 Welcome back to Moscone Center, Dave Vellante with John Furrier here. Day three, it's hump day, RSA 2023. Lee Claritch is here, he's the Chief Product Officer of Palo Alto Networks. Lee, good to see you. Wonderful to see you. Okay, every year we spend more on cyber, yet we feel less safe. Why are you an optimist? You know, so there's a fundamental difference in the cyber security space than in most other industries. It is one of the most fragmented markets out there and the net result of that is every company keeps buying more and more and more standalone point products and finding them, so which results in the spending more money part, but the net result of that is not better security. And so for the first time, we've finally reached a point where there are real platforms emerging that are best in class in the capabilities, but the capabilities are delivered natively integrated. And that is changing the game on security outcomes for the cost that goes into them. Can you explain that real quick? I think it's a really nuanced point. Platforms versus tools, it's a concept in the tech industry when it kind of talks about inside the ropes, but as customers have sprawled their way to a bunch of tools, I mean they have this like environment where they're just throwing everything at the problems they have, at the problems they're coming in. As you get more unification, what does that platform look like? Cause you can't have 10 platforms, or maybe you can, but how do you see that evolving from a customer standpoint? Because if I'm a CISO, I got to reign in the chaos and I have to have an offense and defensive plan. What's the platform look like? Let's start with some sort of just basics, right? So it is not uncommon for a company to have 100, 150, even 200 different technologies, tools, products in their environment. And they're trying to figure out how to operate all this stuff. They're trying to figure out how to deploy it, how to integrate it, how to make sure it's configured correctly, understand the alerts, prioritize that, follow up on it. All of us, imagine doing this across 200 different technologies that were not designed to work together. Versus, it doesn't have to be 200 going to one. I don't think that's, it's not going to be quite that ratio. But imagine if you could take 50 of those things and deliver all of them in a single platform, or think of it as a single solution, where all those different capabilities are natively designed to work together. So that out of the box, everything is correlated. It's configured in one place. The, everything is being prioritized in one place. Just for that portion, game changer. So, so now you do that a few times in, most likely the outcome is building around a few key platforms. And there will still be some sort of these, these are called more corner case niche technologies that fill in the gaps. That versus today's state is a world of difference in terms of outcomes. And it's a world of difference relative to how much money goes into a solution. So the scenario is phases. 200 might go down to 150, then 150 maybe goes to 100. And it might take 10 years, but you'll start to begin to. You can't take 10 years though. Okay. I won't be an optimist if it takes 10 years. Okay, great. So, so you, okay. Here's my question. You put up the slides. Security is solvable. Yes. Okay. And got it. That was, I think shock some people. Is it solvable without getting rid of stuff? I think, no, it's not. You got to get rid of stuff, which we never get rid of stuff in IT, but you're helping. So if it's not 10 years, what's the realistic timeframe for customers that's doable? Obviously it depends on where they're starting from. We have customers that are on this journey very well on this journey already. And so what is left for them is going to be different than someone who's just trying to figure this out now. But, and I'll, sorry, just one point. It's not a question of getting rid of stuff. It's about whether or not we can replace these point solutions with natively integrated capabilities. So, well said. You need the capability is just how you consume and use the capability as changing. It's it, but you got to retire some of those point tools. Oh, absolutely. That's what I mean by changing. The absolute number has to absolutely decline. So, what we're doing is we're basically taking our customers on this journey in network security. So, next-gen firewalls, software next-gen firewalls, SASE being able to deliver all of that with an integrated set of capability so that a customer can accomplish zero trust across their entire enterprise. In doing that, and that can be done in a, depending on the size and complexity of organization, that journey can be done in the course of, you know, anywhere from say one to three years. Okay? Now, cloud security is going to be a similar journey, but it's going to be different starting point typically. A lot of people are starting with just trying to get visibility in the cloud and then they're going to go on this journey of how they take that shift left into the dev and dev ops environments and then also add in the runtime protections. That also is a journey that can be done in one to three years. And then the same thing is happening in the SOC with SOC transformations driven through data, AI, automation, and again, we have customers are going this journey one to three years. And so we break this into those three sort of spaces and they can be done in parallel. And that's one to three years for a reasonably complex environment, right? Yeah, fair, I think so. You have the hardest job, I think. It wouldn't be the most fun job. You have the chief product, you have the keys to the kingdom. You got engineering, you got customers, you got to put the