions that cybersecurity companies have provided lots of capability but not a lot of opinion to our customers because our customers' environments Our customers will be told, please do this like this and execute like this. That's the way you'll be protected. And our customers are getting more outcome oriented because they do not want to be on-site of the cyber criminals.
From that perspective, we think security is going to start getting delivered by with an opinion. So With that, as the sort of North Star for the next 3 to 5 years, our strategy is going to be executed in line with those convictions. You are going to see us keep driving innovation. You are going to see us better our platforms. You are going to see us try and embed more and more artificial intelligence and machine learning in our products.
You are going to see us become that partner at scale, the cybersecurity partner of choice as Palo Alto Networks. And in that Same vein, you are going to see us become more of a trusted partner. We have now been able to get into the incident response business. We have now been able to go from just being a peacetime product company to being a wartime conciliary, and you will see that more and more is going to be demanded by our customers when we're ready to Provide those capabilities to them. So with that as the framework, we're going to walk you through today our Capabilities, we're going to have Lee Klarich and Nir Zuk talk to you about how this strategy is going to translate into continued product innovation at Palo Alto Networks BJ Jenkins, who joined us, our new President in partnership with Amit Singh, who is our Chief Business Officer.
BJ will talk about how we're going to take that and leverage that with our customers and secure them. And the key ingredient of executing in this market, executing technology is our people. And the pandemic has made us even more concentrated on building a great culture, having a great set of people around us that our people have shown in This is Ian Honsie. He's going to come talk about how we manage that part of the equation and how we make sure that people are the center of everything we do. And last but not the least, know you guys are here to understand how does that translate into numbers and how is that going to eventually manifest itself in how the if capital markets will deal with us for that, Deepak Galecia, our CFO, will come and bring it all together and tell you what targets we're setting ourselves for next year.
So with that, let me take the opportunity and welcome Lee Klaritch. Lee? Thank you, Nikesh. Over to you.
As you just heard from Nikesh, the cybersecurity market is one that is Very vibrant and often changing with new trends, new needs from our customers and really new opportunities for us to innovate And bring market leading solutions to the market. And so if I think back to some of the really big market trends that we identified Early and we embraced and we understood the impact they would have. It was the shift to an increasingly hybrid It was the accelerated adoption of cloud amongst our customers. It was the importance that AI and ML would bring to everything that enterprises do in their business, not just cybersecurity. And the pandemic accelerated all of these trends across the customer base and around the world.
And this acceleration expanded the attack Surface that enterprises had to secure, that they had to deal with in terms of how they would run their cybersecurity operation. And this expansion, quite frankly, was the fastest I've seen in the history of cybersecurity. It accelerated so fast with the pandemic And enterprises have had to adapt much more quickly than typical to these changing market needs. And just To compound that from a challenge perspective is the changing attack landscape. We never used to talk about nation state level attackers and when we did, we would have talked about them really only in the context of nation state to nation state type attacks.
But if you look at just over the last few years, there's been an increase in nearly 100% of nation state level attacks where they're actually attributed to nation states. And in many cases, the targets have become private industry in addition to Governments around the world. On top of that, the number of cyber attacks is also increasingly rapidly. And you can see through many of the examples shown here that not only is the number of attacks increasing, But the target of the attack is recognizing that expanded attack surface, recognizing that the cloud is now vulnerable, recognizing that A hybrid workforce brings expanded opportunity to find weaknesses and exploit those amongst the enterprise base. In some cases, even getting when you combine these together, you start to see how that sophistication plays out relative In some cases, spending months or even years to first compromise a part of the supply chain, Knowing that, that will eventually work its way into the target environments for them to then take advantage from the inside out.
And so That expanded attack surface, combined with a growing number of cyber attacks and growing sophistication of cyber attacks is what has been leading to an expanded addressable market for us. This TAM is a result of enterprises needing to secure more, more of their network, more of their cloud and to drive better and better security operations across that entire enterprise estate. And so when you put all of that together, what you see is our market opportunity Growing very quickly and we project in 2024 to about $110,000,000,000 of market opportunities for us to address. Now what's really important about that, of course, is how we are positioned to address that and how we have Recognized these trends, recognized these trends early, embraced them and then innovated with our 3 Now typically, the market would have you believe That you have to choose whether you want best in class capabilities delivered as point products Or a more comprehensive solution delivered as a platform or a combination of capabilities, But you would have to give up best in class to do that. I believe those are not the only two options And what we have been able to accomplish over the last several years is to deliver 3 industry leading platforms That combine best in class capabilities and deliver them in an integrated platform approach to our customers And that by doing so, our customers get the best of both worlds.
They get best in class security, Which is absolutely and fundamentally important for their security posture, delivered as a platform that allows them to much more easily adopt And operate their entire cybersecurity estate. And that plays out in the success we've had across these platforms. It plays out in the market and the results that you've seen. It's also nice, of course, when we get the recognition from the market That we are, in fact, delivering best in class capabilities across these platforms. And what you see here is over the last few years, Going from being a market leader in 1 product category to being a market leader in 7 product categories.
And quite frankly, I believe this list would be much longer, except that some of our market leading solutions are ahead of the market and the market hasn't yet defined The categories yet for where we are leading in a number of areas. And I expect that what you will see over the coming couple of years Is this list expanding and becoming even more representative of the leadership that we're driving across our So with that, what I would like to now do is invite some of my team up to talk through each of our security platforms can share with you more details about the market trends that we're seeing and how that is evolving the market needs and how we are delivering these 3 leading cybersecurity platforms. And we're going to start with network security. And for that, I would like to invite Anand, Oswald, up to walk you through what we're doing in network security, how we are leading across that. Anand leads Network security as our product area, he also leads our network security speedboat and is very well positioned to walk you through how we approach
As Lee indicated, I'm going to give an update on the network security business. But first, let's talk about the evolution of network security. Long back when applications were only in a data center and we, the users, predominantly worked in the offices, Networking was the way security was delivered. The firewall was bolted on to networking at a centralized As applications began to rise, both benign applications as well as risky applications, Security vendors develop point products to solve specific use cases, IPS for threat vulnerabilities, Secure web gateway to prevent web traffic and malware was solved by sandboxing technologies. This led to complexity, many point products and not a good experience.
As applications continue to move to the cloud And users became more and more mobile. All this traffic was then backhauled to a centralized security stack in the data center. This led to a very poor end user experience. Today, applications are everywhere, users are everywhere And enterprises are recreating security stacks. So in addition to the hardware security stack in the data center, we have a software stack For the public cloud, we have a SaaSIS stack for remote users.
This leads to a problem for manageability, Multiple solutions for them, complexity and poor end user experience. At Palo Alto Networks, we believe this industry needs a network Any location, consistent best in class security. If you think about it, nobody in the industry Has a comprehensive and complete portfolio like this. Hardware firewalls to secure the consolidated data center, Software firewalls for private and public clouds and our SaaS solution for remote workers. Point products And point solutions will not cut it.
Enterprises are looking for a comprehensive end to end security, which is best in class And able to take care of the needs for the future. They also want unified manageability across the entire portfolio. From day 0 to day end, ensuring that the policy management is consistent across the entire enterprise. So when I'm in the office, I'm working remotely from home and I'm going to different security stacks, I have that comprehensive, consistent security. Next, Let's talk about the components of this platform, starting first with firewalls.
We've been a leader in the firewalls for now more than a decade, But we continue to innovate. A year ago, we launched the industry's first machine learning powered next generation firewall. And last quarter, we introduced the 4th generation of our hardware appliances. I've been here in the company now for 18 months. And one of the first things we started was we realized that we want to have a larger footprint in the distributed enterprise and the new platforms we introduced both the high end and the low end.
On the low end, we have a 9x performance than the previous generation, perfectly fit for the distributed enterprise. As customers look to refresh their appliances, we are super well positioned for this. 3rd, we're also the leader in the software firewall market, Protecting virtualized and containerized workloads. And as 5 gs is reaching inflection point and Service providers are building cloud native 5 gs infrastructures. We are well positioned for that.
We're excited to partner with DISH Networks For the United States' first open RAN 5 gs infrastructure. Next, let's talk about SASE. SASE is the convergence of networking and security delivered as a massively distributed service from the cloud. Prisma SASE is the industry's most complete, most comprehensive solution. We have the best in class SD WAN And the best in class network security across the entire industry.
Bringing those two things together seamlessly, unified manageability, unified insights Our customers, so they have the best experience and we continue to lead in industry first innovations. Recently, we launched Autonomous Digital Experience Management, which helps IT have segment by segment visibility from user to application to help them troubleshoot any problems that they see and automatically remediate those. And we are continuing to work on new innovations, next generation CASB, Integrated 5 gs SD WAN with our appliances and last Friday, we launched OkyoGuard. As remote workers continue to be the norm, OKO Guard brings Prisma Sassy to the home, ensuring that we have enterprise grade security with consumer simplicity To protect the home networks, to protect small businesses, this will be an amazing addition to our Prisma SaaS portfolio. Let me now talk about our security services.
3 years ago, we had only 4 security services and today we have 9. We continue to see high attach rate of our services. Let me give an example of how it works. We launched DNS Security roughly 2 years ago. And today, we are seeing roughly a 30 plus percent attach rate on our hardware fireworks and 90 plus attach rate on our SaaS portfolio.
These services are consistently delivered across all form factors hardware, software and SaaS. And we continue to look at adding newer services on the portfolio as customers look to consolidate their point products and solutions. Machine learning plays a critical role for security services, especially to provide real time security. Last year, we introduced In line embedded machine learning onto the platforms to prevent against file and file less attacks. And in Q4 last fiscal year, We announced advanced URL filtering to prevent day 0 web attacks for our customers.
We'll continue to use the power of AI and ML across Our entire portfolio is amazing innovation that you've seen and the customer success is helping us in getting Industry analysts validating it. We're the leader in every single product category, firewalls, next generation SD WAN, Prisma SaaSci, and we're extremely proud about its accomplishments. If you think about it, this platform approach ADDRESS is a large and growing network security market. The SaaS e market is growing a lot as customers look to secure the remote workforce, Look to bring networking and security together into a unified cloud delivered service. As applications continue to move to the cloud, Software firewalls will play a critical role and we're super excited about the newer services, IoT security, data loss prevention And next generation CASB on the entire platform.
If you think about it, we have a lot of customers using our platform. 85,000 plus customers use our firewall, very happy customers. Our SaaS business has been more than doubling every year For the last 2 years, we're in an amazing rate with newer customers. And on security services, as we attach more and more services, Look to consolidate point products that our customers have onto the platform, we continue to see amazing attach rates. And as we start building newer services, we expect This will continue.
In summary, I'm super excited about our network security business. This is the largest business that we have in the industry, Successfully executing on our transformation. Thank you.
Thank you very much, Anand. That was fantastic. Next up, you'll hear from Ankur Shah. Ankur leads our Prisma Cloud, Cloud Security Platform product team as well as our Prisma Cloud Steve Boat. And he is very well positioned to be able to describe the market trends that we're seeing in cloud security and how we are well positioned with Prisma Cloud to address our customers' needs in a very unique way with that platform.
You're driving innovation. You're racing to the cloud. You need to Do it securely. That's why Palo Alto Networks developed Prisma Cloud, an integrated platform that secures your cloud environment end Used by the world's largest organization, Prisma Cloud provides the cybersecurity you need from code to cloud, so you can get cloud security right
Well, with that commercial, I hope you got a taste of what we are building at Prisma Cloud. I'm here to talk about our vision and strategy for the product. Hello, everyone. This is Ankur Shah, SVP and GM for Cloud Security Business, Prisma Cloud. What you heard from my colleague Was our vision for enterprise wide network security platform to secure access to the cloud application.
