 TheCube presents Ignite22, brought to you by Palo Alto Networks. Hey guys and girls, welcome back to theCube's live coverage of Palo Alto Ignite22. We're live at the MGM Grand Hotel and beautiful Las Vegas. Lisa Martin here with Dave Vellante. This is Dave, one of our coverage. We've been talking with execs from Palo Alto, partners, but one of our most exciting things is talking with founders, Dave. We get to do that next. The thing is, it's like I wrote this weekend in my breaking analysis. Understanding the problem in cybersecurity is really easy, but figuring out how to fix it ain't so much. So, excited to have Nir here. Very excited. Nir Zuck joins us. The founder and CTO of Palo Alto Networks. Welcome Nir. Great to have you on the program. Thank you. So Palo Alto Networks, you founded it back in 2005. It's hard to believe that's been 18 years, almost. You did something different which I want to get into, but tell us what was it back then? Why did you found this company? I thought the world needed another cybersecurity company. I wasn't worried about it. I thought it's because there were so many cybersecurity vendors in the world and just didn't make any sense. This industry has evolved in a very weird way where every time there was a new challenge, rather than existing vendors dealing with a challenge, you had new vendors dealing with it and I thought I could put a stop to it and I think I did. You did something differently back in 2005, looking at where you are now, the leader. What was different in your mind back then? Yeah, so when you found a new company, you have really two good options. There was also a bad option, but we'll skip that. You can either disrupt an existing market or you can create a new market. So first I decided to disrupt an existing market, go into an existing market first, network security then cybersecurity and change it, change the way it works. And like I said, the challenge is that every problem had a new vendor and nobody just stepped back and said, I think I can solve it with a platform. Meaning I can think I can spend some time not solving a specific problem, but building a platform that then can be used to solve many different problems. And that's what I've done and that's what Palo Alto Networks has done and that's where we are today. So you look back, you call it now, I think you call it a next-gen firewall but nothing in 2005 can be, can it be next-gen? But you know the Silicon Valley show, you know the show Silicon Valley? You got to have a box, right? But it was a different kind of box, explain that. It's exactly the same thing, you got to have a box. So I actually wanted to call it a necessary evil. Marketing wouldn't go for that. And the reason I wanted to call it a necessary evil because one of the things that we've done in order to platformize cybersecurity, again, first network security now, also cloud security and security operations is to turn it into a SaaS delivered industry. Today, every cybersecurity professional knows that when they buy cybersecurity, they buy usually a SaaS delivered service. Back then, people thought I was crazy to think that customers are going to send their data to their vendor in order to process and they wanted everything on-premise and so on. But I said, no, customers are going to send information to us for processing because we have much more processing power than they have and we needed something in the infrastructure to send us the information. So that's why I wanted to call it a necessary evil. We ended up calling it Next Generation Firewall, which was probably a better term. Well, even Veritas, remember Veritas, they had the no hardware agenda, even they have a box. So it's like you say, you got to have it. It's a necessary evil. Okay, so, but you did this, you started this on your own cloud, kind of like Salesforce, ServiceNow, similar, in our own data centers. In your own data center, okay. I call it a cloud, but no. Yeah, no, it's the same. You know, there's no cloud, it's just someone else's computer. According to Larry Ellison, he was actually probably right about that. So, but over time, you had this closer partnership with the public clouds. Correct. What does that bring you and your customers and how hard was that to navigate? It wasn't that hard for us because we didn't have that many services. Usually it's harder. Of course, we didn't do a lift and shift, which is the wrong thing to do with the cloud. We rebuilt things for the cloud. And the benefits, of course, are time to market, scale, agility, and in some cases, also cost. Yeah, some cases. In some cases. So you have sort of a hybrid model today, right? You still run your own data centers, do you not? Very few. Really? There are very, very few things that we have to do on hardware, like simulating malware and things that cannot be done in a virtual machine, which is pretty much the only option you have in the cloud. They provide bare metal, but doesn't serve our needs. I think that we don't view cloud and your viewers should not be viewing cloud as a place where they're going to save money. It's a place where they're going to make money. I like that. You make much more money because you are more agile. And that's why this conversation about, oh, your cost of goods sold are going to be so high, you're going to have to come back to your own data centers. That's not on your mind right now. What's on your mind is advancing the unit. Yeah, look, my own data center would limit me in scale, would limit my agility. You know, if you want to build something new, you don't have all the pads, services, the platform as a service. Services like that database and AI and so on. I have to build them myself, it takes time. So yeah, it's going to be cheaper, but I'm not going to be delivering the same thing. So my revenues will be much lower. Less top line. What can humans do better than machines? You were talking in your keynote, just going to chat a little bit. You were talking about your keynote, basically if you guys didn't see the keynote, that AI is going to run every sock within five years. That was a great prediction that you made. And they're going to do things that you can't do today and then in the future they're going to do things that better than you can do. And you just have to be comfortable with that. So what do you think humans can do today and in the future better than machines? Look, humans can always do better than machines. The human mind can do things that machines can not do. Like we're conscious, I don't think machines will be conscious. And you can do things. My point was not that machines can do things that humans cannot do, they can just do it better. The things that humans do today, machines can do better. Once machines do