Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

Happy to have Palo Alto Networks here today. We have CEO, Nikesh Arora, and Chief Product Officer, Lee Klarich. I think you all are familiar with these gentlemen, but it's probably known Nikesh joined Palo Alto in June of 2018. He's a veteran executive from SoftBank, Google and many other places. Lee has been with Palo Alto just the opposite, since inception, certainly since I started getting to another company, came around in 2006, became Chief Product Officer in 2017. So welcome to you, guys. Thanks for joining.

Thank you for having us, Michael.

Sure. So I do like to start with macro. So -- and by the way, so I'll sometimes maybe address to you, Nikesh, or to you, Lee, but obviously, at any point, either of you are more than welcome to add whatever is appropriate. But on the macro side, Nikesh, I also would like to start about where are we in the spending cycle relative to COVID and work from home as it impacts security? And I would just frame that to think that certainly, in security, there was an initial spending cycle just to deploy and to enable work from home in certain types of security technologies. So the question is, are we through that first cycle of capacity increase? And where are we relative to that? And what stage might we be in now?

Yes, Michael. Again, thank you for having Lee and me on the session. I think, first and foremost, if you look back at what happened over the last 7 months, we all kind of got shell shocked. We all looked at saying, oh my God, we've got to send everybody home within -- or weekend. And there was that spike where people said, how do I make sure everybody can access the company infrastructure from home. So yes, you're right, there was a spike that was felt from a technology spending perspective to create capacity for people to be able to work from home. And what's interesting is in the first few weeks and months, most participants in the market, including us, we offered a bunch of free trials to allow our customers to expand capacity to make sure that they weren't hit with this problem without having a solution for it. And we've seen that over the last few months that those free trials have converted into business, I think, for us and for everybody else. So I think you've seen a bit of a sustained trend of people expanding into the work-from-home scenario. But I want to highlight something different. If you think about in the last 7 months, what has become apparent is technology is working, right? Companies have seen their off-line revenues vanish in many instances, where people cannot come to stores. They're now reliant primarily on online. I suspect Black Friday and Cyber Monday was bigger than ever because pretty much they didn't want to go line up outside of store and meet a lot of people trying to get you a deal. So from that perspective, I think there has been a step change in capacity needs in the world vis-à-vis the need for technology investment. So what we're seeing right now is that step change manifesting itself. And of course, there are puts and takes on that. There are people are more going -- people are pivoting faster to the cloud. People are spending more money in software. Hardware is harder to sell because you require people to take delivery to do PoCs to go and deploy it. So you'll see those 2 effects sort of come into play. But I think macro level, there's a step change where this is going to become the new baseline, and we're going to go from here. I don't think that people have been buying excess capacity. So it's not like they're buying and they're going to stop spending after everybody goes back to work because I think this level of volume is going to sustain even after the pandemic.

So maybe we'll just try to be a little bit more specific in the sense of when you were spending for that initial...

Is that a micro question though or macro? Just kidding.

Yes, it's micro, it's macro. Feeling back an ECO 101, ECO 102. So when -- in that initial move to deploy more capacity, so what were the products? Was it -- were they just more traditional products? Was it IPSec VPNs? Was it more end point? And now as you move into what you just call a step function to adapt to digital transformation, work from home, on more of an electronic world, has that changed? And how aggressive are people being in those new investments, do you think?

