 TheCube presents Ignite 22, brought to you by Palo Alto Networks. Good morning, everyone. Welcome to TheCube. Lisa Martin here with Dave Vellante. We are live at Palo Alto Networks Ignite. This is the 10th annual Ignite. There's about 3,000 people here excited to really see where this powerhouse organization is taking security. Dave, it's great to be here. Our first time covering Ignite, people are ready to be back and security is top. It's a board-level conversation. It is. The other Ignite, I like to call it, because of course there's another big company that has a conference named Ignite. So I'm really excited to be here. Palo Alto Networks is a company we've covered for a number of years as we just wrote in our recent breaking analysis. We've called them the gold standard, but it's not just our opinion. We've backed it up with data. The company's on track. We think to do close to $7 billion in revenue by 2023. That's a double, it's 2020 revenue. You can measure it with execution, market cap, M&A prowess. So I'm super excited to have the CEO here. We have the CEO here. Nikesh Aurora joins us from Palo Alto Networks. Nikesh, great to have you on the Cube. Thank you for joining us. Well, thank you very much for having me, Lisa and Dave. It was great to see your keynote this morning. You said that fundamentally, security is a data problem. Well, these days, every company has to be a data company. Grocery stores, gas stations, car dealers. How is Palo Alto Networks making customers, these data companies, more secure? Well, Lisa, I've only done cybersecurity for about four, four and a half years. When I came to the industry, I was amazed to see how security is so reactive as opposed to proactive. We should be able to stop bad threats right as they're happening. But I think a lot of threats get through because we don't have the right infrastructure and the right tooling and right products in there. So I think we've been working hard for the last four and a half years to turn it around so we can have consistent data flow across an enterprise and then mine that data for threats and anomalous behavior and try and protect our customers. You know, the problem I wrote this weekend, the problem in cybersecurity is well understood. You put up that octave graph and it's like 8,000 companies. And I think you mentioned your keynote on average, you know, 30 to 40 tools, maybe 50, at least 20. Yes. From the folks that I talked to. So, okay, great. But actually solving that problem is not trivial. To be a consolidator, I mean, everybody wants to consolidate tools. So in your three to four years in security, as you well know, it's, you can't fake security. It's a really, really challenging topic. So when you joined Palo Alto Networks and you heard that strategy, I know you guys have been thinking about this for some time, what did you see as the challenges to actually executing on that and how is it that you've been able to sort of get through that noddle? So Dave, you know, it's interesting. If you look at the history of cybersecurity, I call them the flavor of the decade. A new threat vector gets created, very large market gets created, a solution comes through, people flock, you get four or five companies with chase that opportunity, and then they become leaders in that space, whether it's firewalls or endpoints or identity, and then people stick to their swim lane. The problem is, that's a very product-centric approach to security. It's not a customer-centric approach. The customer wants a more secure enterprise. They don't want to solve 20 different problems with 20 different point solutions, but that's kind of how the industry has grown up, and it's been impossible for a large security company in one category to actually have a substantive presence in the next category. Now what we've been able to do in the last four and a half years is from our firewall base, we had resources, we had intellectual capability from a security perspective, and we had cash. So we used that to pay off our technical debt. We acquired a bunch of companies, we created capability. In the last three years, four years, we've created three incremental businesses which are all on track to hit a billion dollars in the next 12 to 18 months. Yeah, so it's interesting, on Twitter last night we had a little conversation about acquirers and who was a good, who was not so good. There was Oracle, they came up actually very high, they'd done pretty good. Javim, where was on the list? IBM, Cisco, ServiceNow. And if you look at IBM and Cisco's strategy, they tend to be very services heavy, right? How is it that you have been able to, you mentioned get rid of your technical debt, you invested in that, I wonder if you could, was it the cloud, even though a lot of the cloud was your own cloud, was that a difference in terms of your ability to integrate? Because so many companies have tried it in the past. Oracle I think has done a good job, but it took them 10 to 12 years to get there. What was the sort of secret sauce? Is it culture, or is it just great engineering? Thank you for that, I think, look, it's a mix of everything. First and foremost, there are certain categories we didn't play in, so there was nothing to integrate. We built a capability in a category, in automation, we didn't have a product, we acquired a company, it's a net new capability, an instant response, we didn't have a capability, it was net new capability. So there was other than integrating culturally and into the