roadmaps together. I mean, those are structural things. You're talking about cloud is different than, say some of the on-premise activity, then you got network security. That's just a lot of huge structural underpinnings that are happening. What does native integration mean? And it implies developers. So as developers are building now apps on top of a platform, that's the new enablement equation. So as a product leader, how do you prioritize? How do you look at that? And you got, you know, change the airplane engine out of 30,000 feet at the same time, try to innovate something game changing on an enablement side on the platform for the customer. What's the product thinking? How do you operate that? Just take us through your mindset on, you look at that, because customers want faster, but they don't want to unplug anything. They want to still defend and do their things. So the first thing we did is when we started to execute this sort of broader strategy about, say five, six years ago, was we looked at it in these three spaces. Network security is a huge space in and of itself. And so I have an organization in network security that focuses on that. So everything involved in delivering world-class, network security as a platform is one organization for me. Same thing with cloud, same thing with security operations. Now, there's connective tissue across these three different platforms, but what this allows us to do is to break the problem up into logical pieces that make sense where the integration produces significantly better results than it otherwise would be as point products. So that's the first thing. What do you think we're going to do in the world with? So think of network security. Network security needs to be done in hardware because there's large campus environments, data center environments. It needs to be done in software form factors for private cloud, public cloud environments. It needs to be done in SASE, so cloud delivered for remote users and branch offices. So for us, that's hardware, software, SASE form factors. Now, when we come out with a new security service, so a few years ago, we came out with DNS security. We came out with a cloud-based service that plugged into each of these form factors natively. So if you're a customer of one or all of these things, and we just released DNS security, you click a couple of buttons, all of a sudden you're doing DNS security across your entire enterprise. Versus, if you do this as a point product, what you have to do is you have to look at like, okay, I need to roll this out everywhere separately. It's new infrastructures, new architectures, new everything. That might be a 12 month project just to add one capability versus... I really wanted to get that out because that's the platform, that's the benefit of the platform. I can do it over here, I can do it everywhere. How that plugs into on top of. Yes, now we take telemetry, we're learning from providing DNS security, and now we can start to inform how we detect new malware, how we detect new phishing sites, and vice versa, detecting new malware can inform our DNS security and make that smarter. So now we start to get integration benefit across the different security services. Are the core principles the same across those sort of three platforms, or are there sort of significant nuances or differences? Like take cloud for example. A lot of the core principles are the same. How we do it is very different. How you do security in public cloud infrastructure is very, like there's some fundamental differences between enterprise, but a lot of the principles are actually the same. For example, the reason there's so many point products in cyber security is because security is so important. Like people are not buying. And it's lucrative if you're a startup. You can come out with a product and make some money and sell it. Yeah, you know, but think from a customer perspective. From a customer perspective, cyber security is super important. They want to have the best. So they go out and they look for the best. So the first principle is everything we do has to be best in class on its own. Then we integrate it and deliver it from a platform which makes it way easier. It makes it to operationalize. It allows us to start to get cross capability benefits like I was mentioning before. And so that starts, so the principle there is we need to be best in class at everything we do and then deliver incremental or value through the platform approach. So we have to focus on integration layer at the same time. Is that what you mean by native integration? Yes. But it's hard to be. I mean, the industry suggests it's really hard to be best in class and sort of integrated as a platform. Hasn't happened before. It has not. Right. I mean, IBM hasn't done it. I would argue Oracle hasn't done it. None of the other big, you know, I mean, Dell now, a hundred billion dollar company hasn't done it. Yeah, okay. But security, nobody's done it. Not even, I don't even think anybody's tried until now people are talking about it. But so what gives you confidence that that's doable that you can be both best of breed and have that platform approach? So five years ago, if you asked me that question, I would have had to just answer wait and see. We got our best work out of it. We're going to find out. We're now five years into the strategy. We've now shown that we can build a world class SASE solution as an extension of our network security capabilities. We've now shown that we can put together a set of best in class capabilities that are delivered in an integrated platform with Prisma Cloud for cloud security. We've now shown in security operations in Cortex with XIM that we can put together a best in class set of capabilities delivered