Palo Alto Networks (TICKER: PANW) Palo Alto Networks Inc Panw Ceo Nikesh Arora Presents Piper Sandler Global Technology

By /
Palo Alto Networks, Inc. (NASDAQ:PANW) Piper Sandler Global Technology Conference September 14, 2021 11:30 AM ET Company Participants Nikesh Arora - CEO Conference Call Participants Rob Owens - Piper Sandler Rob Owens Well, good afternoon. Thanks for joining us. I'm Rob Owens with Piper Sandler and I manage our Security and Infrastructure Software practice. Really pleased to be welcoming our next company doing a fireside here, Palo Alto Networks. And joining me from the company is Nikesh Arora, its CEO. Nikesh, welcome. Good to see you. Nikesh Arora Thanks Rob. Likewise. Good to see you as well. Rob Owens Yes. It's been an active couple of days for you starting last Friday with a major product announcement that -- it's getting Palo Alto into a new opportunity, Analyst Day yesterday. So first of all, thanks for joining us today and it's been a very busy schedule. But maybe a couple of the high points for investors out of Friday's announcements and as well as the Analyst Day yesterday. Nikesh Arora Well, first of all, thank you for having me, Rob. As you know, we've been busy. We announced our work from home product. Something I feel very passionately about. We've been working at it for the last 18 months and become accelerated that through the pandemic, as we've heard from our customers, that they were delighted with our SASE solution, our Prisma Access, but they wanted to make sure that there is something to cover their employees at home or their executives at home. And towards that end, we were delighted to announce Okyo Garde, which is a product we built from scratch, built the OS with security actually first in our mind. We actually looked at all the traffic, and how do we secure it, how we write it down. Part of the challenge, as you can appreciate is that a lot of security has been added on to many traditional networking products in the past. And we're delighted we were able to launch that. It's early days but we're hearing from our enterprise customers a lot of interest. Of course, we had our Analyst Day yesterday. In fact, before we go there this morning, we just announced the integration of our access product and SD WAN to create new SASE SKU, which were launched today which we're really excited about as well. From the Analyst Day perspective, Rob, you know what has happened is, as we've been through last year, as we've been through the pandemic, I'll tell you like right before the -- as pandemic hit, me, the management team, we were all nervous as to what's going to happen, right? We're not so as damn sure many companies were. And it was amazing to see all of us adapt to a scenario we can work remotely, we can be productive, businesses was as usual, barring that sort of jolt in the first few months where people are trying to figure out which end is up. And what we've seen through that year has been steady adoption of technology impact accelerating, obviously, unfortunate cyber attacks because of risk, there's more focus on cybersecurity. And we also see our product portfolio begin to hit its stride. In that context, we felt comfortable laying out a plan for the next three years. And something different where we spent a lot of time investing last years and getting to the forefront of cybersecurity across the three major areas we believe, I'm going to define cybersecurity and we believe our product portfolio is 90% plus there in those categories, and we're beginning to see that prove itself with the customer. So we're seeing tremendous product market fit and customer adoption. So we felt comfortable setting out a very strong guide for the next two years, going north of 22% and 23% of building the revenue. And at the same time we felt because we've done a lot of the products and that's with a lot of the M&A, we felt comfortable saying this is a time where we can scale our operating margins going forward and our free cash flow margins going forward. So that's kind of, in a nutshell, what we've been up to. Rob Owens In a nutshell. Now that guidance that you actually laid out and the cash is above where the street was. So not necessarily, appreciate it as always with a blink of an eye on the stock. But that being said, why aggressive right here, that much confidence in the portfolio, the execution, how things are coming together, the threat landscape? What was underpinning that increase relative to street expectations? Nikesh Arora Yes. I mean, look, you have an outside in view of the world, I have an inside out view of the world. The inside out view of the world says we're seeing strength in our product categories. We're seeing strength in our network security platform. We're seeing strength in our cloud security platform. We're seeing strength in Cortex. We have a lot of expectations about how well we'll adapt the product to a larger TAM. So just generally across the board, we're feeling confident about our product portfolio. And that's not just our confidence based on the adoption and our interactions with customers. Couple that with what we believe is a tailwind in the cybersecurity sector, and I think with bumps and starts will all come out of the pandemic and we've all learned how to live with it. And I think we're all reaching a steady state from a business operational perspective. So we feel strongly that it is a moment where our products are good. We have tailwinds. And we're seeing customers gravitate towards more platform