Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

Good morning, or almost good afternoon, everybody. I hope you're doing well. My name is Hamza Fodderwala. I'm the cybersecurity analyst here at Morgan Stanley. And with me this afternoon, we have Mr. Nikesh Arora, Chairman and CEO of Palo Alto Networks. Nikesh, thank you so much for joining.

Thank you for having me.

All right. Great. So before I begin, just a brief programming note. For important disclosures, please see the Morgan Stanley research disclosure website at www.morganstanley.com/researchdisclosures. With that, Nikesh, let's dive right into it.

So I think you sat up here 5 or 6 years ago, and you wanted to go on this journey of building the first evergreen cybersecurity platform. If you look at what's happened over the last 5 years, the revenue base has gone up multiple times. Market cap has, I think, almost 5x, $100 billion as of yesterday's close at least. And you're a leader in over 20 categories, whereas 5 years ago, you were largely in firewalls. It seems like now there's a little bit more skepticism.

Now? There should have been skepticism then.

So I'm curious, just one take talk on the last 5 years and what do you think you have to do for the next 5 years to maintain this sort of evergreen platform strategy?

Well, first of all, thank you for having me. And yes, 5 years ago, we set out on a journey to see if we could actually adjust the paradigm in cybersecurity, to see if companies can survive for longer. And we have 2% market share industry that spends close to $200,000 a year, possibly have 5% or 6% now in that market. . The question now really is it's not a product innovation question for us anymore, which is what the big challenge then was. We went out and acquired about 19 companies in the last 5 years because we have technical debt. There are companies out there who had better products in certain categories than us. We bridged that gap, as you highlighted, about 20-plus categories where we lead. And the real question now is how do you take that? And how do you get every customer to buy the entire platform in 3 of the categories we play in, which is cloud security, network security and SOC? So over the last 5 years, we have been able to insert ourselves and get them to buy 1 or 2 out of the 4 or 5 things in each platform. Now the question is how do I go in and get the person who has 1 to go to 5, who have 2 go to 5 or go ahead and sell the entire 5 together because we believe, at this point in time, we're uniquely positioned to be able to do that. In network security, for example, nobody has SASE, SD-WAN, hardware firewalls, software firewalls, cloud firewalls in one integrated capability. There are people who are doing really well in certain categories, but nobody has the entire gamut. Take the case in SOC, we can do that. So we think we have a competitive advantage at this point in time across the 3 platforms and now is the time to strike.

Maybe just to go back to the last earnings call 2 weeks ago now. So you had to cut the guidance, the billings guidance by about $600 million, over half of that was because of some weakness in the Fed. And then I think the remaining 40%, 50% of that was this new platformization strategy. One is, is my characterization correct?

I'd like to be more optimistic on that, but you started off -- any sentence that starts with cut something in the financial, it doesn't sound good. But other than that -- cut cost sounds good, but cut guidance doesn't sound good. We accelerated our platformization strategy. You want to grow to be a bigger company in a certain period of time. And given you guys are strong, long-term investors who want to start to double or triple in the long term, I'm sure you all appreciate that.

Fair enough. But this is going around the Fed side of things. What was the reasoning there? Because I mean from what we hear just more broadly from the federal vertical is there's a lot of focus on cybersecurity. So why the weakness in Palo, I guess?

Well, there are -- let me parse that out for you. First, there is no problem with demand. Cybersecurity demand continues. If you read the newspaper or whatever you read, you see every day, there's a new sort of breach out there. There is more activity. There are nation states who are constantly on the offensive. So the demand function is not going to abate. The question is, for us -- the two things that we said. One, to drive this notion of going from 1 or 2 products in a category to having a platform approach or a platform sale, which eventually gets to a better security outcome for our customers, we have to get aggressive in the market. And part of that is accelerating the customers, being able to transition from some legacy vendors and you can decide who the legacy vendors are. But every customer has some vendor that they would like to transition off of. And we go ahead and say, "Look, we can help you transition as long as you're adopting or adapting to our platform approach." So that's kind of one part of it. We sacrifice short-term billings or short-term revenue in the interest of longer-term growth and more growth in the future. The other part was very specific to Palo Alto, where we had certain aspirations of staffing on a certain key contract that we were working on with the federal government which didn't materialize. So we had to decide to derisk our numbers from that contract, so we took it out.

