Palo Alto Networks, Inc. (PANW) Earnings Call Transcript & Summary

All right. We will go ahead and kick it off. Thanks, everyone, for joining us, day one, Goldman Sachs Communacopia and Technology Conference. I'm Gabriela Borges. I lead our cybersecurity research here. And I'm excited to have on stage with me, Nikesh Arora, CEO, Palo Alto Networks. Thank you for joining us.

Thank you for having me.

Nikesh, one of the things you've said a couple of times now over the last 6 months is you wish you had started the platformization strategy sooner. One can argue, looking at Palo Alto for the last 3 years, you've been selling 3 different platforms pretty consistently. So talk to us about what's different on the ground in 2024 with the platform conversations that you're having at some of your largest customers?

Yes. First of all, thank you for having me, Gabriela. And I've said that -- I was listening to a podcast by Reid Hoffman interviewing Eric Schmidt and he asked him, "Hey, Eric. If you were younger, you could go back and do something differently, what would you do?" And he said, "I'd execute on my good ideas faster." So the same reason I say we should have done platformization faster. What's different? Look, we have been integrating, selling a platform for a while, but we hadn't been consistently leading with the platform. We've been trying to meet the customer where they were and say, "Okay, you want this. I got this." But now our entire sales team has pivoted to leading with the platform saying, "Listen, I know you want this, but if you got it at this flavor, it will all work better together." And that's a mindset change in our field. And eventually, these are the people who talk to customers and convince them about what they need. So getting them reoriented towards a platform approach allows our sales teams to go in that way. Also, it changes the competitive dynamics for us because then the other competitors have to respond to our platform strategy as opposed to say, "Oh, I can beat you on SD-WAN," or "I can beat you on SSE," or "I can beat you on enterprise browser." Can you beat me when they all work together?

If you think about one of the topics in security around the fragmentation of the long tail, we've talked about how the largest companies in security have a much smaller amount of market share than in some of the other segments of software. So what has been some of the best practices that you've taken from outside the security industry on how to cross-sell and how to sell platform at the highest level of the organizations at your customers?

Yes. I think if you go back -- and I've said this before, I apologize if it's repetitive. But if you go back 20 or 30 years ago, a lot of the current SaaS platform companies didn't exist. So all of those things were done with 15 or 20 different applications in your enterprise, whether it was all the CRM stuff, all the customer support stuff or the HR stuff or financial stuff. I worked at Fidelity 30 years ago, and we had applications that did all of these things and you had to put them together. You fast forward, look at 30 years hence, you would never dream of having 30 different applications that manage customers for you. You'd buy a platform. I think cybersecurity is at the same space, where we all believe that we need 40 different vendors to solve this problem because each of these is a point problem. Actually, it's a broader problem. You want to secure the enterprise. So the question is, why has it not happened before? Because there was no such company or vendor or platform available. So it's very hard to say I'll take it if it doesn't exist. So we're trying to get us there where we can have that platform at play. In terms of what sells it better, is unique commitment from the CIOs and the senior leadership. And typically, companies, when they do these transformation projects, end up hiring system integrators. They'll hire the Accentures, the Pricewaterhouses, the IBMs, the Wipros, the Infosyses. So we have a very large concerted effort over the last 2 years of working with those companies. I spent more time with them in the last year or so, and CIOs, than I ever did in the first 5 years, and that's bearing fruit. Now today, like people hire Accenture or Pricewaterhouse or IBM to say, transform my network or transform my SOC. Now that they understand our solution is better, they don't want to deal with 40 vendors. They'd rather deal with one, because they're making money elsewhere.

I wanted to stay on this topic of transformation catalyzing your land and expand with customers and particularly on how it intersects with AI. So talk to us about what you're hearing from some of your largest customers on their AI investment plans, and how does that then impact how they want to spend on security?