consolidation, which is where our sweet spot is. Rob Owens And I'd love to double-click there. I mean you've been with Palo Alto for three years now. And you came in and you talked about consolidation and for someone that's covered the industry for 24 years at this point... Nikesh Arora No one is going to come and get to you, Rob. Rob Owens Yes, I know. I've seen it in our work in the past. So the pioneers definitely had arrows in my back. So why is it working at this point in time, why is it working for Palo Alto? Nikesh Arora Well, I think we have taken a very fundamentally different perspective on consolidation. And consolidation in the past was practiced as acquisitions where you can buy it from the back of my truck. You can buy CASP, you can buy endpoint, you can buy routers, you can buy whatever you'd like to get. But I don't think the customer is looking for a single point of purchase. I think this customer is looking for reduced integration needs at their end, reduced amounts of alerts, higher security. So look we bought north of 14, 15 companies in total in the last three years. We have end of life each of those products, integrated those products into our core platforms. We have created integration at an alert level, at a data level, at a deployment level, at a consumption level. So we've actually integrated the entire product into our portfolio and actually present it as a much better integrated solution, yet maintaining the best-in-class capabilities of those products. Although Twistlock was the best container security product we bought, we still maintain its best-in-class capabilities, RedLock and CWPP. And I'm still watching people three years later buying CWPP and CSPM or container security and cloud workload protection three years out. There are competitors who are buying those, oh my God, we've discovered, this is a hot new area. Well, we've moved on. We're doing IM security and DLP and WAF RASP and SaaS visibility, while they're busy doing that. So from our perspective, we've used, I think consolidation is perhaps not the right word in that context. We're actually truly delivering a platform which integrates at a core level of capability. And when customers see that, they see the difference, hopefully, that's what's causing them to adapt. And look at SaaS again, we had GPCS or Prisma Access at our own end, we introduced SASE ability in there. We just launched ADEM, autonomous digital and experience management, we're seeing traction, because again, I want that. So it's good. Rob Owens And you reported some pretty impressive SASE results on your last quarter. Maybe you could speak to where customers are at in terms of this SASE journey and the remaking of the network security, if you will, into the cloud? Nikesh Arora Look, fundamentally, I don't think any one of us can deny that there is a trend where customers move to the cloud. You don't believe it, just look at Amazon, AWS, GCP's numbers and Azure's numbers, you'll see $150 million, somebody must be spending it. As people move to the cloud, the old paradigm of backhauling everything about data center has to be reinvented or redefined. And there's where MPLS goes away, SD-WAN comes in. So you basically see people start to bifurcate network traffic at a network level. Couple that with the pandemic, people want to make sure the security policies are applied at the edge, because, I don't know, I'm not accessing that from my company headquarters anymore or my company office anymore. I'm accessing that from home. Why do I need to go back into our data center, go from the back door into the cloud? Why can't I just split the traffic and see the security policies deployed in my laptop so the right traffic goes to the right place? So there is that fundamental network rearchitecture going on around the world in every company. I think we're probably in the first 3% to 5% of it, to be honest. I think there's 95% of it is still to happen. It's going to happen in the next five to 10 years. That's what kind of -- and that being able to deploy security at the edge, it's effectively what SASE is. Everything that was going to stacked in the data center needs to move to the edge. That's easier said than done. If we're not in the data center, you don't know what happens there. So we took the data center stack, moved it to the edge. We did DLP here. We do autonomous digital experience management as the side. We're doing SaaS visibility this because you have to go back to the data center. You can't own the firewall anymore. You're effectively running the firewall at your laptop, at the edge. So I think that is a very, very strong trend going forward. We're delighted that our product meets our customers' requirements. We have some very large customers who deployed in the last 18 months from a few hundred thousand users at a pop here to actually got a customer close to 1 million users, got a customer that has 600,000 users. So we've kind of proven the scale capability. And we took a different architectural approach. We actually run that on the back of Google Cloud and AWS, because we know that they have the best bandwidth in the industry, low latency, and they can give you POPs and drop off wherever you want. And they are pretty much first-class peering relationships with most SaaS companies out there, which allows that traffic to get to where needs to get to with very low latency. Rob Owens And fundamentally, in those situations where you're bringing on large customers, why is Palo Alto winning? Is it the breadth