Got it. So what was the thought behind saying the words spending fatigue? Because obviously, demand is strong. So I think someone...

There's cybersecurity spending fatigue. Now you have to get it in context. Demand continues to grow bad, things continue to happen at a faster and faster pace. Customers buy more and more cybersecurity. Cybersecurity spend goes up about 5% to 8% a year, it will continue to do so. But they're getting frustrated. They're getting frustrated because they're getting breached more. They're less secure, CSOs are being held accountable by the SEC. There's possibly one of them might go to jail. So there is frustration. I spend more money. I try and get the right thing done from my organization, yet I don't get the outcome, but the spend is there. So fatigue in the context of spending more money and not getting the outcome. Not in the context of I'm done spending. That's not a choice.

Fair enough. On the platformization strategy, so obviously, you're trying to accelerate your ability to consolidate with your customers. I know you've gotten this question a lot, but why double down this now, why call this out on your last earnings call?

Well, look, as you know, about 6 months ago, I signed up for another 5 years with Palo Alto. And as I did 5 years ago, I sat down and looked at the business, looked at the fundamental and say, where do you go from here? And I'm with the firm belief what got you here is not going to get you there. . And we seem to be doing really well right now. Now is the time -- if you want to make big moves, now is the time to do it with a 3- to 5-year horizon in mind. So I spent the last six months reviewing. So far I've gotten to 300. I intend to get to 1,000. I sit in my conference room and every rep has to dial in and explain to me exactly what they're going to do with each account. Quite eliminating, by the way. I was told people in enterprise don't do that. But since I don't usually do enterprise in life, that's fine. So I went through the first 300 customers so far, and I discover a lot of interesting things. A lot of customers have some part of our platform from Palo Alto. A lot of customers are either in 1 category or 2 or 3 from a platform perspective. There's lots of room. So we started sort of expanding that sort of scope. And now, we do them -- possibly another 15, 20 this Friday. We do them once or twice a week, 500 reps dial in to watch how this thing goes. And then they go prepared, and they do this. So I learned in that process that we're not pitching to our potential in every account. We should be stepping up. And then I figured out the key detractors are customers are stuck in legacy vendors, customers are scared of executing a transition because cybersecurity sort of is not simple, it's complicated. So we have to do different things. And that different things involves going in, giving them transition support, going in, helping take off the economic risk on the table. That's what we decided to do. And now because -- why not now? The longer I wait -- look, when there's a profitable strategy that is being executed by one vendor, you get about 2, 3 years of a competitive advantage. Eventually, we all flock to whatever strategy is working. If you look in the history of cybersecurity, any company that has run really well for 3 to 5 years on a growth trajectory, all of us go try and converge them, try and take their business. You can have other people splitting up. And you'll see, they're all chasing each other and trying to get into their sort of profit pools. So for now, we believe we have a competitive advantage. We should go out and go execute against it.

So there's 3 different areas where you're trying to platformize, so I read your LinkedIn post last week and some of the comments.

1 out of 3. I have 2 more, but I [indiscernible] up a little bit.

I'm looking for [indiscernible]. Okay. How is this different from traditional bundling and discounting? Just walk us through how it works, how you're trying to ease switching costs for customers, et cetera.