Yes. I think, look, the earlier stages will just increase capacity so I can dial into the office. So if I've got Prisma Access, they wanted more capacity in Prisma Access. They've got firewalls. They wanted more firewalls, VPN capacity. So it's really a capacity increase and whatever technology they have deployed for the more quarter. I think on the margin, there were companies which were caught sort of ill prepared, and they actually had to make a quick decision where to go with and you saw that there was a surge in the industry in the better players who provide more secure work. So that's pretty much where you saw the capacity increases. But then you've seen capacity increases. You take some of the other players in the market who've seen their volumes go through the roof. They've got to expand data centers. They had to expand their cloud security capabilities because they're putting more workloads in the cloud or spinning up more containers. So you've seen typically a lot of the capacity increase come through. I'd say, in the last 3 months, what has become apparent to every one of us is that, fine, we're all working from home. This was not -- there's no crisis from if you look at the earnings, if you look at what's happening in the market, it doesn't seem to have been a crisis of any company coming to its knees where we can all be productive and work from home. So in that context, I think what's happened is there is a somewhat of a return to normal behavior by CIOs, who are continuing with their projects that they have planned, and they're busy going through the projects that they wanted to do. On the margin, hardware projects are slower because people don't want to go do a big hardware refresh or an upgrade across the industry. I think on the margin, cloud transformations are moving faster. On the margin, projects that allow you to save money are preferred because people want to make sure they're still cognizant of what's happening in their P&L. And on the margin, you'll see people demanding a little more flexibility in payment terms because there are some businesses who've seen half their revenue vanish.

So I'll ask you a strategic/financial question. If we're spending less on hardware and more on software, obviously, you've been taking the company in that direction from some time. Is that strategy working out in terms of the mix shift and are you doing that aggressively?

I don't know, you tell me. You read our numbers very carefully. You tell me if the strategy is working. All I'll say is if you had not locked into the shift from hardware to software 2.5 years ago and really focused on the cloud side and the AI side as well as taking our hardware firewalls and providing similar functionality with Virtual and firewalls as well as Prisma Access as firewall on the cloud, we would not be in this place. And to be fair, I'd say some of our competitors are solving the same problems using hardware. We're trying to sell them a software. And we just believe a software sold is lower total cost of ownership in the long term, easy to upgrade, provide a better security process and also is a little more future-proof than just going on the hardware path.

So back to that question about what people were buying and they're buying down. I called out just to name a classic/legacy technology, IPSec VPNs. And here, obviously, I'd love to hear Lee's input as well. Are people ready because of this need to work from home? Are they ready to go to new types of Zero Trust architectures where you're working through Prisma Access as opposed to, say, again, is IPSec VPN?

I think, look, the -- I don't think it's so much about IPSec VPNs versus something else. I actually think of it more in terms of whether it's a backhaul architecture or a direct-to-app architecture. So the legacy architectures tended to be focused more on an assumption that all of the applications pay a user employee was trying to reach in a data center and typically a centralized data center. So as the architectures are optimized for bringing traffic back to that data center, often via some form of IPSec VPN remote access. If you look at where a lot of companies are today and where they're making their investments in cloud, there's a lot more traffic that's going to SaaS applications to cloud applications. And instead of bringing everything back to a data center only to you turn it back out to where it came from, the architectures are moving toward the Zero Trust direct to app architecture. And that's where Prisma Access comes in. That's where more sort of software form factors, cloud-delivered architectures come in. And that's, I think, the more important shift that's happening. In some cases, there's still IPSec being used behind the scenes in that. But it's more about how to best connect users to the applications they need to reach.

So that's the assumption. In other words, whether I'm in at home, actually on campus or at a branch, a lot of the resources they need to access might not be behind what was the data center firewall. But might be out in the cloud, it might be in a distributed environment, more -- would have been a hub-and-spoke environment. So do you call it a direct app? Is this another term for what Gartner and others have called a SASE architecture?

Yes. I think one of the key points there, Michael, is the -- I think a lot of the companies are realizing that they can't swing completely to the other end of the spectrum and only think about the cloud applications. Almost every company still has a data center. They're still working in a hybrid architecture. And so while you have to connect users to the applications in the cloud, you also still have to provide them access to applications that are still running the data center. And so -- the -- whereas maybe legacy VPN was focused on everything data center, you can't switch and only connect users to the cloud because you're going to miss all the application in the data center. And so if you think about SASE or Secure Access Service Edge, that's really about being able to connect users to all applications regardless of where they are while delivering both network and security as a service. And that transformation is designed to enable the connectivity, secure connectivity to all applications.

