 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. As an independent pure play company, Palo Alto Networks has earned its status as the leader in security. You can measure this in a variety of ways, revenue, market cap, execution ethos, and most importantly, conversations with customers generally and see so specifically who consistently affirm this position. The company's on track to double its revenues in fiscal year 23 relative to fiscal year 2020, despite macro headwinds, which are likely to carry through next year. Palo Alto owes its position to a clarity of vision and strong execution on a TAM expansion strategy through acquisitions and integration into its cloud and SaaS offerings. Hello and welcome to this week's Wikibon Cube Insights, powered by ETR. In this Breaking Analysis and ahead of Palo Alto Ignite, the company's user conference, we bring you the next chapter on top of last week's cybersecurity update. We're going to dig into the ETR data on Palo Alto Networks as we promised and provide a glimpse of what we're going to look for at Ignite and posit what Palo Alto needs to do to stay on top of the hill. Now the challenges for cybersecurity professionals dead simple to understand, solving it not so much. This is a taxonomic eye test, if you will, from Optiv. It's one of our favorite artifacts to make the point. The cybersecurity landscape is a mosaic of stovepipes. Security professionals have to work with dozens of tools, many legacy combined with shiny new toys to try and keep up with the relentless pace of innovation catalyzed by the incredibly capable, well-funded and motivated adversaries. Cybersecurity is an anomalous market in that the leaders have low single-digit market shares. You know, think about that. Cisco at one point held 60% market share in the networking business and it's still deep into the 40s. Oracle captures around 30% of database market revenue. EMC and storage at its peak had more than 30% of that market. Even Dell's PC market shares in the mid 20s or even over that from a revenue standpoint. So cybersecurity from a market share standpoint is even more fragmented perhaps than the software industry. Okay, you get the point. So despite its position as the number one player, Palo Alto might have maybe three, maybe 4% of the total market depending on what you use as your denominator, but just a tiny slice. So how is it that we can sit here and declare Palo Alto as the undisputed leader? Well, we probably wouldn't go that far. They probably have quite a bit of competition. But this CISO from a recent ETR round table discussion with our friend, Eric Bradley, summed up Palo Alto's allure we thought pretty well. The question was why Palo Alto networks? Here's the answer. Because of its completeness as a platform, its ability to integrate with its own products or they acquire, integrate, then rebrand them as their own. We've looked at other vendors. We just didn't think they were as mature. And we already had implemented some of the Palo Alto tools like the firewalls and stuff. And we thought, well, why not go holistically with the vendor, a single throat to choke, if you will, if stuff goes wrong. And I think that was probably the primary driver and familiarity with the tools and the resources that they provided. Now here's another stat from ETR as Eric Bradley. He gave us a glimpse of the January survey that's in the field now. The percent of IT buyers, stating that they plan to consolidate redundant vendors, it went from 34% in the October survey and now stands at 44%. So we feel this bodes well for consolidators like Palo Alto networks. And the same is true for Microsoft's kind of good enough approach. It should also be true for CrowdStrike, although last quarter we saw softness reported on in their SMB market. Whereas interestingly, MongoDB actually saw consistent strength from its SMB and its self-serve. So that's something that we're watching very closely. Now Palo Alto networks has held up better than most of its peers in the stock market. So let's take a look at that real quick. This chart gives you a sense of how well. It's a one year comparison of Palo Alto with the bug ETF, that's the cyber basket that we like to compare often. CrowdStrike, Zscaler and Okta. Now remember, Palo Alto, they didn't run up as much as CrowdStrike, Zs and Okta during the pandemic, but you can see it's now down, quote unquote, only 9% for the year, whereas the cyber basket ETF is off 27%, roughly in line with the NASDAQ, we're not showing that. CrowdStrike down 44%, Zscaler down 61% and Okta off a whopping 72% in the past 12 months. Now, as we've indicated, Palo Alto is making a strong case for consolidating point tools. And we think it will have a much harder time getting customers to switch off of big platforms like Cisco, who's another leader in network security. But based on the fragmentation in the market there's plenty of room to grow in our view. We asked Breaking Analysis contributor Chip Simington for his take on the technicals of the stock and he said that despite Palo Alto's leadership position, it doesn't seem to make much difference these days. It's all about interest rates. And even though this name has performed better than its peers, it looks like the stock wants to keep testing its 52-week lows. But he thinks Palo Alto got oversold during the last big sell-off and the fact that the company's free cash flow was so strong probably keeps it at the 150 level or above, maybe bouncing around there for a while that breaks through that to the downside, its next test is at that low of around 140 levels. So thanks for that, Chip. Now, I haven't get that out of the way, as we said on the previous chart, Palo Alto has strong opinions. It's founder and CTO, Nier Zook, is extremely clear on that point of view. So let's take a look at how Palo Alto got to where it is today and how we think you should think about his future. The company was founded around 18 years ago as a network security company focused on what they called next-gen firewalls. Now, what Palo Alto did was different. They didn't try to stuff a bunch of functionality inside of a hardware box, rather they layered network security functions on top of its firewalls and delivered value as a service through software running at the time in its own cloud. So pretty obvious today, but forward-thinking for the time. And now they've