I apologize. People having lunch. You're asking a question. It's going to bore them to tears, but I'll try and answer it. Bundling is economic bundle. You say if you buy one thing from me, you buy the second thing, you can buy the third thing is for free or as part of the deal, you have to go spend it freely. Cybersecurity sort of works differently because chief security officers and CIOs, they don't get into trouble for buying the best in a category. You go, you buy something in the top right of the Magic Quadrant of Gartner, you don't get into trouble. But for us, it's different because we actually have to prove the value of these things working together because the customer already has the other use case. They have perhaps 3 or 4 vendors or 5 vendors doing network security. If I can show that I am better, cheaper, faster and more effective in my stitched platform approach, then there is something to talk about. So for us, this is about actually going and demonstrating value from the integration as opposed to creating an economic construct. It's actually -- the economic construct hasn't changed for us. The economic construct is still the same. You consume, you pay. We don't give away a whole bunch of stuff, all you can eat for free. This is not a buffet. So you have to pay for what you consume in our platform, but the key is, can I demonstrate the value of my platform? So that's why it kind of defers from the traditional enterprise bundling approach where you've got everything as part of the big license. I don't really care what you eat, what you don't, I get paid. We don't do that. Is that helpful?

Yes. If we just go into some specific examples. So the average enterprise is using 50 to 100 different security tools. So you've got three platforms that you're selling. There's the network security SASE side, there's a SOC automation, that security operations center and then there's the cloud security side. . This is -- again, the platformization strategy is not necessarily new. It just seems like you're doubling down on it. Can you give us any examples where you've launched this effort in the last 6 to 12 months and where it's been successful?

Yes. So look, we have -- we didn't -- even it might seem like we ramped overnight, we didn't. We have been trialing various things over the last 6 months, right? We've trialed -- we bought an enterprise browser company called Talon, went to our customers, we were thinking about getting them to test it and charge for it. We decided to give it as part of the SASE product to try and get customers to consume it. When it comes time to go for renewal, they'll pay for it. But for now, we decided to feed the market with that. That became a very interesting approach. Large consulting company, they actually became a SASE customer first. They loved what they saw. They expanded that to a global remit, now we power every one of their consultants off their laptops with Prisma Access. They just replaced all their firewalls with Palo Alto because they wanted to see the benefit of what they get in remote access, in the data center. So we ended up consolidating 9 vendors into 1 platform for the consulting company, and that's just one of our platforms. We haven't done the second and third one. We're in discussions with a large company where we're actually trialing out and saying, listen, we'll give you soup-to-nuts cloud security across the board. We'll just index this off of your cloud spend. So you don't have to worry about what you use, what you don't use. You can use all of our cloud security products. It's indexed off of your cloud spend. So you'll always be able to manage it, but you get to consume all of our cloud security. So we are trialing out and executing on a whole bunch of these. What's been fascinating is the last two weeks as much conversation has happened in your community about our platformization strategy. More interestingly, our salespeople out there, 3,000 of them, are coming back and saying, all the customers want to talk about it. So clearly, there is some product market fit and resonance out of the market that the customers want to talk about platformization, that they've all heard about it, they all read about it. And thank you very much for amplifying the message positively or negatively because they all -- some of us seem to know that Palo Alto has embarked in this platformization approach. And now our conversations are how do we get to platformize in our enterprise because we're tired of the vendor sprawl.

Yes. I mean the value of consolidation, I think, is clear in terms of cost integration, et cetera. But I think the debate has been coming up around what is the right balance, right? There's always been the spectrum of platform versus best-of-breed in cybersecurity. There's been other companies that have tried to go this security super suite approach. Symantec, Cisco, et cetera, come to mind. Why is Palo Alto going to be successful, perhaps, where others have not been?

Look, we live in Silicon Valley. Every company that has been extremely successful has destroyed some legacy thinking, whether it's Uber or [ Sweep ] -- not really, the other one. Whether it's Uber or YouTube, you pick your favorite tech innovation disruptive company. They all came up and challenged an existing thesis. So we're not going to wake up every morning saying it happened to everyone, it will happen to us. We think the time is now because nobody ever tried this with having great products in 21 categories. In every other case, it was an economic bundling concept as trialed by enterprise security. We're saying we're going to have 20 great things. We're going to make them work together. And we've demonstrated that all those 20 things sell on their own merit. It's not like it sells only because it's part of the bundle. It sells on its own merit. Now we're saying, what if you could get it all to work together. If you go back and think about some of us who are older, 20 or 30 years ago, there was no concept of a CRM. Companies had their own 7 different applications that did some version of CRM. There's no concept of an integrated HR system, an integrated financial system. I remember I started my first job at Fidelity Investments on the finance side, they have 7 tools. Now you have an integrated financial system. And you say, wow, that makes perfect sense, Oracle CRM or Salesforce or Workday for HR or ServiceNow. So why should that not happen to cybersecurity? What evidence do you have against it that there's not a need where every company shouldn't have to go build this themselves, hire hundreds of engineers and try and stitch this platform on an individual basis? It shouldn't. These problems have never been there before so you presume it's not going to be there in the future. We think it's going to be there. It's going to be out.

