Welcome, everyone. Apologies for the delay here. I'd like to welcome you to the Innovation Briefing at Zenith Live. Before we get started, please take a moment to look at our Safe Harbor statements. Quickly go over them after this. We'll start off with some comments from Jay, talking about Zscaler's platform expansion. Following Jay, we'll have Adam who will double-click into our SOC strategy. After that, we have a special guest, Brian Beyer, who is the co-founder and CEO of Red Canary. He'll talk about Red Canary's EDR technology. We'll break for lunch and reconvene with a demo on the AI solutions from Phil Tee, who is our EVP Head of AI Innovations. Following Phil, we'll have Dhawal Sharma talking about Zero Trust Cloud. I know that's an area of interest to many of our investors. There are still some lingering questions around that.
We'll have a customer talk about their Zero Trust Cloud journey with us. Of course, we'll have Dhawal for the product Q&A session as well, which follows customer Q&A. After the product Q&A, we'll have Mike Rich on stage talk about the go-to-market strategy, key priorities heading into fiscal 2026. Then we'll end with executive Q&A. I know many of you want to get back to CrowdStrike, so we'll try to end it well before two, targeting 1:50. If we get it done by 1:45, it's a win. We'll try to get it done with that. Let me welcome Founder and CEO of Zscaler, Jay Chaudhry, onto the stage, please.
All right. Thank you. Thank you, Ashwin. All right. All of you had a chance to listen to our keynotes, right? Did? Hopefully, that answered most of the questions. All right.
I'll make a few comments. If you look at our focus area, we are, you've seen our story evolve. Zero Trust started with ZIA to ZPA to ZDX. Then it became Zscaler for Users. Zero Trust Everywhere has become a big story. Data security is one of the fastest growing areas for us, a sizable area. It's a natural extension for us. And Agentic Operation, this is the new area of evolving and growing. Red Canary acquisition is part of that story for us. In addition, we are making sure AI is getting embedded in all areas. The way we do detection today, even in inline, we do data loss prevention. All that is getting changed. Internally, we're embedding more and more AI to do all those things in a much better and faster fashion. Disrupting our own cells is a good thing.
The key is the proxy architecture built is our biggest advantage. You're the checkpost. Everything comes to you. You can swap technique A with technique B, but that's the biggest barrier to entry for us. This slide, hopefully, you saw the evolution. This is basically saying, as a Zero Trust Everywhere, any entity to any entity, showing you the key destinations on the top and the key entities that are trying to reach on the bottom. This rounds out the story. It'll be very hard for someone to come from behind and say, "I can do all this." A lot of people who try to say, "Gee, we do what Zscaler does at a third of the cost," are trying to catch up on the user functionality. Workloads have their own nuanced tongue.
There's a common thing as an exchange, but identities of workloads, requirements, segmentation, north, south, east, west has. Things are built and evolved. IoT has become a good story, not for just communication, now with AirGap integration. The Zero Trust device segmentation is making it very, very strong. The latest area I covered is the AI agents, their communication, LLM models. We are very excited. The story is becoming very, very clear. To make it happen, we had to evolve our exchange. Its core foundation has been solid. We started with when we said internal access. The exchange had to figure out all the policy checks, all the detection need to be done for private access. It had a different set of functionality and checking involved. B2B collaboration, you heard, is a massive opportunity. Every customer wants to connect with every customer.
Maybe it's a user side of it, but site to site side of it. We got customers taken in medicine or hospitals that connect into thousands of other sites, site to site connection. Think of the third-party supplier risk. This kind of stuff takes care of it in a very, very clean Zero Trust fashion. For AI, the LLM proxies and supporting MCP exchange kind of stuff you heard is giving us a wonderful foundation you heard. If I show a little differently, our Zero Trust every is evolving. Users, workloads, IoT, OT. On the AI agent side, there's a lot of work going in this area. You're going to see more and more functionality come in this area and some of the customer engagements as well. That's new. You heard about data protection, data security evolving.
The biggest new focus area besides SaaS and endpoint and data center and cloud is LLM and AI applications. Lots of data sitting out there that need to be protected. Bad actors being able to reach those models creates a problem. It is an extension for us. We talked about really expanding from Zero Trust to Agentic Operations. If you think about for the last 15+ years, we had one North Star, be it the switchboard, the policy engine, the exchange for anything to anything. That story has evolved, has grown, it is beautiful. Now being able to take all the important data we create out of that and being able to create value out of that is what you heard us really evolving. The story started about 18 months ago, about a year ago.
We acquired Avalor as being the data fabric for us, which is very good. Most companies we see out there do not really have anything like data fabric. They are trying to do the stuff. They put together some little stuff in their Hadoop-based stuff. We had done that stuff too. Once we saw Avalor, we said, move over this homegrown stuff. It is a real product, real technology that is helping us. Combining that with Red Canary is giving us a big, big advantage. I do not need to go through this slide. You saw that the message here is really building a number of agentic technologies, agentic task agents that can do particular tasks, perceiving, reasoning, action being taken. It is getting very exciting. They are all coming together. The one area where you can take advantage of all of that far better is the security operations area.
You heard about Red Canary, so I'm not sure I need to go through it again, but I'll highlight the fact that our own data, our own security research expertise combined with Data Fabric and now with Red Canary that's bringing agentic AI technology and their expertise is giving us a signal acceleration to get to the market. I covered a little bit during my keynote that we're not moving away from technology and becoming an MDR company. MDR is important expertise for us to understand and have. Having this technology and expertise combined with Data Fabric gives us a great position to really succeed there. I won't cover it. When Brian is here, Brian can make comments about some of the great technology he and his team have built. This actually is impressive. With that, maybe Adam, you can make some comments.
All right. I guess I can.
Come in. Don't worry. I can see you sitting back there.
All right. Thank you, Jay. Okay. All right. Thank you, everybody. I know many of you saw the presentations from this morning. Some, I think, on the live stream will have not. I'll do a little bit of some recaps and looking forward to conversations also with everyone. I'm going to spend a little bit of time on the AI-powered SOC and sort of the strategy here. I think the biggest aha for me when I joined Zscaler about eight months ago was I didn't fully have an appreciation for the kinds of signals and data that Zscaler actually generated. I've been in cyber for 25 plus years, but I hadn't really seen it.
I think part of that surprise was that sometimes Zscaler does not do a good job of sharing that information. We have these interesting vantage points because so much of the traffic is authenticated. We have identities. We understand we are doing decryption. We are seeing all parts of people's networks, on-prem, in cloud, endpoints. Those vantage points really actually built up a tremendous amount of information that we can see as a company. The question is, what do you do with it? Of course, there are the protections. These are some of those elements. I broke them up into three categories because I think they are different. There are detections that are something bad is happening right now. There is an incident. You need to investigate it. A lot of what Zscaler does inline is a detection. Sometimes it is a prevention.
It's a flat out, "Hey, we're blocking something bad." That's still an important signal. Other times, what you're getting is a signal that there's something potentially malicious. You need to investigate this or you should look into it more. There is the whole rest of it, which is just the broader context, which when you have it, when you know about a device or the posture or what user is working on that device, when you do need to investigate an incident, that data is super helpful. That's what we've been trying to spend time to do is figure out how do we bring that together and make it very usable for our customers.
I framed this up, broke it out a little bit differently in the keynote, but I've been working on this kind of slide and this view probably for the last five or six months to try to think about how do I want to talk about and want a customer to understand and all of you to understand how Zscaler's vision is expanding. You could see and understand that first piece. That's what everyone knows Zscaler for. Inline, in the path of traffic. For the most part, it's real- time, but it's meant to cover all users' applications, all data. Very well known for that. As you see and know, continued tremendous investment in that area. These other two parts of a comprehensive security strategy, though, are what we're calling out and focusing more on.
The second part, which is what do you do before the bad event happens? This is sort of the proactive side of security. You have to understand continuously what's my posture, what's my risk, what's my exposure, my vulnerabilities. Also, you get a sense of how am I doing, but there's no specific incident you're responding to there, but you have to continually crank that wheel to try to get as good as you can. There's a whole bunch of prioritization that needs to happen there because there are more signals than you can actually deal with. Which risk or which exposure is more important to deal with than the other? That's what that middle one plays out as. The last part, which is really the newest for us, is when the bad thing's happening right this second, how do you react to that?