that, humans will be free to do things that they don't do today, that machines cannot do. Like what? Finding the most difficult, most covert attacks, dealing with the most difficult incidents, things that machines just can't do. Just that today humans are consumed by finding attacks that machines can find, by dealing with incidents that machines can deal with. It's a waste of time. Leave it to the machines and go and focus on the most difficult problems. And then have the machine learn from you so that next time or a hundred or a thousand times somehow they can do it themselves and you focus on the even more difficult. Yeah, it's like after 9-11, they said that we lacked the creativity, that's what humans have, that machines don't, at least today. Machines don't, yeah. Look, every airplane has two pilots, even though airplanes have been flying themselves for 30 years now. Why do you have two pilots? To do the things that machines cannot do, like land on the Hudson, right? You always need humans to do the things that machines cannot do. But leave the things that machines can do to the machines, they'll do it better. And autonomous vehicles need brakes, as you see as Caravalla. Where, in your customer conversations, are customers really grappling with that, or are they going, yeah, you're right? It depends. It's hard for customers to let go of old habits. First, the habit of buying a hundred different solutions from a hundred different vendors and what, why would I trust one vendor to do everything, put all my eggs in the same basket and they have all kinds of slogans as to why not to do that, even though it's been proven again and again that doing everything in one system with one brain versus a hundred systems with a hundred brains work much better. So that's one thing. The second thing is we always have the same issue that we've had, I think since the Industrial Revolution of what, machines are going to take away my job? Yeah. No, they're just going to make your job better. So I think that some of our customers are also grappling with that, like what do I do if the machines take over? And of course, like we've said, the machines aren't taking over. They're going to do the benign work, you're going to do the interesting work, you should embrace it. When I think about your history as a technology pro, from checkpoint, a couple of startups, one of the things that always frustrated you is when a larger company bought you out, you ended up getting sucked into the bureaucratic vortex. How do you avoid that at Palo Alto Networks? So first, you mean when we acquire a company? Yes. So the first thing is that when we acquire companies, we always acquire for integration, meaning we don't just buy something and then leave it on the side and try to sell it here and there. We integrate it into the core of our products. So that's very important, so that the technology leaves, thrives, and continues to grow as part of our bigger platform. And I think that the second thing that is very important is from past experience, what we've learned, is to put the people that we acquire in key positions. Meaning you don't buy a company and then put the leader of that company five levels below the CEO. You always put them in very senior positions, almost always we have the leaders of the companies that we acquire be two levels below the CEO, so very senior in the company so they can influence and make changes. So two questions related to that. One is can you, as you grow your TAM, can you be both integrated and second part of the question, well, can you be both integrated and best of breed? Second part of the question is do you even have to be? So I'll answer it in the third way, which is I don't think you can be best of breed without being integrated in cybersecurity. And the reason is again this split brain that I've mentioned twice. When you have different products, do a part of cybersecurity and they don't talk to each other and they don't share a single brain, you always compromise. You start looking for things the wrong way. I can be a little bit technical here, but take the example of, traditionally you would buy an IDS IPS separately from URL filtering, separately from DNS security. There is, one of the most important things we do in network security is to find combined control connections. Combined control connections where the adversary is controlling something behind your firewall and is now going around your network is usually the Achilles heel of the attack. That's why attacks like ransomware that don't have a command and control connection are so difficult to deal with, by the way. So combined control connections are the Achilles heel of the attack and there are three different technologies that deal with it. URL filtering for URL based command and control, DNS security for DNS based command and control and IDS IPS for general command and control. If those are three different products, they'll be doing the wrong things. You know, the URL filter will try to find things that it's not really good at that the IPS really need to find and it doesn't work. It works much better when it's one product doing everything. So I think the choice is not between best of breed and integrated. I think the only choice is integrated because that's the only way to be best of breed. And behind that technology is some kind of real time data store, I'll call it, data lake, database, whatever. Yeah, it's all driven by the same data. All the URLs and all the domain names and all that. Everything goes to one big data lake. We collect about, I think we collect about two, close to a petabyte, a few petabytes per day. I don't know the exact number of data. It's all going to the same data lake and all the intelligence is driven by that. So you mentioned in a cheeky comment about why you founded the company. There weren't an outside persecuted companies. Clearly the TAM expansion strategy that Palo Alto Networks has done has been very successful. You've been, as you talked about, very focused on integration, not just from the technology perspective but from the people perspective as well. So why are there still so many cybersecurity companies and what are you thinking Palo Alto Networks can do to change that? So first, I think that there are a lot of cybersecurity companies out there because there's a lot of money going into cybersecurity. If you look at the number of companies that have been really successful, it's a very small percentage of those cybersecurity companies. And also, look, we're not going to be responsible for all the innovation in cybersecurity. We need other people to innovate. It's also, look, there's always the question is do you buy something or do you build it yourself? Now, we think we're the smartest people in