I think almost every customer is horribly confused about AI. They're all trying to figure out how this thing becomes real. I think we've been working on it for the last 9 months. It's clear that a lot of the early use cases, if you're not on the consumer side, which are more creative, make me a video, show me an image or write me a story. Those are great in the consumer side. But on the enterprise side, you're seeing all of them as enhanced productivity applications. Can I get my customer services to be better? Can I get some process to be better? Can I do better pattern recognition of data? Can I analyze my MRIs is better? So you're seeing a lot of those use cases. So it's a large data management, higher quality of data, analyze that using an LLM and create a conversational interface against it. So that's kind of what we're seeing. In that context, I'd say, almost every one of our enterprise customers is experimenting with deploying some sort of version of a model in their sort of infrastructure or in their public cloud infrastructure, one. And two, I'd say about 20% to 30% of the employees of every company, especially the younger ones, are playing with the AI apps to see if they can get their jobs done easier, write me a blog post or write the answer to this e-mail. Now in both those cases, there are security opportunities. In the case of your employees using AI, the security opportunity is that they shouldn't be putting any proprietary data into a public-facing app or LLM. So we can intercept it with our product, in our access products or VPN products. We can look at what people are entering, we can intercept it, stop them from putting stuff into public LLMs or public apps. We rate about 500 apps on their threat levels today, which are AI apps. So we can say, "This is a very risky app. Don't put your data in there." Nobody else in our space has deployed that capability yet. We went live about 3 weeks ago. The second use case is everybody deploying these LLMs requires effectively what we call an AI firewall. So when you deploy ChatGPT or Gemini enterprise and you have your AI bot talking to your customers, you got to be careful nobody intercepts that bot and start giving you free cars or free airline tickets or free clothing because you can do that just for fun. Hackers would love to do that just to show that they can penetrate your AI chat bots. You put a firewall against it to make sure that it cannot be prompt injected or model poisoned, et cetera, et cetera, [indiscernible]. So both of those are going to be interesting opportunities from AI perspective.

Is an AI firewall different technically from a classic virtual firewall that's monitoring [indiscernible] traffic?

It's enhanced, because you have to put in all the checks and balances for prompt injection, model poisoning and all a bunch of stuff, which didn't exist [ at concept ] before. And for the first time, we have to monitor traffic both ways. Because LLM can give silly answers. They don't want a customer to get a silly answer. I can give you malware in response to a normal question, right? Like those beautiful chatbots say, did you like the answer? Did you not like the answer? If I do a lot of like the answer, the LLM learns to give that answer. So I could bombard your LLM and like all the wrong answers for a long time, and LLM suddenly learns all the wrong answers are good answers. You don't want that either.

Similar question on data center firewalls. As we spend time at the industry level thinking about the rollout of data centers to support all of these model training and inference use cases, is there then a second derivative impact on the demand profile for your data center firewall business?

So there's been a fallacy that when we go to the cloud, the firewalls will go away. I have a trick question. Where does all the cloud run on? It actually runs on data centers. So you still need firewalls to run the cloud provider data centers, which used to run in an enterprise. So it's a zero-sum game. It moves from one side, goes to the other side, that's why we run an [indiscernible] industry where we don't go away. There is going to be more need for data center firewalls as people build these large AI data clusters, but unfortunately, we don't enjoy the pricing of a GPU. We still sell them for the same price.

I want to also spend a little bit of time on the AI use cases that you're exploring in-house. So maybe actually we can start on the R&D side. Are there a couple of AI use cases that you're most excited about that your engineering team is working on over the next couple of years?