What do you do? Having spent the last four years in the Siemens SOC space as the CEO of Exabeam, I spent a lot of time in this area. Here, it's all about how quickly can you detect something? Can you understand the scope and context, the blast radius? Is this an incident impacting one user or all of my users or in a particular area or on certain kinds of devices? To know and understand all that and then be able to quickly automate the investigation and the response to that incident. These are sort of the three pieces as I'm laying them out. That's what sort of comes together for Zscaler. We've got that first-party signal and data on the left-hand side of this picture. The right-hand side is what Jay mentioned.
This is the acquisition of Avalor to give us the foundation of a place to send all of this data and make sense of it. Because the point of that data fabric, both first-party signals from Zscaler and the third-party signals from 150 different connectors of data that we can pull in, that creates context. It creates relationships between data and information around entities. An entity could be a user, could be a device, it could be a workload, it could be an API. You want to have all the different relationships and understand that because when you then go build security capabilities, you want that context in there for when you build out exposure management and Threat Management capabilities. The piece in the middle too, which I didn't talk about on the big stage, which is very important, is this is bi-directional.
The first-party data, Zscaler's got to send data over, but very importantly, that signals and context, we have a current risk score for an asset or for user. Because we are inline in the path of traffic, we can use those signals in our dynamic policies. Sending back those signals back to Zero Trust to say, "Hey, based on what I know right now, this is the risk level for that user. You should use that in your policy constructs." That's something very powerful that we can do because we have both sides of this picture. Jay shared this slide before, but I'll just briefly state it because it shows some of the product names under it. On the left-hand side, continuous threat exposure management. We do have products and capabilities here. This is where Avalor's Unified Vulnerability Management sits.
We've had an External Attack Surface Management product so customers could understand their external attack surface. In February, we released our Asset Exposure Management. It's still early, but got tremendous response from customers because it's really meant to be a continuously updated golden record of your assets. Those assets, again, can be broader than just a device and a user. Those are really the entities and the relationships between those. That system is great for just understanding context. It's really valuable for feeding into the Threat Management side. Described in the Threat Management, we had some pieces. We generate some interesting signals with our inline, our deception capability. I mean, it's a high-fidelity detection because when someone trips up and goes to a Deception Decoy, there's no good reason for them to be there.
It is a high-fidelity signal that some behavior is happening that you need to look into. We have that capability. We have our Breach Predictor and our ITDR, so focused on identity threats. We had not really brought a lot of that together. Tomorrow in our SecOps keynote, we are going to talk more about how at Zscaler level we can bring that together. This also is the area where we believe the investment through the acquisition of Red Canary is going to help us accelerate in this right-hand side, this Threat Management side. We kind of tie it all together, the three big pieces just to close and wrap up my part here a little bit rapid fire. You can think of three big pillars at a company level: Zero Trust Everywhere, Data Security Everywhere, and Agentic Operations. There are natural relationships between them.
They're not all one product. They don't need to be one product, but they all generate context and signals. They all get leveraged and can be consumed, and they feed back into those products to make data security and Zero Trust Everywhere much better. All right. With that, I'm going to hand it over to my new best friend, Brian Beyer. There you go.
It's a dangerous position to be in your new best friend spot plus your guest speaker right before lunch. I wanted to start with a picture that I most commonly talk to our customers about and that they use to describe what Red Canary does. It is this flow where we start with a tremendous amount of security data on the left. We're taking in trillions of telemetry records. This is petabytes of security data per day, hundreds of millions of security alerts. We're identifying potential threats. Other products are identifying potential threats. We're performing over a million investigations for our customers every single quarter. Of those million investigations we perform, at the very end of it, you end up with about 15,000 true threats.
This is the journey the typical SOC today is going through, except they're getting stuck with the tremendous amount of data, all the investigations they have to perform, and they can't actually identify the signal from the noise. In order to understand how we do that and how do we do that with quality, with efficiency, Red Canary uses this flywheel.
Red Canary is this system that brings together our platform, which is purpose-built for security operations, a specific set of processes for how to conduct these investigations, and then a tremendous amount of expertise throughout various functions of the SOC, whether that's Threat Intelligence to understand what adversaries are and how they operate, Threat Research to understand which new vulnerabilities they may create, the actual investigation of these threats, the response, the communication of how do you contain and eradicate threats like this, all through this process that is this flywheel where we bring in tremendous amounts of data, we find potential threats, and then we get to this key step where we are applying prior learnings and data. We're looking to see, have we ever seen this investigation before? If we have, if we've seen something like this, the Red Canary platform automatically reconducts the past investigation.
We're able to communicate to a security team, "We've identified this threat. We've already contained or responded, or we're giving you the information you need to respond." That flywheel then results in more data coming through the system. It's only when we see something new and novel and interesting that we have to go and put an actual person or an agent to conduct the investigation itself. It's only a fraction of the time that we have to do that investigation. What's very unique about the Red Canary process is that at every step of this process, we are producing tremendous amounts of labeled data. That labeled data is the key that goes into training Agentic AI Agents, LLMs that are purpose-built for inside the SOC, all so that those agents can do these responsibilities for us.
If you compare and contrast that and look at those agents, what you'll typically find is the typical agent in the SOC is this autonomous agent. You tell the agent, "Hey, you're an expert SOC Analyst. Go investigate this threat for me." It's like telling a genius-level, like genius IQ-level toddler, "You're now an Expert SOC Agent. Go figure this out." Every once in a while, it amazes you and it wows you and you read a blog post about it and it's amazing, but most of the time it's highly inconsistent. The quality is highly variable and it tends to lead to very frustrating security experiences. On the other hand, Red Canary's agents are imbued with all of this training data and the specific SOC procedures and all of the expertise we have in Red Canary.
Everything we talked about on the previous slides, over a decade's worth of this training data all gets imbued into these agents. When we have an agent that is instructed to perform an investigation, we're saying, "Here are the exact specific procedures of how a great SOC Analyst would investigate this. And here's the exact procedure of how a great incident responder would investigate this. And here is a decade's worth of training data. And also, here is what thousands of great investigations even look like." When all of that is combined together into these agents, you get highly consistent, very high-quality, predictable and proven results inside the SOC. That is what Red Canary is bringing together through our service to customers and now will be as part of the Zscaler product portfolio. With that, Ashwin, I'll turn it back over to you.
Thank you. All right. We're still waiting for the acquisition to close, so just be mindful of that. We'll take a break now. Lunch is served outside. We'll meet at 12:30 in 29 minutes. See you back here. All right, welcome back. Hopefully, everybody got a chance to grab some lunch. We were planning to do an AI demo initially, but I just learned that Phil Tee is still stuck doing customer demonstrations, so I thought, you know, it's a better thing to do. Why not let him continue engaging with customers while we continue on with our show? It's my pleasure to invite Dhawal Sharma, EVP Products and Product Strategy, to the stage to talk about Zero Trust Branch and Cloud.
Thank you, Ashwin. Good morning. Good afternoon.
Yeah, we talked about how we are now extending Zero Trust Everywhere with two new frontiers that we have been tackling in recent time: Zero Trust in the Branch, which also implies campuses, factories, and hospitals, and all the physical sites, and Zero Trust in the Cloud. Zero Trust Branch, basically, we have brought two technologies. One, organically, what we have built as Zero Trust SD-WAN, which eliminates the need for East-West firewalls and SD-WAN devices in the branches by securing all the external communication, anything that leaves the branch or coming from outside in, by embedding our Zero Trust architecture with ZPA and building all the advanced routing functionalities in the same appliance, and the acquisition of AirGap Networks, which secures all the internal communication that happens within your environment.
The concept of this Zero Trust Branch, or Cafe-like Branch, is something we have been talking to our customers about for a while, seeing strong validation from analyst firms like Gartner talking about Zero Trust Branch or Zero Trust Networking on the same lines. What we have been doing in the last one year and working really hard is for our customers to have one single unified appliance that can scale from a small branch to a large site or a campus. Going anywhere from 200 megs of egress throughput to 5 gigs of throughput. Instead of deploying two separate appliances like they did in the past, they basically get a single gateway appliance for their WAN and LAN and can build more identity context-driven policies for non-human devices like assets and infrastructure within their environment as well.
