 The Cube presents Ignite22, brought to you by Palo Alto Networks. Good morning, live from the MGM Grand. It's The Cube at Palo Alto Networks Ignite 2022. Lisa Martin here with Dave Vellante. Day two, Dave of our coverage. Our last live day of the year, which I can't believe. Lots of good news coming out from Palo Alto Networks. We're going to sit down with its Chief Product Officer next and dissect all of that. Yeah, you know, oftentimes in events like this, day two is product day. And look, it's all about products and sales. I mean, that's the golden rule. Get the product right, get the sales right, and everything else will take care of itself. Let's talk product. Yeah, let's talk product. Lee Claridge joins us, the Chief Product Officer at Palo Alto Networks. Welcome, Lee. Great to have you. Thank you so much. So we didn't get to see your keynote yesterday, but we heard one of the things, you know, we've been talking about the threat landscape, the challenges. We had Unit 42, Wendy, on yesterday. We had Nikesh, on and near, talking about the massive challenges in the threat landscape. We understand, despite that, you are optimistic. I am. Talk about your optimism, given the massive challenges that every organization is facing today. Look, cybersecurity is hard. And often in cybersecurity in the industry, a lot of people get sort of really focused on what the threat actors are doing, why they're successful, we investigate breaches, and we think of, it just starts to feel somewhat overwhelming for a lot of folks. And I just happen to think a little bit differently. I look at it and I think it's actually a solvable problem. Talk about cyber resilience. How does Palo Alto Networks define that? And how does it help customers achieve that? Because that's the holy grail these days. Yes, look, the way I think about cyber resilience is basically in two pieces. One, it's all about how do we prevent the threat actors from actually being successful in the first place? Second, we also have to be prepared for what happens if they happen to find a way to get through and how do we make sure that if that happens, the blast radius is narrowly contained as possible. And so the way that we approach this is, I kind of think in terms of like threes, three core principles. Number one, we have to have amazing technology and we have to constantly be keeping up with and ideally ahead of what attackers are doing. That's a big part of my job as the chief product officer, right? Second is, one of the big transformations that's happened is the advent of AI and the opportunity as long as we can do it, a great job of collecting great data, we can drive AI machine learning models that can start to be used for our advantage as defenders and then further use that to drive automation. So we take the human out of the response as much as possible, what that allows us to do is actually to start using AI and automation to disrupt attackers as it's happening. The third piece then becomes natively integrating these capabilities into a platform. And when we do that, what it allows us to do is to make sure that we are consistently delivering cybersecurity everywhere that it needs to happen, that we don't have gaps. So great tech, AI and automation deliver natively integrated through platforms. This is how we achieve cyber resilience. So I like the positivity. In fact, Steven Schmidt, who's now the CSO of Amazon, you know, Steven, and who was the CSO at AWS at the time, the first reinforce, he stood up on stage and said, listen, there's narrative that's all gloom and doom is not the right approach. We actually are doing a good job and we have the capability. So I was like, yeah, you're okay, I'm down with that. Now, my question is around the portfolio. I was looking at some of your alternatives and options and the website, I mean, you got network security, cloud security, you got SASE, you got CNAP, you got endpoint, pretty much everything. You got CIDR security, which you just recently acquired for, you know, the whole shift left stuff. You know, nothing in there on identity yet. That's good, you partner for that. But so, could you describe how you think about the portfolio from a product standpoint, how you continue to evolve it and what's the direction? Yes, so the cybersecurity industry has long had this, I'm going to call it a major flaw. And the major flaw of the cybersecurity industry has been that every time there is a problem to be solved, there's another 10 or 20 startups that get funded to solve that problem. And so, pretty soon what you have, if you're a customer of this, is you have 50, 100, the record is over 400 different cybersecurity products that as a customer you're trying to operationalize. It's not a good record to have. No, it's not a good record, no. This is the opposite of yes. Have a good personal best. So the reason I start there in answering your question is the way that, so that's one end of the extreme. The other end of the extreme would be to say, is there such a thing as a single platform that does everything? No, there's not. That would be nice, that sounds nice, but the reality is that cybersecurity has to be much broader than any one single thing can do. And so the way that we approach this is three fundamental