I'm here to talk about securing the applications in the cloud. Organizations are now spending over $150,000,000,000 in moving their proprietary apps to the cloud. Over the next 3 years, We expect this to reach over $300,000,000,000 growing at 25% CAGR. This represents a huge opportunity for us To secure the applications in the cloud. Over the last several years, as organizations started their digital journey to the cloud, They simply moved their workloads from the data center to the cloud to leverage the economies of scale that the cloud offers.
There was no rewrite of the applications. They simply lifted and shifted apps as is. This category of application Still represents a lion's share of what we see in the cloud today. What we are starting to see though is a paradigm shift And how these applications are built and deployed. Increasingly, developers are taking advantage of containers, PaaS services, Continuous integration and delivery, often referred to as CICD, workflows to build and deploy applications at greater velocity.
Some of our largest customers in the SaaS business have bulk of their apps that are cloud native. They're able to rapidly deploy applications to the cloud By leveraging cloud native services. Last but not the least, there are still a number of applications that are still rewritten To take advantage of cloud native application, but are still deployed in private cloud, these applications are highly sensitive in nature and customers want to still deploy that in hybrid cloud type environments. The reality though is that the large percent of the organizations that we talk to don't use one of the other use cases. They have combination of all three.
As a matter of fact, one of the largest retailers in the world who happens to be a Prisma Cloud customer has thousands of applications deployed Using a combination of 3 deployments. And we expect this trend to continue over the next several years as customers slowly but surely Move their applications to take advantage of more cloud native services. In these highly dynamic environments with multi cloud, hybrid cloud, Legacy and cloud native apps. Organizations need comprehensive security controls across their cloud infrastructure and applications. They need visibility, compliance and governance across cloud infrastructures to detect advanced threats like CryptoMiner, which seems to be in use every day nowadays.
They need modern vulnerability management tools and runtime solutions that work for cloud native workloads. Cloud networks are software defined and are highly dynamic. Customers want a network security stack that prevents advanced network threats. And a lot of the cloud data breaches that we have seen over the last Here, we're because of account compromise and stolen credential and this is why securing identities in the cloud is really critical. The thing that I want to end you with is that we also need a fundamentally different paradigm to secure the cloud.
There are 26,000,000 developers and growing, and there are only 3,000,000 security professionals. Worse yet, There is a massive knowledge gap in the security industry about cloud knowledge. In this new world order, we must have security Go to where the developers are and not the other way around. That is the only way to secure your cloud infrastructure. The good old days of command control having centralized team managing a complex cloud security simply does not work in cloud.
The security industry, however, is in the process of repeating the sins from the past. We're going to see more and more point solutions and legacy product solving individual problems. There are open source technologies out there that solve one of the use cases. There are legacy technologies that do vulnerability management that simply don't work in the cloud environment. They're our legacy identity solution and again, they simply don't work in the cloud environment.
This is why we built Prisma Cloud, The industry leader in cloud network security. We started our journey 3 years ago and now have built out a platform that is fully integrated, As best of breed capabilities and protects the full application stack. When we started this journey, we built out our first pillar, cloud security posture management, Which now supports more cloud services and more cloud types than any other vendor in the industry. We ingest more cloud data than any other cloud native tool out there in the market. We then quickly added the cloud workload protection pillar by providing the best in class host container and serverless capability as well as a solution that protects web applications and APIs.
We then added a cloud network security component that builds a cloud native and Kubernetes native micro segmentation capability. And we rounded that platform out with cloud infrastructure and entitlement management, which is something we introduced just 6 months ago and we're seeing a phenomenal growth. Already, we have more customers than point solutions in the market. But we are not done yet. We are hard at work To quickly integrate our recent acquisition Bridgecrew to build out a DevSecOps module that really makes the entire security work across the entire application lifecycle.
And if history is an indicator, we're going to do a phenomenal job once again to integrate one more capability into the product And build this best in class and most comprehensive platform in the market. I believe that this is the right Approach to securing your cloud infrastructure. This is why we do what we do. This is why the industry, instead of needing individual point solution, needs a comprehensive platform like Prisma Cloud to secure their journey to the cloud across different use cases. Our vision is to keep building on top of the strong foundation with new capabilities And deliver better security outcomes for our customers in their journey to the cloud.
I'm confident that with our vision, we'll continue to leapfrog the market just as we have the last 3 years. The addressable market for us is in excess of $10,000,000,000 and is expected to be over $20,000,000,000 in 3 years. As the early mover and the leader in the market, we expect to capture a lion's share of this TAM in the coming years. Recognized by industry analysts as one of the leading vendors, we're securing more cloud assets, workloads and process more events than any other vendor in the market. We have seen close to 50% year over year growth in our installed base.
We are now at 2,700 plus customers. We're protecting over 25% of the Global 2,000 customers. As I wrap this up, I couldn't be more excited about the future of Prisma Cloud as we help secure our customers' journey to the cloud. Thank you.
Thank you so much, Ankur. That was awesome. As we all know, cloud security is so important to every organization out there as they accelerate their adoption of cloud. I'd now like to turn our attention to our 3rd cybersecurity platform, Cortex, which is focused on security operations. And I'd like to start by providing a bit of context around what security operations even is.
And What you see here is the enterprise to accomplish cybersecurity goals, they deploy more and more security products. All of these are obviously designed to try to prevent And the side effect of that is they also generate lots of alerts, and those alerts go to what we call the SOC or the Security Operations This is the team that is responsible for looking at all of those alerts, figuring out which ones matter, investigating and responding. Ultimately, their goal is to be able to detect and respond to all threats as quickly as possible. It's a big job. It's effectively the backbone of cyber Their job is getting harder.
As you just heard from my other teams, More and more products are being deployed to provide greater and greater levels of security, expanded network security stacks, expanding into the cloud, Expanding on to more and more hosts and endpoints. As they do that, which is all really good stuff, it generates more and more Data for the SOC. And the SOC is being overrun by that data. The average number of alerts that many SOCs deal with is 11,000 per day. And actually, in large organizations, that number can reach 100 of 1000, even millions of alerts per day.
What they do with that then is they end up ignoring a lot of it. That's no good, obviously, because those alerts could be very meaningful. They could be the next Cyber attack that gets through their offenses. And on top of that, even the alerts they do get to often are taking 4 or more days to actually investigate and figure out Whether they're real and how to respond. Now obviously, everyone understands that this is not an acceptable solution.
This is not an acceptable place to be. So guess what? Cybersecurity industry responded with lots of point products. It unfortunately tends to be the answer to a lot of cybersecurity problems and this was no different. This is how EDR was born.
This is how NTA was born or network
And
the challenge with this is, it took specific data,
Married
it up with a point product in order to try to provide analytics on a single data source. And guess what, it's not working. Putting your data into silos, all it does is generate more alerts. Those more alerts make it even harder for the SOC to get their job done. And one of the main reasons for that is when you put data into silos, you end up losing your source of truth, your source of really understanding what is happening Such that you can correlate all of your other data sources to drive real analytics.
The net result of this is a very alarming statistic It has been well cited publicly in the past, which is it takes roughly 287 days on average For an enterprise to know about and respond to a data breach, 2 87 days. That is truly alarming. This is not an area where we need an evolutionary approach. This is an area where we need a revolutionary approach, one Where 100 percent of alerts and data are analyzed, one where 100% of attacks are able to be detected using analytics, AI, ML, etcetera And one where an enterprise is able to respond to all attacks in minutes, not days, not weeks, not months. And that is what we've been building with Cortex XpANCE, XDR and XOR.
Now Let me share a bit of how we think about this going forward, and it starts with XDR. We view XDR as the foundation of a next generation security operations center. What XDR has been able to do, and to be clear, XDR It's a market and a product category that we invented a couple of years ago because we recognize this problem. We recognize this problem and we need to solve it. We started by solving the endpoint part of this problem, which is how do you not only protect the endpoint, but use that to generate A rich set of data, a source of truth that all other data sources can be analyzed with To really understand across an entire enterprise what is happening, when is their attack, how do you respond to it.
And we've built XDR into actually the best EDR solution in the market, as evidenced from a number of different places, including most recently the MITRE results. 2nd, we took that data and we cross correlated it with network data, starting with our own next gen firewalls. Even that one step resulted in amazing results, where we were able to reduce the number of alerts That the typical enterprise has to deal with by 50x to 100x. That is a game changer for most SOCs. We then took that we extended to 3rd party network security devices because unfortunately, not every company in the world has their next gen firewalls, although, of course, we like them too.
So we extended the 3rd parties. Then we started looking at additional data sources. We extended to identity, because identity of users and And authentication and everything that happens with that is so important from a cybersecurity perspective. And then we took our ability to collect, Stitch and analyze data to the cloud. And the cloud is basically like a complete enterprise ecosystem Deliver, meaning it has host, it has network data, it has identity and it has additional data sources as well.
And with XDR 3.0, We applied all of our innovation to the cloud in coming out with XDR for cloud, an industry first. All of that data is brought together, stitched and normalized in order to drive a growing set of analytics to Truly give security operations the ability to detect, investigate and respond to attacks in the way that they need. Now, I'd like to also share with you how we're taking XDR and combining it with the other Cortex products. And so for that, I would like to ask Tim Junio, our Head of Cortex Products and the Cortex Speedboat and the former CEO and Founder of Expanse, to talk you through how Expanse is changing the game as well.
Thank you, Lee. Cortex Expanse is our attack surface management product. And what does attack surface management mean? That's a pretty new term. What we do with Expense is discover every public Internet facing asset for enterprise networks.
This is critically important because adversaries who are looking to attack companies and government agencies Start by looking for weaknesses on the public Internet, first starting point for any attacker. What we do with Expanse is ensure that we know about everything that is Exposed on the public Internet and its security status, meaning its configuration, what software is running on it And for our customers can inform them of any weaknesses that an attacker might want to exploit, thereby removing all targets from the Internet when a customer is fully deployed. So when we see major Internet events, such as in the last year, the Microsoft Exchange Server incident, Exposures associated with VMware software products and with the SolarWinds attack last year, Expense is able to discover all of them on the global Internet and identify what organization is operating them. So as a customer of Cortex and as a SOC user, we'd be able to inform of immediately any So it's part of the pattern of what we do at Cortex Expense to, for every major software incident, find all of them in the world and automatically notify our customers Such that they can go and remediate those exposures and eliminate the risk.
And before Expense put this product to market, What we were seeing is averages that were coming up on a year of large organizations having assets hanging out On the public Internet in an insecure state that they didn't know about and for our customers, we can reduce the amount of time that assets are exposed To days or even hours when customers are well optimized. One of the ways in which Expanse gets best operationalized in a modern stock environment As with Cortex XOR, XOR is our product that creates playbooks, which is our term for software automations. Our goal is to replace as much of what SOC analysts do repeatedly and manually as possible within Cortex XR. So an example of one of the integrations that we built that saves our customers a lot of time between Xpance and XR Is the ability to, when an exposure shows up in a cloud environment, automatically trigger The vulnerability scanning that's required to know the software patch state and potentially to even look up the identity of the person who configured that cloud asset and send them a notification via email or other systems to acknowledge whether or not they had a business case for that asset that was exposed.
And in the event that we see exposure showing up in cloud environments that should not ever have been there, we can now have the entire process within seconds From an Expanse discovery through XOR closing out the incident. When we put all three of these products together, We have a transformative modern stock environment. Lee, back over to you.
Thanks, John.
We have
a number of customers that start with XDR. And even with an XDR, sometimes they just start with EDR to EDR with the strategic Intent and ability to then expand the number of data sources. Sometimes they start from the network traffic and expand from there as well. Expanse, from my perspective, is a must have tool for every SOC out there and XOR from automation perspective is You have to move toward more and more automated fashion. But really it's when we bring these together that we showcase The magic of this more revolutionary approach to security operations.
And so let me walk you through how we at Palo Alto Networks 1st and foremost, across our security infrastructure. It probably goes without saying, but We have fully operationalized our network security platform, XDR for endpoint protection and, of course, all of our cloud security capabilities. And actually, that's very important because by simplifying and moving toward a platform approach, 1st and foremost, that provides a better security foundation 2nd, it provides actually better, cleaner data coming into the SOC. Now, let's talk about security operations at Palace Networks. Using Expanse, which we do every day in automating proactively any exposed attack surface we find is the first step in reducing What we're dealing with in security operations.