A lot of customers who started with Zero Trust SD-WAN are now able to bring East-West segmentation or agentless micro-segmentation within their environments with this technology. Cloud is something on which we have been working on for a while. We have had thousands of customers, as I mentioned, securing their egress to the Cloud. Cloud environments are also very dynamic. We have now done petabytes-scale deployments for customers' cloud workloads. We started with a big focus public cloud, like going across multi-region, multi-Cloud, what is running inside customer environments, securing all the traffic flows. A lot of our customers are on their Cloud migration journeys, still have data center footprints or are retiring data centers, and are multi-Cloud, where some application is public cloud x, and then the data store is in other public cloud.
We are able to secure all those paths in some of the innovation we have been building. Internet offload becomes the first use case with many large organizations, especially financial organizations who are running multiple virtual infrastructures public cloud, backhauling their traffic over expensive circuits, and then doing security in data center. We can dismantle that entire infrastructure with our Cloud Workload Protection offering. Also, the friction to deploy cloud solutions goes away with this architecture. A lot of our customers are actually building virtual firewall-free enterprise with our technology stack. The second use case, which we started deploying in a lot of these customers now, is doing segmentation or securing workload-to-workload communication within their boundaries, whether they are within public cloud, like going from a VPC X to VPC Y, multi-region, multi-Cloud, and also hybrid environments like data center to Cloud. Customers could have any form of underlay, such as private interconnects or ExpressRoute. We can secure all those channels. To simplify how our customers adopt this technology, because this needed some form of Zscaler VMs to be deployed in their environment, we basically... That will take a few hours of planning and deploying this infrastructure. What we have now introduced is a Zscaler Cloud Gateway. Think about a Zscaler VPC equivalent running across the public cloud, multi-region, multi-Availability Zone. Customers can just achieve the next level of automation by pointing their traffic to us, no need to deploy any virtual infrastructure. Customers can literally deploy this in minutes and do not need to wait for hours or go through architecture reviews for deploying this architecture. This is fascinating. We have a lot of customers who are asking for this. This became generally available as of last week.
I want to invite a customer, Yoni Kaplansky, who's here in the room with us. He's VP of Cyber Architecture, Engineering, and Operations at FICO. Last year, CISO at FICO, Ben, was on stage with me talking about this solution. Since then, they have adopted this across the board. Bringing Yoni to answer questions for you.
Good afternoon. Yoni Kaplansky, I'm with FICO for the last eight years. I'm running all the architecture, engineering, and operation. We started our journey with Zscaler in 2018. We started with ZIA. That was mainly my first project in FICO, which was a really great success. In 2021, we started our ZPA, Zero Trust project. No one really believed that we can do a full Zero Trust in three months, but we did it.
With the help from Zscaler, with the right planning, we were able to completely cut VPN communication to the organization in three months. In 2023, we started to look at Cloud Connectors. I do believe we were one of the first customers with the Zscaler Cloud Connectors. Our approach was, after with our Zero Trust project, after we took care of human-to-machine connectivity, we wanted to take care of machine-to-machine connectivity with the Cloud Connectors. We are probably around 45%–50% implemented right now. We have a very large AWS environment, and we're doing gradually cut over, moving account after account to that. We see the benefit of it immediately. Some of our pain points with that was we had too many egress proxies. We wanted to standardize everything to ZIA. We had limitation of what's called peering, allowing VPC-to-VPC peering in AWS. We solved that with Cloud Connectors.
We also had additional costs that were accrued in AWS, which we were able to control with using Zscaler Cloud Connectors. We're probably going to finish the project in the next between six to nine months, and then we'll be fully deployed. We do use ZIA and ZPA with the Cloud Connectors, which allow us to really secure our AWS environment to the level that we didn't see that any other technology can provide us. That's kind of the intro. I will be more than happy to answer any questions that you have.
Thank you, Yoni. If anyone has questions, we'll start with Saket and then go to Roger.
Excellent. Thanks, Yoni, for presenting. Really, really helpful. I want to dig into the Cloud Connector piece of your implementation more directly. What were you using before for cloud security?
There are so many choices out there for cloud security, whether it's a Wiz or a Palo or a CrowdStrike, right? Like maybe some vendors that you work with already. What kind of tipped you over to kind of consolidating yet another piece with Zscaler in a market where there are other alternatives?
We were using basically AWS security before. We are using Wiz as our kind of CNAPP solution. From a network security perspective, we were just using the basic AWS, which adds its own limitation. When we started the journey in 2023, we were so...
I'm not saying that we were satisfied, but we were just so invested in the technology from Zscaler with the way that we worked with them, with their customer support, with their account management team, with the overall company that when we decided to go to the machine-to-machine Zero Trust, we didn't look anywhere else. It was clear to us that we will continue with Zscaler because they have the leading technology. We just went with them. I want to clarify the position. Your question to Saket is a good question. Cloud security. You can think of it. Your question actually talked about three buckets. One is workload-to-workload, machine-to-machine communication. The only way that's done today is some kind of firewall technology. It could be AWS Firewall, Palo Alto, or other firewalls. It's kind of network security you said.
Typically, a rules, ACL, IP addresses, who can talk to. That is one piece. What we did with Zscaler is that communication piece. It is being done with firewalls from either firewall companies or hyperscaler has some of the basic firewall functionality. That is what we are taking out. Our mission is there should be no firewalls in the Cloud. Think of it this way. You know ZIA for users, you know ZPA for users. Think of ZIA for workloads and ZPA for workloads. Same thing. That is what we do. The second part was, why not CrowdStrike? CrowdStrike provides one of these Gartner acronyms. You put an agent on the workload machine, just like our endpoint. It is looking for good or bad stuff on it. That is one area. Gartner used to call it what? CWPP. Yeah, CWPP. Okay. That is second. We do not compete in that space. There is a third bucket. It is posture management.
It used to be called CSPM, CI, whatever, and now it's CNAPP. It is API calls. Nothing to do with what we do here. Three buckets. Our bucket is very clear to be in line. One of the hardest things to do is to get in line. There's not much competition in that space. Either you do firewalls or you use Zscaler Zero Trust. One of the things that were our pain point and we solved it is that usually in many organizations, the IT department is not managing the AWS accounts. It's whoever business unit or account owner is managing it. He can change the firewall. He can do whatever he wants. When we use the Cloud connector, the policy is managing it. We're basically enforcing a higher-level policy that account owner cannot change.
He can still do whatever he wants in his own bubble, but he cannot influence the overall picture. He cannot risk the overall company. That's what the Cloud Connectors allowed us to do.
We'll take from Roger and then Taz.
Can you hear me? Yes. Roger Bowe with UBS. Another question on Cloud Connectors. I think you mentioned about 50% deployed. Can you just talk about kind of what that looks like? What's remaining? Kind of has that implementation gone as expected? Some of the new announcements today, it sounded like Zero Trust Gateway potentially streamlined some of that deployment. Does that give you confidence to kind of hitting the timeline you talked about?
Yeah. We took a very slow approach because, first of all, we're introducing a change.
Every time that you're introducing a change into a company, you need to do it slowly and gradually so everyone will be happy. We move the cheese for a lot of the people. We want them to be happy before that. Second, we wanted to move gradually from really lower environments into kind of our QA and production environments. This is how we basically build our implementation plan. The third is that we wanted to create our own automation and our own assurance that we are deploying it right because all you need is one incident of something not working, and you will be shut down for a long time. Those are kind of the approach that we took to do it. We are in the level that we show the entire organization that we can deploy it. We show that we can automate it.
We showed that it cannot impact the actual business. We show that we can create savings to the organization. I feel very comfortable that we will continue as going, and we will meet our timelines.
Hi, it's Imtiaz Koujalgi from Roth Capital. I have a question on your Cloud Connector usage. If you speak to a firewall vendor, their pitch is that you have a single pane of glass for managing your cloud security and your on-prem security. You can use firewalls in the cloud, firewalls on-prem for your data center, and then you can manage it from your Panorama or whatever console you have. How do you solve for that given that, I guess, Zscaler is cloud only? Are you guys cloud only? Or do you guys have an on-prem presence also? That is part one. I have another second part of the question.