areas that we Pelt Networks are going to be the best at. One is network security. With the network security, this includes hardware and extra and firewalls, software and extra and firewalls, SASE, all the different security services that tie into that. All of that makes up our network security platform. So everything to do with network security is integrated in that one place. Second is around cloud security. The shift to the cloud is happening, it's very real. That's where Prisma Cloud takes center stage. CNAP is the industry acronym. If five letters thrown together can be called an acronym. So cloud-native application protection platform, right? So this is where we bring all of the different cloud security capabilities integrated together, delivered through one platform, and then security operations is the third. For us, this is Cortex, and this is where we bring together endpoint security, EDR, NDR, attack surface management, automation, all of this, and what we announced earlier this year is XIM, which is a Cortex product for actually integrating all of that together into one SOC transformation platform. So those are the three platforms, and that's how we deliver much, much, much greater levels of native integration capabilities, but in a logical way where we're not trying to overdo it. And CIDR will fit into two or three? Into Prisma Cloud, into the second. Into two, yeah, okay. It's part of the shift-left strategy of how we secure mixed applications in the cloud. When you're in customer conversations, you mentioned the record of 400 different products. That's crazy. Nikash was saying yesterday between 30 and 50, and we talked with him in near about what's realistic in terms of getting organizations to be able to consolidate. I'd love to understand what does cybersecurity transformation look like for the average organization that's running 30 to 50 point solutions? Okay, look, 30 to 50 is probably maybe normal. 100 is not unusual. Obviously 400 is the extreme example, but all of those numbers are too big, right? Now, I think realistic is high single digits, low double digits is probably somewhat realistic for most organizations, the most complex organizations that might go a bit above that if we're really doing a good job. That's what I think. Second, I do really want to point on the product guy, so maybe this is just my way of thinking, consolidation is an outcome of having more tightly and natively integrated capabilities. And the reason I flipped that around is if I just went to you and say, hey, would you like to consolidate? That just means maybe fewer vendors. That helps the procurement person have to negotiate with fewer companies. The integration is actually a technology statement. It's delivering better outcomes because we've designed multiple capabilities to work together natively ourselves as the developers so that the customer doesn't have to figure out how to do it. It just happens that by doing that, the customer gets all this wonderful technical benefit and then there's this outcome sitting there called, you've just consolidated your complexity. How specialized is the customer? I think of data pipelines, and I think of a data engineer, a data scientist, a data analyst, a hyper-specialized roles. If, let's say I have 30 or 40 and one of them is an SD-WAN security product, oh yeah, I'm best to breed an SD-WAN, okay, great. Palo Alto comes in, you pointed out, I'm going to help you with your procurement side. Are there hyper-specialized individuals that are aligned to that? And how, that's kind of part A, and B, assuming that's the case, how does that integration carry through to the business case? So obviously there are specializations, this is, and cybersecurity is really important, and so this is why there's this tendency in the past to head toward, well, I have this problem, so who's the best at solving this one problem? And if you only had one problem to solve, you would go find the specialist. The challenge becomes, well, what do you have 100 problems to solve? Is the right answer 100 specialized solutions for your 100 problems? And what I think is missing in this approach is understanding that almost every problem that needs to be solved is interconnected with other problems to be solved. It's that interconnectedness of the problems where all of a sudden, so you mentioned SD-WAN. Okay, great, I have SD-WAN, I need it. Well, what are you connecting SD-WAN to? Well, ideally, our view is you would connect SD-WAN and branch to the cloud. Well, what do you run in the cloud? Well, in our case, we can take our SD-WAN, connected to Prisma Access, which is our cloud security solution, and we can natively integrate those two things together, such that when you use them together, way easier, right? All of a sudden, we took what seemed like two separate problems, we said, no, actually these problems are related, and we can deliver a solution where those things are actually brought together. And that's just one simple example, but you could extend that across a lot of these other areas, and so that's the difference, and that's how the mindset shift that is happening, and I was going to say needs to happen, but it's starting to happen. I'm talking to customers where they're telling me this as