Yes. So there are some -- we went early in this AI journey internally. And if you look at it, you tackle them based on your cost bases. Our largest cost bases are customer support people, developers and salespeople. How can I use AI to make my life more efficient and more productive? On the customer support side, that seems to be the happy use case every AI company is chasing down. The big determinant there is not who your AI companies or LLM you're using, it's how good is the quality of your data. You understand how you solved each problem. Do you understand what data is needed to solve the problem? So there's a lot of effort we put into place where we are collecting more data than we ever did in every case that we solve for our customers. I told my team, every 11th time the same thing shows up, it better not be a human being solving the problem, which requires a fundamental rethink about how you collect that data. It's interesting. Our best -- and for that, we've designed, as always, an internal customer support Copilot. Our people use it. Our best customer support people who know how to use the Copilot are 40% more efficient than non-Copilot users, which is an interesting sign. What is also interesting is somebody who learns how to use the Copilot is equally productive after 3 months like a person who's been there for 4 years. So these are both interesting signs. It tells us that we can actually tackle that problem at scale, just need to get better from a data perspective. So I think there's an opportunity there in the next 2 to 3 years of making ourselves more efficient from a customer support perspective. Our second big constituents are developers. Our best developers are 30% or 40% more productive than our non-Copilot-using developers, which is also interesting. Only 1/3 of their time is spend developing. The other 2/3 is spent doing other things, which we're also working on figuring out how to make that more optimal. But there's also hope there that not only can you get better code from a quality perspective, but you can have a much more productive employee on the coding side, which allows us to maintain our cost bases and grow faster. And third, on the sales side, we're taking a slightly different perspective. We believe the biggest errors happen when the salespeople aren't well informed. So we have a lot of efforts going towards where every one of our sales people can pull out their phones and ask a question about our own product capabilities and portfolio and capabilities without having to call another person. So we're trying to get them information at their fingertips using AI and LLMs, hoping that, that will make them more productive and reduce -- or increase our win rate.

Are there any examples of AI applications today in-house at Palo Alto where you had thought that they would show more promise earlier, and instead, it's actually taking a little bit longer than what perhaps the industry would have expected?

I think there's a general understanding now. All of us rush to build Copilots, and we've all discovered Copilots are more complicated and less accurate than we want them to be. And in our business, it's not the 90% that matters, it's the 10% which is not accurate that matters. You don't want to give a 10% wrong answer. "Don't worry about it. I'm right 9 out of 10 times." That one out of 10 times you're wrong is when the breach will happen. So the focus on accuracy is more relevant for cybersecurity, and I'd say we're all reaching the current limitations of hallucinations and accuracy in the 80% to 90% range, which allows us -- which does not allow us to have autopilots. So they are Copilots, and you have to be very careful when you give a Copilot that you say this answer could be -- could require some more validation. So I think we're all -- again, the problem is you can't get to 100% if you don't get to 90%. So it's not like you don't -- you can't wait and not start because it's not 100% accurate. You just have to go through the motions to understand it. So I think that progress will happen. It does require better inferencing. And I think you can see lots of technologies that are out there that are trying hard to work towards inferencing and prompt extraction, so we'll see.

So one of the areas where a lot of these themes intersect, I'm thinking AI, pattern recognition, Copilots, platformization, is with Cortex and some of the work that you're doing in the SOC. Talk to us about how -- we're about a year on now from training and enabling all of Palo Alto's salespeople to go to sell Cortex. What are some of the limiting factors today in your ability to take share in what has historically been an incredibly sticky market? And do you still get pushback on -- well, Cortex looks great if you are fully embedded in the Palo Alto ecosystem, but it doesn't work great if I have to embed other vendors as well.