Then with XDR, we collect a Very large amount of data every day to be analyzed, understood for detecting attacks and investigating. Just to give you one data point here, we at Palo Alto Networks, we're actually able to detect and prevent The SolarWinds attack in our own environment, something we believe that we are the only, if not the only, one of the only That speaks to the strength of XGR and how we utilize it. And then we use XR extensively To automate the vast majority of what our security operations team needs to deal with, leaving our SOC analysts able to focus on the most important things. Now, here's where it gets really interesting. Let me give you some data of what we've been able to accomplish based on how we've operationalized this.
In our environment, we collect over 16,000,000,000 events a day. We translate that into alerts. Alerts then using XDR are integrated together, deduplicated into incidents. From incidents, we use XOR to automate. And so on a typical day, our SOC analysts typically only have to deal with About 9 alerts or incidents that they need to investigate and respond to manually, dollars 16,000,000,000 down to $9,000,000,000 And what that allows us to do is to be able to detect and respond within seconds on average, a minute in some cases to new attacks that we see at Health Networks.
This is revolutionary, and this is what we are bringing to all of our customers as we think about the vision of Cortex. And in doing so, that allows us to address a very large and growing market for security operations. This is a market made up of a number of products across different categories from EDR and XDR To automation, attack surface management, vulnerability management, SIEM, etcetera, that is the market we are disrupting with our approach to And the early indication of success with our customers across this is A very rapidly growing set of customers that are adopting these products and starting to integrate them together in order to achieve the kind of results That we at Palo Alto Networks have been able to achieve in our own security environment. With now 74 of the Fortune 100 customers as customers of Cortex, We see just tremendous potential for Cortex going forward. Now we'd like to talk about 0 trust.
And maybe first if I could, I'd like to provide a little bit of my perspective on 0 Trust. From the very beginning of We always viewed every product that we built to be 0 trust enabled and whether that was our next gen firewall Or SASE or with Prisma Cloud and Cortex, each and every one of our products is 0 Trust enabled. And in fact, that means is many of our customers are very well positioned to embrace 0 Trust because of that sort of Foundational approach that we've taken. Look at our next gen firewalls and how they effectively eliminate implied trust in policy in order to Truly identify who the user is, what the application is, whether they should have access to it and then to secure every connection. That's one example.
With SASE, we extend that out to all remote users and branches. With Prisma Cloud and our approach to IAM security and micro segmentation and other aspects, It allows us to extend 0 trust into the cloud and of course, within Cortex and XDR, extending 0 trust out to the endpoint. We believe 0 Trust actually needs to be done at an enterprise architecture level. The CIOs and CISOs Our thinking about and need to think about how to approach this as an entire architectural approach, not just individual products. And so what Nir Zuk, our Founder and CTO, will talk through now is how to bring these pieces together and how we need to be thinking about this in a much more comprehensive manner.
Hi, everyone, and thank you for being here. We heard Nikesh talk about our We heard Lee and his reports talk about our products and platforms and offering. And there is a question, what is it that Palo Alto Networks delivers to its customers. Is it 30, 40 different solutions, features? Is it 4 platforms, a network security platform Prisma Cloud, the cloud security platform Cortex, the security operations center platform and the newly released Okiyo, the Home security, small business security platform or is it really one big thing that Palo Alto Networks is Delivering.
And what I want to do in my session today is to show you that big thing that we're delivering. And I'm going to do it within the context of 0 Trust And specifically, the 0 Trust enterprise. You'll probably hear about 0 Trust from all vendors and customers, and everybody is talking about 0 Trust. Just Google's 0 Trust will see how many different results you see. And different vendors talk about it differently.
You have the network security vendors talk about it in one way, you have the proxy in the cloud vendors talk about it in another way. And the endpoint security vendors talk about it in a third way and the identity and access Management vendors talk about it and cloud security vendors, everybody is talking about 0 Trust in a different way. And What I want to do is I want to show you what is the 0 Trust enterprise and how you take all these different 0 Trust components and put them into one team. So The first thing we know about 0 Trust is that it's very, very important. Even the President of the United States has mandated 0 Trust architecture within the government.
So it has to be very, very important. We don't know what it is, but it has to be very, very important. And to understand what 0 Trust is, Let's talk about trust first. If you really think about what the cybersecurity industry has been delivering for the last I don't know, I started 27 years ago in the industry, The last 30 years. It's all about trust.
Can I trust this connection? Well, here is a firewall to help you decide whether to trust the connection or not based on IP addresses. Can I trust a file that just showed up on an endpoint? Here is antivirus for you. Can I trust the user?
Well, here is 2 factor authentication, right? Mid-90s. Can I trust The content of the connection? Well, IDS, IPS. Can I trust the URL?
Here is URL filtering. Can I trust this? Can I trust that? Each one of these Concept is really about can I trust something or can I not trust something? And that's what the industry has been delivering for the last 30 years in a whack a mole approach, right?
Every time there was a new thing that we had doubts as to whether we can trust that thing or not, a new set of vendors was created to address That specific concern and to help customers decide whether to trust something or not trust something, no matter what that was. And that's how the industry has been built for the last 30 years. Take, as an example, a user Sitting in an office trying to access an application in a local data center. Most customers will have a project for that. They'll Call it a data center firewall project.
They'll buy a data center firewall. They do some tests here, some checks there for the user traffic and be happy with that. And then if you take the same user using the same laptop, sitting in a coffee shop trying to access a cloud application, A public cloud application, there'll be a completely different project for that. Call it 0 trust network access, ZTNA and it's we look at proxy in the cloud and other solutions. And then the same user trying to access a SaaS application, That will be a 3rd project.
It will be a CASB project. And in each of these cases, we're going to check different things. We'll have We're going to look for different things, which means that we're going to trust or not trust different things, which brings us to the concept of implied trust. If I have 2 solutions for 2 different use cases for the same user and the same application, just different Solutions, whether the user is here or there or whether the application is here and there, by definition, I check for different things. In This case, I'll have some things that I trust and some things that I implicitly trust.
In the other case, there will be other things that I trust and other things that I implicitly trust. There will be implicit trust in my decisions, which is the complete opposite of 0 trust. 0 trust is about removing all implicit trust. It doesn't matter who the user is, where they are, what type of device they're using. Are they using Windows or Mac?
Are they using Android or iOS, is it a corporate issue device? Is it your own bring your own device? It doesn't matter which technology they use to connect SD WAN or IPsec or client VPN, client SVP and proxy. It doesn't matter what they use. It doesn't matter what the application is.
It's a SaaS application, application deployed in public cloud, an application deployed in the traditional data center. In private cloud, it doesn't matter what it is. I'm not going to trust anything. I'm going to do everything I can, no matter what the situation is, to decide whether I can trust Or no trust each aspect of what it is that the user is trying to do. That's what 0 trust is about.
And the interesting about 0 trust Number 1, it makes the organization more secure. If I don't have any implicit trust, I go and check each and everything no matter what the situation is, I'm more secure. The other thing that it does, it also makes the infrastructure simpler. I don't have 10 different use cases anymore. One use case for Local user going to a data center, another use case going to a SaaS application, a third use case in a coffee shop going to public cloud.
I don't have all these different use cases. I have one use case. That makes the infrastructure simpler. And that's why you're hearing more and more about 0 Trust. It's I had this interesting conversation with a CISO of a major U.
S. Corporation a few weeks ago. And in that Discussion, we talked about the 0 Trust project that they have, and we were competing against one of the leading proxy in the cloud Vendors, and we talked about that. And she explained to me what they're trying to do and so on. And then I knew that they have an SD WAN project as well that we're competing on against other vendors.
And asked her, what about that SD WAN project? What do you plan to do with that? And she said, no, no, we're not talking about that. We're talking about 0 trust Network access. I said, okay, so what you're saying is that users that come in through SD WAN or in branch office Using SD WAN versus users sitting elsewhere at home or on the road using their laptop to connect to cloud applications, these are different use cases?
Yes. So you're going to run different checks here and different checks there? Yes. So you're going to implicitly trust things here that you don't trust Here, the implicitly trust things here that we don't trust here, yes. And then how is that 0 trust?
And within a few minutes, Cecio understood that she probably needs to take these projects and look at them at 1. So yes, we are on a mission out here to Educate the market and show the market that 0 trust is really a big thing. And there are actually 3 different aspects of 0 trust. There is 0 trust for users, Where it's a user, no matter where they are, no matter what they're trying to do, trying to access an application. And we cannot trust their identity, so we'll do whatever we can To make sure that they are who they say they are, we are not going to trust the device that they use, whether it's a laptop or a phone or a tablet.
And So we have to assume nothing and have zero trust around anything that has to do with their device. Then we're going to not trust anything about the access, whether they're allowed to access something, whether they're allowed to access A function within an application, whether they are allowed to do different things, we're not going to trust that. We're going to check it each and every time they try To do something and then we're not going to trust the transaction itself. So even if we allow them to access something, that doesn't mean it's the end of the road. We're going to look at the transaction Make sure there's no malware going there and no command and control traffic and no data leakage and so on.
So these are the different things that we need to do in order to implement 0 Trust for users. Then there is 0 Trust for applications. Traditionally, applications were running in a data center behind a big firewall. And when applications were talking to each other or components of applications, what we call Microservices were talking to each other. There was almost no security.
We assumed that they can do whatever they want. Now that applications are in public data centers, in public clouds, for some reason, customers view them differently and they want to run more and more and more checks. Of course, the 0 Trust philosophy is if you're going to do it in the public cloud, you have to do it in the traditional data center, you have to do it in private cloud as well. And here also we have 4 things that we need to check. We have to identify the application itself.
When application A talks to application B or component A talks No matter where they are, we need to make sure that these are the right things talking to each other and that nothing has been replaced. We cannot trust the workload on which the application is running, Whether it's a server or a VM or a container and so on, we have to trust nothing about that and verify each and every aspect of that. When applications talk to each other, access each other, we can all trust that. We have to run a full suite of checks there. And also, once we allow application A to Application B, we have to look inside and make sure that there's nothing funky going in within that transaction.
And then the third aspect of 0 Trust Is 0 Trust for infrastructure? Infrastructure meaning our routers and our switches and all the other traditional infrastructure, IoTs, Whether these are industrial IoTs, corporate IoTs, activities, cameras and so on, medical devices And other health care related IoTs, whatever it is, and also all the software and other things that we buy from our suppliers. So whether it's something like solar wind or source control management system, whatever it is, we can trust it. We cannot trust the identity of Our users that are using it, our administrators, we cannot trust the device itself. Was it switched on the way?
The DLL we just downloaded into SolarWind, is that real or not? Can we trust it or not? So we cannot trust the workload, The device, the access, we need to implement least privilege access whenever we allow our users to access these Services or these devices and of course, the transaction itself, we have to make sure that it's not a component Trying to connect to a place they're not supposed to connect, that there's no malware running inside and so on. So very similar to user 0 Trust for users and 0 Trust for applications. We have 0 Trust for infrastructure.
If we take those 3 together and put them into a matrix, It looks like that. Very, very similar. We have to do similar things no matter whether it's 0 Trust for users for applications or for infrastructure. It's always about identity, about the device
The funny thing is when
you talk to different vendors in the industry That claim to do 0 trust, what they really are doing is they focus on a single cell in this 12 cells matrix And sometimes even on less than that. So for example, when you talk to endpoint security vendors, of course, they do 0 trust. Well, what they really do is they do 0 trust for users when it comes to the device. So
It's a small aspect of it.
When you talk to the proxy and the cloud vendors, of course, we do 0 trust. We are the 0 trust. Well, In reality, what we do is the access part for 0 trust for users. And if you want to secure the device, then you go to this partner of theirs. And if it's a SaaS application, you go to this CASB partner of theirs.