We are on-prem and Cloud. We are using Palo Alto for on-prem firewalls. The thing that was easiest for us is that we came with our requirement for Cloud security. Cybersecurity is the owner of that system, networking, doing the on-prem. It was never kind of who's doing what, and do we really need that one pane of glass for that? The other way to look at it is that with the Cloud Connector, you apply the policy, and that's it. You're not changing the policy. It's not constantly changing on a daily basis like you're changing firewall rules.
Really seeing both of them together and having that perspective was not really an important point for us because the Cloud Connector allows you to apply that policy, and you're not changing that policy unless there is a business reason for that, and then you're going through the regular process of approving it.
Got it. Second.
I heard that just as different any time.
In the data center, you know how you manage firewalls, IP addresses, ACLs? There's a lot of pain. In the world of Cloud, the pain becomes exponential. In the data center, you're barely changing applications. How often do you write or add applications in the data center? At a snail's pace. How fast do you build workloads, ephemeral workloads, and all in the Cloud? Much rapid pace.
Trying to do the same kind of ACLs and IP address in the Cloud for workloads to have the same single console to do both is a nightmare. It makes no sense. That is the story they have to tell. What else can they tell? The similar story gets told for the branch. Hey, Zscaler is pitching this branch thing. Why do you not have a single console for data center for every branch? The question is, I mean, huh? How many rules do you have in your firewall in the data center? 15,000. Do you have a second product to manage the rules of Palo Alto or Check Point? You know those companies, I am sure you heard of, AlgoSec, and there are three or four companies out there. That is all the businesses.
Do you want the same kind of rule set here, same policy in the branch? What are you trying to secure in the branch? How many servers do you have? Zero. What's the branch to secure? Nothing. How many rules should you have? Hardly any. This is a silly notion. They try to say a branch should be like home. Most of the time, larger branches may need some rules. Think of a typical enterprise. We'll say I have 400 branches. You say, must be small, medium, large, like T-shirt sizes. They all agree. You know, typical distribution is 80% are small, 15% are medium, 5% are large. There may be plants or factories, right? 5% of 400. It's a big number, 20 plants. Okay. You say, oh, these small branches.
Why do you have a firewall when you don't have a firewall at home? They're no different than home. None of that stuff is needed. It's just a legacy people trying to perpetuate.
Just a second part of that question. You mentioned you had ZIA, ZPA. You're also adopting Cloud Connectors. Now, can you compare, I guess, the scale of all those products? When you look at, I don't know, the number of users or spend, how does ZIA compare to ZPA versus Cloud Connectors? Are they all equal? Is ZIA still the biggest piece of your spend versus the other two?
Overall, it's kind of equal. FICO is around 4,000 employees. If you look at the total spend, it's kind of divided equally between the three of them. We're not just using those technologies. We're using also the Endpoint DLP. We're using also the CASB.
We're really investing in the overall technology stack from Zscaler, which is allowing us to really meet our security maturity that we need with that.
Thank you, Yoni. Thank you so much for your time. We'll move on to the product Q&A. I'll invite Jay, Adam, and Dhawal onto the stage, please. We'll start with Ittai and go to Yun.
Hi, Jay.
Hello.
Ittai from Oppenheimer. Great day, by the way. Super interesting announcements. Really appreciate it. I guess my question is around velocity, meaning for years you've tried to have a story against why an SD-WAN box is not needed, and it took you a while, and you got an SD-WAN box, and you're displacing. You're now with Adam's.
We have no SD-WAN.
Yes. Nonetheless,
We may call it Zero Trust.
Zero Trust. Okay.
That's only done so that marketing searches show up Zscaler.
Very good. Show up. Okay. I guess what Adam is working on, you're not going to call that SIEM, okay? You're going to call that something differently. That's fair enough. That's right. Zero Trust for SIEM maybe is something like that. The point I'm trying to make is that it took you years until you finally today got to a point where enterprises are at that level where, as Yoni said, we don't need firewalls in the branches. Only like the last couple of quarters, finally, you started talking about the number of customers that are actually doing this. If I take that evangelism process, how should I think about the vision of Red Canary and Avalor and the data that you clearly have a proprietary, a unique vantage point around data that others don't?
How do I think about the timeline and how much evangelism you're going to have to do to get that going?
It's a good point. You need evangelism, then you're disrupting things, totally new way of doing it. Okay? I mean, Zscaler, no firewalls, switchboard. It's very different. ZPA has been totally different. Zero Trust Branch has a lot of evangelism, but our customer is getting it. In the security operations area, we're actually, from end user point of view, it'll be a lot easier and simpler. Now, they don't need to build this big data lake and all that kind of stuff. I see far less evangelism needed in the security operations area. Because we are not trying to say, don't do this, do this. The problem they're solving is similar. At the end of the day, we're going to make it simpler.
Here's how you think about it. You know, when Palo Alto went from Check Point, that was not a big change. It was simple. In our case, Zero Trust was totally taking on firewalls. It's like Tesla going against all these incumbents. That was the different fight. Customers are already tired of security operations solutions. We are inbound demand. Lots and lots of customers want us to get there. It's going to take some time. We knew a combination of some acquisitions or internal stuff is going to get us there. You should think about when a company moves in a new space, you must have some core competencies. Otherwise, you shouldn't get there. We saw two core competencies we had. Well, maybe call it three. One, all the data logs, 500 trillion a day.
Security research team, we've got over 200 plus researchers, security research, serious research. A very large and eager and happy customer base. We needed the Avalor piece to do a better way of a data fabric without going to this big data lake all the time. That was the first piece of architectural stuff. Now Red Canary bringing the application side of agentic technology to us. It is exciting. I expect it to be far less evangelistic here.
All right. This is Yun from Loop Capital. Thanks for doing this today. Basically, as you guys are getting into data security and agentic AI security and whatnot, identities are becoming more important. Obviously, you have some foundational technology behind that through the ZIA and whatnot.
How much do you need to get into the identity security layer for you to be more effective in data security and agentic AI security? Or do you plan on continuing to partner with those people in those spaces?
I'll start, then Dhawal or Adam can go deeper. We've been asked many times to get into adjacent spaces. I've been asked so many times, why don't you buy an EDR vendor? Why don't you buy an identity vendor? We stayed away from it. We have clear ideas where to go to. We integrate with identity vendors. Now, there's next level of adaptive stuff we can do that Dhawal can explain to add more value on top of it. We are working with Microsoft on the agent identity. Microsoft is a natural company to do that. Working with them to leverage it is a good thing.
Core identity, we want to work with someone, but we have value to add on top.
Yeah. Look, we are a consumer of identity. If the identities are well defined for users, right, we consume it. What Jay talked about is identities are still very static. What we are able to do as a switchboard or policy engine is collect a lot of telemetry around the risk associated with identities and the risk signals. We compute things like risk score, but have a lot of raw risk signals like people connecting to guest Wi-Fi or people, impossible location popping up, hundreds of these attributes. All of these become context to the identity, and we build rich policies around it. We also are building APIs for our customers to take that from us and integrate everywhere in their environment.
When you think about non-human identities, like workload identities or identity of OT systems, we are, again, integrating with a wide variety of vendors who generate tags and labels. This is an area where, by virtue of how we get deployed, for example, in branch as a gateway appliance, we are profiling and understanding what these devices are, which become identifiers for them. We integrate with APIs of all the cloud providers and learn their identities. We talked about our micro-segmentation service, which basically builds the process-level identity map. Yes, we have more context and identity to enrich customers' existing identity systems because identity is a core pillar of Zero Trust. We are making it richer and richer. We do have capabilities around ITDR, identity threat detection response, that plugs into the broader security operations use cases as well.
Yeah.
Just maybe a quick add to both of those. I think, again, consumer of identities, not necessarily the creator of those identities, and for very specific use cases. You'll see a little bit more of this potentially tomorrow if you're here as well. In the security operations world, identities are super important. Identities are also defined very differently across elements of your organization. What looks like A Geller is also Adam Geller is also Adam G or A Geller slash local. Having a data fabric, one of the things we're using is to normalize that as well because that's about understanding context. Those are not different behaviors or different people. We want to understand that as one thing. That's another area where identity will be very important for us. We build on top of identity and deliver real value.