Maybe the pushback to that would be the risk level is high. If you don't buy the best solution out there in the market, you can get breached. Whereas that doesn't exist in the ERP market, the CRM market or what have you.

There is no risk if you have a crappy ERP system?

I mean the risk level is not that you might get breached and ended up costing you tens of millions of dollars. I'm sure there's some risk, but...

You can't ship product in time. You have a bad ERP system. Your top line goes down. You guys murder them on the stock market. So there's that risk. So there is a risk. I mean, yes, but that's why we got to prove our -- we have to earn our place in that platform on individual merit for each category. We think the time is now. We've demonstrated we can go get 3,000 SASE customers in a span of two years against all the existing players that have been around for a long time. We've demonstrated we can get north of 6,000 XDR customers against all the existing XDR plays in the market. We've demonstrated we can have 40% market share in hardware firewalls, 50% market share in cloud firewalls and software firewalls. So we've demonstrated in each of those categories we win irrespective of whether they're part of the platform or not. Now what we're trying to say is, how do I create ubiquity across my customer base and try and focus them on an integrated platform approach or not?

Last couple of questions on the platformization topic then I might open it up to the audience. In each of these platform domains, network, SOC, cloud, there's like 10 to 20 different products. Is the platformization strategy more to consolidate within those individual domains? Or would it be able to drive cross-pollination between those separate platforms?

Look, it does drive cross-pollination, but this is where if you load everything into one thing, then it becomes an either/or. That's a riskier strategy since you're talking about risks. So everybody understands the value of having a cohesive network security platform. Everybody understands the value of a cohesive cloud platform and possibly a SOC platform. And typically, in every organization, there are 3 distinct individuals or personals who buy those 3 things. Like there's a chief security officer running the SOC, there's a CIO who's responsible for development. There's a CIO who's responsible -- or chief infrastructure officer responsible for the network and network security. So we've gone from 21 capabilities to trying to focus people on 3 platforms. Maybe in a few years from now, when we're sitting here, we might do that again. The second quarter of the fiscal year, 5 years, we'll say, we're going 3 is to 1. Maybe that would be a good use case, but then we'll be sitting here and the same [indiscernible]. Look, at the [indiscernible] rate, we are trying to consolidate them on these 3 platforms. And the idea is to make sure the customer doesn't have to do the stitching.

Just looking at sort of the impact to the guidance. So you talked about next quarter billings being in the low single-digit range, then back towards 10% by fiscal Q4, the July quarter. And then you've said in the back half of fiscal '25 or the first half of calendar '25, you'll be back to a mid- to high teen billings growth. So this is really going to be a 12-month headwind.

Yes. But remember, if you think about it, if I'm trying to go to a customer and say, you've got legacy vendors, let me go take them out and deploy Palo Alto, then typically, our sweet spot will be people who got 12, 18 months left on their existing contracts for us to go take them down, put a transition plan together. And hopefully, in 12 months, when we're doing this, we'll start lapping these 12 months that we've actually given away. So we should see -- typically, our deals right now are going to be first year free, pay me for 2, 3, 4, 5. But at some point in time, the first year free is going to go away, I was going to start getting paid for the deals I do now. So we expect there is a 12-month lap. That's why we've said we come back after 12 months to the better trajectory than we have had in the past. But there's going to be a 12-month period in which we're going to be executing on the strategy. We'll keep executing that after two, but we have a onetime 12-month adjustment around it, yes.