of the platform that they're buying into? Is it relationship-based selling? Help us understand why you might have a leg up on the pure plays or as you said, we're in the first 1% to 3%, so there's going to be multiple winners as this market emerges? Nikesh Arora Well, look, don't forget, we have 85,000 customers that have deployed Palo Alto's network security somewhere or the other, right? So that's a good start. Because you want consistency with your data center policies and security policies with your policies on the edge. You don't want two sets of policies running around as you're trying to create a zero trust environment. And that allows us to come in with a winning proposition, because the only way to deliver consistent zero trust, as you might have heard from [indiscernible] the presentation yesterday and if your listeners haven't watched it, I would highly recommend that as part of our Analyst Day. But if you really want to deploy two zero trust across the enterprise, you want consistency. That consistency comes from having a similar approach in your data center, in the virtual cloud at your edge. And that's a proposition only Palo Alto offers, at least as far as we know it. And that allows us a big leg up in us winning customers. The sophistication of our capabilities and the completeness of our product also convince this customer, like this morning, we integrated SD-WAN in our SASE product. There's no product out there with SD-WAN and netowrk security that works together with DLP in it, with autonomous endpoint monitoring in it, with SaaS visibility in it, with IoT security in it, there's a product out there. Rob Owens Sure. So maybe shifting gears a little bit. Cybersecurity has obviously dominated the headlines with major breaches. You've got executive orders. It does feel like it's probably one of the best times this industry has seen relative to the demand landscape and with an ability to execute, obviously, companies are doing well. Talk about the impact that this increased visibility in this environment is actually having on your business overall, and I think that was obviously evidenced a little bit in the guidance and the inside out as you put in confidence that you showed yesterday? Nikesh Arora Yes, Rob, I think there's an interesting nuance in what you said. I want to make sure everybody understands that. This is not a flash in the pan moment for cybersecurity. This is a moment when people realize cybersecurity is important, will continue to be important for the rest of our lives. So it's like, oh my God, we have three attacks, there's huge demand. Demand is going to ebb and flow. You're finally paying attention and say, oh my God, what does the cybersecurity infrastructure look like? Now Rome wasn't built in a day. The cybersecurity infrastructure that's out there were not built yesterday or last week. These were built over 10 years of buying point products and stitching them in your SoC and realizing, holy shit, I couldn't protect myself against a solar winds attack or I couldn't protect myself when the exchange server attack happened. We sit down and say, okay, I've got tens of millions, if not hundreds of millions of dollars deployed, what is my security posture look like? You've never had to test your security posture because it's been a benign world. In this world, you've got to go test it and every CECL, CIO work there saw is having to go think about their security architecture and make sure that is going to be robust for time to come. And that's not going to get fixed in one day. It's going to take months, it's going to take years in certain cases. So I think there is an awareness of cybersecurity that awareness is causing a lot of CIOs and CISOs to rearchitect their security posture. And in that process, I think, generally, the sector is going to do well. And hopefully, people who are in a platform role are going to do better, at least we're going to do better, hopefully, than point solutions. Rob Owens Yes. And I think the Street has always had that perception of cause and effect, right? We see a breach, we see spend. And I appreciate the commentary that there truly is a long tail and mounting momentum with customers, and one large customer out there is the Federal government. And you've had some massive contracts historically that we can all see on the Federal databases. Talk about spending intentions within the Federal government, how do you think this is playing out? It seems to be less seasonal now to we're hearing from companies where it used to be a September quarter, their fiscal fourth quarter type of thing. Whereas you're seeing spending throughout the year. So would love your take, especially given Palo Alto's platform and how compelling that is. Nikesh Arora I think, Rob, look, the thing about administration changes is you got a whole new cast of characters, this has happened in the last few months. And as you've seen, we just had confirmation with some of the various leaders in the cybersecurity sort of forefront in the last few months. They're putting their plans together, they're doing -- sort of sorting out their ideas, they were in crisis mode as soon as they came in because of all the hacks that were going on. But they want to do the right thing in terms of putting the right infrastructure in place. There is the September quarter, as you know, where the Federal government sort of exhaust their budgets and starts to a fresh new year. I think the trend is our friend. I think they're going to get more consequent