And if you want to secure the transaction, then they partner with Joe Security, Whatever on this aspect of security and so on. And then the same is true for 0 Trust for applications. You have different cloud security vendors that focus on a different not even a complete cell, Part of the different cell that you see here and the same is true, of course, for 0 Trust for infrastructure. So really, if you want to be a 0 Trust Enterprise, meaning you want to take those 3 different aspects of 0 trust: users, applications And infrastructure, and you want to implement it across everything, you will have to start whacking malls again and work with 20 different vendors and integrate everything together. Or you can come to Palo Alto Networks.
So once you choose your identity and access management vendor, with our platforms, you can achieve Complete 0 Trust Enterprise. You can become a 0 Trust enterprise by taking our network security platform and implementing it here where you see The yellow sales, you take Cortex XDR, this is where you see the green cells. You take Prisma Cloud Where you see the blue cells plus your favorite identity and access management vendor and you have complete 0 trust You implement the 0 trust enterprise. And believe it or not, customers are subscribing to this and are buying the platforms More and more because they have a 0 Trust strategy, because they believe that with 0 Trust, they can get much better security and much simplified Infrastructure. And I believe that going into the future, this is going to be become more and more important In decision making as to whether to use specific vendors that sell specific feature like proxy cloud vendors, endpoint security vendors, Cloud security vendors this or that and so on or whether to use Palo Alto Networks for the complete set for the platform.
So now that we understand what is 0 Trust, what is the 0 Trust enterprise and how the different things that Palo Alto Networks Does deliver together the 0 Trust enterprise. I would like to thank you very much for listening and to turn back to Nikesh. Well, thank you very much, Nir.
I hope you guys enjoyed the product download and the confirmation how we are going to stay Ahead of the innovation curve. Well, listening to all this product portfolio stuff and watching our growth over the last few years, It gives me great comfort to say that we believe that over the next few years, we will be able to sustain growth both at a billings level and a revenue level. Hence, we believe that we can get past $8,000,000,000 in revenue in FY 'twenty four and coupled with obviously crossing the $10,000,000,000 mark on billings in FY 'twenty four, Which should give us a sustained growth rate of 23% on revenue and 22% on billings over the next 3 years, which is again Higher than the guidance we'd given last time for 3 years going forward, this is a testament to the comfort we have around our product portfolio, our product market fit And the continued amount of innovation that we have delivered, which we believe is going to scale in the market over the next few years and the innovation we have, Which we are going to launch over the next few years as we get to our targets in FY 'twenty four.
But you don't get there on products without actually going and having a scale go to market engine. And I'm delighted to welcome and introduce welcome BJ Jenkins to Palo Alto Networks and introduce him for the first time as our President, who's going to help drive those numbers. So Vijay, your targets are set. You ready?
I'm ready to go, Nikesh. Thank you very much. I'm very excited to be here today to talk to you about our go to market model that helps As you heard from Nikesh, Lee, Nir and our product leaders, we have a best in class portfolio across platforms and we've built a strong go to market engine to bring them to our customers. It starts with our core sales teams Of 3,200 professionals around the world, this team was built up with a strong foundation of network security sales skills, And we've augmented that with 850 plus sales and technical sales specialists We'll bring focus and strong domain knowledge across our 3 platforms. We've created a cohesive selling motion between them That is driving strong results.
95 percent CAGR and speedboat product sales with over 220 accounts Delivering over $1,000,000 in sales speedboat sales. Along with that, we've seen the core sales team improve their productivity 5% annually with over 50% of our reps selling 2 or more speedboat products. Now our opportunity is to drive scale and even better execution. It starts with a one team mindset, An aligned leadership team with a common set of goals. Off of that, we build joint account plans Across the teams that help us land new customers with the right offering, but then quickly expand in other speedboat areas.
We back up these plans with an incentive model that rewards results and collaboration and we invest in enablement that helps our core reps Become more proficient in selling the full portfolio. The results of all of these efforts will be to scale the business To reach more customers with a full portfolio in a highly efficient manner. Supporting the efforts of our Palo Alto Networks go to market team It's a thriving ecosystem. It gives us further reach and leverage. As our customers accelerate their digital transformations, The move to public cloud or fully implement hybrid work environments, they look to trusted VARs, system integrators, Service Providers and Cloud Service Providers to help them on their journey.
We have invested in these partners to create a robust environment for us to collectively grow our business. If we look today, we have 8,000 plus Next Wave partners. We drove over $1,000,000,000 in sales with our system integrators and service provider partners last year. And we have over $250,000,000 in sales with AWS, GCP and Azure last year. Going forward, you can expect us to continue to invest to create deeper And even more strategic partnerships that help bring the full portfolio to more customers.
As we deliver those solutions, the key focus of our go to market model is creating trusting and loyal relationships with our customers through our services and support. We've succeeded at cultivating these trusted relationships As we have doubled the number of offerings since fiscal year 2019, we've achieved this with a world class team Along with investment in automation and knowledge bases that have allowed us to resolve issues more quickly while reducing the amount of resources required, Our team and these investments have resulted in a 90% CSAT rating and TSIA and JD Power awards with our customers. The power of our sales team, ecosystem partners and world class customer services Leaves us in an enviable position. As a veteran of the information protection and security markets for more than 30 years, I believe this is the most exciting opportunity I have seen. From the outside in, I always had respect and admiration for Palo Alto Networks.
Over the past 3 years, I saw the innovation and disruption in the 3 platforms they delivered And the product market fit that resulted out of that. I saw a proven go to market model that was driving expansion in areas like the Global 2,000, where over 70% of our customers have deployed 2 or more platforms. Now that I'm 30 days in, I'm more convinced than ever about the opportunity in front of us. Now my goal is to supercharge the model going forward To continue to innovate and drive scale and efficiency in our model to grow to our full potential As the true multiplatform cybersecurity leader, I'm excited to be a part of this team and eternally grateful for the opportunity.
And BJ, we're so incredibly grateful that you're here. It's amazing that you've joined us. Talking of BJ and Lee, they have talked about their go to market strategy and our product portfolio and all that we have that is exceptionally special. As a leadership team though, we know that the one thing that necessitates our ability to do our job well Is that we hire the best people and we motivate them to do an incredible job. And I'm just going to take you for about 10 minutes through our ESG strategy.
I'm going to talk you through our approach and I'm going to talk you through our extraordinarily lofty goals. Quite simply, We really do believe that we can be the best company to work for. There is nothing that can stop us. We believe that we can really be an Exceptional steward of our environment that our social agenda is amazing for our communities and our people and the very nature of our product It's integrity itself, and our governance is a manifestation of that. Let's talk about the environment.
Now for each of these slides, I'm going to take the same approach. I'm going to give you a sense of what we've achieved over the last 3 years and what we intend to achieve over next year. In 2019, regarding the environment, we did something that we do time and time again. You'll see this theme emerging. We went to our staff and we said, what do you think is important?
And we set up our own green teams. At that time, We believe the thing that we should do more than any other thing was make sure that our real estate portfolio was LEED certified. And in 'twenty, we gained that certification for 85% of our entire portfolio. Over this last year, We have committed to 100 percent renewable energy, not in 2,050, but in 2,030, a mere 9 years away. And we are going to have high quality offset of our carbon.
In 2022, we will again move forward with partnership, And we will work with our suppliers to make sure that we can hit our science based targets together. And finally, as if all of that is not enough, We are absolutely committed to securing a CDP leadership rating, a carbon disclosure project rating. We all understand how very important that is, and we are well on our way. So as I just said when I started this presentation, Our success is predicated on having the very best people and enabling them to do the very best work of their careers. So in 2019, we set out to do 3 things and 3 things really well.
1, to hire the very best leadership team that we could From the iconic companies that you know in the valley. And today, we have an extraordinarily spread of amazing leaders. Secondly, to make sure that we've set up all of our hiring processes so that we could hire big numbers Of diverse employees. And thirdly, as I'm sure you've appreciated this morning, we're a company that is disruptive. And so we went out of our way to ensure that we could hire the best early in career talent.
And you will see subsequently we have earned several awards for what we have done for our new employees that are younger in Korea. The pandemic hit in 2020 and it was an intensely interesting moment for us because what we saw As we closed our office doors and our employees went home, what we saw was that they could be equally, if not more productive, Without control and without needing to be inside of the office. This gave us the idea that if that paradigm could be shattered, So many other paradigms could be and we decided to really investigate the nature of work and we looked at benefits and we looked at learning and we looked at location. And instead of keeping our employees as cohorts, we decided that we could individualize and personalize each and every one of those things. And so the Flexwork Coalition was born.
We teamed up with other companies to think through What should the nature of work be going forward? And how do we make sure that our employees are as motivated and as engaged as they could possibly be? In 2021 2020, we also achieved fair pay, promotion, performance and mobility for diverse people, underrepresented minorities And women, we have no difference in any of those processes at all in Palo Alto Networks. And I think what I found most gratifying this year as we sat through the difficulty of the pandemic is during our employee survey, 81% of our people told us they were highly engaged and highly motivated working for Palo Alto Networks. And I also saw something that I have never seen in my entire career.
There was no diversity differential. Our underrepresented minorities and our women were as equally highly engaged as our white and Asian men. And I felt So, so proud of Palo Alto Networks at that moment. During COVID, we worked together again with our employees And we set up our COVID fund to help those less fortunate than ourselves. We set up a fund also to help with racial injustice.
And just as we have involved our people all the way through, we went with the causes that they cared most about. Now as we move into 2022, honestly, we think we're on a winner. We know how to motivate our employees. We know how to take work forward going into the future, and so we're just going to continue doing more and more and more. And we are absolutely committed to be the top cybersecurity company for diversity, bar none.
And of course, As I mentioned, education has been part of everything that we believe in. In 2019, we set up a partnership with the Girl Guides. 260,000 badges have been given to girls to keep them safe online to show that they understand cybersecurity. In 2022, we're going to take that learning and we're going to build adult material For incarcerated people and other people who need access to free education in cybersecurity, we really hope that we can reach 20,000,000 people by 2025, which I think is a knockout goal. That leads me to governance.
I said it at the start, our product is integrity. Our product is cybersecurity. Our governance structures just have to be a manifestation of that integrity. In 2019, we set everything up for our employees. 2020, we introduced ESG into our Board and into our subcommittees of the Board.
And moving forward into 2022, our executive part of their bonus will be based on ESG. That's how important we believe this to be. Now at Palo Alto Networks, we're rather humble and we're not out to try to get validation from external bodies, but
our employees are starting
to tell people and tell But our employees are starting to tell people and tell external bodies how great it is to work here. And over the last year, we have won awards For our diversity programs, for our internships, for our culture and lately even for our totality of our ESG agenda. And it is fantastic to see that our Glassdoor movement has been 0.7 in less than a year. We're just around 4, which means we're about a top 100 company to work for already. I want to close by talking about our values.
Now I'm sure virtually every company that you talk to talks about their values, But I'm going to tell you something different. We don't stick them on walls. We don't put them on T shirts. Our values Came out of our people. So as a leadership team, we sat down and we picked up the pen and we decided to write the values.
We put down the metaphorical pen very, very quickly. And instead, we decided to crowdsource our values from our people, And we asked every single employee to tell us what are we proud of, who are we, what do we represent, and they came up with these type words. We are a disruptive company. We execute flawlessly at scale continuously. We collaborate.
I've talked about our partnerships with our suppliers. I've talked about the involvement of our employees. We act With integrity continually, and I believe we are one of the most inclusive companies on the planet. Thank you so much for your attention. It's been a complete joy to talk to you today.
We're now going to take a 5 minute break. Thank
you.