So I'd love to -- I mean, I actually have that sort of set to talk about later on in the agenda here, but since we're on this SASE discussion now, let's go down that path a bit. Again, as you pointed out, this is a real change in architecture. And I think, Nikesh, you saw that a few years ago, it began taking the company in that direction by -- you had GlobalProtect Cloud Services, which was an early offering that had some capabilities here. You evolved that into Prisma Access. You ended up buying components including SD-WAN with CloudGenix as well as we've been developing there. This is all coming together here. So for Nikesh, tell me, am I right and you haven't seen that evolution coming? And where is that going? And Lee, I'd love to hear you talk about the specific technology choices that you made there and how those might compare to some of the other options that are -- competitive options that are out there for delivering this direct-to-app or SASE architecture?

Michael, I've got to give the credit to Lee and team because I came to Palo Alto Networks, we already had GlobalProtect Cloud Service. I think they anticipated the need for firewall functionality to be delivered to the cloud. The part where Lee and I collaborated and talked about is, well, if this is going to be big, are we resourced, right? And do we have all the pieces we need? And that's where we spend a lot of time. We pretty much 10x the number of resources technically in the product area of SASE in the last 2.5 years because we figured, we have hundreds of engineers working on the hardware firewall. A lot of that work, obviously, is leveraged into Prisma Access, whether it's our Panorama or a whole bunch of subscriptions that come into Prisma Access. So it's not like we didn't have enough people providing capabilities on the firewall side. But what we did was, as I said, there's a whole bunch of net new functionality that needs to be built, UI and putting CASB into Prisma Access. Now we don't talk about CASB. I know somebody asked that question, but we don't talk about CASB because we believe CASB's use case, which is part of the SASE architecture and Lee talked to it, we added DLP in there. So effectively, what you now need is full firewall and subscription capability delivered to you through the cloud. This is no longer a 10% use case product. If you think about what happened with the pandemic, 100% of the apps were not available to people working remotely because all the apps do not lend themselves to proxy-based architectures. And some of the apps are not considered secure enough for people to be accessing from home, IT departments won't like it. And sometimes you only got capacity of 10% of your employees because you never expected more than 10% of people at any point in time accessing your infrastructure. Today, you've got to go for 100% employee base, 365 days per year, 7 by 24 and 100% of the application. That just requires a fundamental rethink on how you want to deliver the future remote access solutions for the company. Since you asked Lee, I'm going to let him talk to specific technologies and choices he made.

Yes. I think -- I mean, where I like to -- a couple of the things that I want to make sure that we cover there. One is that you've chosen to partner with GCP and other cloud providers to provide this network. Other participants in SASE have done -- built more of a proprietary network. So I'm curious about that question to begin with. And then the other one, I think -- I don't know, Nikesh, I think the quote from the last earnings call was something about people are -- is people are finally starting to listen to near. Was it standing on the rooftops and talking about -- I think you might have said screaming, but also talking about firewall versus proxy architecture. So that debate still rages.

Well, I'm going to let Lee talk about -- Lee is already -- Lee just also politely just articulated that saying other architectures don't lend themselves to app-based architecture as they can send the traffic directly to them. There's a backhaul and a third party in the middle architecture. I'm going to let Lee talk to that. And on the cloud part, this is a more fundamental strategic conversation where it's not just got to do with Prisma Access. We're a $30 billion company. We just evidently spent a few billion dollars running the business and building products and selling them. And I think in the next 5 to 10 years, we realized that companies, the $20 billion to $40 billion companies, don't want to get out of the data center business. I think data center businesses are getting more and more standardized across AWS, GCP, Azure, IBM. You have fungibility, you can trade -- have trade-offs. You can actually arbitrage the 2 from a pricing perspective. I think they're getting pretty standardized. The tool sets available, the ability is available, the bandwidth, the lack of latency, all those things make it a pure economic decision, not a technical decision anymore. And honestly, if I want to serve users in 160 countries, I have 2 choices. I can go build my own thoughts and to string up my own team alliance across the world and build my own data center and my own drop-off points and get certification in every country or I can write somebody who's spending $10 billion a year and making that capability work for a whole host of customers. Now I need to understand how to architect using their tools because you can mess it up. But then my understanding needs to be how to develop with the infrastructure as a service as opposed to build my own infrastructure. I just think those are subscale events in the long term. And honestly, I don't think we could have scaled the capacity we needed that we got hit with during COVID, all the users [ logging in ] all the time, if you have plan in any data centers in a fully functional firewall architecture. So I'm going to let Lee talk about all the other things.