moved to a more true cloud native platform and much more activity in the public cloud. In February, 2020, right before the pandemic, we reported on the divergence in market values between Palo Alto and Fortinet. And we cited some challenges that Palo Alto was having, having transitioning to a cloud native model. And at the time we said we were confident that Palo Alto would make it through the knot hole. And you could see from the previous chart that it had, that it has. So the company's architectural approach was to do the heavy lifting in the cloud. And this eliminates the need for customers to deploy sensors on-prem or proxies on-prem or sandboxes on-prem. Sandboxes, for instance, are vulnerable to overwhelming attacks. Think about it. If your sandbox is on-prem, you're not going to be updating that every day, no way. You're probably not going to update it even every week or every month. And if the capacity of your sandboxes, let's say 20,000 files an hour, the hacker's just going to turn up the volume. It'll overwhelm you. They'll send 100,000 emails, attachments into your sandbox, and they'll choke you out and then they'll have the run of the house while you're trying to recover. Now, the cloud doesn't completely prevent that. But what it does, it definitely increases the hacker's cost. So they're going to probably hit some easier targets. And that's kind of the objective of security firms. Increase the denominator on the ROI. All right, the next thing that Palo Alto did is started acquiring aggressively. I think we counted 17 or 18 acquisitions to expand the TAN beyond network security into endpoint, CASB, PAS security, IS security, container security, serverless security, incident response, SD-WAN, CICD pipeline security, attack surface management, supply chain security, just recently with the acquisition of CIDR security. And Palo Alto, by all accounts, takes the time to integrate into its cloud and SaaS platform called Prisma. Unlike many acquisitive companies in the past, EMC was a really good example where you ended up with kind of a Franken portfolio. Now, all this leads us to believe that Palo Alto wants to be the consolidator and is in a good position to do so. But beyond that, as a multi-cloud becomes more prevalent and more of a strategy, customers tell us they want a consistent experience across clouds. And this is going to be the same, by the way, with IoT, sort of the next wave here. Customers don't want another stovepipe. So we think Palo Alto is in a good position to build what we call the security super cloud. That layer above the clouds that brings a common experience for devs and operational teams. So of course, the obvious question is this, can Palo Alto networks continue on this path of acquire and integrate and still maintain best-of-breed status? Can it? Will it? Doesn't even have to, as Holger Mueller of Constellation Research and I talk about all the time, integrated suites seem to always beat best-of-breed in the long run. We'll come back to that. Now, this next graphic that we're going to show you underscores this question about portfolio. Here's a picture and I don't expect you to digest it all, but it's a screen grab of Palo Alto's product and solutions portfolios. Network cloud, network security rather, cloud security, SASE, CNAP, endpoint, unit 42 which is the threat intelligence platform and every imaginable security service and solution for customers. Well, maybe not every. I'm sure there's more to come like supply chain with the recent CIDR acquisition and maybe more IoT beyond Zingbox and earlier acquisition. But we're sure there will be more in the future both organic and inorganic. Okay, let's bring in more of the ETR survey data. For those of you who don't know ETR, they are the number one enterprise data platform surveying thousands of end customers every quarter with additional drill down surveys and customer round tables, just an awesome SAS enabled platform. And here's a view that shows net score or spending momentum on the vertical axis and pervasion or presence within the ETR data set on the horizontal axis. You see that red dotted line at 40%. Anything at or over that indicates a highly elevated net score. And as you can see Palo Alto is right on that line just under and I'll give you another glimpse. It looks like Palo Alto despite the macro may even just edge up a bit in the next survey based on the glimpse that Eric gave us. Now that color, those colored bars in the bottom right corner, they show the breakdown of Palo Alto's net score and underscore the methodology that ETR uses. The lime green is new customer adoptions, that's 7%. The forest green at 38% represents the percent of customers that are spending 6% or more on Palo Alto solutions. The gray is that 48%, that's flat spending plus or minus 5%. The pinkish at 5% is spending is down on Palo Alto network products by 6% or worse. And the bright red at only 2% is churn or defections, very low single digit numbers for Palo Alto. That's a real positive. What you do is you subtract the red from the green and you get a net score of 38%, which is very good for a company of Palo Alto size. And we'll note this is based on just under 400 responses in the ETR survey that are Palo Alto current Palo Alto customers out of around 1300 in the total survey. So really good representation of Palo Alto. And you can see the other leading companies like CrowdStrike, Okta, Zscaler, Fortinet, Cisco, they loom large with similar aspirations. Well, maybe not so much Okta. They don't necessarily want to rule the world. They want to rule identity. And of course the ever ubiquitous Microsoft in the upper right. Now drilling deeper into the ETR data, let's look at how Palo Alto has progressed over the last three surveys in terms of presence, presence, market presence in the survey. This view of the data shows pervasion in the data going back to October, 2021. That's the gray bars. The blue is July 22 and the yellow is the latest survey from October, 2022. Remember the January survey is currently in the field. Now the left most set of data there show size of company. The middle set of data shows the industry for a select number of industries in the right most shows geographic region. Notice anything? Yes, Palo Alto up across the board relative to both this past summer and last fall. So that's pretty impressive. Palo Alto