Well, we're back. You heard from BJ, you heard from Lianne, you heard from the entire product team. And before I bring Deepak Galecia, our CFO, on to talk about specific guidance and how we're going to put this all into a framework for you to be able to model and look at How we're going to perform as a company over the next few years. I wanted to give you a quick take as to how I see this. We're operating 3 very strong platform oriented businesses at Palo Alto Networks, and we're operating them with a one team philosophy.
So if you look at the 3 different presentations that you saw today Our 3 major platform presentations to start today. The first one around our network security strategy and our SaaS strategy. I do not believe there is a company out there In the network security space, which has the ability to deliver a single architected platform solution across all form factors, whether it is on the hardware business or it is in the software firewall business or it is in the SaaS E business. And the beauty of this is that You can start with any of those 3 products on Power Networks and over time, expand your footprint to the other parts where you might have some other solution in play today. But because of the single policy pain, because of single architecture, we're actually able to make those transitions in an extremely seamless fashion.
And our teams are working hard To make those transitions even easier, because we're noticing that many of our Sassy customers that we're acquiring are net new to Palo Alto. We're fully committed and we believe these customers over time are going to work backwards and integrate our hardware firewalls into that business. For the long term, I believe the network security business is going to be shaped by the movement to the public cloud as well as the movement to remote security And redefinition of MPLS to SD WAN, in that process, I think the industry is going to end up being more than half Delivered to software, which is great because software has a lower total cost of ownership for our customers as well as higher security efficacy for us because we're able to keep our systems up to date at that point in time. So I believe our firewall business is the largest cybersecurity network business in the world. It has phenomenal cash flow profile, and we think that it will gain in stature and in cash flow generation and in size over the next years to be the largest continue to be the largest firewall security business of the world.
If you look at Cortex, we believe we've come from nowhere in 18 months and built our solid business in XDR. We've also done a phenomenal job in putting automation out there, where we now boast more than $400 in ARR. We think we're Going to take that business and use that as the underpinning of transforming the SOC. I think XDR in the future will become the new SOC management platform for the future Because that part of the industry needs an entire overhaul, it has been somewhat similarly in the same space where Endpoint used to be about 3 or 4 years ago. So I think that overhaul is coming and we think we're very well positioned to go deliver that in the market and aspire to be one of the leaders in the security operations space.
Last but not the least, Prisma Cloud, something we started from scratch and part acquisition 3 years ago. We believe that is a phenomenal blue ocean opportunity. It's a product category where the consolidated platform is not available for many other competitors and we have we think we're about 18 to 24 months ahead in our innovation life cycle in that product. We will continue to keep our eye on that innovation pipeline. We'll continue to make sure that Over time, we deploy the platform in most cloud adoption companies.
So I couldn't be more excited about the fact that we have 3 very clear businesses, We're building through a one team approach where our products talk to each other, integrate with each other, but also can be bought independently depending on the maturation of the customer and where the customer is And re architecting their security architecture. Not only that, we also are able to do that with the efficiency and scale that comes from having 4,000 salespeople out there and running them as one team with a strong underpinning of a values based culture. So with that, let me bring in Deepak because Deepak is going to give you very precise Numbers and guidance around how you think about this from a modeling perspective and a financial perspective, and he will also share how all this is going to be done in a financially prudent manner. So with that, Our CFO, Deepak Kolecha.
I'd like to tie what you have heard today back to the impact on numbers you see us discuss and also how we're looking at driving total shareholder value. The takeaway you should have had from Nikesh, Lee, Lianne, BJ and others is that we're focused on driving accelerated growth while simultaneously driving scale and efficiency to grow the bottom line faster than our revenue. From my vantage I see these goals tied up in the broader goal of focusing on each of the components of total shareholder return. At Palo Alto, this comes down to an all encompassing focus across these four drivers of value, which I will walk you through. Starting with revenue.
You all saw our Q4 results where we showed strong momentum across all major top line metrics. Our view is that this momentum is not an accident, but it's a result of accelerating industry trends and predictable execution in the business you heard about From others on the management team, we believe these drivers are sustainable. Beyond revenue, this was clear in billings and also remaining performance obligation. Greater predictability of revenue is a benefit of the transformation that's underway in our business towards NGS as most of these products have recurring revenue With a growing renewal pipeline and opportunity for expansion, our
PO is a
measure of future revenue that is contractually committed. This metric includes both revenue that is on our balance sheet in the form of deferred revenue as well as customer commitments that have not yet been invoiced. You can see the clear relationship between prior year ending RPO and our current year revenue. The revenue coverage in our Current RPO has steadily grown from 49% entering fiscal year 2020 to 58% entering this year. This gives us a greater degree of predictability entering the year, enabling us not only to forecast with more confidence, but also to invest with more confidence.
We expect revenue coming from our current RPO will continue to increase as we proceed through our transformation journey over time. Now I wanted to dive into some of the details of our revenue drivers. What I want you to take away is the attractive combination of high growth in our NGS portfolio, Along with stability in our core firewall business, we use NGS as a measure of the significant progress and our investments where we are driving transformation within our business. Our NGS portfolio is well diversified, and we're seeing strong growth contributions across the board. This ranges from transformation The strength of our NGS portfolio and the pipeline of expected new products gives us the confidence to target a 40% CAGR in NGS ARR through fiscal year 'twenty four.
As part of this NGS growth, we continue to see a transformation of our firewall as a platform business to software. This trend was in its infancy in fiscal year 'nineteen. And in fiscal year 'twenty two, we expect software to be north of 40% of our FLAT billings, with a target to be well ahead of this level as we look out to fiscal year 'twenty four. Lastly, I mentioned consistency in our product business. As you heard earlier, we're launching our 4th generation hardware releases, and we've given guidance for fiscal year 'twenty two on our product line.
As we look out over the 3 year period from fiscal year 'twenty one to fiscal year 'twenty four, we expect to grow product revenue at a compounded rate in the mid single digits. Moving on to profitability. I wanted to focus on our cost of revenue and sales and marketing expense, which are our 2 largest cost items. At the same time, I want to make sure investors understand that we're focused across every element of our cost structure to drive benefits from our scale and focus on efficiency. We've seen relatively stable gross margins over the last 3 years, and we expect this trend to continue in fiscal 'twenty 2, With gross margins in line with our current level, what we've seen happen underneath that trend is growth in our NGS portfolio, which was less than 15% of the total business in fiscal year 'nineteen and will likely be more than double this in its contribution by fiscal year 'twenty 2.
Within NGS, we have a number of products that are early in their lifecycle and as a result of their smaller scale, have lower gross margins. We've seen consistent year over year improvement in the gross margin of these early lifecycle products as we have increased revenue faster than our public cloud costs and benefited from leveraging our cost and support around these products. More broadly, as we manage the balance of growth and profitability, We're looking at the returns of various investment opportunities and prioritizing these opportunities accordingly. We're ultimately managing this Under the margin framework we've given to you. For example, we launched OKIO on Friday, and you heard a bit about that opportunity earlier.
This is an investment we have had on the way for over a year, culminating in the products that we just announced. Our overall management of gross margins has enabled this OKIO investment. Sales productivity is a key driver of our ability to drive operating margins also. In fiscal year 'twenty, Nikesh And the team very intentionally made investments in the business to drive transformation towards software and cloud. This included transforming the way we sell our products.
We embarked on this breadth and depth strategy that BJ highlighted as well as some new ecosystem partnerships such as the cloud service providers. You see how this investment impacted our productivity in fiscal year 'twenty as we added a large number of people to the go to market organization. As we move through fiscal year 'twenty, we started to see productivity out of these hires and we've doubled down on hiring in fiscal year 'twenty one as we saw productivity improve. We expect to continue to see additional improvements in fiscal year 'twenty two, driven by a balance of driving productivity in fiscal year 'twenty one hires And also an overall moderation in our headcount additions. We expect a 5% increase in core sales productivity in fiscal year 'twenty 2.
Moving on to cash conversion. We look to bring the benefits of scale and efficiency that I spoke about in our profitability to cash conversion. Historically, many of the same investments we made related to our transformation Had a similar, if not greater impact on our cash flow as we saw our core NGFW business slow and invested in specialized sales resources. As we gain greater comfort in some of the impacts of efforts we have underway around cash conversion, we have confidence in a range of 32% to 33% Adjusted free cash flow margin in fiscal year 'twenty two. This is ahead of the initial guidance we gave back on August 23 of greater than 30%.
Some of these efforts include driving improvements in large deal motions, incremental discipline in collections and ensuring that we're operating or ahead of industry benchmarks in our working capital management. We are also focused on implementing a highly disciplined billings plans exceptions process. We believe beyond fiscal year 'twenty two, we can expand adjusted free cash flow margins ahead of operating margin expansion at the rate of 100 to 150 basis points through fiscal year 'twenty four. When we step back and look at our cash conversion, The data already shows that for software companies over $3,000,000,000 in revenue, we're near the top of our peer group with our combination of forward revenue growth and adjusted free cash flow margin. These are the sorts of companies we look at in benchmarking to help drive cash conversion and our balance of growth and profitability.
With our goals around growth and all underway to keep the focus on adjusted free cash flow margin, we aspire to improvement here towards a combination that would put us near 60%. Moving on to capital allocation, the final component of total shareholder return. Over the last 3 years, we've matured significantly in how we manage our sources and uses of cash within a broader capital allocation umbrella. During 2018 2020, we issued convertible debt to take advantage of favorable conditions and finance some of our M and A activity. We also returned about onethree of the cash we generated in the form of share repurchase.
Looking forward, we've given some framework for how we are thinking about cash generation. If you use that framework, you'll see we plan to generate over $6,000,000,000 in adjusted free cash flow over the next 3 years. We also have a $1,500,000,000 convert maturing in fiscal year 'twenty three, where our base case is to repay this. Beyond this, you should think about share repurchases as being the focus of our external use of cash. Related to our capital structure, we continue to make progress our stock based compensation expense as a proportion of our revenue.
We're doing this while balancing our need to compete for top talent in a very competitive industry and the geographies in which we do business. One nuance within our stock based compensation that many of you may not be familiar with It's that a significant portion is being driven by our M and A activity. Here, we have used stock grants as part of our acquisition consideration For retention and to reinvest founder owned equity, this reached the peak in fiscal year 'twenty one. We're focused on managing stock based comp lower Through reducing SBC per employee, we expect in fiscal year 'twenty two, we will see overall SBC as a percent of revenue decrease and look to continue that trend beyond fiscal year 'twenty 2. Bringing this all together, we believe we can drive an We expect to achieve $8,000,000,000 in revenue in fiscal year 'twenty four, a 23% CAGR over 3 years, driven by growth in our overall TAM, Share gains and a favorable mix towards higher growth markets within our revenue.
Within our revenue, we expect product growth at a compounded rate in the mid single digits over this period. Driving this revenue level, we expect $10,000,000,000 in fiscal year 'twenty four billings, a 22% CAGR over the next 3 years. Lastly, we expect $3,250,000,000 in fiscal year 'twenty four NGS ARR of 40% CAGR. With many of the investments needed to build our platform behind us, stable gross margins and positive trends in sales and productivity, We expect to expand our operating margins by 50 to 100 basis points beyond fiscal year 'twenty 2. We see opportunities to improve cash conversion margin guidance for fiscal 'twenty 2 to 32% to 33%.
We combine this with a balanced approach to capital allocation with buyback being the focus of our external use of cash. With that, I'd like to turn it back to Nikesh ahead of our Q and A.
I'm Clay, and I'll introduce the team for Q and A while we get things set up. Participating in the Q and A will be Nikesh Arora, Chairman and CEO Deepak Goletcha, Chief Financial Officer Lee Klarich, Chief Product Officer BJ Jenkins, President Amit Singh, Chief Business Officer and Liane Hornsey, Chief People Officer. To allow for broad participation, I would ask that each person ask only one question. The first question will be from Brent Thill of Jefferies with Keith Weiss of Morgan Stanley to follow. Brent, you may ask your question.
Great. Thanks for taking the time. Just as it relates to the go to market, I'm curious if you could just talk through The integration of the networking cloud teams and any synergies you're now seeing as it relates to the go to market on sales and marketing?