organization, into our go-to-market processes, there was no technical integration needed. Most of our technical integration was needed in our cloud platform, which we bought five or six companies, integrated them, we just bought one, recently called Cider Security as well, which is going to get integrated in the cloud platform. And the thing is like, the cloud platform is net new in the industry. We, nobody's created a cloud security platform yet. So we're working hard to create it because we don't want to replicate the mistakes of the past that have made an enterprise security in cloud security. So it's a combination of cultural integration, it's a combination of technical integration. The two things we do differently, I think, than most people in the industry is, look, we have no pride of, you know, of innovations. Like, if somebody else has done it, we respect it and we'll acquire it. But we always want to acquire number one or number two in their category. I don't want number three or four. They're three or four for a reason and there still is one or two out there to compete with. So we've always acquired one or two, one. And the second thing which is as important is, most of these companies are in the early stages of development. So it's very important for the founding team to be around. So we spend a lot of time making sure they stick around. We actually make our people work for them. My principle is listen, if they beat us in the open market with all our resources and our people, then they deserve to run this as opposed to us. So most of our new product categories are run by founders, the company's required. So a little bit of Jack Welch, a little bit of Frank Schlutman's is always deference to the founders, but go ahead, Lisa. Speaking of cultural transformation, you were mentioning in your keynote this morning, there's been a significant workforce transformation at Palo Alto Networks. Talk a little bit about that because that's a big challenge for many organizations to achieve. Sounds like you've done it pretty well. Well, you know, my old boss, Eric Schmidt, used to say revenue solves all known problems, which kind of is part joking, part true. But as Dave mentioned, we've doubled or two and a half times our revenues in the last four and a half years that allows you to grow, that allows you to increase headcount. So we've gone from four and a half thousand people to 14,000 people. Good news is that's 9,000 foreign people are net new to the company. So you can hire a whole new set of people who have new skills, new capabilities, and there's some attrition to four and a half thousand. Some part of that turns over in four and a half years. So we effectively have 80% net new people and the people we have who were there from before are amazing because they've built a phenomenal firewall business. So it's kind of in right size across the board. It's very hard to do this if you're not growing. So you got to focus on growing. It's like winning in sports. So speaking of firewalls, I got to ask you, do self-driving cars need brakes? So I've got to shout out to my friend, Zias Caravalla. It's like, that's his line about why you need firewalls. Right? And you mentioned it in your keynote today. He said, it's the number one question that you get. And I don't get it why industry observers don't go back and say, this is ridiculous. The network traffic is doubling or tripling. In fact, I gave an interesting example. We shut down our data center, as I said. We are all on Google Cloud and Amazon Cloud. And then our internal team comes in, we didn't want a bigger firewall. I'm like, why do you want a bigger firewall? We shut down our data centers as well. The traffic coming in and out of our campus is doubled. We need a bigger firewall. So you still need a firewall, even if you're in the cloud. So I want to come back to the M&A strategy. My question is, can you be both best of breed and develop a comprehensive suite? Number, part one and part one A of that is, do you even have to? Because generally, suites win out over best of breed. But how do you respond? Well, you know, this is this age old debate and people get trapped in that, I think, in my mind. And let me try and expand in the analogy, which I tried to do up in my keynote. Let's assume that Oracle, Microsoft Dynamics and Salesforce did not exist, okay? And you were running a large company of 50,000 people and your job was to manage the customer process, which is easier to understand than security. And I said, okay, guess what? I have a coding system and a lead system, but the lead system doesn't talk to my coding system. So I get leads, but I don't know who those customers and I write codes for a whole new set of customers and I have a customer database. Then when they come and purchase orders, I have a new database with all the customers who've bought something from me and then when I go get them licensing, I have a new database and when I go have customer support, I have a fifth database. And there are customers in all five databases, you'll see in the case you're crazy, you should have one customer database, otherwise you're never going to be able to make this work, but security is the same problem. I should, I need consistency in data from suit to nuts. If it's in cloud, if you're writing code, I need to understand the security flaws before they go into deployment, before they go into production. We somehow ridiculously have bought security like IT. Now the difference between IT and security is, IT