about how to protect not just Federal agencies, but critical infrastructure around the country as well as what happens to the state and the local perspective. But I think like sort of going back to my notion of it's going to take time for them to get their plans together, rearchitect what they want to do. And the good news is there's tremendous amount of awareness and intent in them wanting to get the right thing done, both at the nation state level as well as across the various agencies in the US government. Rob Owens And if I look back to yesterday and the three areas that you laid out relative to the network security opportunity, which Palo Alto has been a leader in the firewall market, cloud security, as you pointed out, you were very early to make acquisitions with Twistlock, RedLock Evidence, really a leader, and then we've got Cortex. And I think you were one of the first to actually coin the term, if not the first, XDR and how you were focused on information gathering. But it's obviously a highly noisy category. You've got the endpoint guys making noise. You have the SIM guys kind of fighting it out. So I would love to understand Palo Alto's position here and where you really think the long term opportunity is? Nikesh Arora Look, the proof of the pudding is in its eating. And we showcased yesterday at the Analyst Day that we were able to deploy XDR and our technologies and get ourselves to a very few relevant security events and be able to remediate that in -- some in seconds and some in minutes. Now if you abstract that's what is needed, right? You want an attack to be stopped mid-flight, you want an attack to be remediated or figured out within minutes not within days, which is the current standard is many days. Now as customers are getting more and more aware of this need for autonomous detection, autonomous remediation, you begin to see then think about how to get to that outcome. Getting that outcome is not as simple as deploying Cortex in their sort, it also requires them to go back and rethink their cybersecurity architecture, which is what people are going through as we speak. So I think the long term prognosis for the whole SoC and the operation of SoC is a combination of agents that collect data from enterprise, aggregate that data in some normalized fashion and then remediate using that data, using auto analytics or AI and ML. And what we shared with you yesterday was a building block of such a strategy. XDR acts both as an agent and as a demystifier of a lot of the alerts and reducer of all the noise. It drives more signal, XSOAR acts as an automation mechanism, which takes a lot of those signals and figures out what can be automatically remediated by having integrations with over 700 vendors around the industry where there are 750 autonomous playbooks that can be deployed by our customers. And Xpanse allows you to take a look at it from an external hacker perspective or bad actor perspective and say, how would I cross correlate that data and see what they see, so I'm making sure that anything that is visible from the outside has been blocked and can be remediated. So we shared the building blocks. I think you'll see more and more integration across those elements. I think you'll see more and more automation and normalization of data in that space. And yes, you're right, it's a big price and a lot of people who are legacy players in that space are looking at the price. Some of the newer endpoint folks are also looking at it from a price perspective. The question is who gets there at scale and there was a lot of pump and celebration. And hopefully, we'll get there. Rob Owens And within some of your cloud portfolio and the cash, you have had companies that have been more DevOps centric and DevOps focused, and I think you've done a good job productizing those capabilities, but the whole notion of shift left. I know you made the Bridgecrew acquisition recently. But where do you think Palo will play relative to the shift left opportunity longer term and how far left do you think you might go? Nikesh Arora Well, we're more left than we were now, which is a good start but I think -- for those of you who haven't spent much time on this topic. But look, the whole notion of cloud security is protecting the applications written by the enterprise folks and port it to the cloud or shift to cloud. Now the problem is that the traditional tools say, okay, great, you're submitting an application to production let me tell you where your mistakes are and go fix them. And developers don't like that. They don't only like to be told that go fix your code after having submitted it for production. So effective what Bridgecrew does is it allows the developers to assess their code while they're writing it to tell them if there are any security flaws in that code. And if there are, it recommends that they fix them. And then they catalog that and make sure that it's available as they migrate to Prisma Cloud. We are deep in the process of integrating Bridgecrew with Prisma Cloud, which means Bridgecrew will be able to assess what the production teams are going to assess you against once your product gets there, once your code gets there, which is I think hugely important because what it does is it gives you validation as a developer very early in a development process that are you building a secure piece of code or secure application or not. And I think that's going to be huge, I think that will become the norm. I mean, honestly, like there's no reason to tell me