as a platform. So we've now shown it. Now, we're not at the ninth inning and use the baseball analogy, but we're no longer in the first inning on proving that this is possible. And we've done it by making sure that we put innovation first. We have to lead with innovation. We have to make sure our customers are successful, as opposed to leading with Go To Market, which is often how platform companies think about it is that we'll do some stuff and then our Go To Market machine will find a way to sell it. So, I mean, the industry's rife with over-promising. You were pretty confident that you're not, I mean, I don't know you that well, but I've met you a few times and you seem like a pretty credible individual, but you know what I'm saying about the industry's over-promising? I understand. You're standing by your promise, your brand promise to your customers that this outcome that you're envisioning is something that you're going to achieve for your customers. I'm not saying it's easy. No, I'm not saying it's easy. I'm saying it's doable. It's whole, it's doable. I have a question on the industry because we talk about a lot about IT transformation. Companies have IT departments. Security is actually the number one focus in everything we do. We talk about, but security is now such a big thing. Has it gotten to the point where people are now realizing that it's not just IT and security and developers, it's all kind of one thing and because when you talk about platforms, the way you're talking about it, that's not like just a security thing. That is like a bigger thing. Like you're taking a little bit more of a, like, hey, because every company is either out of business if they're not hacked, they could be out of business. It's a huge downside with the security vulnerabilities. This is now a company structural thing. It's not, in fact, IT might even be subordinate to this because it's under the table. It's been abstracted down in the plug. Yeah, I understand what you're saying. Look, the network security has always been a joint partnership between security teams and networking teams. Like cloud security people are finally realizing that it's going to be a joint ownership between a cloud security team and the development and DevOps teams, right? So the, and so that's sort of, like what I'm describing is sort of the security teams and the IT teams, if you will, or development teams, they're now approaching these problems as partners and figuring out how do we solve these together? I'll give you an example in cloud security. If you only, if you wait until an application is, you know, in runtime, in production use, to try to do security, you will eventually fail. Because you'll have too many alerts, you'll have too many issues, and trying to fix them at that point and going back to the developers that developed the application say you have to go fix all of these things that are wrong. They're going to say I don't have time to do it now and I don't want to break an application that's running the business. Which is why security, cloud security teams are now working with Dev and DevOps teams and saying we actually have to do these security checks in the build process, in the coding process and provide real time feedback to the developers so we fix it before it's running in production. This is what we call shift left. This is a big deal when we get it right. And when customers get this right, it's amazing. Developers love it. This is not like, develop. Everyone's afraid that it's going to be hard for those. Developers love it when you integrate this feedback into their tools at the right time when it's easy for them to make the check. At the point of coding, they love it. They don't have to come, their job's done. They don't have to do it over. At the point of coding. But this is what I'm saying. I mean, look at the, I love how you bring the network security into this. This is such a critical piece. Cloud and on-premise and edge now are going to be the distributed computing paradigm. We all know what that is. People in the industry. That operational construct is, can't be cloud versus this. It's all network at the same day. You get at the same network security position as you got in the cloud, but they're different environments. But they still got to work together. Packets move from point A to point B all the time. And applications are going to be built on top of it. So I just think this whole idea of a platform versus tool is a huge important conversation because that is now the substrate of how things will be run. And if you've left the developers, then they're coding all day long. Yes, and then on top of that, we have to be able to understand the experience that is being delivered to the user that ultimately is actually using all of these applications and networks and things like that and actually be able to measure that and automatically respond to and heal issues that that user has seen. Okay, so the customer, take me through the example of customer. Now how are they reacting? So I can see a customer saying, finally, can someone do this? Or are they scratching their heads or they need a little training or they either pull them through? What's the customer experience? Are they skeptical at first? Let's see, what's the motion like? Are they more like, please? From to this? For many years, this was a hard sell. Over the last couple of years, I've seen a transition where, instead of me trying to explain to a customer, hey, this is what I think we should be doing, I'm having more and more conversations where the customer is starting the conversation by saying what we've been doing in the past is no longer working. We need, we're here to ask you, talk to you about how you think about the ability for us to move on