is required to talk to each other. So a Dell server and HP server work very similarly, but a Palo Alto firewall and a checkpoint firewall, the Fortner firewall work finally differently. And then how that transitions into endpoints is a whole different ball game. So you need consistency in data, as Lisa was saying earlier, it's a data problem. You need consistency as you traverse through the enterprise, and that's why that's the number one need. Now, when you say best of breed, best of breed is fine if it's a specific problem that you're trying to solve. But if you're trying to make sure that the data flow that happens, you need both best of breed technology that stops things and need integration on data. So what we're trying to do is we're trying to give people best of breed solutions in the categories they want, because otherwise they won't buy us, but we're also trying to make sure we stitch the data. But that definition of best of breed is a little bit of nuance than different in security is what I'm hearing, because it's that consistency across products. What about across cloud? You mentioned Google and Amazon. Yeah, so that's a great question. Are you building the security super cloud, I call it, above the cloud? It's not, it's less so a super cloud, it's more like Switzerland. And I used to work at Google for 10 years, not a secret. And we used to set advertising, and we decided to go into display as we're publishing, right? Now we had no publishing platform, so we had to be good at everybody else's publishing platform. But we never were able to search after anybody else because we only focus on our own platform. So part of it is when the cloud guys, they're busy solving security for their cloud. Google is not doing anything about Amazon cloud or Microsoft cloud, Microsoft's Azure, right? AWS is not doing anything about Google cloud or Azure. So what we do is we don't have a cloud. Our job in providing cloud security is be Switzerland, make sure it works consistently across every cloud. Now, if you try to replicate what we offer in Prisma cloud by using AWS, Azure, and GCP, you'd have to first of all have three panes of glass for all three of them, but even within them they have four panes of glass for the capabilities we offer. So you could end up with 12 different interfaces to manage a development process. We give you one. Now you tell me which is better. Sounds like a super cloud to me at least. I don't know. I don't know. An Uber cloud. Yeah, there you go. Oh, I like that, Uber cloud. Well, so I want to understand, Nikesh, what's realistic? You mentioned in your keynote, Dave brought it up, that the average organization has 30 to 50 tool, security tools on their network. What is realistic from a consolidation perspective where Palo Alto can come in and say, let me make this consistent and simple for you? Well, I'll give you our own example, right? We're probably sub 10, substantively, right? There may be small things here and there we do, but on a substantive, protecting the enterprise perspective, you should be down to eight or 10 vendors, and that is not perfect, but it's a lot better than 50. Because don't forget, 50 tools means you have to have capability to understand what those 50 tools are doing. You have to have the capability to upgrade them on a constant basis, learn about their new capabilities, and I just can't imagine why customers have two sets of firewalls, right? Now you've got to learn both the files and how to deploy both of them. That's silly. Because that's why we need 7 million more people. We need people to understand all these tools who work for companies. If you had less tools, we need less people. Do you think, you know, I wrote about this as well, that the security industry is anomalous and that the leader has, you know, single digit, low single digit market shares. Do you think that you can change that? Well, you know, when I started, that was exactly the observation I had, David, you highlighted in your article. We were the largest by revenue by a small margin and we were one and a half percent of the industry. Now we're closer to three, three to four percent. Well still, like you said, going to be around 7 billion dollars. So I see a path for us to double from here and then double from there. And hopefully as we keep doubling at some point in time, I'd like to get to double digits to start with. One of the things that I think has to happen is this has to grow dramatically, the ecosystem. I wonder if you could talk about the ecosystem and your strategy there. Well, you know, it's a matter of perspective. I think we have to get more penetrated in our largest customers. So we have, you know, 1,800 of the top 2,000 customers in the world, our Palo Alto customers, but we're not fully penetrated with all our capabilities and same customers that. So yes, the ecosystem needs to grow, but the pandemic has taught us the ecosystem can grow whatever they are without having to come to Vegas, which I don't think is a bad thing to be honest. So the ecosystem is growing. You are seeing new players come to the ecosystem five years ago. You didn't see a lot of systems integrators and security. You didn't see security offshoots of telecom companies. You didn't see the Optiz, the WWTs, the Presidious World make a concerted shift towards consolidation or services, and all that is happening. As we speak today, in the audience, you will find people from Google, Amazon, Microsoft are sitting in the audience, people from telecom