All right. Let's go to Adam and Junaid.
Thanks. Adam Tindle, Raymond James , thanks for doing this. Jay, I want to continue the conversation on Red Canary and the push into the SOC. As we think about that, most MDR and SOC plays have started with the endpoint and moved into SIEM and then pushed into the SOC, whether that's CrowdStrike buying Humio, Palo Alto, moving to XSIAM, and then having this path into the SOC. You're coming at it from a different angle, from the network and then data and then into the SOC. I just wonder if you could describe maybe the pros and cons to eventually moving into SIEM and endpoint. Sounds like you're not very interested in that, but if you could flesh out that discussion.
The second piece of the question would be how to manage the potential channel conflict as you move into this, right? By starting with endpoint SIEM and getting into SOC, I think it got channel a little bit more comfortable with that move. You are going straight into this, and you obviously have a very channel-friendly strategy. I wonder if you could touch on that as well.
Thank you. All right. First of all, where do you start? The easiest thing for an EDR vendor to start is from EDR telemetry. That is all they have. An EDR tells you if something got compromised or not. That is all it tells you. If you can really understand that and you have communication channel, you understand a lot more. Before a machine gets compromised, often reconnaissance takes place. We see all of the reconnaissance.
It's just that it so happened a few, couple of vendors started from the EDR side of it. Traditional SIEM SOC never started from the EDR side of it. That's why EDR, calling it MDR and XDR, all these are, nothing was useful. Okay? They kept on creating more and more acronyms, hoping that one acronym will be more useful than others. Eventually, also what's happening is, I mean, old SIEMs may have 100 sources of data, 150. Really four or five sources matter in today's world. Who cares about the logs from your router and switch and firewall in the data center somewhere? Most of the world is moving to the cloud. Our communication logs, extremely important. EDR logs, very important. Identity logs, very important. And some of the cloud workload logs, very important. That's really the big universe.
Anyone to do it right will need to get all those things. We not only have communication logs with our endpoint agent. We've got tons of telemetry about the endpoint as well. Even though we aren't an identity provider, all authentication and failed authentication attempts go through us. We got all those signals as well. It was the right thing for us to start the right way to say these are the core sources. We'll get some of the data sources, but 80% of the stuff you need is already sitting with Zscaler. That's what kind of gets me excited. In terms of comparative position, it's not a comparative position at all. We got Red Canary for the technology they built.
They kind of surprised us with the technology they had and the expertise and the way they were able to run this operation with amazing gross margins. I just couldn't understand how the margin could be so good. We understood it's a technology. They use the technology. Bringing the technology together, very complementary. Competing with others, we are going to remain a technology company. Having MDR expertise in some of the customer base is good for learning. If you don't have any experience in that space, I would say that you can't be a good provider of the solution. We have a small professional services team, but we don't compete with our partners on professional services. In fact, we embed sometimes our professional services with the partners to get them trained on it. Similarly, it's a massive world out there.
We'll remain a technology company, drive technology so our partners can use our SOC Ops technology to do managed services out there.
Take the last question for this session from Junaid. We have one more Q&A session after this, so we'll come back to Q&As.
Thanks, Ashwin. Junaid Siddiqui, Truist Security. Jay, data security has been and continues to be a tremendous growth vector for your Zscaler. One of the things you've talked about in the past is that you've got the best vantage point in terms of delivering data security, sitting in line, being able to inspect all traffic, going into all kinds of applications. Could you just talk about some of the newer modules under your data pillar that address the out-of-band and data- at- rest and how the traction has been in those specific modules?
Just overall, how do you envision that whole data security landscape shaping out as there are a lot of vendors that are trying to address that same pain point? Thank you.
I'll start then. Adam, you can go deeper into it. Our strategy is to make sure we secure your data no matter where it is because they want one policy. When all traffic is going through us, when it goes through the internet, and knowing that all data leaks through the internet, we are in the best position to really provide holistic data security for us. We had pieces to take care of that we completed in the past few years. Maybe Adam, you can go deeper into it.
Sure. Yeah. If you think about the different channels, right, and functionality, you need to be able to discover.
You have to be in the right spot to discover data. Inline's a little different because inline is very much you're seeing it. You need to be able to quickly classify and make a decision. Data security goes much more broadly than that. There's all about the discovery. That's what you're doing when data is at rest. That started off in, think of it as in the SaaS world, in collaboration applications, then got very interesting with public cloud storage buckets, unstructured data, and then to structured data elements that are running in cloud and running on-prem. All of those kind of play into having a consistent way to discover, classify, and then sometimes we classify and then something else enforces because there's another technology that we're working with, like a Microsoft, right?
When we're in the path, it's much easier for us to use our own classification. Sometimes we classify it, and then that's leveraged by another enforcement point because we're not in the path of that kind of flow, right? All of those pieces play out. The endpoint, actually, over the last several years has become more and more important. It's an important landing point. You see data before it's being transported and moved around. Endpoint DLP was a little bit, I think, not as high of a priority or thought several years ago. The team listened to some very solid feedback from customers and said, "If you're going to help me get on a modern data protection journey, this is a foundational element of a DLP solution in the classic sense, and you need to be able to do it.
You need to be living there. You can't just live at the data sources. You have to be on the endpoint too. That's where that got added in. When you think about data security posture management, it's another lens of looking at this where you're taking those different ways you look at data. It's also looking at the configurations of the systems that support data, not just the actual data itself that's sitting underneath it. I think that's an interesting angle. It's why we're representing in that space as well.
All right. Thank you so much. Now I'd like to invite Mike Rich, our CRO, President of Global Sales, onto the platform, please.
All right. How many people were here last year? Pretty much a little over half the room. Good to see everybody again. Mike Rich, I'm President Global Sales, CRO.
I joined the company really November of 2023 and laid out a strategy of what we want to do, kind of the go-to-market. We've been very consistent, the go-to-market vision. Number one, it was about transitioning to more of account-centric. So Zscaler had been really in the transactional mode, which was very good for that time in its growth. But we saw the need to really get deep with customers and make sure we could build out long-term strategic plans with them to consume on the platform and work, meet them kind of where they are. Also, an amplifier from the GSIs. GSIs are so important, especially with the top of the pyramid customers, which is a big chunk of where our revenue comes from. The GSIs can help on that strategic journey, right?
We've built out strong GSI partnerships in the last 18 months and then increased focus on specific verticals. The vertical sales, we'll talk more about that, but it's all about getting better relationships at the C level. When you're speaking in the industry language and helping them compete in their industry, they want to have conversations with you. You become more strategic. This is just some examples of how we've grown and how this strategy has helped us. If you just look at the number of customers spending over $5 million with us, that's grown. The customers that are spending over $1 million, that's grown. Validated. We're going to continue to double down on the strategy, and I'm very pleased with where we're at with it.
On the GSI side, that's helped us get stronger pipeline, more strategic relationships, and ultimately drive more revenue. That 40% increase year over year is great. I think we can continue on that path. Again, adding that $5 million in bookings is fantastic. It was much smaller scale before. We talked a little bit about the verticals. We've got healthcare, State and local, and federal today. That team has grown significantly. That's validated that strategy. Like I said before, when you get in deep on the vertical side, industry-specific solutions, executives want to have conversations with you. That helps us drive better business, more strategic relationships, and longer-term plans with the customer. This just kind of validates how that's worked for us. Very happy with what we're doing in healthcare.
You've probably, let's see, we had Advent Healthcare CISO in here earlier. Is he still here? That's great. He's gone. Yeah. Fantastic relationships there. We're going to see that expand, and we're going to move beyond that too. Even if you look at financial services, huge, huge area for us. The plan is to be organically from bottoms up, hire more people dedicated to that region, get territories that are specific to those industries. Once you get enough density, you add the first-line managers. Once you get enough density on first-line managers, you add second-line managers. It's that bottoms-up approach versus tops-down to make sure we're taking full advantage of the resources and we don't have people flying over each other. That's the least disruptive way to do it, to take advantage of the growth. This is what's most exciting to me.