So yes, and that's -- I was going to say, there's, I think, 3 probably very important product or technology choices we made, and that is absolutely one of them. If we can scale out to well over 100 locations around the globe, running on a purpose-built network where we're leveraging the investments of the cloud providers to deliver that service. We had customers that went from averaging 5,000 remote users a day to 200,000 remote users a day overnight. And if we would have had to ship out extra servers into data centers in remote parts of the world in order to scale for them, that wouldn't have worked. But leveraging cloud partners in delivering this service allowed us to automatically scale. We didn't even have to touch anything. It's all coded. It automatically scales with the capacity requirements. And that architecture just makes a tremendous amount of sense when you think about the moves of capacity around the world and the changes that are likely to continue to take place. And the likelihood that there will continue to be a lot more secure working from home in the future than it was in the past. Second decision we made and started focusing on, actually, I would probably say refocusing on a couple of years ago is we believe that you have to deliver a full security stack. So starting just under 2 years ago, we delivered our fifth security subscription. And just a couple of weeks ago, we announced the eighth security subscription we have. So in less than 2 years, we delivered 4 additional security subscriptions on top of the 4 we had before. And what that allows us to do is through any of our form factors, including cloud-delivered Prisma Access is we can deliver a full enterprise security stack with this service as opposed to saying, in your on-prem world, you have all this great security. But when you go off, you're going to get mediocre and have security with patches and holes and things like that. So that was the second key decision that we made and executing on. And the third is the understanding that the connectivity between SD-WAN and for sort of network transformation and cloud delivered for security transformation is where the world was going to end up. And that effectively is what I think of a SASE, is those 2 things coming together in an integrated form. Hence, the acquisition made of CloudGenix for next-gen SD-WAN and then the subsequent focus on how that gets integrated into Prisma Access.

Right. So I feel like though you're talking about full stack, you're essentially saying you need essentially layer 3, which is the IP layers you need for firewall capabilities, which is now outsourced into Prisma Access as well as layer 4 and up, which is more of a proxy or application-based approach. So again, another way of saying, if I'm not wrong, that a proxy is not enough in your view?

Well, proxies only support some applications. They don't support all applications. Our approach with next-gen firewall at the beginning of the company was to take a firewall from being a layer 3, layer 4 device to being layer 7. That is the foundation of an next-gen firewall. It's application based, it's user based, but it's designed to secure all applications. And we've taken that. And with Prisma Access, we -- that is the fundamental foundation to how we deliver security for all applications, not just those applications that happen to work with proxies.

I guess there's a financial question aspect to the question about the choice of using public cloud as well. One of the things that was wonderful about the last earnings call was the ability to look into your cloud business and your network security business. But one discussion was about margins. Now SASE and Prisma Access, I believe, are in the network security side. But in terms of the way that you break those out, but it still raises the question of whether or not in your partnerships with the public cloud providers, whether it's on the SASE side or on the cloud security side as we'll get to in a minute, if you're getting the full economics that you could and how that might evolve over time. You're on mute.

That's such a brilliant answer.

That was it? I missed it.