opposed to me telling them. So when you walk around the floor here, there's a visual, it's called a day in the life of a fuel member, and basically what it has, it's got like, I don't know, six or seven different roles or personas. You know, one is management, one is a network engineer, one's a coder, and it gives you an X and an O, and it says, okay, put the X on things that you spend your time doing, put the O on things that you want to spend your time doing, across all different sort of activities that a SecOps pro would do. There's X's and O's in every one of them, you know, to your point. There's so much overlap going on. It was really difficult to discern, you know, any kind of consistent pattern because it, unlike the hyper-specialization and data pipelines that I just described, it's not, there's way more overlap between those specialization roles. And there's a second challenge that I've observed and that we are, we've been trying to solve this, and now I'd say we've become, started to become a lot more purposeful in trying to solve this, which is, I believe cybersecurity, in order for cybersecurity vendors to become partners, we actually have to start to become more opinionated. We actually have to start- You guys are pretty opinionated. Yes, but the industry, yes, we're opinionated, we build these products that have all our opinions built into it and we sell the product and then what happens? Customer says, great, thank you for the product. I'm going to deploy however I want to, which is fine. Obviously it's their choice at the end of the day, but we actually should start to exert an opinion to say, well, here's what we would recommend. Here's why we would recommend that. Here's how we envisioned it, providing the most value to you. And actually starting to build that into the products themselves so that they start to guide the customer toward these outcomes as opposed to just saying, here's a product, good luck. What's the customer life cycle, not life cycle, but really kind of that collaboration-like? It's one thing to have products that you're saying that have opinions to be able to inform customers how to deploy, how to use, but where is their feedback in this cycle of product development? Oh, look, this is my life. I mean, this is why I'm here. This is all day long, I'm meeting with customers and I share what we're doing, but it's a 50-50. I'm half the time, I'm listening as well to understand what they're trying to do, what they're trying to accomplish and what they need us to do better in order to help them solve their problems. And so my entire organization is oriented around not just telling customers, here's what we did, but listening and understanding and bringing that feedback in and constantly making the products better. That's the main way in which we do this. Now, there's a second way, which is we also allow our products to be customized. I can say, here's our best practice as we see it, but then allowing our customer to customize that and tailor it to their environment because there are going to be uniquenesses for different customers in particularly more complex environments. Explain why firewalls won't go away from your perspective. The cash actually did a great job of explaining this yesterday, and although he gave me credit for it, so this is like a circular kind of reference here, but if you think about the firewalls slightly more abstract, and you basically say, an XGen firewall's job is to inspect every connection in order to make sure the connection should be allowed and then if it is allowed, to make sure that it's secure. Which, that is the definition of an XGen firewall by the way. Exactly what I just said. Now, what you noticed is, I didn't describe it as a hardware device. It can be delivered in hardware because there are environments where you need super high throughput, low latency. Guess what? Hardware is the best way of delivering that functionality. There's other use cases, cloud, where you can't ship hardware to a cloud provider and say, can you install this hardware in front of my cloud? No, no, no. You deploy it in software. So you take that same functionality when instantiating in software. Then you have other use cases, branch offices, remote workforce, et cetera, where you say, actually, I just want to deliver it from the cloud. This is what SASE is. So when I look at and say the firewall is not going away, what I see is the functionality needed is not only not going away, it's actually expanding. But how we deliver it is going to be across these three form factors and then the customer is going to decide how they need to intermix these form factors for their environment. We put forth this notion of super cloud a while, about a year ago. And the idea being you're going to leverage the hyperscale infrastructure and you're going to solve a common problem across clouds and even on-prem super cloud, above the cloud, not Superman, but Supra as in Latin. But it turned it to this sort of superlative, which is fun. But my question to you is, is Palo Alto essentially building a common cross cloud, on-prem, presumably out to the edge, consistent experience that we would call a super cloud? Yeah, I don't know that we've ever used the term super cloud to describe