network CEO, Nikesh Aurora stressed on the last earnings call that the company is seeing somewhat elongated deal approvals and it's sometimes splitting up size of deals. He stressed that certain industries like energy, government and financial services continue to spend but we would expect even to pull back there as companies get more conservative. But the point is that Nikesh talked about how they're hiring more sales pros to work the pipeline because they understand that they have to work harder to pull deals forward because they got to get more approvals and they got to increase the volume that's coming through the pipeline to account for the possibility that certain companies are going to split deals, split up the deals, large deals and want to split into smaller bite sized chunks. So they're really going hard after the go to market expansion to account for that. All right, so we're going to wrap by sharing what we expect and what we're going to probe for at Palo Alto Ignite next week. Lisa Martin and I will be hosting the cube and here's what we'll be looking for. First, it's a four day event at the MGM with the meat of the program on days two and three. That's day two is the big keynote. That's when we'll be, we'll start our broadcasting. We're going for two days. Now, our understanding is we've never done Palo Alto Ignite before, but our understanding it's a pretty technically oriented crowd that's going to be eager to hear what CTO and founder near Zook has to say as well. C.O. Nikesh Aurora long and in addition to longtime friend of the cube and current president, B.J. Jenkins. He's going to be speaking. Wendy Whitmore runs unit 42 and is going to be several other high profile Palo Alto execs as well. Thomas Kurian from Google is a featured speaker. Lee Claritch who is Palo Alto's chief product officer we think is going to be giving the audience heavy doses of Prisma Cloud and Cortex enhancements. Now Cortex, you might remember came from an acquisition and does threat detection and attack surface management and we're going to hear a lot about we think about security automation. So we'll be listening for how Cortex has been integrated and what kind of uptake that it's getting. We've done some, you know, modeling from the ETR guys have done some modeling of Cortex. You know, it looks like it's got a lot of upside and through the Palo Alto go to market machine, you know, could really pick up momentum. That's something that we'll be probing for. Now one of the other things that we'll be watching is pricing. You talk, we want to talk to customers about their spend optimization, their spending patterns, their vendor consolidation strategies. Look, Palo Alto is a premium offering. It charges for value. It's expensive. So we also want to understand what kind of switching costs are customers willing to absorb and how onerous they are. And what's the business case look like? How are they thinking about that business case? We also want to understand and really probe on how will Palo Alto maintain best of breed as it continues to acquire and integrate to expand its TAM and appeal as that one-stop shop. You know, can it do that as we talked about before and will it do that? There's also an interesting tension going on sort of changing subjects here in security. There's a guy named Edward Haletki who's been on theCUBE before. He hasn't been on theCUBE in a while but he's a security pro who has educated us on the nuances of protecting data privacy, public policy, how it varies by region and how complicated it is relative to security because security is, you know, technically you have to show a chain of custody that proves unequivocally, for example, that data has been deleted or scrubbed or that metadata does, it doesn't include any residual private data that violates the laws, the local laws. And the tension is this, you need good data and lots of it to have good security. The really the more the better. But government policy is often at odds in a major blocker to sharing data and it's getting more so. So we want to understand this tension and how companies like Palo Alto are dealing with it. Our customers testing public policy in courts, we think not quite yet, our government's making exceptions and policies like GDPR that favor security over data privacy. What are the trade-offs there? And finally, one theme of this breaking analysis is what does Palo Alto have to do to stay on top? And we would sum it up with three words. Ecosystem, ecosystem, ecosystem. And we said this at CrowdStrike Falcon in September that the one concern we had was the pace of ecosystem development for CrowdStrike. Is collaboration possible with competitors? Is being adopted aggressively? Is Palo Alto being adopted aggressively by global system integrators? What's the uptake there? What about developers? Look, the hallmark of a cloud company, which Palo Alto is a cloud security company, is a thriving ecosystem that has entries and exit, entries into and exits from its platform. So we'll be looking at what that ecosystem looks like, how vibrant and inclusive it is, where the public clouds fit, and whether Palo Alto networks can really become the security super cloud. Okay, that's a wrap. Stop by next week. If you're in Vegas, say hello to the CUBE team. We have an unbelievable lineup on the program. Now, if you're not there, check out our coverage on theCUBE.net. I want to thank Eric Bradley for sharing a glimpse on short-native notice of the upcoming survey from ETR and his thoughts. As always, thanks to Chip Simington for his sharp comments. I want to thank Alex Morrison, who's on production and manages the podcast, Ken Schiffman as well in our Boston studio. Kristen Martin and Cheryl Knight, they helped get the word out on social. And of course, in our newsletters, Rob Hoef is our editor-in-chief over at SiliconANGLE, who does some awesome editing. Thank you to all. Remember, all of these episodes, they're available as podcasts, wherever you listen, all you got to do is search breaking analysis podcast. I publish each week on wikibon.com at siliconangle.com or you can email me at david.valante at siliconangle.com or DM me at dvalante or comment on our LinkedIn post and please do check out ETR.ai. They've got the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching. We'll see you next week in Ignite or next time on breaking analysis.