I'm not going to take the bait on the full economics because the implication is there is something called full economics, I'm not getting them, I'm getting half economics. So I'm making a cloud choice. I think we get full economics to the cloud. I think if you look at the left-hand side, which we showed and that showed the network security part, we have very good gross margins over there, which is where you see the effect. And we expect, as the SASE business scales, we should continue to see improvement on the gross margin front because our firewall gross margins haven't changed. This has been pretty consistent. We have more subscriptions, which caused us more early to go build them. And we'll see leverage from selling more subscriptions as well. So I'm not worried from a -- I think at the end, the total cost of ownership ends up being very similar if you know what you're doing in the cloud. If you don't know what you're doing in the cloud, you can end up spending more, right? I did spend 10 years with the other side of Google, trying to sell the public cloud to people. So I understand the economics of the public cloud and how it works. I think our team is doing a good job in partnering with Google and Amazon, making sure that we leverage the pieces we need and architecture to make sure we leverage it in a way that we are conscious of the economics that we leave on the table.

Well, not that sell siders never ask provocative questions, but I guess I didn't mean full economics in any negative way.

Early in the morning, I didn't have my coffee yet.

How to wake you up, right? It does get the competitive genes going. Nikesh, when you came, I don't know if it's true on your side. I always remember where I am when important things happen. And when you joining Palo Alto was announced, I was walking out of the subway station in Main Street and Flushing Queens. That's where I was when I found out you joined.

I'm glad you remember that. My coming to Palo Alto was an event of your life, I have no idea.

No, some people, they remember like where they were when the shuttle blew up, JFK was assassinated. I remember where I was when Nikesh was named CEO. I was in Flushing Queens.

All right. I should have done a conference a bit earlier, but okay, keep going.

In any case, look, you came from SoftBank and from Google, sorry, and you were viewed and rightly so as a guy who could help usher Palo into the cloud era. What did you see as the requirements for securing the cloud at that time? And other words said, "Hey, it's a cloud environment. What do we have to do differently besides just put up firewalls?" And how has that changed in the last several years?