We're still a people business. We've got great technology. You got to have great technology, but you also have to have great people that can help strategically align with your customers. We've got a strong leadership team. I'll show that a little bit later across all geographies. The GSI and national strategic partnerships, again, those have been validated. We've hired people that know how to sell and work with them. It's a bit of a give-and-take relationship when you're building out motions with GSIs. They've got to see a way to build out there and grow their business. They've got aggressive numbers that they have to fulfill. We have to be conscious of that and make sure it's bidirectional. Then again, the platform, more realization, value realization for customers and partners.
When you have a larger platform with more products versus just ZIA and ZPA, ZDX, now we've got all these other solutions that you talked about with Zero Trust Everywhere and all the different users that we can actually go in and help secure and protect. It just provides more solutions that we can go sell. You have to have that flexibility in the platform. The other thing that's exciting about that is it helps us get into some of these accounts where we were kind of boxed out before. Now we have solutions that go beyond just ZIA and ZPA that we can sell in to get the new logos. This is just a quick snapshot of the team. You've probably seen or met some of these people. I know Ross was at the analyst event last night. Some of you may have met Ross.
He runs AMS for us. Ross, I worked with Ross for years at ServiceNow. Very strong leader. Pete has been here for seven, eight-plus years. A lot of experience. He's fantastic. He's running the federal, state, and local and healthcare business. Brian Marvin runs EMEA for us. Strong background, enterprise sales, gets how to work with GSIs and partners and do strategic deals. Then Andreas Hartl, great background, Microsoft for a long time, knows how to run the APJ business. It's a very complex business, a lot of different countries, a lot of geographies to handle. He's been fantastic. Then Anthony Torciello, who's running our channel business globally. Worked with Anthony for years, actually, at ServiceNow as well. He built out large programs with GSIs, Anvars at ServiceNow. Did anybody go to the breakout, the partner breakout? No? Okay. Jay, I know you went.
They enjoyed your Red Canary discussion. Thank you. Focus areas for 2026 and beyond. Increasing enterprise penetration. We've got a lot of customers in enterprise, but we're still very underpenetrated, right? Even in the customers that we've sold to, but the net new logo portion of it, there is a lot to go after there. It's fertile hunting grounds. We've only got the penetration there is low, 20-30% range, right? A lot to go do. Growing new product categories. You've heard a lot about the new products today. I wasn't here for the whole thing, but I know you've seen Adam's presentation, which was fantastic today. It's great to have a robust platform that you can go sell. Customers appreciate that, and it gives us options. We've got a lot of work to do to get penetrated where we should be in these accounts.
We're utilizing our specialty sales takeoff. You've heard the term Takeoff Teams, specialty sales. We kind of use those together to focus on going after these solutions. We've got our core teams that are going to partner with the specialty teams to help accelerate these motions. Zero Trust Everywhere, and then also Agentic Operations. These are massive underdeployed areas. The Cost Takeout piece goes across all these motions. That just helps us validate when we're trying to do larger deals with customers, we're building out plans where they can actually fund the deal over time with Cost Takeout. We've always had this as a benefit of Zscaler. What we've really done in the last year has become very prescriptive, very prescriptive with how customers do it. We're helping them along the way, build out, kind of doing their homework for them. That's been good.
Of course, the channel coverage we talked about. Just a quick snapshot when we talk about the new logo opportunities. We've got lots of new logos to go after. We've got 4,000 current customers, right? There's another 16,000 to go after, right? Even in those 4,000 that we have, they're underpenetrated. You've got existing customers that are underpenetrated, and then you've got the new logos. What we're doing to help facilitate going after them is making sure we have territories set up the right way. I take territory planning very, very seriously to make sure in by GO, we've got the right people in the right territory focused on the right accounts, right? In the G2Ks, the reason you see 1,700 as a number up there, we've got 700 today.
1,700 is really what we can go after because you have to look at we can't really sell to Chinese companies and Russian-based companies. 1,700 is who we're going after. We've got territories that are focused on just those accounts as well. Even in the G2Ks that we do have, again, the potential is $5 million plus in the vast majority of those, and most of them are under $1 million today. We've got a lot. We can go do a lot more selling. We can do it. It's fertile hunting ground for those accounts that are even customers already. Focus execution for new product growth. You heard Zero Trust Everywhere. It's fantastic. Customers love it. It's a great motion for us. We have dedicated sales plays to go after that. Data Security Everywhere.
That part of the portfolio has become more and more robust, and you're seeing a lot of deals we're doing, takeout deals we're doing there. They do not like the incumbents, the legacy providers. They're looking for us to actually come in and help them drive that story, which is fantastic. Agentic Operations. This combined business for us is $1 billion ARR. It could be a heck of a lot more. Our target is to get to $390 million by the end of next year on this Zero Trust Everywhere. That's where they have three or more of our products that qualify as Zero Trust. Lots of potential, and the strategy is working. Again, we talked about the channel leverage and going after the G2Ks really helps you with the top of the pyramid accounts, which are typically G2Ks.
There's also the government accounts that are very large. They help you in the government accounts, and they help you with the multinationals, right? Some of those are private, and they're not G2Ks, but regardless, they help you accelerate the big deals, which is fantastic. That motion is going well. Cloud marketplace, this is the Hyperscalers. This motion is still fairly new to us, but we've become much more strategic thanks to Puneet's work. Thank you, Puneet and team. We've got a great motion going there. I expect to see a lot of growth to come out of that. Just again, that's where we're leveraging them to help us sell and go to market, right? AWS, Google, Azure. Increased investments in these strategic regional partners.
Traditionally, we've had sort of a transactional relationship with them, but what we've doubled down with them on, that's why I asked if anybody went to the channel breakout. We're rewarding them for building out dedicated practices, right? This is where they're actually going to help deliver value. They're going to help with the implementations. They're going to help with the strategy and make sure what we sold them together gets deployed and that we have a strong strategic roadmap built out with them. I call it the Three-Legged Stool. You got the customer, Zscaler, direct sales, and the partner, the three of us working together very closely versus being just transactional.
Part of this is getting all your resources focused at the top of the pyramid, building out on the bottom of the pyramid because we have a lot of customers down below, but it only represents 5%-6%. Got to make sure that we've got partners that can drive that business for us so we can use our valuable resources to sell up market, and that motion is going really, really well. You're going to see more and more of that as well. You've heard Jay talk about the Cost Takeout program. Super important. This is just some examples. You guys have probably heard a lot about it, but customers do appreciate that we're being more prescriptive. It's hard to give up products. People love to hug their hardware. We've got a plan to help them phase these things out.
It's going over quite well. It's just a more prescriptive approach, and we're super focused on it. This is just an example of a customer that has 20,000 plus users and the potential savings, right? This is just on average. Z-Flex. We've talked a little bit about that. You've heard a little bit about it. Customers have asked for a more flexible way. When you have a platform of consuming the platform, and when you have a platform with multiproducts, there's no way to predict ahead of time exactly how much of which product do I need to go use, right? This is a great way to help get them to commit to more spend, right, and adopt the platform at their speed and do it in a very easy consume method. They love it too because it's predictable budget, right?
There's one thing a CIO hates is when they have an unbudgeted event. They don't like that. They don't like to be nickel and dimed. We're just providing an easy way to consume the platform. It also gives a white glove treatment. We're being selective on who we offer this to. It's not just everybody. It's really our top most strategic customers. That's the important part to look at. This is a case study. This is a customer. Won't say exactly who it is, but this was the benefit once we were able to offer Z-Flex. This is the value that came out of it. It's adoption, greater adoption across the platform, and of course, the uptick in spend. Would have been hard to get this value if we didn't have this offering. Okay? That's it.
Did I do a good job for you?
Yeah. Was that okay?
Yeah.
Okay.
I know a lot of you had product questions as well. Adam and Dawn are kindly agreed to stay back. I will invite Adam and Dawn on stage.
Along with Jay as well, please. Jay?
Jay.
All right.
First question, Gray Powell. And then Andy.
Do you have product questions?
Yes, you do Z-Flex. Perfect.
All right, great. Thanks. Yeah, so Gray Powell, BTIG. Yeah, just a question on Zero Trust Branch. It seems like customer interest there has picked up a lot just in the last few months. Your messaging seems a lot more aggressive today than maybe six months ago. I'm just kind of curious, what's driving the interest or the uptick that you're seeing today? What's different? On average, if a customer adopts Zero Trust Branch, and I know there's probably a wide range here, but just how much does it impact the contract value? How much does it go up? Even if you can talk ballpark or generic terms, it'd be really helpful.
