 theCUBE presents Ignite 22 brought to you by Palo Alto Networks. Welcome back everyone. We're so glad that you're still with us. It's theCUBE live at the MGM brand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Vellante. Dave, we're joined by one of our CUBE alumni, a friend of the, what do you say, friend of theCUBE? FOTC, a friend of the CUBE. Caravola joins us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about, but I'd love to get some of the big takeaways from both of you. Dave, we'll start with you. A breathing room from two weeks ago. Yeah. That was really pleasant, you know? I mean, I know ZSU sat in the analyst program and just interested in what your takeaways were from there, but, you know, coming into this, we wrote a piece, Palo Alto's gold standard, what they need to do to keep that status, and we hear it a lot about consolidation. That's their big theme now, which is timely, right? Because people want to save money, they want to do more with less, but I'm really interested in hearing ZEUS' thoughts on how that's playing in the market, how customers, how easy is it to just say, oh, hey, I'm going to consolidate. I want to get into that a little bit with you, how well the strategy's working, we're going to get into some of the M&A activity and really bring your perspectives to the table. Well, it's not easy. I mean, people have been calling the consolidation security for decades, and they're the first company that's actually made it happen, right? And I think this is, what we're seeing here is the culmination of this long-term strategy this company trying to build more of a platform, and they came out as a firewall vendor, and I think it's safe to say, they're more than firewall today, that's only about two thirds of their revenue now, so down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, Unifor2 and Cortex, the Cortex data lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake, and then they're able to use that to do faster threading and invocation, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked, and it wasn't ever going to work, you had too many day zero exploits and things. The only way to fight security today is with AI and ML-based analytics, and they have, they're the gold standard, I think the one thing about your post that I would add, they're the gold standard from a data standpoint, and that's given them this competitive advantage to go out and become a platform for security, which like I said, people have tried to do that for years and then the first one, it's actually done it. Well, we've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem, because as a startup, Palo Alto's got, you know, whatever, 10, 15 years of history, but one of the things I wanted to explore with you, coming into this was the notion of, can you be best of breed and develop a suite? And we've been hearing a consistent answer to that question, which is, and do you need to? And the answer is, well, best of breed and security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take SD-WAN, relatively new for these guys, right? Okay. And one of the few products are not top two, top three in, right? Exactly. So that's why I want to take that, because in bake-offs, they're going to lose on a head to head best of breed. And so the customer's going to say, hey, you know, I love your consolidation play, your SD-WAN's just okay. How about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they essentially, through their pricing strategies, sort of creating that stuff, fighting, that, is that friction for them where they've got, you know, the customer says, all right, well, forget it. We're going to go stovepipe with the SD-WAN, we'll consolidate some of the stuff. Are you seeing that? Yeah, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down to a feature battle of my SD-WAN versus your SD-WAN, my firewall versus your firewall, frankly, they've already lost. Because their value prop is the suite and is the platform. And I was talking to the CISO here that told me, he realizes now that you don't need Best of Breed Everywhere to have best-in-class threat protection. In fact, Best of Breed Everywhere leads to suboptimal threat protection, because you have all these data sets that are in silos, right? And so, from a data scientist standpoint, right, there's a good data leads to good insights. Well, partial data leads to fragmented insights. And that's what the Best of Breed approach gives you. And so, I was talking with Paolo about this, can they have this vision of being Best of Breed and platform? I don't really think you can maintain Best of Breed everywhere across this portfolio this big, but you don't need to. That was my second part of my question. That's the point, yeah. And so, because we've talked about this, that suites always win in the long run. Suites win, yeah. But here's the thing, I wonder to your point about the customer understanding that this resonates with them. My guess is a lot of customers, you know, at that mid-level and the fat metal are like, still sort of wed, you know, hugging that tool. So there's work to be done here, but I think they got it right. Because if they devolve to your point, if they devolve down to that speeds and feeds, what's the point of that? Where's their value? You do not want to get into a knife fight. And I think for them, a big challenge now is convincing customers that the suite approach does work and they have to be able to do that in actual customer examples. And so, you know, I interviewed a bunch of customers here and the ones that have bought into XDR and XOR and even are looking at their SIM, have told me that, so think of sock operations the old way. Heavily, manually oriented, right? You have multiple panes of glass and, you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ML, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? And so you moved from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And so the ones that I've talked to have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing there, you know, helping us with strategy and they're not fighting that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor out there that says, we caught it. Yeah, yeah, we had the data. Yeah, but the security team missed it. Well, they missed it because you're, nobody can look at that much data manually. And so I think their approach of relying heavily on machines to fight the fight is actually the right way. Is that a differentiator for them versus, we were talking before we went live that you and I first at our very first second back in 2017 at Fortinet. Is that where do the two stand in your? Yeah, it's funny, because if you talk to the two vendors, they don't really see each other in a lot of accounts, because Fortinet's more small market, mid market. It's the