No. So first of all, for those of you who are not aware, if you step back, cybersecurity industry goes through inflection points. And inflection points are moments when vendors get replaced. So when Palo Alto started the next generation firewall, we replaced a whole bunch of firewall vendors because we came up with new technology. If you look at what happened in the endpoint market with McAfee and Symantec and the emergence of CrowdStrike and Cylance at that time, Carbon Black, Cybereason, Palo Alto. That was another inflection point where the technology was so good, and so different, the customer said, "I got to get rid of the old stuff. I got to go to the new stuff." And I think SIEMs are in that space right now. People will replace SIEMs because they're horribly expensive, not fit for purpose anymore, not using machine learning historically, and they're designed for human querying of the data, which needs to be queried using some sort of machine learning. So XSIAM is that an inflection point for us. In the last 18 months, we've sold 130 of them, which is way more than you would expect, and the average deal size for our [ top 30 is $1 million ]. There has not been a cybersecurity product whose average deal size is $1 million out of the gate. Our largest deal is $50 million, which is also rare. There's no cybersecurity product that in 18 months comes out and does a $50 million deal, which underpins a large enterprise. So I actually think it's fast enough. It doesn't need more acceleration. However, because I'm impatient, we went and did a deal with IBM, which is 1 of the 3 leaders in the market in SIEM, and we bought their SIEM business, which creates an incentive and motivation for those customers to migrate to us. You might lose some. While we hopefully intend to get a significant share, we think there are 3 vendors in the SIEM inflection point space where -- us being one of them, and don't ask me to name the other two, and I can get 1/3 of that market. It's great. It's a $20 billion market.

Let me ask you a little bit about the thought process with the IBM deal, because one could argue in a lot of these subsectors of security, where you're seeing an inflection, you'll be gaining share regardless. And so there is a trade-off between buying the share versus gaining it organically and paying S&M for it. So how did you think about that when it came to IBM? And are there other cases in Palo Alto's future where you think a similar economics dynamic might apply?

You can argue I think that's a lazy argument. Because don't forget, if -- it's IBM's customer, there's a gravitational pull where their sales people are saying, "Don't leave us. We've got some cool stuff for you." So there's no incentive for the customer to migrate, and they're getting the service. Now with this, every customer knows they have to either migrate to us or somebody else, because IBM is not in the business for the long term. And the IBM salespeople are actually incenting them to move to Palo Alto. So very different forces at work than waiting organically, and when you're doing it organically, then you're looking at everything in the market and spending time. I'm walking up to you and saying, "Listen. You are now my customer. Let me help you walk you through how I take you seamlessly with low execution risk, low economic risk straight to Palo Alto." It's a different conversation. So no, it's not organic share take versus come to Palo Alto.

I think part of the wins in SOC are tied to your endpoint product and how the interfaces between Cortex endpoint and XSIAM will kind of tie-in together. Talk to us a little bit about how your conversations have changed post July 19, and internally, when you and your team look at the resiliency of the Palo Alto platform, how do you protect yourself against that kind of black swan outage impact?

So two different things. First, that's what I thought 2 years ago, that our fate on SIEM would be very dependent on our endpoint ownership. We discovered that the economics are -- that for $1 endpoint, the SIEM is $4. So why get sort of parochial and say, "I want the dollar to give you my $4 product." Great. We can use any endpoint as long as it's of high quality and of the recent kind as opposed to the old kind. So we pivoted about 6 months ago. So we'll take the data from anybody else and use that in our SOC product to give you the same outcome we do with our own products. So it's a big shift. So we don't force our customers to require endpoint anymore in our SOC product. I mean just 400 vendors of data, what's another 3? So that's 403 instead of 400. It's not a big deal. So that's one part of it. In terms of your question of how do we protect from the outage that happens -- what's the question?

How do you think about instilling resiliency into your own products and services given how much mission-critical positioning you have you at your...