On start of the highest level, yeah, we have been evangelizing Zero Trust Branch, the better way of doing it. There is a lot better understanding of it. Our customers understand the value, so there is tons of interest out there. I mean, the interest far exceeded my personal expectations, right? I know all of you analysts look for numbers, okay? I mean, it varies a lot, okay? Some customers are starting with saying, "I got 200 branches. I want to start with 20 branches first or 30 branches," or someone will go with all of them. It varies quite a bit. We see a significant opportunity, simplification, cost reduction as well.
Yeah. First in the messaging part, right, what's really clicking with customers is they see Zero Trust for users working, deployed everywhere. What they also appreciate is that we are not building three different Zero Trust solutions. The policy framework and how we have built Zero Trust architecture is when customers do user-to-app segmentation with us, the same segmentation framework extends for cloud as well as the branch. When we make acquisitions like AirGap, which is now part of the unified appliance, as I explained, basically the same framework extends. You basically have Zero Trust Everywhere with the same policy framework. What is also resonating, by the way, is for a very long time, you look at Gartners of the world, they were talking about SSE, SASE only for users. We have seen them started calling it Zero Trust Networking, Zero Trust SASE, or Zero Trust SSE.
We are seeing they also picking this up and advising their clients. As Jay mentioned, right, a lot of our existing customers are coming to us and saying, "I want to start by doing this Zero Trust in my factories first." They will do for about a dozen or two dozen factories and then expand it more and more. A lot of our customers have SD-WAN contracts, which are getting up in two years. The new branches, for example, for a banking customer, they are moving that to Zero Trust and not doing SD-WAN anymore. Over a period of time, it will, of course, replace all of that. All right. Let's go to Andy Nowinsky and then come to Keith Bachman.
Thanks, Andy Nowinsky, Wells Fargo. There are a lot of vendors that talk about SASE and Zero Trust, but it seems like every vendor has a different architecture. When I think of Zscaler, I think of that one-to-one relationship where you're connecting either one user or one device or one workload to one user and device and workload. That is very different from how a lot of the other firewall vendors think of SASE and Zero Trust. I guess now that you're selling Zero Trust Everywhere, do you think customers actually understand the architectural differences between Zscaler and the other alternatives? I would think it would be harder to sell them on Zero Trust Everywhere if they do not even understand the architectural differences. Maybe your Cost Takeout program would differentiate that as well.
Right. On start, this is my favorite topic. I talked to Gartner all day long about it. SASE has nothing to do with Zero Trust. Somehow the words got confused. Zero Trust means Zero Trust. Now, you can kind of talk around and say, "I can make Zero Trust by putting firewalls around," because if I put lots of firewalls, so each entity is its own little cell, then it's Zero Trust. Not practical. SASE is a catch-all, so more vendors could participate in it. Okay. SASE says SD-WANs, SSE, and everything. How many networking vendors are there? They're looking for something to grab on to say, "I am part of this thing." SASE means nothing. SASE means everything. It allows every vendor to take some of the reports and say, "Look, I am SASE too. I'm SASE too." Our customers ask for Zero Trust more.
Our investors, our analysts ask more for SASE because they got briefed by vendors all day long. Customers often, when they talk to us, they really buy into Zero Trust. That's really what we're trying to do. As you said, Zero Trust is about not trusting people being on the network. It's a one-to-one connection. Look, you saw a bunch of customers at the conference. They all understand. They love it. It used to be that only early adopters loved Zscaler. Now it has gone fairly mainstream. There probably is a small part of late adopters we still need to work on. That's part of the journey. When customers see Zero Trust and they see tangible cost savings, we win the deals.
One thing to add to what Jay said, right? Where we are, how we are practically going with the customers on adopting Zero Trust Everywhere is actually work with Mike's team and the technical resources there, like architects and SEs, to do very detailed workshops with customers to figure out how their networks and their security is built. How is point A talking to point B, and what do they use for network security? We basically come up with the underlying architecture for them to go on a roadmap with us. Customers who are already deployed with ZIA, ZPA, they go to the next frontier like branch or cloud. Those who are starting from scratch, they start with users and then start working on deploying.
There's a very detailed technical architecture plus that ties into the Cost Takeout on what we can replace over a period of time. It's a full runbook that we are executing.
You know, if I may give you my futuristic statement, okay? Four years ago, you guys are asking ZIA is good, but who is going to buy ZPA? How many? ZDX, right? I would say every user of a customer, they need ZIA, ZPA, ZDX, all three. Because it made natural sense. We are seeing the world by and large do it. In fact, most of the new deals we sell, they start with Zscaler for Users, all three things together. A lot of upgrades we do on upgrading from ZIA to ZPA or ZDX, combination of that stuff. Our customers enjoy and see the benefit of Zscaler for Users. I do believe that almost all of our customers, it's a matter of time, will embrace Zscaler, our Zero Trust Branch, and Zero Trust Cloud. It's a natural journey.
Keith and then Andy.
Hi. Thank you very much. It's Keith Bachman from Bank of Montreal. I actually had two questions. The first for you is you raised a question that certainly comes up in our discussions with investors. You identified Zscaler as 4,000 enterprise customers, and there's a total TAM of much larger than that. What are those customers using? We as investors think everybody has the necessary architecture to provide some form of protection. Therefore, to win those incremental logos, you have to have a displacement. Help us understand why you think you gain those new logos. Are they using anecdotal architecture? How do you win those new logos? I have a follow-up for Jay, please. You kind of saw on the Cost Takeout slide all the different things that we end up replacing.
The real question is, are you replacing, or are there actually greenfields in there too?
There's a little bit of greenfield, right? You are over time supplementing, and you are replacing over time. They are retiring spend on different firewall and VPN products. I would say 80% of it is you're replacing, and 20% is you're just adding new capabilities that they just didn't think about or have before.
Maybe expand upon it a little bit. Everyone has something. The big part we replaced early on was proxies, Blue Coat of the world. That was a much smaller market. We did not just replace the Blue Coat proxy. We replaced the whole outbound DMZ, so to speak. For ZPA, most people think, "Oh, it is a VPN replacement." VPN is only a piece of it. It replaced the entire inbound stuff. Some people may have firewalls, some have all this stuff. As Mike said, somebody has something or the other. If they want to do Zero Trust, that is not in place in most places out there.
Yeah, just to add to that, they're solving the problem right now. They're solving it inefficiently, and they're recognizing where their gap is. They can choose to solve it by either trying to continue to tune what they have, or some of these who look and realize the approach is ripe for a different way to look at the problem. It becomes a broader discussion, and that's where I think we have the most opportunity when those conversations come up.
It is sort of a natural transition to my second question. It feels like the messaging has changed quite a bit from Zscaler appropriately. You are now trying to win the heart of the stock, is the way I see it. You are coming up at it, as Adam and others have said, through a different architecture. It sort of begs the question, what are you missing to keep winning share of that stock dollar? The way I think about it is data is critical. You guys have a lot of untapped data that here for you really have not leveraged as much as perhaps you could. You were clear that inline and data, you guys have it. You got it. You are great at that.
Maybe the broader capabilities of data when you're correlating all these different threat information, NDR is a part of it, but it's not everything. The broader question is, what else do you need? It lends itself to a SIEM, which has sort of been implied. What do you think you're missing to win that greater share of those existing accounts and to leverage the data set that you already have a lot of visibility to?
I think as far as what's needed or missing, the approach to running security operations, I think there's a structure for it, right? Data is certainly an element of it. You don't have to create all that data yourself. Certainly, when you do, you have a strong foundation. As I mentioned, the Avalor acquisition was independent of Zscaler. Their 150 connectors had nothing to do with Zscaler before they joined and joined up with us. All of those signals and contexts, that's a recognition that customers' environments are and will continue to be heterogeneous for a really long time. We have no belief that it's going to be all Zscaler only. It's just not the way the world works. It's also not the way security operations works. Having that data come in, I think, is extremely important for us.