same strategy to some degree where Fortinet relies heavily on in-house development and Palo Alto relies heavily on acquisition. And so I think from a consistent features that, you know, Fortinet has an advantage there because it's all run off their silicon work where Palo's able to innovate very quickly. It requires a lot of work, right? To bring the front end and the back ends together. But they're serving different markets. Do you see that as a differentiator, the integration strategy that Palo Alto has as a differentiator? We talked to so many companies who have a strong M&A strategy and execution arm, but the challenge is always integrating the technology so that the customer, ultimately it's the customer. I actually think they're underrated as an acquirer. In fact, Dave wrote a post on SiliconANGLE prior to Accelerate and you put it on Twitter and you asked people to rank him as an acquirer and they were in the middle of the pack, right? It was Oracle, VMware, EMC, IBM, Cisco, ServiceNow, and Palo Alto. Oracle got very high marks, it was like 8.5 out of 10. VMware I think was 6.5, NICERA was high, EMC, big range, IBM, five to seven. Cisco was three to eight, right? ServiceNow was a seven. And then yeah, Palo Alto was like a five, which I think was unfair. Well, and I think it depends on how you look at it. So I think a lot of the acquisitions Palo Alto's made, they've done a good job of integrating their back-end data and they've almost ignored the front-end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner and even with the resty WAN that took them a long time to bring Cloud Genix in and stuff. But I think the approach is right. I don't necessarily believe you should integrate the front-end until you've integrated the back-end. That's the hard part. Right, because ultimately what you're going to get, you're going to get two panes of glass and one pane of glass and it might look pretty all mushed together. But ultimately you're not solving the bigger problem, right? Of being able to create that big data lake to fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the front-end integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what the industry might want to do. It showed up in the performance of the company. I mean, this company was basically going to double revenues to $7 billion from 2020 to 2023. Think about that. I mean, that's unbelievable, right? I mean, and then they want to double again. Yeah. So... Well, what did Nikesh was quoted as saying they want to be the first cyber company that's $100 billion. He didn't give a timeline. Market cap. Market cap, right. I want to get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is and do you have any projections on how many years it's going to take for them to get there? Well, I think... So if they're going to get that big, right? And we were talking about this pre-show, any company that's become a big company does it through ecosystem. They go. And that, when you look around the show floor, it's not that impressive. And if there's an area they need to focus on, it's building that ecosystem, and it's not with other security vendors, it's with application vendors, and it's with the cloud companies and stuff. They've got some relationships there, but they need to do more. I actually challenged them on that in one of the analyst sessions. They said, look, we've got 800 Cortex partners. Well, where are they? Why isn't there a Cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are going to get to that market caps number, they will do so through ecosystem because every company that's achieved that has done it through ecosystem. 100% agree. And if you look at CrowdStrike's ecosystem, it's pretty similar. Yeah. It doesn't really make much, not much different from this. But I went back and just looked at some peak valuations during the pandemic and shortly thereafter. CrowdStrike was 70 billion. That's roughly their peak. Palo Alto was 56, Fortinet was 59. Fortinet actually diverged, right? And now Palo Alto has taken the top mantle. Today it's market caps 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But so Palo Alto wasn't always the number one in terms of market cap. But I guess my point is, look if CrowdStrike got to 70 billion during the frenzy, I think it's going to take to answer your question. I was going to be five years before they get back there. I think this market's going to be tough for a while from a valuation standpoint. I think generally tech is going to kind of go up and down in sideways for a good year and a half, maybe even two years. Could be even longer. And then I think there's going to be some next wave of productivity innovation that hits. And then you're going to, you're almost always going to exceed the previous highs. You're going to take a while. Yeah, yeah. But I think their ability to disrupt the SIM market actually is something that I believe they're going to do. I've been calling for the death of the SIM for a long time. And I know some people of Palo Alto are very cautious about saying that because the Splunks and their partners. But I think the, you know, it's what I said before, that the tools are catching them, but it's not in a way that's useful for the IT Pro. And, but I don't think the SIM vendors have that ecosystem of insight across network, cloud, end point, right? Which is what you need in order to make a SIM useful. CISO at an ETR round table said, if it weren't for my regulators, I would chuck my SIM. Yes. But that's the only reason that this person was keeping it. Yeah. And I think the fact that most of those companies have moved to a perpetual or a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, remember the old computer associates days, nobody ever took it out because this sunk dollars you spent to do it. But now that you're paying an annual or recurring fee, it's actually makes it easier to take out. Yeah, it's an ebb and flow, right? Because the maintenance costs were relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance. And so yeah, I think you're right. The switching costs with SAS, you know, in theory anyway, should be less. Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So guys, I want to get your perspective as a whole bunch of announcements here. We've only been here for a couple of days, not a big conference as you can see from behind us. What, Zs, in your opinion, was Palo Alto's main message and what do you think about it? Main message at this event? And then the same question for you. Yeah, I think their message largely wrapped around disruption, right? And Nikesh's keynote, he talked about that, right? And where they disrupted the firewall market by creating a next gen firewall. In fact, if you look at all the new services they added to their firewall, you could almost say it's a next gen, next gen firewall. But I do think the work they've done in the area of cloud and cortex, actually, I think is pretty impressive. And I think that's, the sock is ripe for disruption because it's, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things. And they don't work. It's why we have so many breaches today. The dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature-based model, all they got to do is tweak their model a little bit and it becomes, it bypasses them. So I think the only way to fight the bad guys today is with, you got to fight fire with fire. And I think that's the path they've headed down. Yeah, the bad guys are hiding in plain sight, you know? Yeah, well it's not hard to do now with a lot of those legacy tools. I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that last survey, around 35% of the respondents said, we are actively consolidating, sorry, 44%, sorry, 35% were actively consolidating vendors, redundant vendors. Today that number's up to 44%. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's going to resonate with people. And I think to your point, they're integrating at the back end, their peeps are technical, right? I mean, they can deal with that complexity. And so they don't need eye candy. Eventually they want to have that because it'll allow them to have deeper market penetration and make people more productive. But, you know, that consolidation message came through loud and clear. Yeah, the big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. And when you're cloud native and you buy cloud native, integration is fast. It's not like having to integrate this big monolithic software stack anymore, right? So I think their pace of integration will only accelerate from here because everything's now cloud native. If a customer comes to you or when a customer comes to you and says, ZS help us with this cyber transformation, we have, our board isn't necessarily aligned with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? Yeah, you know, a lot of this is just fighting legacy mindset. And I was talking with some CISOs here from state and local governments and things. And they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down, right? And then be able to use that budget to invest in a lot of new projects. And so with that, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros. My advice to IT pros is always if you're doing things today that aren't resume building, stop doing them, right? Find a way to automate the money of your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that and you go do something a lot more interesting. So true, it's like storage guys 10 years ago, provisioning loans. Yes. Stop doing that. If you're going to be out of a job. So last question I have is, who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of services led for a while and big portfolio company, CrowdStrike coming at it from end point. You know, who do you see as the real players going for that? You know, right now the markets, the three to 4%, the leader has three, three, 4% of the market. You know, they're all going for 10, 15, maybe 20% of the market. Who are the likely candidates? Yeah, I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I think they've had a nice run, but we might start to see the follow-up. I think Microsoft is going to be from middle. They've laid down the gauntlet, right? They are a security vendor, right? We reinvent and AWS is the platform for security vendors little somewhere in the middle. But Microsoft make no mistake. They're in security. They've got some good products. I think a lot of them are kind of good enough and they tie it to the licensing and I'm not sure that works in security, but they've certainly got the year of a lot of IT pros. And like working SMB. Yeah, yeah, it might. And I do like Zscanner, right? I know these guys poo poo the proxy model, but they've done about as much with proxies as you can. And I think it's a battle of, I love the near, you know, proxies are dead and Jay's model, you know, Jay over at Zscanner, throw him back at him. So it's good to see that kind of fight going on between the two. Oh, it's great. And again, Zscanner is coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I do think CrowdStrike has an opportunity to build out the portfolio through M&A and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? Yeah, Cisco's interesting. I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of, you need a lot of forensics to fight security today. Well, they're going to see things long before anybody else because they have all that network data. If they can tie network security, I mean, they could really have that business take off. But we've been saying that about Cisco for 20 years. But big install base, though. It's hard for a company, any company to say, okay, hey, Cisco customer, sweep the floor and come with us. That's a tough one. They have a lot of good piece parts, right? And like Duo's a good product, and Umbrella's a good product. They've not done a good job. They're the opposite of these guys. They've not done a good job of the backend integration. That's where Cisco needs to focus. And I do think G2 Patel there, he fixed the Webex group. And I think he's now, in fact, when you talk to him, he's doing very little on Webex. That group's running itself and he's more focused on security. So I think we could see a resurgence there, but they have a, from a revenue perspective, it's a little misleading because they have this big legacy base that's in decline while they're moving to cloud and stuff, so, but there's a lot of work they're tying to tie the network. Lots of fuel for conversation. We're going to have to carry this on on siliconangle.com, guys. Yes. At Wikibon. Let's do. We're joining Dave and me, giving us your insights as to this event. Where are you going to be next? Are you going to be on vacation? There's nothing more fun than being on theCUBE. So outside of that, though. Yeah, you know, Christmas is coming up. I got to go see family and do the obligatory. Although for me, that's a lot of travel. So I guess. Yeah, more planes. Yeah. Hopefully not in Vegas. Not in Vegas. Not that it gets Vegas. Yeah. No, we love it. We love it. Although I will say my year started off with CES. Yeah. And it's finishing up with Palo Alto. Good bookends. Good bookends. Exactly. Well, thanks so much for joining us. Thank you. It's been a pleasure to host the show with you and hear your insights. Reading your breaking analysis always kicks off my prep for a show and it's always great to see what predictions come true. So thank you for being my co-host. Good. All right. For Dave Vellante and Zia's Caravola, I'm Lisa Martin. You've been watching theCUBE, the leader in live emerging and enterprise tech coverage. Thanks for watching.