The next question will be coming from Keith Weiss of Morgan Stanley. Keith, you may ask your question.
Hey, guys. Can you guys hear me all right?
Yes. Yes.
Awesome. I don't know if you guys caught Brent's Question there. I don't want to just kind of skip over it. So Bren was asking about Sales productivity gains that you guys expect to see out of the integration of the core network security teams with all the speedboat teams. So maybe we can start out with that one just in terms of overall sales productivity, enumerating where you guys expect to see these Ongoing productivity gains on a go forward basis?
And then I can sneak in my question after that.
Sure, Keith. Thank you for helping Brent with His question, you couldn't hear it. I'm glad you could. Well, since BJ Jenkins is new to Palo Alto Networks, we set a target on him to drive sales productivity. And Vijay, if you want to take it and Amit, you want to assist?
Yes, sounds good. Thanks, Brett, and thanks, Keith, for transferring the question over. I think like I said in my presentation, this is about a model that's working. It's got good harmony between the speedboats and the core sales force. And my job is to drive scale with efficiency.
And what we do in that model is obviously invest in the speedboats to really capture leadership in these new innovation areas. And while we're doing that through incentives and enablement, keep the teams working well together, But make the core sales force able to represent the full portfolio over time. And to date, we've been experiencing about 5% annually In core, productivity increases and my job as we keep going forward is to keep those productivity gains going. So scale with efficiency And that ratio you've seen where we've got about 5% productivity annually, I think, is a good benchmark. I believe I can continue to improve on that.
Amit, did you want to add something?
Yes. So Keith, one measure of productivity gain is going to come from very large deals. So what ends up happening is our clients have been investing in parts of the portfolio, Firewalls, virtual firewalls, they might use cloud, in some cases, they might use Cortex. But increasingly, Some of the largest customers are going with a platform approach. And they're deciding that instead of you heard from Nir Talk about the whack a mole approach, they don't want to do that anymore.
It's actually more expensive and less secure. Hence, They're actually standardizing on Palo Alto Networks end to end. We had several deals, as Nikesh and Deepak Shared in the earnings call, there were over $50,000,000 where customers are committing to us for the long term. And we actually believe that's going to be a long term driver of productivity gains across all the large customers that we support.
Outstanding. And then my question, I wanted to ask a more product focused question around Cortex. Maybe this is more of a market question. We've seen a lot more focus on data and data analytics driving better security outcomes from Palo Alto Networks, but also from a lot of different vendors out there. You help us understand when we think about Cortex and that growth opportunity over the next couple of years, how much of that comes from displacing existing solutions and going And really creating the next generation of a SIEM, if you will, versus how much of it is adjacent selling or sort of new market opportunity As data becomes more ingrained in more aspects of the security architecture and what the security guys are doing on a day to day basis, much of this is a greenfield versus a replacement opportunity, I guess is the crux of the question?
Yes. Thanks, Keith, for the question. And I'll try and do my best and I'll have Lee jump in and Assist. But look, the endpoint strategy, I'll highlight endpoint because that industry actually We've tried to reinvent itself with EDR. And you saw a lot of the traditional endpoint ventures endpoint vendors Step back or newer players come in with the EDR strategy.
Finally enough, we were the first people to anoint or coin the term XDR, because we felt that you could build more integration with data From the endpoint and the firewall. Towards that end, Cortex XDR collects the most amount of data. And as Lee highlighted in our presentation, We ingest terabytes of data on a daily basis from Cortex because that allows us to take a look at all the data, run analytics against it. And what the teams have successfully done is they have taken more and more security data and ingested in and cross correlated that with Cortex XDR. I think this is fundamentally the new paradigm for SOC operations and SIEMs in the future.
I think the current paradigm of ingesting all data without being able to make sense of it or normalize it is going to be gone because the amount of efficacy and security you can bring in with being able to cross correlate and normalize data is going to be so much higher So much more relevant that you will see that unless the traditional SIEM players evolve, they're going to have to they're going to be left behind. And I don't think it's going to be a conversation of XDR versus SIEM, I think XDR is a set of analytics solutions provided by collecting endpoint data and We're combining them with firewall data and you'll see that happen more and more. So effectively, I think XDR or the new incarnation of XDR will replace the SIEM. I don't know, Lee, if you want to add to that.
Yes, I just want to maybe add quickly. I feel like too many companies to move vendors all talk about ingesting data. And the reality is that very, very few products were actually designed to be able to ingest data. Most SIEMs out and even most products out there were designed to ingest alerts, maybe logs, but not data.
When we
talk about data, we're talking about going very deep, for example, from A single endpoint host will collect well north of 100 megabytes per day of data. We collect data from the network. We collect data from identity. We're collecting data From cloud with the introduction of XDR 3.0 for cloud. And so the unique difference with XDR is that it's actually designed from the ground up, We're oriented around being able to actually collect data from all these different sources, stitch it together and then drive a whole new breed of analytics on top of that For not only detecting attacks, but being able to streamline the investigation and then ultimately to be able to automate the response.
And that's how we achieve the numbers that you saw earlier today when we talked about being able to get down to basically sub minute average response time.
And our next question comes from Matt Hedberg of RBC.
Great, guys. Thanks for taking my question and congrats on this Presentation, I think it's been very helpful. Your $10,000,000,000 billings target and $8,000,000,000 revenue target by fiscal 'twenty four, I think It was a while where any of us is expected and super exciting, but I actually wanted to focus on the margin side with Deepak. I think the margin excited is equally exciting to us and I think a lot of the long term investors here. You talked about some of the drivers like cash collection and sales But in addition to that, I wanted to understand how you expect M and A to potentially impact margins through fiscal 'twenty four and also your assumption on Billings contract duration as well through fiscal 'twenty four.
So, Matt, I'm going to take the first part of that and then Deepak will jump in with the margin conversation. I think are 2 very important things to understand. 3 years ago, when we set about giving guidance and doing the Analyst Day, we didn't quite Appreciate the amount of product development we had to do in the company, both from an organic perspective as well as acquisitions. And at this point in time, I'd say all 3 of our platforms are 90 plus percent there. It's very hard for us to acquire into those platforms and integrate, Which is where you saw a lot of our M and A activity we're acquiring like literally new capabilities, absorbing them into the company, hiring more people, driving more growth.
I think we're at a point where we have a phenomenal amount of products in our portfolio, and we have to spend the next 2, 3 years really selling them out there. And that's why we're focused more on Scaling with sales productivity as opposed to creating more product. And you saw we launched OKIO on Friday, which was actually all internally developed. So all those expenses go into our costs, but we can't talk about all that product development experience until we actually launch the product. So I'd say majority of our products are out there.
Now the job is to sweat the assets and go out and sell them more. So hopefully, we'll see our product development expenses normalize. You will see less M and A because we're not looking to acquire larger businesses doing just because we believe we are in all the space we want to be in. And then as a consequence, you will see that we will create margin But Deepa can talk more about the operating margin expansion and the free cash flow expansion.
Yes. Thanks, Matt. And just beyond the prepared remarks where I think You hopefully see the power of the portfolio come into effect because we're seeing margin improvement product by product year after year and that's just The balance of NGS and our core leads to flat gross margin. I think what I would say is we've also reached the scale where we can take a lot of the innovations in our stride, Okay. It's already factored.
Like our 3 year model is very much the reflection of a product by product line analysis And I think for the most part, we've captured everything that we can think of. To Nikesh's point, We're only expecting incremental M and A, but I think overall we've got a portfolio play and within that portfolio play we feel pretty comfortable With our overall margin guidance.
Great. And our next question comes from Brian Essex of Goldman Sachs. Brian, you may ask your question.
Great. Thank you for taking the question. Maybe Nikesh or Lee,
I'd like to touch on,
I think we've talked in the past about The shift from form factors within network security from physical to virtual, the impact that might have on revenue. I think maybe what's misunderstood or underappreciated is actually the installed the kind of global installed base there. I think Cisco's ASA business alone would probably be a top 2 or 3 network security vendor on a standalone basis. So I'd like to know what's your visibility and maybe what should some of the puts and takes investors should think about be as we think about the level of Confidence you have in that kind of mid single digit network security tag or how much visibility do you have there?
So Brian, as you can imagine, we went through a bit of an overhaul in the industry with The pandemic and we actually did a we introduced a whole new set of form factors not too long ago. And looking at that, looking at the pipeline, looking at where we are in the Cycle of refreshes that are going to happen, we have ample visibility and we feel very comfortable around the mid single digit growth on the product side. But also, couple that with the virtual firewalls that we're selling. When you see, at the end of the day, the customers are making an active choice. Either they're deploying the public cloud going to the public cloud, Starting all the work there, starting to shrink the data center footprint, but then using virtual firewalls to keep track of the incremental capacity needs, for us is a better gross margin business, to be honest, lower cost of ownership for us and for the customer, easier to provide securities.
And from that perspective, The form factor shift actually is more profitable for us when it happens with hardware and software firewalls. At the same time, people are deploying software firewalls against the public cloud as well. Now I think Sassy is a unique opportunity, which is, in my mind, underappreciated what we have been able to achieve in the last 18 to 24 months. 24 months ago, We were not as relevant in Sassy. Today, Sassy is our fastest growing business.
And to your point, it's a combination of security and actually network, Right. It's actually we're targeting not just the security TAM because it's a network TAM that is fast growing a whole series of transformation, whether it's people going from MPLS to SD WAN, whether it's people going for remote security from 10% to 100%. So I think that's a huge market. Add that to the mix, We believe the firewall industry continues to grow in the higher single digit sort of space between SASE and firewall chill and hardware, And we still believe we're going to keep that the clip we are with the double digit number around firewalls as a platform with a 2 handle in profit.
Great. Thank you. And our next question comes from Saket Kalia of Barclays.
Okay, great. Hey, thanks for taking my question here, guys, and very helpful session. Nikesh, maybe just to double click on that last Topic just a little bit deeper around firewall refresh independent of FormFactor, both in terms of your own sort of appliance families as well as some I was just wondering if you could just go one level deeper, maybe into what parts of your base you expect to refresh? And by extension, I think a theme here has been the broader platform. How you can use how you can sort of sell the broader platform at that time of refresh?
Well, I'm going to ask Amit to jump in and answer that question because he's been helping drive our hardware and network security for our Speedboat, Sumit. Saket, thank
you for your question. So think of it in 3 different areas. On the hardware side, we have brand new form factor, right? You've seen our Raptor line, our Bearkat line refreshed, Built on a new ASIC platform and that's going through acceleration, frankly, as customers who sweated their assets, Maybe during the pandemic, are coming back and refreshing everything. So think of it that way.
And we actually believe since we were a bigger player In the enterprise cohort that we're actually going to see some pretty good acceleration in the high end as people come back to work. At the same time, for the first time, we have a competitive low end appliance, the PA400 that is seeing massive acceleration. It's actually incredibly competitive internationally, incredibly competitive through our disti channel. So we actually feel good about that overall portfolio. As you move to the virtual FAM factors, we are uniquely positioned because we provide very high performance VM firewalls with all the security subscriptions to all our large, medium size and small customers and they can choose Which one they want to deploy depending on their cloud journey?
And lastly, as the last question, even the prior questioner asked, Is the SaaSy form factor then brings it all together where you can deploy it as any of these services As cloud delivered services from us, for remote users, for branches, for data center, for private access And have end to end visibility. And the last part, people can use all of this as a platform. So what's happening is clients are saying, Oh my God, my employees might stay home for the foreseeable future. Let me get a remote access solution. Guess what, it's the same code base, the same security profile, the same exact set of services that they already deployed in the firewall For the data center, so for us, it allows us to present the entire end to end portfolio.
That's why you're Seeing the acceleration of that business, the firewall as a platform business, frankly, as our As our bookings have grown, our growth rate has actually stayed the same or accelerated, which is very, very unique With these series of factors that Nikesh and Lee talked about.