to a more platform-based approach. So the mindset has shifted and one of the big drivers for this is the accelerated move to the cloud, the accelerated move to hybrid work via COVID remote work has triggered this change because it used to be that everything, you could kind of bring everything back to some central points and you could kind of say like, I'm just going to bring you back to my days now, I'm just going to bring you back to my campus, I'm just going to bring everything back and I'm going to do all this stuff in this one place. Well, all of a sudden you have to do this everywhere and you can't, and I can't do 100 things everywhere. I need, I need, I'm going to have to have a solution that's much more integrated in order to be able to do this. Yeah, I think it's a brilliant strategy. I think, and also having the point solution be natively great on its own with the ability to plug into the platform is going to pull the platform up when you can. I'd love to get your thoughts, Dave, we've been chatting a lot about cloud native security and a lot of our open source conferences we go to, which brings up the conversation of, I got cloud networking and I got other networking, you know, routes and whatnot, it's network strategy, you know, it's super important. As those come together and become hardened in the platform, what's your vision on that piece? Because what that will say is, I don't, the packets and security and network security has to be completely locked down in any environment and they're not always aligned right now from what we've been reporting and it's getting better. The customers want to have their network teams in line with the cloud networking. So it's in multiple clouds, invisible standard. What's your vision on this? So sort of yes to both, you're sort of saying either or, but I'm going to say yes. So the network teams are still the sort of the experts on how networking works. How networking works in the enterprise space is different than how networking works in the cloud. It doesn't mean that it goes away in the glass, it's different. So what we have to do in doing network security is we have to adapt our products to be able to understand these different environments and integrate seamlessly into these different environments. I'll give you an example, we've over the last about year and a half or so, we've been rolling out what we call cloud NGFWs. So what these are are software based next gen firewalls that are designed as a service in the cloud. So they're designed to basically be part of the cloud network as opposed to set on top of the cloud network. So this is an example, now they have all the same security capabilities, but how it integrates into the environment has been adapted for that environment to be easier for the customer. So this is how we think about adapting what we do. It's a networking layer across environments basically. You're building natively into the platform. Now how that does networking and how we do networking in the data center is different, but the security capabilities that sit on top are the same. That's the important. Versus different on different environments, connecting. Versus having different security in different environments. Because now you have the security, he's going, wait, wait, wait. How do I do this? Well, speaking of different environments, you mentioned Sassie before. What's the state of Sassie? I mean, is it working as intended? Yes. Yes and yes. Oh, that was easy. Yes and no. Look, the concept of Sassie is incredible, right? It's leveraging the cloud to deliver security to any user, any branch office, anywhere in the world to create a sort of direct to app type architecture because more and more applications are on the cloud too. So instead of back calling traffic to a data center, you create this architecture that's like really amazing. And on top of it, because we're leveraging cloud, we get the benefit of cloud scale. Massive scale. One of the key things I mentioned yesterday about why I'm optimistic is the benefit of cloud scale and machine scale to do things that otherwise would have been manual is incredible, right? So that's why, you know, how I think of Sassie wise, so incredible. Now, as we do that, similar to what we're just talking about, we can deliver the same security capabilities. We can deliver the same security policies. We can deliver the same user experience, regardless of where they're located, which when you think about hybrid cloud, you might be working from anywhere on any day and you want the same experience. You want to be productive as an employee regardless of where you are. We are able to uniquely do that. And so that network security platform that goes across these different form factors is what enables us to deliver that. And that is what is resonating with our customers. When they start to then say, okay, I have to do all of this by the way, I need to do zero trust and zero trust is an enterprise wide concept, not just a use case based concept. Now all of a sudden they go, how am I going to do that? Well, you do it by having a consistent platform everywhere. It's so funny, Dave, we always talk on theCUBE. We got to replatform and refactor. This is like just platform. Yes, just platform, right? Just platform your security, because there's no replat, you can't, there's no platform to replatform. That's right. So it's essentially establishing a new platform. We love the positivity. You know, it's always a great guess. Thanks so much for coming on theCUBE. Thank you. All right, you're welcome. All right, Dave Vellante for John Furrier. In theCUBE, we're here live at RSA 2023. Keynotes are breaking out. Everybody's going to be heading to lunch soon. We'll be back. Back to this short break, Zia's Caravella.