When we think about where that world heads, it depends on what happens in the investigation world. There's a huge part that's about automation of the workflows. That was originally, you could say, started with sort of the SOAR and automation technologies. Now it's how AI-driven is it? How agentic is it? I mean, these are phrases to put on it. There's reality behind that. It's still all about if there are 10 steps for an analyst to go through to quickly detect, investigate, and respond to something, how many of those 10 can I automate and intelligently automate before a human being needs to look at it? Because it's not autonomous. The human being is not going to disappear from this.
It is inserting them at the right spot and recognizing that the data you need to look at because your environment is changing, you need to be able to keep up with that. I think that is going to be a part for us that will be very important. Cloud, we know, is important. A lot of the cloud teams sit very separately from the SOC teams. Try as you might, the SOC person wants to see all of it. The person who runs the cloud says, "I got that. Do not worry about it." We know we will have to live in these hybrid worlds probably for a very long time based on the way our customers are structured.
From a business opportunity point of view, there's real pain. People feel less pain. A firewall is sitting there. Let it sit there. Some management overhead is there. SOC is a daily pain. There's a pain of work. There's a pain of dollars growing. We think the market is ready for disruption. If we can go and have a better solution, less operational overhead, and less cost of the solution because of better architecture, we think our customers are looking forward to it. We have tremendous credibility with our customers.
All right. Let's go to Andrew, and then we'll take an online question.
Thanks. Andrew De Gasperi from BNP Paribas. The one question I had is this morning, Jay, you joked about the $30 million cost savings slide, and you said that maybe Warren Sales was not charging this customer enough. I waited for Mike Rich to join the panel because I just wanted to maybe ask a follow-up in terms of, are you happy with your pricing and packaging strategy? How is it evolving now that you are adding all these other capabilities on the Agentic Side? Just take it from there.
I think we've made great strides. Z-Flex is just another point in the journey where you've got to make it easy to consume. I think historically, we've come out with a lot of innovation, and it's gotten complex. The licensing metrics and models have not been super easy to understand. You've seen it. Gartner's talked about it. We are just making it easier for them to consume the platform. I am very happy with where we're at today. I think we're going to continue to get better.
Yeah. We've done three things in this area. One, we developed an architectural workshop to identify what needs to be taken out. Last year, we started a Cost Takeout program that helps quantify the outcome of that, is the slide I showed to you. Z-Flex comes on top of that to really make it flexible, minimize friction with procurement and ongoing negotiations. It's a good story. None of these things happens by magic. We learn, we evolve. Architectural works are important for us. Cost takeout program evolved out a lot of learning over the years. Z-Flex, we used to do some of these things custom. You say, "Let's make a program out of it.
All right. We got one question from online, and then we'll go to Ittai. This is from Brian Essex, JP Morgan. Question for Mike. Are there any common themes across the accounts where you might expect to see better traction with Zero Trust platform? Is there any kind of inflection opportunity here?
Yeah. I mean, the common theme is just complexity. People are looking to reduce cost and have a more simplified environment. They want happy users. They do not want to get yelled at. When you can simplify and make it less complex and provide a better user experience, those are synergistic, and those help drive the sales, especially in the bigger deals.
All right. Thank you. Ittai.
Thanks, Ittai from Oppenheimer. Question for you, Mike. When I think about Z-Flex, maybe we shouldn't be called Z-Flex. Maybe we should call ZSemiFlex because it's not fully flexible. When I think of some other vendors in the world that have applied a Flex-like type of purchasing model, think about Datadog in the way they've done it. Think about what CrowdStrike is doing with their very few restrictions at all in the way you first buy the product. From my understanding, Z-Flex, you need to be on a product for a certain while before you can change things in and out. You just said on stage that it's focused on the largest customers. It is still a little bit, well, semi-flex, as I mentioned before, on a certain type of customers with some flexibility, but not full.
I guess, is this just a reflection of a point in time? Meaning, you and I talk about this a year from now, everybody can access it with complete flexibility. One day to the next, I can increase, decrease my consumption of certain products. Why limit this? Is this just maturity, or there's something behind this?
You've got to have all your systems. You've got to have sales ops lined up. You've got to have your processes behind lined up. It's a crawl, walk, run. I do expect, again, we're early stage. It just came out in Q3, that it will mature and we'll be able to offer it to a broader set of audience when we can make it easier to deploy. Again, early stage, fully expect we're going to have a big part of the population that'll move toward it later on. Let's get it really right for these first few customers.
Do you envision this potentially at some point with partners using Flex to be able to go more down market, which I know right here, right now, you're clearly trying to go after the big whales for obvious reasons, but something to facilitate a much better or faster adoption for our partners to go downstream, down market?
I don't think it'll be everywhere. I think we'll have, again, probably the top 25%º–30% of customers that we'll get to have that option to move towards Z-Flex in the next year, year and a half.
Let me ask you, do you think your CFO will love fully Z-Flex, no string, no time frames attached?
Maybe it will, maybe it won't. I know that it's a very, when I talk to customers of Datadog and when I talk to customers of CrowdStrike, it's a point that perhaps they don't necessarily actually do. It's not that every day they increase or decrease their product. The idea to have that flexibility and the idea that that type of flexibility enables them to make sure that they don't waste dollars, that they truly get to conceptually have the ability to try everything at their portfolio at whatever pace they want, and ultimately, at the end of this, come up with a balanced approach for them, I think it's a good selling point.
We like flexibility. The best selling point is the customer has no commitment, no skin in the game, other than $10 million you can spend after five years. That'll be any CFO's nightmare. Think about trying to predict numbers and what's going to happen next quarter or next quarter. It's a nightmare. We can give full flexibility for testing the product. The real sales is you've got skin in the game. We've got skin in the game. You can predict some of the stuff. We can predict some of the stuff. Those are the pragmatic philosophy that have gone into what we are doing today. Obviously, we learn and we evolve.
Very good. Thank you. There's a topic we can spend a lot of time on. Let's move on.
This is Joe Vandrick from Scotiabank. Mike, a lot of good details on the large opportunity ahead for both new logos and increasing customer spend that you called out there. How are you feeling today about sales productivity, and how are you thinking about adding capacity into fiscal 2026?
Sales productivity, productivity per head, I'm very pleased with. It's gone up year over year. We expect it to continue to do that. We're adding capacity based on our model of making sure that we can address the right markets with the right number of people. We're being very thoughtful about how we're doing it. Because productivity is going up, that's great. We're also entering the year with more mature ramp sellers. That's a very good sign. I'm very pleased with that.
All right. Max.
This is Matt from Goldman Sachs. I was wondering, it seems that there's been a rise in interest in software and SaaS architectures, especially for regulated industries and international markets. Are you thinking about enabling localized independent instances of your platform and increases that potentially expand your addressable market?
I'll take it. Yeah. There's a lot of interest in sovereign Zero Trust Cloud, not sovereign SaaS, for example. The customers I talk to, they're looking for Zero Trust. Our architecture is designed such that we can do it today. We have the entire technology, all three planes, sitting in Europe, serving Europe. We meet essentially almost all the technological requirements. Now, we still need to do some of the work being operationally able to run out of Europe and the like. We're making progress in that direction. We think we are in a very good position to offer sovereign clouds. Sovereign will have different flavors, the EU part of it. When the Department of Defense of Australia wants a sovereign cloud, they would rather call it air-gapped cloud. We have built the technology that can provide air-gapped cloud to different countries as well.
All right. We'll take the last question from online coming from Joshua Tilton, Wolf Research. I believe this is best for Jay. In the past, the strategy has clearly been to show customers how to replace a stack of legacy boxes. I don't believe there are any legacy boxes securing agents. How does go-to-market message need to change to convince customers that Zscaler has the right way to secure AI agents, maybe for Jay and Mike both?
If you saw the diagram I showed to you, Zscaler is securing users to have right access to the right application. Number one use case of AI agents is your agent is able to do the same kind of stuff that your people did. I know many call center customers who are using call center agents. There will be other agents like that. That is no different than what we do. We are securing users, similar technology with some of the additions, secures agents as well. Identity of the agent becomes one piece of it. There are some other things related to if agents are reaching out to LLMs and some of the other apps. We have some enhancement being made. We are more natural than anybody else to solve this.
All right. That concludes our session. Thank you so much, analysts, investors, everybody who dialed in, and everybody who is in the room here, as well as our executives. Thank you so much for participating in the event. Thank you.