Great. And our next question comes from Irvin Liu of Evercore. Irvin, you may ask your question.
Thanks for the presentation today. So I actually had a question on Prisma Access. So I guess this question is probably perhaps best suited for Nikesh or Lee. As Sassy becomes a cornerstone of Peoria and Secured Connectivity, you are seeing Prisma Access customer count growing quite nicely. But I wanted to better understand the technical infrastructure Required to support your growing user base and whether growth in this product segment would necessitate incremental infrastructure build outs or investments?
We're going to have Lee Platerich answer that question for you.
Yes, great question. So we made a Very conscious decision when we built Prisma Access that we foresaw the build out of infrastructure and global networks from the CSPs, the cloud providers, and how that infrastructure build out would happen and accelerate. And so instead of building proprietary data centers, we chose to leverage the investment that the CSPs were making. And by doing so, it has allowed us to leverage the global network footprint To be able to reach hundreds of locations around the world, to leverage the compute footprints and run all of our security stacks there. And in doing that, we've been able to test this out.
We've been able to prove it with our customers. We can provide the Just amazing performance for the end user, wherever they might happen to be connecting in from around the world or over the branch offices might be And wherever they're connecting to, because the other aspect of this to remember is, these users are trying to reach applications and the CSPs And the application, SaaS application, etcetera, are almost always either co mingled, co hosted or have direct connections in these big global pops. And so that's the approach we've taken. And as such, we don't have the infrastructure investment required. Instead, We're simply driving that as cost of the service that we're deploying to our customers as we deploy to our customers.
And just to add to that, the benefit is as we scale our consumption of the CSPs, we actually see scale effects on the cost, hence the gross margin of our business in a very linear fashion.
Okay. And our next question comes from Keith Bachman of BMO With Michael Turits on deck.
Thank you very much and appreciate the presentation. Lots of good stuff in here. One of the key themes, I think, is consolidation of spend or consolidation of vendors. And I wanted to focus with that as the backdrop Going back to Cortex
and wanted to try
to understand there's a number of solutions within Cortex, Xpance, Nextor and others, where are you today in terms of the mix? And what I mean by that in terms of how many when you're selling Cortex today, Is there an average number of solutions that you're selling to these customers? And how do you envision this changing through your FY 'twenty four Targets that you've established, it seems like that's a rich opportunity. And then if I just take a step back to you've given some TAM analysis or information on Cortex, both today and where it's going to be in 2024, How should we think about that as we impute the growth of Cortex in the broader financial top line targets that you've given? In other words, will Cortex At those type of rates or above those type of rates, how should we just generally be thinking about that?
Many thanks.
Well, Keith, as I said, I'll go a step further and say the transformation we've seen in network security and the transformation we've seen in cloud security has yet to happen to the entire SOC space. The SOC has still been a collection of a lot of point solutions. And I think the reason we had Lee talk about what we have been able to achieve at Palo Alto Networks Take it down from 67 odd 1,000 alerts down to 60 odd events and be able to remediate those in seconds, if not in minutes. That's what every SOC aspires to. And you can't get there until the overhaul happens of your infrastructure over time.
It's not just getting a better SOC tool that solves the problem. Actually have to have the right component parts that drive the right, to use the least word, data into your SOC, so you can actually analyze and do something with it. We believe this is going to be one of the biggest opportunities out ahead, not just next 3 years, the next 5 to 10 years. I think that's where the most amount of innovation is going to happen and most amount of Consolidation is going to happen in the next 3 to 5 years. Now you've seen we were very deliberate in our XDR strategy where the endpoint is not just an alert generation device or endpoint Protection device actually is a data sensor and a data collection device.
We went kind of the other way from the industry. We can do the our endpoint has capabilities that Four vendors would have to be added to put one agent out there to make that happen. So we've made a very deliberate strategic decision to do that that way. We think in terms of the way you think about it, obviously, we would like we expect to grow fast in the TAM that is out there in the industry because we are Going to expand our capability set very aggressively over the next 12 months 24 months. And you should hope to see customers over time Start consolidating their SOC operations with something like Cortex XDR as the base, where they cross correlate that XOR And then depending how big their external footprint is, they add Expanse or not, you'd obviously see us doing more and more integration between the products because that way, you wouldn't have to go deal with 3 different SKUs, perhaps get a consolidated solution from Palo Alto Networks.
Great. Our next question comes from Michael Turits of KeyBanc with Adam Tindle on deck.
Hey, guys. Good afternoon. I just wanted to ask you, Nikesh, about the mid single digit product growth guide. A couple of years ago, not even that long ago, it was pretty much flat. Now you got to do closer to 7% or 8% for this year.
So what's changed and what gives you that much more confidence The product can grow. I know you went through some of that just now around the product refresh and answer Saket's question.
I think, Mike, there's 2 or 3 things. One is, I think as people are coming out of the pandemic, what has happened is the volumes in the industry Have grown much faster than anybody expected. Because of the big shift to technology, almost all of our customers are reaching the capacity in the data centers where they actually haven't gone back in upgraded data centers that added more capacity. So you're seeing the capacity return. And I don't believe it's a capacity spurt.
I think that is the new normal. I think what you're seeing As the industry has established itself to a new normal, that coupled with the refresh Amit talked about, and obviously, it's time for us to start thinking about refresh of So the parts of our portfolio. And the 3rd piece, we are actually the form factors in certain segments of the market, which we have not traditionally played in, whether it's Adding OKR to the mix or whether it's adding PA400s to the mix. So I think combination of all those three factors gives us comfort that we can sustain those growth rates over the next 3 years.
And our next question comes from Adam Tindle of Raytheon James with Gray Powell on deck.
Okay, perfect. Nikesh, I wanted to ask a question on Prisma Cloud. You called it blue ocean and a one of a kind business. So I thought it might be important to ask a question on it. There's no lack of capital being thrown at security companies.
So why do you think others aren't Chasing this opportunity the way that you are, and as you think forward, what do you think the competitive environment looks like over the next 3 to 5 years, call it? Do you think Hyperscalers themselves might begin to offer these capabilities?
I was going to say that Usain Bolt and there's people chasing Usain Bolt. But Well, I said it anyway. So in terms of look, there's a lot of capital being thrown at that problem. You are seeing the CSPs deliver solutions that solve some of these problems. But I think the reason we are where we are is we got ahead of this 18 months ago.
When people were busy doing cloud workload protection, we were adding container security capabilities. When people were busy doing container security, we were adding serverless capability, adding IAM, WafaaS to the product When people are now busy chasing those, we added micro segmentation capabilities. Now that people are trying to figure out how that works, Now we added shift left capabilities with Bridgecrew. So what we've done is we've tried to anticipate the solution that our customers need and we've made sure they're deployed consistently across all five clouds out there. So yes, can I get a solution from 1 of the CSPs out there that solves some of these problems?
Yes. But most of our larger customers in the enterprise space are ending up on multiple clouds. Then you've got to make sure you run 3 different stacks where this solves for AWS is one way, GCP is another way, Azure is a 3rd way, Oracle, Alibaba. So now if you're back to managing 5 different silos and 5 different policy, you want to manage permissions in AWS using their tools, you want to manage them on GCP using their tools. So the benefit of having a single tool that allows you to be consistent across those cloud installs is way higher than actually The people needed to go run these 5 different ways from Sunday.
I think the blue ocean opportunity is in that integration, is in that platform And also in the fact that many of our customers in a hybrid solution, where they already voice some of our products, now we're able to take some of the cloud data, integrate our XDR. So you're seeing us Trying to leverage the Palo Alto portfolio yet also stay far ahead in the bleeding edge of the cloud security curve.
Great. And our next question comes from Gray Powell with Greg Moskowitz on deck.
Okay, great. Thanks for letting me ask some questions here. I really appreciate it. So how should we think about the free cash flow margin profile of the The cloud and AI security business versus the core network security business within the context of that 35 percent free cash flow margin target for fiscal 'twenty four. And just how much should we expect the Clay Sec business to scale over the next couple of years?
Well, the Clay Sec business is a significant component of the NGS ARR that Deepak highlighted. So the fact that the NGS ARR is going to grow at a 40% CAGR, a lot of that growth is driven by Clay Sec and Sassy. So you should expect that Clay Sec will grow. From the numbers we shared with you at the end of last year, you know that our Clay Stack business was slowly and steadily turning Less free cash flow negative, you would expect that, that just be a net contributor to cash flow over the next 3 years as opposed to a draw on free cash flow. Add to that some of the cash flow management plans that Deepak talked about.
Think part of it which maybe you insight for you is, we stood up PanFS 1.5 years ago. And Some of the financing we've done for our customers is a draw on our free cash flow and just managing that draw, managing our annual billings and getting that to a point of stability, Adding back the fact that our Playtech business is going to be cash flow margin positive and contributing faster than it can be operating margin contributed, Gives us more comfort that our cash flow margins will grow faster than our operating margin growth.
And our next Question comes from Greg Moskowitz of Mizuho Securities with Justin Roche on deck.
Okay. Thank you. I appreciate the time today. So earlier you outlined 0 Trust as a 12 cell matrix and you also highlighted your ability to handle 9 of these areas across Cortex and Prisma Cloud and Network Security, while partnering with identity management vendors in the other three areas. So two questions around this, if I may.
First, How much more customer education around 0 Trust do you think is necessary? And second, do you have any aspirations for Palo Alto to eventually Delivery full 0 Trust architecture with your own IP, or does it make more sense to continue to partner on the identity side going forward? Thanks.
So Greg, the answer to your first question is a lot. As in a lot of our customers and even the U. S. Government, they're talking about 0 trust. And as Nir highlighted in his own special way, there are a lot of people who are still trying to figure out what that means.
Towards that end, literally what you saw today It's something Nir has started talking about he always talks about it, but he started talking about it more vocally. The last month, we made it a part of our sales kickoff. Will make it a significant part of our customer education programs. We're going to launch a whole bunch of websites and assets, educate our own teams as well as Provide perhaps 0 Trust consulting to our customers to get them to a place where they understand that 0 Trust is not a product by product solve, it's actually an enterprise solve that's needed. So to your point, yes, we're going to do a lot of effort.
I've spent a lot of effort in the next 6 to 12 months to drive the understanding around 0 Trust Enterprise because It's helpful for us because it will lead to more product sales for Palo Alto. In terms of the three boxes you saw, we don't cover, Actually, the same box, Identity Access Management, which is more the traditional identity players out of the marketplace. There's a very simple API integration with any identity provider that a customer chooses to deploy, which we can connect with and deliver the entire 0 Trust solution At Palo Alto Networks then, I don't think our shareholders would like us to acquire or build independent identity capability just to be able to replace something which is working just fine. So From our perspective, we're very happy to integrate and partner, which is not a special partnership. It's a simple API integration that is needed to deliver our solutions.
The complexity is more And the policy aspects of it and how do you go make sure that you're inspecting the traffic across any form factor in a consistent basis, not integrating with an API from identity.
All right. And our next question comes from Justin Roach of Piper Sandler with Adam Borg on
This is Justin on for Rob. I just wanted to ask around the newly announced OkiyoGuard solution. How should we think about this Product within the 3 year framework of revenue and billings growth, how much do we realistically think it could add over the next 3 years and maybe the size of this market could reach?
So look, Okiyo is part of our overall product portfolio. We're not separating out guidance for Okiyo. It's as you might have, if you saw the Okiya launch as a product is very near and dear to my heart and aspirations for our company. I think it's unique in its ability to solve An enterprise security problem at home for our users where they want the simplicity of deployment, both at the home, to be honest, and also on the SMB front. So we have a lot of expectations from the product.
We're not separating them out. It's part of the overall envelope we've shared with you of trying to Achieved north of $8,000,000,000 in revenue and $10,000,000,000 of billings. And hopefully, in it's an early we just launched it literally 3 days ago. As we get more experience, more understanding, Perhaps in a future Analyst Day or a future quarterly call, we'll give you more insight into how it's progressing. But for now, really excited about what the teams have built, Really excited about the technology that's going to get deployed and look forward to good success from it.