Yes. And the key point really here is this is an account penetration strategy. So these are largely your existing customers who have shown a willingness to already consolidate with Palo, not just any [indiscernible].

I think one of the things that -- in financial terms, what happens -- this is fascinating, is as we keep driving the strategy, we become a 90% -- 85% to 90% recurring revenue company without calling it an ARR company. We've become a software company because we traditionally came from the hardware background. When I came, I think 30% of our revenue is recurring. We're in the 67% range now. We'll get to 80% to 90% recurring without making a big brouhaha about turning into an ARR company. I don't know if ARR is still popular or not.

I mean, last year, you said TCV is back in fashion. You like cash upfront.

TCV is always back in fashion. I like cash upfront. I like TCP. I like RPO. All the other stuff is adjustable.

Fair enough. Anybody in the audience have a question? We got one back here. Let's wait for mic. Is anyone here with a mic? Okay. I guess we'll wait for it. But we have a question here in the middle. We'll wait for you. I'll just move on to my next question. The other aspect, I think that's been of some concern in relation to the billings revision, we'll call it -- you don't want to call it a cut, fine, has been free cash flow, right? So a lot of the free cash flow is driven by 3-year upfront billing. So what gives you confidence that you can maintain this high 30% free cash flow margins that you put up?

Look, over the last five years, our annual billings as a proportion of our total billings has slowly been creeping up because people have been taking annual contracts. We have been financing. A lot of deals would manifest just north of $1 billion. So eventually, that stuff has to get collected. So we have been possibly 25% to 30% of our billings now are annualized. And then that starts lapping, gives us, again, it's kind of like recurring revenue. We know that a lot of that is already being collected annual basis. So those things begin to lap. The other thing you've seen, we've driven a 1,000 basis point improvement operating margin, which eventually falls to the cash flow line. So those things help. So that gives us comfort that on a cash flow basis, we'll stay true to the mid-30s plus guidance we've given in the past.

Maybe one quick follow-up on that. I think you also renegotiated your cloud contract with GCP. So any way to contextualize how that's driving more savings?

Well, the more you spend, the cheaper it gets. Sort of like going shopping with your spouse. So we spent a lot of money in public cloud. And as a result, we've been able to negotiate a better deal which makes us more confident that we can sustain higher gross margins because eventually, it's the gross margin line which means better operating line. It just gives us comfort on our operating margin guidance, which gives us comfort on our free cash flow guidance.

Thank you for the math there, appreciate it.

Doesn't mean I'm financially literate, barely.

The question is for Nikesh around the $15 billion long-term target, your thinking in order to achieve that change with respect to M&A. Is that a very organic number or in the last 6 months, especially with this newer platformization approach? Do you have to be more aggressive and maybe front load the early years? Or how do you think about that?

That's assuming normal activity. And normal activity, if you look at our history in the last 5 years, has ranged anywhere between $500 million to $1 billion, $1.5 billion of M&A, which is mostly product innovation-oriented as opposed to revenue oriented because for the most part -- for us, we feel comfortable buying companies where we can take them, put them on our go-to-market machine, integrate them technically and go out and sell more of that. I struggle with buying things at 8x to 10x revenue multiples, giving them a premium, basically spending next the years executing on the behalf of people who got rich on b**ls**t as opposed to my shareholders. So unless I find something that is compelling strategically that we can actually take the two together and generate more value, I am generally cautious, is possibly the right word, of looking at large deals. So yes, the $15 billion is assuming normal M&A activity, which we have been demonstrating for the last 5 years.

So you spent about $600 million on Talon. And you're now going to essentially bundle it with the SASE product. What should we read into the enterprise browser market based on that assumption? What strategic vision do you have for Talon given that strategy?