Michael, I think that is apparent to you from the outside. It wasn't apparent for -- to me from the inside because this is what I had to do. I spent a lot of time meeting a whole bunch of CIOs and CISOs and with Lee and Nir in particular. And we really thought hard about the structure of the industry. And I looked at the structure of the cybersecurity industry and looked at, why is there not a larger cybersecurity player in the world who has a series of platforms that allow their customers to be secured. Why do we see constant churn in the cybersecurity space, where we're eventually taking down somebody else's products that we bought and replacing them with somebody else. It's partly due to technological changes, but also I believe because the cybersecurity companies get really good at one thing, they go sell that to everybody in the world. And when the next attack vector shows up, there's a new company which goes and delivers a solution towards that and the problem of integrating all the security solutions on the customers side. So we agonized over this and said, how do we change that paradigm without continuing to feed that same monster because, eventually, you realize that you cannot build a large company on the back of a single product strategy or a single platform strategy in the cybersecurity space. And then we said, where is the puck going. So there's 2 things that are happening. One is the cloud is going to be upon everyone, as much as people protest and say we're not going to go there. I'm pretty sure that in the next 10 or 15 years, 30% to 40% of the world's traffic will be in the cloud. And that's kind of interesting. When you look at it and say, what does Uber know, what does YouTube know, what is WhatsApp? We will take the names of both Stripe now or Square now or what do these people know that Snapchat, Dropbox, where we don't know? Why are they designing Dropbox? Why are they designing everything in the public cloud, where traditional companies are reluctant to move from the data center to the cloud. So I'd say it's a matter of time. We said that -- we said, well, AWS and Google last year are going to make sure that their infrastructure is secure. We're not going to have a lot of value in trying to sell infrastructure security against that cloud. They're going to have to buy, so we have to go sell to them, and we do to many of them. But at the same time, they're not going to want to be responsible to what people build on the cloud. And that's where we started looking at the market and seeing what is out there that does cloud security. And to be fair, Palo Alto has bought Evident, which used to work on AWS. And so we took that deal. One, a lot of traffic has come to cloud; two, people are going to want not to be locked into one cloud because we all have this PTSD about people locked into a single vendor. And people are going to have be on multiple clouds and as well their own data center. So we decided to go down full speed ahead on a multi-cloud, multi-technology strategy. And the only change we made to traditional cybersecurity -- historical cybersecurity efforts is we said we're going to be best-of-breed in every category as well as integrated, which is very hard to do it. And this requires us to be very open to acquiring and integrating if we're not able to do it ourselves. So we've done that. We've demonstrated that. We've acquired 4, 5 companies in the cloud security space. We've integrated the model. We have a single purchasing model. We have a single deployment model, which we think is extremely unique and extremely helpful for us to get products to customers faster. In that context, we have now 1,800 customers in the cloud. We have 45, 60, I can't remember the exact number between Twistlock and Redlock, which used to be formally collabs, which got CSPM and CWPP. We have 45% to 50% of customers using both. We launched DLP and WAF recently. We have seen significant uptake of the existing customers because we have very simple onboarding and acceptance model from our customers, which allows them to use these new modules. So that's where we are. I still think we're only 60%, 70% of the way there as an industry. I don't think the solution is 100% there in terms of what people will use a year or 2 from now. But I do believe we have 60%, 70% of the nearest competitor has 25% or 30%. So any customer has to stitch 3 or 4 products to -- even more sometimes to get to what we offer on our platform. And the second we made was we believe that storages and compute becomes cheaper and cheaper. People are going to start ingesting data and going to start normalizing and start applying AI, I guess, to solve security. We don't believe this old model of sending all the alerts into a SOC and having a lot of human beings analyze the alerts and try and remediate what's going on, a security architecture is a sustainable or tenable solution. Towards that, we bought -- first thing you saw, we bought Demisto, which is XSOAR because we said, well, if you get all these alerts, let's figure out how to automate it and we've seen that was a good move. And now what we've done with XDR is saying, let's automate a source. So we're really working hard on ingesting a lot of data into our XDR product, normalizing it. Because eventually, this is kind of a pincer. You reduce dealers going to your SOC. You automate dealers coming into your SOC, then what you're left with is real events. And we've gone down from 50,000, 57,000 a week in our SOC down to 500.

Great. And I wonder, Lee, do you have anything to add in terms of sort of the technical challenges for the, let's say, a different type of focus that's needed for securing cloud workloads, in particular, and an obvious thing to say, well, it's not just a networking problem. It's more of an application layer problem or the networking that does take place as more virtual or change? And for example, you made this acquisition of Aporeto recently, which I would imagine is aimed at helping for cloud workloads. So talk to me about how you think technically securing a cloud workload is a different kind of its challenge than an off-frame workload.

So at a technical level, one of the key challenges that is different in public cloud than it is in data centers is the way applications are protected is very different. When you build an application of data center, it's much more of a monolithic architecture. Everything goes on to base server or virtual server, and then you try to protect it. In public cloud, there is still some of that because there are still companies that do what's called lift and shift is take that architecture and move to the cloud. But that's actually not the most effective and scalable way to design applications to the cloud. Instead, you see companies doing a lot more sort of cloud-native architectures, where for a single application, they're going to use virtual machines. They're going to use containers. They're going to use PaaS or platform as a service. They're going to use serverless functions. And actually use all of those things for different parts of their application. And so when you say, how do you secure my applications? Say, well, I need to secure your service functions, I need to secure your containers, I need to secure your past services, I need to secure your virtual machines. So the importance of having an integrated solution becomes much greater than it was on-prem because you actually have to understand all those different technology stacks and how they work together if you want to secure them. And so the -- what Nikesh is saying, we took this approach. We want it to be both comprehensive but -- and best-of-breed and integrated. There's a value in that from just being able to be comprehensive, but there's also a technical value that we can go to customers and say, we can secure your application regardless of the different technical stacks underneath that you're using to deploy it. And that puts us in a very unique position from -- in terms of how we solve the problem for customers.