I think if you're referring to the -- there's two different scenarios where resilience becomes relevant from us. Obviously, our products, for the most part, to provide security, sit in line with our customers. So our firewalls have been around for 17 years. They sit in customer infrastructure, and a bad firewall could bring your infrastructure down. So we understand that we have very critical resilience that our customers need. It gets sort of further sort of exacerbated as customers become more reliant in the case of endpoints, which you saw the recent outage was an example, where we also have a similar product and so do other people to the market. Now that was a black swan event, to be honest. There's very rare situations where we interface with the customer's endpoint device where you can get to the kernel. And we know that's a specific issue, and hopefully, that gets remediated over time. But also we have different policies in place than some of the other vendors in the market, which we believe are more resilient. We do not deploy 8.5 million customers at the same time in 47 minutes. We actually do it in a very phased manner at 1%, 5%, 10%. We take 2 weeks to do, but some people might be doing faster than us. So -- and of course, all of us have gone back and relooked at our processes to make sure we are doing that. We have a bunch of failover provisions, but let's just say that it could happen to most people and put that aside. The other area which becomes interesting or relevant is SASE. Our SASE product is a service, which means if our SASE infrastructure is down, you're down. You cannot use your laptops if you were to be [indiscernible] the SASE product of the company. So we, on purpose, took a very different architecture approach than most of the people in the market. We don't run our own data center anywhere in the world to deliver SASE. We run on Google Cloud and AWS, which means if Google Cloud is down, then you're down. But we also have a hot switch where some of our customers, if they choose, we can move them from Google AWS in the back. So if both Google and AWS are down, I don't think you'd be worried about SASE. Something else is going on in the world.

Fair. I want to ask you a little bit. You mentioned spending more time with the system integrators over the past year, and I believe you're just coming off a Sales Kickoff in the beginning of the fiscal year '25. So what was some of the highlights coming out of Sales Kickoff? How are you balancing what is an incredibly motivated talented group of enterprise salespeople at Palo Alto with some of the partnerships that you have on the system integrator side so that everyone wins?

Well, our salespeople are still a critical part of that equation, because they're the ones who interface with the relevant systems integrator partners who are talking to the customers. So there's a customer says, "I want to do a big network transformation. My name is Accenture. My name is PriceWaterhouse. My name is Deloitte. My name is Infosys." They still need a Palo Alto salesperson to sit with them and come up with a solution and design the solution, get the coach to them, because they're interested in a larger piece of the pie. We're a subpart of that pie, but it still needs to go through a tremendous amount of process to get the win and try and get sort of -- eventually get the transformation done. But it goes full circle to where we started. More and more of our platform deals require us to be part of a transformation narrative as opposed to a point solution narrative. And the transformation narrative is often driven by either the customer or most often with them in partnership with an SI or a telecom company, which in Europe mostly provides the same capability.

Are there highlights from Sales Kickoff?

Okay, we did a virtual Sales Kickoff. We actually decided that bringing people to Vegas, giving them lots of opportunity to go gamble or drink, is not a good way to teach people. You wouldn't do that to your kids. "Okay, guys, we're going to Disney World. We're going to have lessons." No. So we did it virtually. You had to go past a whole bunch of technical tests to have a watch party in the office. So our highlights were that people didn't have to travel for a week and be unproductive for that week and not learn a whole lot.

Very good. I want to come back to next gen...

It's true. You're laughing. I find it very amusing when I go to Vegas, there's 80,000 people walking around with the badges and say, "I'm here to learn." This is a bizarre enterprise phenomena I do not understand. This is what you get for not working in enterprise for 25 years.

An excellent point. I want to ask you a little bit about renewals, renewals. So one of the most interesting charts in the 4Q earnings presentation was the number of customers that are moving to advanced attached subscriptions. So I'm thinking of URL going to advanced URL. And the list price for advanced URL is, on paper, 50% more than classic URL. So how do you think about that conversation in renewals? It's obviously a balance between extracting the value that you're providing and pricing the premium products appropriately. How do you balance that with the customer saying, "Hey, on paper, I have to now pay 50% more for something similar." How do you navigate that conversation?

Well, look, list prices are an interesting phenomenon in enterprise, right? I think most customers don't end up [ in the list price changes, a yield that you get out of it ]. But again, the price is the wrong way to start the conversation. The conversation starts as to what incremental capability do I bring? So fundamentally, how it works is you have a firewall, your employees are trying to go to an internet address, you type. It goes to an internet address if it's a legit one. If it's a bad one, we've already told the firewall don't let them go to bad internet addresses. That's kind of how traditionally it works. The advanced services work like, I at Palo Alto try to go to a bad one. I found out it's a bad one. We take that. We update our cloud databases for 62,000 customers in an instant, and your -- everyone has now got the advanced protection, because something I found in one has been deployed to 62,000. You're telling me you don't want that capability? Sure. You can have the old capability, which updates every 2 hours, except you're exposed to the next 2 hours. No, I want the new capability, and I'm happy to pay the extra $0.10.