All right. And our Question comes from Adam Borg of Stifel with Catharine Trebnick on deck.
Great. Thanks so much for taking the questions. Just on the service provider vertical, I was just hoping you could give a broader update here. I know we talked about it a little bit today, but what if Opportunities really excite you here and your efforts are really further penetrated. Thanks so much.
Priyank, You want to take this, Moli? Sure.
I'd say from There's a couple of areas that are particularly important that we've been spending a lot of time on and we've shared a bit with you over the last really last year in terms of some of This focus, one is, if we look at 5 gs, obviously, there's tremendous opportunity to not just Sell 5 gs security to the providers in order to secure their environment, but actually to partner with them because one of the key aspects of 5 gs is It opens up an opportunity to really provide value add services on top of the connectivity. And we're seeing, I would describe that as being very early days still, but a very interesting opportunity as 5 gs potentially becomes a mechanism for A lot more enterprise, critical infrastructure and other types of connectivity to shift from more traditional networks. So that's one. And we Anand talked about that in his presentation earlier this morning. And so we're seeing some of the early opportunities there and it's exciting and interesting.
The second is really around Sassy and We believe that there's a unique opportunity for us in being the most comprehensive SASE solution, which is combining Prisma with the cloud delivered security with Prisma SD WAN and to actually deliver that as an integrated solution through Our service provider partners, where they can actually help migrate their customers to a full SaaS solution as opposed to doing MPLS to SD WAN trade Which is sort of the typical motion that we've seen over the last few years. And so by going to a full SaaS solution, it's a much bigger opportunity for them And it's an opportunity that we're much more uniquely positioned to be able to partner with Aon to deliver.
Great. And our next question is from Catharine Trebnick of Colliers with Ben Bollin on deck.
Hi. Thank you for taking my question. Mine's around automation of data. You talked about that quite a bit in your presentation. So could you, Leigh, perhaps give an example of Where you see that in 2024, that would be more expedient and more secure versus integration of the different Three pillars.
Thank you.
Sure. Where I see it is basically, Hopefully, every one of our customers achieving the metrics that I shared with you earlier this morning, that being able to Easily ingest all relevant security data to be able to drive the security analytics as much as possible, obviously, in line prevention, But where needed to be able to drive real time detection of potential threats and attacks. And I know that sounds really simple, but there's actually a lot of sort of technical work that will need to go into making that a reality Across the industry, like what we've been able to accomplish. The second is, I have this view that in 3 years, I'm hoping I'm here telling you that We've been accomplished 100 percent automation in a fair number of customer environments. I just believe that manual response work can't be the answer.
It simply can't scale, particularly when The attackers, the attack landscape, they are using automation to run their attacks. We as defenders can't then respond to that with manual Response mechanisms. We have to automate everything we possibly can in order to be able to keep up with and get ahead of these attacks. I believe it's possible. I believe we're seeing through the automation that we've been able to build out with XR, The ability where we've integrated that with XGR and Expanse, we've proven that we can connect these dots together, that we can connect data, analytics automation to drive these outcomes.
Now it's just a matter of scaling that up, making it more broadly consumable from our customers.
And our next question comes from Ben Bollin of Cleveland Research with Yoon Kim on deck.
Good afternoon, everyone. Thank you for taking the question. Nikesh, I
was hoping you could talk
a little bit about the consolidation opportunity that you see into the future. Maybe you could share a little bit more about Which technologies or services you think are on more of the front end of that opportunity? And which technologies you feel are Perhaps later and maybe a little bit longer tail over time. Thank you.
So Ben, as you've seen from a scale perspective, we are seeing Slow and steady consolidation in the network security stack, right? As the pandemic has caused this surge in SASE, It's kind of interesting. Customers who are now deploying SASE from Palo Alto Networks, we're having conversations with them if they're not a firewall customer that perhaps their next iteration when their Firewalls come end of life, it's some other vendor. They can actually reverse into Palo Alto firewalls because they already have deployed the policy frameworks and all the remote Security aspects from our SaaS solution. So we're actually seeing SaaS lead firewalls follow in certain cases where we have not had the opportunity To replace hardware in some of our customer situations.
So there is that cross product consolidation that is happening from a SASE perspective. Cloud is very new and I think there's 3 types of cloud customers, customers who have either scaled in the cloud and they need a platform solution, their existing solution is not working, which is where You find our sweet spot on Prisma Cloud. There are customers who are still dealing with single clouds, so they're actually comfortable with the CSP solutions that are provided. But we expect as they get into more complex hybrid cloud environment, we'll see them come adopt the Prisma Cloud Platform. And last but not the least, as the customers still dealing with open source security solutions, which we don't understand why they would do so because you shouldn't use open source solve for security.
And we think as they get up to maturity curve, they're going to come chase the Prisma Cloud opportunity. On the Cortex front, I think the consolidation will happen in a more measured fashion as the capability of the Something like the XDR platform expands where it can replace other ingestion type only technologies and other SIEMs which need a whole bunch of overhaul. I think that's a longer 3 to 10 year outcome, but that will happen. So I think in terms of rank order network security first and XDR and SIMS after.
And our next question comes from Yoon Kim of Loop Capital with Nehal Chokshi on deck.
Thank you. Another question on Cortex side of the business, especially Delsor, very impressive performance metrics on your SOC and SIM Solutions, just curious on how much of that data that your SIM solution or SOC operation, the SOAR, Is really analyzing the data from Palo Alto's product versus other security software vendors who may be your competitors, maybe Point solution providers. And also, are you finding any issue getting access to data from non Palo Alto security products? And just wondering how cooperative everyone is in this security software industry in letting other competing vendors analyze their own data when Almost everyone seems to have their own analytics products. Thanks.
Sure.
So the data really the data access, data ingestion is more of an XGR aspect. And I'd say with maybe just 1 or 2 exceptions, We're able to get access to and work with security vendors and other vendors to easily get access to that data To understand it, be able to ingest it and utilize it. I think that's a motion that the security industry at large understands Needs to be done. And to some extent, it's driven by the end customer. End customers are just unwilling to buy products that basically Ring fenced their data and won't share it with others because really at the end of the day, they need the right security outcome.
On the XOR front, Maybe if I could, I'll share with you a little bit of just how quickly the ecosystem around XOR has increased. About a year ago, we had about 3.50 playbooks. These were the automation programs, if you will, We have 350 of these in our marketplace for XOR. Today, we are closing in on 750 of these content packs or playbooks in XOR. And well over 100 of those were contributed by partners and customers and And even in some cases, security competitors that understand that having their a playbook optimized for their product in XOR is actually good for them.
And so in Exor, we continue to drive a very open ecosystem that allows us to automate everything that a customer may have And make it as good as we can possibly do, given the data and the APIs that they have available.
Great. And our next question comes from Nehal Chokshi of Northland Securities with Taz Koujalgi. Next.
Yes. Thank you. I enjoyed Nir's presentation especially, And I like the way he simplified 0 Trust architecture across the different elements and broke it down into 12 cells here. But is it really necessary to conduct 0 trust across all twelve cells. Aren't some of these overlapping?
And Does this represent basically an unnecessary hit on performance or unnecessary additional costs if you were to do that across all twelve?
Which one would you like to not do it on? Sorry, I'm going to have Lee answer the question. But the vulnerability is where, so whichever you don't do it on, You leave yourself open for bad actors to go intercept your business. But Lee, did you want to give it a more much better response than I can?
Well, no, Look, I think that's actually the in some ways the right response. The whole point of 0 trust is you have to remove the implicit trust That is baked into most security architectures. And so as soon as you ignore one of Those boxes and what Nir described, you're basically accepting implied trust. Everywhere that you accept implied trust, You are opening yourself up to risk. And I don't believe that there is a performance or scalability trade off in doing so.
Actually, Nir made a very salient point that may not have been immediately recognized when he said, By taking a 0 Trust enterprise approach that he was describing, it actually makes security operations easier, Because instead of thinking about all these different aspects as unique use cases that you have to customize for, It actually all effectively becomes a single use case that you simply apply everywhere. And so I see scalability benefits To being consistent in your approach to 0 Trust. And that's the 0 Trust enterprise sort of architecture View and enablement and thought leadership that we are now going to go drive in the market over the next 6, 12 months.
And our next question comes from Taz Koujalgi of Guggenheim With Pierre Ferragu, next.
I have a question on the firewall as a platform Growth going forward. Regarding to mid single digit growth in product, we're seeing a form factor shift towards software, towards SASE. When you combine the product growth of mid singles and growth and shift towards SaaSy and software firewall, what does that mean for firewall as a platform growth going forward? How should we think about That bucket. Deepak?
Yes. Taz, thanks
a lot for the question. I think, look, we've had very strong results in firewall as a platform, as As you know, like strong double digits with a 2 handle, as Nikesh had mentioned before, there's no reason to assume that, that won't be the trend going forward. We feel very strong about all the different components about what we have there, about our software transition like the As Nikesh had said, the firewall hardware refresh, people coming back from the pandemic, it's just an addition to what is a trend that
And our next question comes from Pierre Ferragu of New Street Research. And our last question comes from Shaul Eyal
on up
Thanks for taking my question. It's about 0 Trust security again. So when I look at the presentation, I thought there might be maybe one dimension missing in the diagram, which is Artificial intelligence and machine learning, so you're leveraging more and more on that to In your architecture, and that creates an area where the question of trust arise again in a different way, which is that You end up having a very, very rich set of features to protect the infrastructure and applications of your clients. And as you process them more and more through machine learning and AI, it creates like a trust issue like which That part of the process in some ways remain the black box. So is that something you're looking at and something that is a concern and you have that in your when you're looking at your architecture?
So I'm not sure if I fully understand the concern aspect. What we see is Everything that Nir described relative to removing the implicit trust, verifying the identity of the user, verifying the identity of verify and identify the application and content and enforcing policy based on that. From my perspective, where the data, AI, ML analytics layer in is once we allow a connection, You still need to continuously monitor that connection and make sure that it's still adhering to What you anticipated it was going to look like when you allowed in the first place. So for example, if I'm connecting to an application, There is a certain assumption about who I am, why I'm accessing the application, why that connection is allowed. Now the data collection AIML Layer that comes in is to then monitor that connection and make sure that it's still behaving the way that was anticipated.
And then to be able to do that Scale across an entire enterprise and to be able to do that in an automated fashion because obviously that becomes Far more data than any human can analyze. And so we see that as a fundamentally important aspect to A comprehensive approach to 0 trust that integrates very nicely with everything associated with the initial Sort of 0 Trust Access Policy Enforcement.
And our final question is coming from Shaul Yal of Cowen. Joel, you may proceed.
Thank you for squeezing me in. Thanks for providing your profitability guidance and the qualitative commentary around it. Maybe Deepak or Jan, can you talk to us about your organic hiring plans within the timeframe between now and fiscal 'twenty four, Percentage wide, maybe how many employees you plan on adding within this time frame, give or take?
Yes, of course, I can. As you will have noticed over the last year, we hired a significant number of people and we're now over 10,000 people. By the end of the year, obviously, we're unsure about attrition, although it's rather low at the moment, as you can imagine. We think we'll be about 12,500 people.
And with that, we will conclude the Q and A portion of our event. I will now turn this back over to Nikesh for his closing remarks.
Well, first of all, I want to thank all of you for taking a substantial amount of time in your day to spend with us and Listen to our plans over the next few years. Couldn't be more excited about our team, our employees at our company who have done a phenomenal job in getting us here, Our customers and our partners who are part of the journey and us trying to be a cybersecurity partner of choice. I also want to thank my team who worked laboriously and diligently over the last few weeks to try and get us to a place where we are able to share our strategy with you. So with that, thank you, and I look forward to meeting all you guys in person in the near future.