companies are sitting in the audience. These people weren't there five years ago. So you are seeing the ecosystem is adapting. They want to be front and center of solving the customer's problem around security and they want to consolidate capability they need. They don't want to go work with the 100 vendors because it's hard. And the global system integrators are key. I always say they like to eat at the trough and there's a lot of money in security. Well, speaking of the ecosystem, you had Thomas Curry and Google Cloud CEO in your fireside chat in the keynote. Talk a little bit about Google Cloud plus probably about the network's zero trust partnership and what it's going to enable customers to achieve. Lisa, that's a great question. Thank you for bringing it up. Look, the one of the most fundamental shifts that is happening is obviously the shift to the cloud. Now, when that shift fully sort of takes shape, you will realize if your network has changed and you're delivering everything to the cloud, you need to go figure out how to bring the traffic to the cloud. You don't have to bring it back to your data center. You can bring it straight to the cloud. So in that context, we use Google Cloud and Amazon Cloud to be able to carry our traffic. We're going from a product company to a services company in addition, right? Because when we go from firewalls to Sassy, we're not carrying your traffic. When we carry your traffic, we need to make sure we have underlying capability which is world class. We think GCP and AWS and Azure run some of the biggest and best networks in the world. So our partnership with Google is such that we use their public cloud. We sit on top of the cloud. They give us increased enhanced functionality so that our customer Sassy traffic gets delivered in priority anywhere in the world. They give us tooling to make sure that there's higher liability. So we partner. They have BeyondCorp which is their version of ZeroTrust which allows you to take unmanaged devices with browsers. We have Sassy which allows you to have managed devices. So the combination gives our collective customers the ability for ZeroTrust. Do you feel like there has to be more collaboration within the ecosystem, the security landscape, even amongst competitors? I mean, I think about Google acquires Mandiant. You guys have Unit 42, should and will, like Wendy Whitmore and maybe they already are, Kevin Mandia, talk more and share more data. If security is a data problem, it's always data out there. I think the industry shares threat data both in private organizations as well as public and private contexts. So that's not a problem. The challenge with too much collaboration and security is you never know. Like you know, the moment you start sharing your stuff at third parties, you go out of the security zone. Our biggest challenge is, I can't trust a third party competitor, partner, product. I have to treat it with as much suspicion as anything else out there because the only way I can deliver ZeroTrust is to not trust anything. So collaboration in ZeroTrust are a bit of odds with each other. Sounds like another problem you can solve. Ha ha ha. I think it's the last question for you. Favorite customer example that you think really articulates the value of what Palo Alto was delivering? Look, you guys, a great question, Lisa. I had this seminal conversation with a customer and I explained all the things we were talking about and the customer said to me, great. Okay, so what do I need to do? I said, fun, you got to trust me because we are on a journey. Because in the past, customers have had to take the onus on themselves, on integrating everything because they weren't sure a small startup will be independent, be bought by another cybersecurity company or a large cybersecurity company won't get gobbled up and split into pieces by private equity because every one of the cybersecurity companies have had a shelf life. So our aspiration is to be the evergreen cybersecurity company. We will always be around and we will always tackle innovation and be on the front line. So the customer understood what we're doing. Over the last three years, we've been working on a transformation journey with them. We're trying to bring them, or we have brought them along the path of ZeroTrust and we're trying to work with them to deliver this notion of reducing their mean time to remediate from days to minutes. Now, that's an outcome-based approach. That's a partnership-based approach and we'd like to love to have more and more customers of that kind. I think we weren't ready, to be honest, as a company four and a half years ago but I think today we're ready. Hence, my keynote was called The Perfect Storm. I think we're at the right time in the industry with the right capabilities and the right ecosystem to be able to deliver what the industry needs. The Perfect Storm partners, customers, investors, employees. Nikesh, it's been such a pleasure having you on theCUBE. Thank you for coming to talk to Dave and me right after your keynote. We appreciate that and we look forward to two days of great coverage from your executives, your customers and your partners. Thank you. Well, thank you for having me Lisa and Dave and thank you for what you guys do for our industry. Our pleasure. For Nikesh, Aurora and Dave Vellante, I'm Lisa Martin. You're watching theCUBE live at MGM Grand Hotel in Las Vegas, Palo Alto Ignite 22. Stick around, Dave and I will be joined by our next guest in just a minute.