after the fact that I screwed up, tell me while I'm screwing up so I can do something about it. And I think that's kind of the notion of shift how far left can you go. Now there's a bizarre notion that there's lot of open source capability out there, because at the end of the day, if you're shifting left, you want to make sure that it's integrated in some side of enterprise solution, which is going to be security grade, if you will. So that's our aspiration with Bridgecrew and Prisma Cloud. And we're seeing phenomenal amount of early interest from many of our customers, many of the Bridgecrew customers, many of Prisma Cloud customers. So I think it'll be the next best shift of cloud security, but we're well prepared for. There are players out there who are very left, don't have security. There are players who have some security, not all the security we offer and no left. So hopefully, we can balance the tools of having the left part and the right part. Rob Owens Sure. Do you need to develop a new channel to get to developers, or the companies you've bought expanded organically effectively? You've got some great technologies. But do you have to more formalize it? And then those companies that you have bought to ask the kind of converse question, have you been able to put them through more of the traditional security channels as they've grown and matured like the Twistlocks? Nikesh Arora Yes. So the enterprise security product, Prisma Cloud, has actually worked really well from the traditional channel perspective and also the CSP perspective, to be honest. I mean, at the end of the day, we can't sell security if you're not a customer of one of the public cloud providers. So we have to partner with them to make sure our products work as an integral part as well as partner with them to go to work with their customers. So that's kind of working from that perspective. Yes, Bridgecrew presents a different opportunity. It's a very developer centric opportunity, which requires more developer evangelical skill, which our teams are busy adopting and many of the Bridgecrew folks had those skills as they walk in. So you're right, it does require getting the excitement and enthusiasm on the developer front. And Bridgecrews had north of 2 million to 4 million downloads of their tool, which is what is kind of how the adoption works and developers as it relates to a code source checking or source code checking tool and what check off is which Bridgecrews has. Rob Owens And we only have a few minutes left, but I would love to understand your strength in core firewall. And there's -- those of us initially that thought of this as a razor, razor blade game and you did a lot to convince us we were wrong and really grew the portfolio outside of just the basic firewall sale. Now your product revenue is spiking relative to, I think, where we thought it was probably even more you thought of... Nikesh Arora They should grow the spiking... Rob Owens Yes, but -- versus being flat to down. What is going on in this? And at the same time, you're actually seeing mix shift software, which you showed on the slides yesterday. So what is going on in this market and why is Palo Alto participating, and why is there confidence that this is a multiyear trend? Nikesh Arora Well, it's a great question. Look products slowed down prepandemic a little bit. I think a lot of the focus -- the product that's sold in the pandemic was mostly people expanding capacity for remote use case. And also because a lot of people were not sure when they're going back to the office to their data centers to deploy some of this stuff, they kind of sweated the assets a little longer than we expected. And that's sweating the asset now, we have great products so you can sweat the asset a little more, they figured out. But they've come to a point where the capacity increases haven't stopped. They need to go refresh some of their hardware. We're beginning to see that cycle again. But we have, obviously, that's one part of it. The other part is we've deployed a lower end PA-400 firewall series, which we -- it was a market we never really played in. This is a market which is primarily dominated by two other players in the industry from a market share perspective. So we figured we should we let them have a cake walk in that space, and we have a phenomenal product with superior price performance in that category. And couple that with the fact that we think this is going to take a little while before that trend of people wanting more capacity back goes away. It's going to take a while before the refresh goes away. So we feel comfortable for the next few years, you can sustain that mid single digit growth on product side. But obviously, that's to feed the hungry bears on the product front. I mean, again, our focus continues to be around making sure the integrated solution of software and hardware is presented to our customers, because we're seeing every customer is going to end up with some hardware, some virtual firewalls against public cloud and definitely SASE. So as long as you can be consistent across those three platforms, we track that those three coupled together should grow north of 20%. And as long as it keeps doing that, we think we're taking share in the firewall business onboard. Rob Owens Excellent. Well, Nikesh, congratulations on your success, and thank you for your time today. Nikesh Arora Thank you, Rob. Thank you for your support. Appreciate it. Rob Owens Yes. Sure. Thanks. Question-and-Answer Session
Scroll to Top