the world. Of course, we can build everything but it's not always true that we can build everything, not that we're the smartest people in the world. For sure. You see, when you're a startup, you live and die by the thing that you build. Meaning, if it's good, it works. If it's not good, you die. You run out of money, you shut down and you just lost four years of your life to this. At least. At least. When you're a large company, yeah, I can go and find a hundred engineers and hire them and especially nowadays it becomes easier as it became easier and give them money and have them go and build the same thing that the startup is building. But they're part of a bigger company and they'll have more coffee breaks and they'll be less incentive to go and do that because the company will survive with or without them. So that's why startups can do things much better sometimes than larger companies. We can do things better than startups when it comes to being data driven because we have the data and nobody can compete against the amount of data that we have. So we have a good combination of finding the right startups that have already built something, already proven that it works with some customers and of course building a lot of things internally that we cannot do outside. I heard you say in one of the dozens of videos I've listened to you talk to that the industry doesn't need or doesn't want another IoT stovepipe. Okay, I agree. So you got on-prem, AWS Azure, Google, maybe Alibaba. IoT is going to be all over the place. So can you build, I call it the security super cloud. In other words, a consistent experience with the same policies and edicts across all my estates irrespective of physical location. Is that technically feasible? Is it what you're trying to do? Certainly what we're trying to do with Prisma cloud with our cloud security product, it works across all the clouds that you mentioned and Oracle as well. And it's almost entirely possible. Almost. Well, the things that what you do is you normalize the language that the different cloud scale providers use into one language. So this cloud calls it S3 and so AWS calls it S3 and Google calls it GCS and so on. So you normalize their terminology and then build policy using a common terminology that your customers have to get used to. Of course, there are things that are different between the different cloud providers that cannot be normalized and there it has to be cloud specific. And in that instance, so is that in part your strategy is to actually build that and does that necessitate running on all the major clouds? Of course, it's not just part of our strategy, it's a major part of our strategy. Compulsory. Look, as a standalone vendor that is not a cloud provider, we have two advantages. The first one is where security product, security focused. So we can do much better than them when it comes to security. If you're AWS, GCP, Azure and so on, you're not going to put your best people on security. You're going to put them on the core business that you have. So we can do much better. Hey, that's interesting. Well, that's not how they talk. I know that's how they talk. No, but that's interesting you say that. So when something is 4% of your business, you're not going to put it, you're not going to put your best people there. It's just, why would you? You put your best people on 96% of your business. That's not driving their revenue. Look, it's simple. It's not what they say. We don't do respect. So I think we do security much better than them and they become the good enough and we become the premium. But certainly the second thing that gives us an advantage and the right to be a standalone security provider is that we're multi-cloud, private cloud and all the major cloud providers. But they also have a different role. I mean, your role is not to secure the Nitro card or the Graviton chip or is it? They are responsible for securing up to the operating system. We secure everything. And they do a pretty good job of that. No, they do it. Certainly, they have to. If they get breached at that level, it's not just that one customer is going to suffer. The entire customer base. They have to spend a lot of time and money on it and frankly, that's where they put the best security people. Securing the infrastructure, not building some cloud security feature. Absolutely. So Palo Alto Networks is, as we wrap here, on track to double, nearly double its revenues to nearly $7 billion in FY23, just compared to 2020. You were quoted in the press by saying we will be the first $100 billion cyber company. What is next for Palo Alto to achieve that? Yeah, so it was Nikesh, our CEO and chairman that was quoted saying that we will double to $100 billion. I don't think he gave a time frame, but what it takes is to double the sales, right? We're at 50 billion market cap right now. So we need to double sales. But in reality, you mentioned that we're growing the town by doing more and more cybersecurity functions and taking away pieces. Still, we have a relatively small, even though we're the largest cybersecurity vendor in the world, we have a very low market share. It shows you how fragmented the market is. I would also like to point out something that is less known. Part of what we do with AI is really take the part of the cybersecurity industry which are service-oriented, and that's about 50% of the cybersecurity industry, services, and turn it into products. I mean, not all of it, but a good portion of what's provided today by people and tens of billions of dollars are spent on that can be done with products. And being one of the very, very few vendors that do that, I think we have a huge opportunity at turning those tens of billions of dollars in human services to AI. It's always been a good business, taking human labor and translating into R&D, vendor R&D. Especially- Never fails if you do it well. Especially in difficult times, difficult economical times, like we are probably experiencing right now as a, no, around the world. We, not we, but we, the world. Right, right. Well, congratulations coming up on the 18th anniversary, tremendous amount of success, great vision, clear vision, stem expansion strategy, really well underway. We are definitely going to continue to keep our eyes on it. Big company, a hundred billion, that's market capital. That's a big company. You said you didn't want to work for a big company. Unless you founded it, is that the- Unless it acts like a small company. Ah, there's the caveat. We'll keep our eye on that. Thank you very much. It's been such a pleasure having you on. Thank you. Same here, thank you. All right, for our guest and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live, emerging and enterprise tech coverage.