And am I right that Aporeto will be useful for cloud workloads in particular?

For sure. Because in the cloud, the more you have these microservice architectures where you're using containers instead of -- and have lots of different containers being used for different parts of an application, the more micro segmentation becomes important. It's no longer these big sort of coarse grain policies, it's micro segmentation policies. And in the cloud, you can't use the traditional methods of using IP addresses before doing segmentation. Because just by nature of how things are architected and so what Aporeto did is they took an approach for micro segmentation that uses identity. And identity is, one, it provides much more context, but it is the mechanism of choice for doing segmentation moving public cloud. And there, we just released the integration of Aporeto into Prisma Cloud, continuing that focus on as we acquire these companies in cloud, we integrate them as a first priority.

Got it. That actually brings up another question. I feel like -- I don't know, maybe some others have discussed this with you recently. I feel like I haven't heard your response on it. It was when -- and you bring up identity. So at one point, it didn't seem, Nikesh, as if identity was an area that you wanted to address initially. Is that still the case? And has your view -- the role of identity and what you need to do changed at all?

No. Look, identity is an important element in the cyber hygiene of an organization. When I say cyber hygiene, if you look at what identity does, it allows you to understand who I am, and it allows you to consolidate all my log-ins. And if I walked out, it's perfect. I go in and I can hit one button and I'll be deleted from 100 systems and I won't have access to them. It is much better than trying to get the other 100 systems in the company. I don't think providers today don't go inside past that to look at what I do once I'm in the system. And if you -- today, if you look at where most of the threats are, most of the attacks out there by hijacking somebody's identity, so the question is you have got to be able to look at anonymous behavior post understanding some of these identity, which happens inside the system. We do that with 40-, 60-hour. We are able to look at identity. We are able to look at identity behavior and all those behavior with that an end point. So I don't think identity is that important. I think the question is, from a company perspective, what value can I add by acquiring an identity company and making identity capability as part of our network? I mean, is that going to make people buy our identity solution over what they're buying today. And until like I find a compelling reason that says our solution is much better with identity, new shareholders can buy that independently, you can buy the outside directly from buying Okta or whatever you want to buy, and what they provide, too. I haven't found a compelling, synergistic reason where I can significantly expand the ability for an identity solution by deep integration of public networks. We're able to do all the integration we need with what's available today. But I don't know, Lee, if you wanted to add to that or not?

No, you're absolutely right. We integrate with all of the identity providers and it's through that integration that we can consult all the problems that we think we need to and without actually owning the identity itself.

Nikesh, you started and you answered one of my questions, talking a bit more about Cortex and that's been a big direction for you guys in the last quarters. I think that in the way that you're breaking it out, you now call it the business unit or the P&L of cloud/AI. So I'd like you to talk again about the evolution from the time that we first saw the idea behind Palo Alto having a data integration layer or data lake and how that has evolved now to the data lake that you have towards the use of Cortex as it integrates into the things as end points, for automation. So talk about that whole unit and really where it's going.