Look, what's fascinating is post the pandemic, it became abundantly clear that people want to access every app that their company offers from wherever they are, right? Whether you're sitting here, you want access to everything or at home or traveling. That market in the past used to be a VPN market. You dial in through some VPN and you get there. That technology has been very old. We've seen a bunch of breaches and vulnerabilities around it recently. That market has eventually migrated to SASE. And the interesting thing in SASE is most of SASE requires an agent to be deployed on a laptop. There are three scenarios which becomes very hard. One scenario is mobile devices. Most of us carry mobile devices, 50% of our companies don't protect our mobile device access or don't give you full access to your mobile device. Two, it becomes harder if you're trying to use your home computer. I don't want Palo software downloaded in my home computer because I don't want Palo Alto to see everything I do in my own computer. I love Palo Alto, but there are certain limits to what, I mean, I let them into. So you don't -- you're on a BYOD case, you don't want that agent sitting on there. And third case is there are people who have multiple companies they work for, contractors. They will work for multiple companies. They don't want to have one company's agent on their laptop. All those three use cases were -- we were attempting to serve an industry with a poor use case called remote browser isolation, which is somewhat a not so great user experience, if you will. It's possible, it works. That whole market gets revolutionized by having an enterprise browser. The way enterprise browser works. So basically, that's your, lack of better word, portal or access to any application enterprise and you can deploy all kinds of controls on it. You can apply DLP controls on it. Nothing can cut, paste. You can't forward anything. You can't download anything. We can control the browser -- or that company. The customer can control the browser for every one of their employees, for your home computers, for your phones, for your contractors. So I just think it's a game changer as it relates to remote access, is a game changer as it relates to being able to deploy controls. And now the fun part will begin when people start trying to access AI. The browser, because it's unencrypted, can see everything you're doing, and that gives us much better control characteristics vis-a-vis something that you intercept after encryption, which is many people don't allow you to view encrypted traffic. So it's a game changer from an access perspective. 6 months ago, nobody was talking about it. Now I can tell you, I was in New York last week. There's swathes of employees and contractors say we'd like to deploy a browser instead of an agent. I think it changes the way the market thinks about remote access in the future.

We will come back to audience Q&A later on. I just wanted to spend a little time on generative AI because I know it's been a big topic over the last year. One, how are you seeing generative AI change the threat landscape? And then secondly, can you remind us how you are using generative AI in your product portfolio to help consolidate the market further?

Sure. So generative AI for us will fall into possibly 3 categories. Category 1, bad actors using generative AI. That happens on the consumer front, on the enterprise front. On the consumer front, I'm sure you read about a deep fake video, where somebody got -- inserted themselves to a Zoom call and got a bank to transfer $25 million. That is doing the rounds. It's kind of interesting. So there are generative AI folleys that are going to happen on the consumer side, which you can think about as an enterprise use case as well. Bad actors will use generative AI. They'll -- in the most basic way, get the LLM to write a phishing e-mail which will come to you with a malware link and you got to click on it, it will steal your credentials. So it's just faster bad actor activity, which we have to be prepared for. So it's going to -- speeds the overall cybersecurity demand. There is no fatigue. A lot of money will be spent in cybersecurity, right? The second category of generative AI is how do we protect our customers against problems created by generative AI which fall in 3 categories. One, our employees accessing AI LLMs or AI apps. We have to stop employees from loading proprietary information, all kinds of stuff. So we have about 100 million customers we protect on access, all of those customers are going to need -- all those users are going to need protection against generative AI. It will just become another subscription that sits on top of our access products that should be low friction to deploy, low friction to sell from a subscriptions to our customers perspective. The second category will be the AI firewall. If you deploy an LLM in your company, we're going to have to make sure we surround the LLM with security protection so nobody can inject prompts, nobody can manipulate your LLM to give the wrong answer, no bad stuff comes out of LLM, no phishing links come out of your LLM or bad malware code is transferred to your customers. So we will have an AI firewall. And third is it's more of an architectural thing. If you go deploy AI in your company and move everything from cloud to AI in the future, you're going to need a cloud security equivalent of AI security posture management. So those are the 3 product categories. We highlighted that in our earnings. We're possibly 3 months away from being able to put them into production for our customers. Across the board, we will start previewing them in the next 8 to 10 weeks with our customers, so that's kind of once this happens. And within that, we will also have co-pilots like everybody will in the future, which make the complex parts of deploying security easier for the practitioners because there are 7 million jobs that have not been filled in cybersecurity because it's complicated. And third area generative AI helps is reducing costs vis-a-vis automation and summarization and natural language interface. We're going to launch a project next month, which approximately should give us 2% head count savings. We're going to ramp that up with other projects, I think, in the next 18 to 24 months. Most companies are going to be looking at about 10% head count savings on a conservative basis by deploying generative AI.