it. Oh, you don't have to. But yes, basically you describe it, absolutely. And it has three main benefits that I describe to customers all the time. The first is the end user experience. So imagine your employee and you might work from the office, you might work from home, you might work from traveling and hotels and conferences. And by the way, in one day you might actually work from all of those places. So the first part is the end user experience becomes way better when it doesn't matter where they're working from, they always get the same experience. Huge benefit from productivity perspective. Second benefit, security operations. You think about the people who are actually administering these policies and analyzing the security events. Imagine how much better it is for them when it's all common and consistent across everywhere that has to happen, cloud, on-prem, branch, remote workforce, et cetera. So there's a operational benefit that is super valuable. Third, security benefit. Imagine if in this platform-based approach, if we come out with some new amazing innovation that is able to detect and block new types of attacks, guess what? We can deliver that across hardware, software, and SASE uniformly and keep it all up to date. So from a security perspective, way better than trying to figure out, okay, there's some new technology, does my hardware provider have that technology or not? Does my software provide, so it's bringing that in. From a developer perspective, is there a PAS layer, forgive me, super PAS, that allows the developers to have a common experience across irrespective of physical location with the explicit purpose of serving the objective of your platform? So normally when I think of the context of developers, I'm thinking of the context of the people who are building the applications that are being deployed. And those applications may be deployed in a data center, increasing the data centers depending on private clouds, might be deployed into public cloud, it might even be hybrid in nature. And so if you think about what the developer wants, the developer actually wants to not have to think about security, quite frankly. They want to think about how do I develop the functionality I need as quickly as possible with the highest quality possible? But they are being forced to think about it more and more. Well, anyway, I didn't mean to interrupt. No, it's a great point. What we're trying to do is we're trying to enable our security capabilities to work in a way that actually enables what the developer wants, that actually allows them to develop faster, that actually allows them to focus on the things they want to focus. And the way we do that is by actually surfacing the security information that they need to know in the tools that they use, as opposed to trying to bring them to our tools. So you think about, so our customer is a security customer, yet in the application development lifecycle, the developer is often the user. So we're providing a solution to security and then we're enabling them to surface it in the developer tools. And by doing this, we actually make life easier for the developer such that they're not actually thinking about security so much as they're just saying, oh, I pulled down the wrong open source package. It's outdated, it has vulnerabilities. I was notified the second I did it and I was told which one I should pull down, so I pulled down the right one. Now, if you're a developer, do you think that's security getting your way? Not at all. If you're a developer, you're thinking, thank God, so much, thank you. You told me at a point where it was easy as opposed to waiting a week or two and then telling me where it's going to be really hard to fix it. So maybe be talking to Terraform or some other HashiCorp environment. I got it, okay. Absolutely. 30 seconds, we're almost out of time, but I'd love to get your snapshot. Here we are at the end of calendar 2022. What are you, we know you're optimistic in this threat landscape, which we're going to see obviously more dynamics next year. What kind of nuggets can you drop about what we might hear and see in 23? You're going to see across everything we do a lot more focus on the use of AI and machine learning to drive automated outcomes for our customers. And you're going to see us across everything we do. And that's going to be the big transformation. It'll be a multi-year transformation, but you're going to see significant progress in the next 12 months. All right, we'll keep up. What will be the sign of that progress? If I had to make a prediction, which I'm kind of prepared for. Better security with less effort. Okay, great. I feel like that's a mic drop. We can measure that. I feel like that's a mic drop moment. Lee, it's been great having you on the program. Thank you for walking us through such great detail, what's going on in the organization, what you're doing for customers, how you're meeting the developers where they are. We'll have to have you back because there's just too much to unpack. Thank you both so much. Our pleasure. For Lee Claridge and Dave Vellante, I'm Lisa Martin. You're watching theCUBE live from Palo Alto Networks a night 22. The theCUBE, the leader in live emerging and enterprise tech coverage.