Look, I think, Michael, we've talked about SASE. We've talked about the cloud transformation. We've talked about people pivoting into the cloud. And I also talked about how it's cheaper and easier to consolidate data and analyze it generally. So if you add all that up and how is security going to be delivered in the future, it's probably a fantasy to think that somebody is going to take $1 trillion of embedded plant around the world, which is what probably is out there, an installed security infrastructure, and replace that overnight with a net new solution. The question is, how do you bring along that capability and provide better security? And I think there, we see the world as gates and sensors, more firewalls and end points of both gates and sensors where you're able to stop bad things from entering are happening. At the same time, we also have sensors where you're able to observe and aggregate traffic. So for that end, I think end points are important, and I think firewalls are important because you get to see data coming through enterprise, you get to see data coming into your enterprise. I think if you're able to take that data, find a single source of truth to normalize all those signals against a single source of truth, you're going to get to a place where you'll not be able to distinguish good things from bad things. And that's kind of been the core of our Cortex strategy where our attempt is to ingest as much data as we can from various sources, analyze it, point the analytics and hopefully, over time, be able to order remediate for all the things that we know are bad things happening in your infrastructure. And that's the combination of XDR, our ability to ingest all the data and data lake, valuability to automate that using XSOAR. So we're putting a lot of resources and effort and making that happen. The good news is it's working because when we acquired Demisto, as we've said in the past, we've taken the business plans of companies up to 2 to 4x post-acquisition and it was -- that falls in that category. So we know we've been able to get more traction from an automation perspective. As you know, we've pivoted our Traps business, not an XDR business. And in the last 2 quarters, we've been able to acquire 1,000 customers into our XDR product. So we know that, that product is resonating with our customers from a product market fit. And we have, in the last few quarters, ingested more and more data and ensure that we can ingest not just our firewalls with everybody's firewalls. Now we're going to do identity and we're going to other sources. So our longer-term vision is to be able to ingest all security data into Cortex, provide analytics and a lot more automation. So there's a lot less left for the stock analysts to do because the more we can automate it, the more we believe we can aspire to be a proactive security company as opposed to a hygiene reactive security company. But as always, Mr. Klarich is welcome to add to that narrative.

That's good.

And is that ad?

No, no, that's an ad. You can...

He wanted to [indiscernible] and be well.

Yes. But again, I believe, as I pointed out in my quick intro, you were here from the beginning. And I think, at least, yes, it's true. Obviously, the next-gen firewall took firewall from layer 3 and -- layer 3 up through 4 through 7. But it was -- a firewall was a box that sat in a network architecture. And it's a different type of intellectual capital, human capital that's required to do data science. So how have you guys evolved the company in terms of capabilities in-house to provide that AI angle on things, build data lakes to make these intelligent systems that can be reacted?

Like with anything, it's a bit of a balance. The -- there's no question that some of the expertise has come in through acquisition. We acquired some really phenomenal companies that have focused specifically in these areas of analytics and AI and machine learning. We've also hired very sort of targeted hires of people that come with phenomenal backgrounds in AI and data science. But one of the things we learned pretty -- I'll say pretty early on, but it was several years in the company was you can't just take a data scientist and expect that they're going to come up with some amazing security breakthrough because most data scientist don't [indiscernible]. And so you have to pair them up with really phenomenal security researchers as well that understand how malware works, that understand how things like DNS tunneling work, that understand how phishing attacks are constructive, that understand how vulnerability exploits are carried out and the techniques that attackers use. And so we've -- what we've been able to do is use the incredible security research teams that we have with these AI and machine learning specialists, and we effectively pair them up in teams so that we can understand how to make use of the data that we collect. And importantly, understand what data we need to collect in the future to be able to get even smarter and build those feedback loops into the products we build and offer and how we then architect the data infrastructure and the analytics on top of it.

Well, I think we've come to the end of 45 minutes. I want to thank you both for being here, and I want to thank Nikesh for being tolerant in my getting at least 1 of the 2 companies that he used to work for correct.

No. Yes, [ both right to me ].

But thank you guys a lot. Relatively early on the West Coast. It's been a -- I've done Palo Alto for a very long time. I mean it was early -- way before they went public and the guy who was working for me, he's doing some channel checks. He said, you know what, this Palo Alto Networks, they're just popping up everywhere. And my association from the company began there and I'm really happy to say it's continued to this day. So guys, thanks very much for supporting that. And I look forward to working with you.

Thank you, Michael. Thank you, everyone, for dialing-in. Appreciate it.

Thanks.

Thank you, Michael.