A lot there. Because I think a lot of what you've been talking about is using generative AI with XSIAM to automate security operations?

Yes, precision AI. In our business, we make a distinction between generative AI and precision AI. I don't know if you guys read recently, I think a Canadian airline. Chatbot just gave away free medical support for a ticket because it decided somebody else was doing it and told the customer of the airline that they'll cover the medical expenses. And then the airline had to pay up. I think Chevy had some LLM sell a car for $1 because the person negotiated really well, ended up in a bidding contest. Imagine you're a bidder, bid against me and ended up getting the price down to a dollar. So there's a bunch of hallucination. You really don't want your security software hallucinating, just saying. Like imagine the physical security guard turns the gun around, this is not a good idea. So we try not to use generative AI to tell us what to do in security. We tell -- we use it to try and look at trends and what happens. We use precision AI when we know the answer which are, in old parlance, called machine learning models. We do run 3,000 machine learning models in our AI SOC product, which has been extremely popular [indiscernible].

Yes. I think what I haven't heard you talk as much about is how you're securing generative AI because that's a big problem. So it seems like that's something that's already driving some pipeline.

Well, it's driving conversation. A non-delivered product to the market can generate pipeline until we deliver. So we expect we'll have the product next few months.

Yes. And that would be your data security posture management, that would be...

The would be AI security posture management, AI firewall and AI access. And the reason I don't feel uncomfortable sharing that because on an AI access perspective, it just become another capability for our customers where they already use our Prisma Access product or our GlobalProtect product for firewalls. They'll just sit on top of it, beside it saying anytime AI is accessed, we'd intercept and deploy controls.

I think we had a question down in the middle, but I'll just sneak in one more while we get the mic there. But do you also foresee a scenario where AI obviously drives more data, more traffic. Could that also incentivize perhaps an accelerated refresh on the hardware side? Is that something that you're seeing?

Look, I'll take a slightly different point of view that there's two parts I'll say to that. One is, I think it's important to understand, at the most basic level, a firewall inspects network traffic. Network traffic is generally between users and their companies. It's created between applications by our consumers. So in general, network traffic is rising between 2x to 5x a year. Think about it. Everybody -- now you deploy AI, more people will be accessing AI. You'll be sending stuff back and forth. All that traffic needs to be inspected. The way it gets inspected is through hardware, software, cloud firewalls or SASE. Those are 4 ways to inspect network traffic, right, between all [ the services ]. In general, that category is going to continue to see strong demand as long as we expect traffic to go up. In general, more AI and more data gets deployed, you will see more demand for cloud security because it's very hard to do AI LLMs on-prem. You can, it's just harder. People who haven't moved to cloud will move to cloud now. So all these models are going to sit in the public cloud and all the ringfencing that happens. So that's going to keep driving the cloud transformation game. All the bad actors in generative AI, you'll want much more real-time responses, which will drive precision AI in your SOC.

Perhaps just elaborating on the replatformization strategy and incentives you're offering to customers. How are you prioritizing those efforts across areas like SASE or endpoint or SIEM? I mean I know the answer is all of the above, but can you maybe give us some detail around how you're targeting each one?

Sure. So look, on the network security side, what typically happens is it's hard to transition a firewall if somebody bought it last year. Firewalls have 6 to 7 years end of life or useful life. I can't really buy out your firewall if you bought it last year. You have 6 years or more of depreciation sitting in your balance sheet. I can't go take it out and say, I'll replace it because it's all very interesting to us economically. What's interesting in SASE, because there, at best, it's a 3-year contract, you're probably 6, 8 months, 12 months into it, that allows you to take the risk off the table saying, Palo Alto is going to come and deploy it. I won't to have to worry about paying for it until it's deployed and I can switch off one and switch on the other and start paying Palo Alto. So there, it's a lot easier for us to go disrupt possibly the network security space sans hardware because all those things are on typically 1- to 3-year deals. And there, we can offer 7 to 8 vendors can get consolidated into one, so you get a better security posture, better security outcome, possibly lower cost. On the SIEM side, 15 years, it's been 15 years since there has been any revolutionary change in the SIEM space. All the products in there have -- were created 15, 17 years ago. And over time, you've discovered, they're not set up for AI-based data analysis. They're not set up for machine learning models in the right way. So there, it's more about taking the execution risk off the table, saying, if I replace this, what's going to happen? I have to pay you for 6 months while I get you up and running, I still have to pay for this thing. There, I'm much more willing to go take the bet because once people have bought those in, they have them chained up for 15 years.

Maybe to follow up on this question. To what extent do you think the platformization strategy is really focused on the SOC, more specifically on the endpoint because you need a lot of endpoint telemetry to make things like Cortex, like XSIAM, for example, work. So what is the thought process there?

So the endpoint -- remember, we were not a player 5 years ago when I joined. There are 14 endpoint companies. At that point in time, we were not a player. There was Symantec, McAfee, Carbon Black; Cybereason, Cylance, CrowdStrike, a whole bunch of others, right? So I think it was down to 4, down to CrowdStrike, Palo Alto, Microsoft and Sentinel One. The other 10 are over time going to get replaced by somebody or the other, which is amazing, you've gone from 14 to 4. And to the extent somebody already has just recently deployed the other three, we will ingest data and make it work on XSIAM. We will take that friction out of the system. We will offer to replace any of the other 10 in the market.

I think we have time for one last question if anyone has one. We've got one right here.

I wanted to ask maybe when I think about the platformization with enterprise, I read somewhere that there's about 50 to 60 tools an enterprise has for security. And you guys are leading in 20 so it means that you will still leave aside other tools. I was wondering does this affect your idea of being more of a closed system versus an open system, integrating more with different tools, especially when I think about data security like, that you guys are thinking about making it a bit more closed rather than integrating with more tools. So would love to hear your thoughts.

So let me parse that out. One, we cover about 60% to 70% of a customers' cybersecurity vendor estate today. So in your example, if you have 60 tools, we could possibly replace between 36 to 40 of them, right? We don't cover the other 30. A major chunk of that is identity. We don't do identity. There's about 8 to 10 or 15 tools in identity and there's a few in vulnerability management. We have plans to go address some of those markets. Two, most cybersecurity vendors in the market will give access to alerts and data into SoCs or SIEMs so that customers can stitch them. We do the same. Our data is available to any SIEM or any SOC that chooses to integrate Palo Alto data. We will accept data from any other vendor into our SIEM, even the 10 that we said we want to replace. So to that extent, it's open. We cannot have a true open in cybersecurity because true open means the bad actors can see what you're doing. So it's always a bilateral agreement that we have or a deal where we understand what we want to deploy or not. So no, we're not building a close data lake. At some level, you do -- we -- it works better if you use our product because we understand the data that was collected. It's kind of like the difference between first-party data and third-party data. I collect first-party data. I understand it better. I feel much more comfortable guaranteeing the quality and outcome of my first party data. If I have to [ indicate ] somebody else's third-party data, then that's the risk because I don't know how they collected it. I don't know how good it is. If it's got false positives, you have to deal with the outcome. So that's the only benefit [ to take away ].

All right. Nikesh, Thank for coming. I'll talk to you later. Thank you everyone for joining. Thank you very much.

Thank you very much.