How has that conversation then transitioned into the SASE conversation? So if I think about something like advanced URL functionality, and then the holistic way that you approach distributed network security with SASE, how do those two things come together when you sell SASE at...

So actually I come at it from a slightly different perspective, right? I think what happened was the world of SASE was -- more lighting. So the world of SASE was -- everybody had VPNs that you used to access your applications in your company. And this whole thing came about called the Internet, so we had this thing called Internet access. So the new company formed, which is if you want to go to the Internet, come to me. If you're going to go to VPN, go to Palo Alto or any firewall vendor. What happened in the pandemic, we all discovered that we want to be able to work seamlessly from anywhere. I don't care where I'm going, whether I'm going to a private instance or I'm going to an internet instance, which is where we sort of came into play because we lived in the private access world. We built in an access world for ourselves. Other vendors who are on the Internet side try to build a private access world, right? Now what's happening is I'd say about 10% of the companies in the world are SASE-fied. 90% are still going through a network transformation. And the way it works is that eventually you have a device, all of you have a device in front of you, some of you are accessing the Internet SaaS applications, some of you may still be going to some data center backed install. Customers don't want the differentiation. You can't have 4 different products to do the same thing. You can't have an agent for Internet access, an agent for private access, an enterprise browser for a third situation. You want them all to come together. So our conversations usually are, "I can provide you an integrated situation where all the capabilities are part of 1 platform, all the services are deployed against our 1 platform." So that's how the conversation happens. And it was -- I think our mistake that we didn't have an Internet access product when it came about, and we let it go for so long. But now in the last 3, 3.5 years, we're about 40% of the business of the largest player in the market, which is a good start. We think we are on track to be the largest SASE player in the next 3 to 5 years.

So on that note, every year, we have a conversation about how fiscal year planning is unpredictable. And every year, there are puts and takes to how you...

[ I don't know ]. Interest rates, elections, wars. If you give me an answer to all those, I'll give you the answer to my plan.

With all of that context, you're guiding to 19% to 20% RPO growth for fiscal year '25. You just printed 20%. You're guiding to essentially zero deceleration in the business. Talk us a little bit about how you're able to, at the large numbers that you have, guide to business continuing to grow at the same pace this year over the next 12 months as you just did in the July quarter?

A lot of analysis, a little bit of praying.

Maybe share a little bit about the analysis.

Look, we all try and forecast. Every company out there tries to forecast how best to understand the business. Now you have an existing book of business. If you look at the spectrum, some of us have a large existing book of business and marginal incremental growth. Some of us have all net new growth because we are fast growers, and we're new in the market. We sit somewhere in the middle, right? We have a large book of business in hardware and our software services business, and then we have incremental business in XSIAM and SASE. So on the book of business, we have reasonably good visibility. Our churn rates are low. Customers don't leave us. So we know what we're going to have to upsell and renew into the existing book of business. So 70%, 80% of the business is more predictable than the other 20%. On the other 20%, you rely on the pipeline, the opportunity in the market, the conviction that security is not going away, the conviction that they haven't met a CIO or CISO who says, "Oh, I'm not going to spend on security because we're spending on AI." That doesn't happen in our industry. So there's reasonably robust predictability on the demand function, give or take. Yes, they might want a better price, but they're not going to go away. Then the question is, how much am I going to win in that space. Or is there something that's going to happen that's going to be from left field, and I'm not going to -- my win rate goes away. So you put all that together in a big jar, you shake it really, really hard, you see what the number comes out, and say, oh, is Gabriela going to be happy with that number? Oh s***, she's not going to be happy. Let's go work really hard again and shake it again and make sure we execute better.

What do you think is different about the next 12 months that allow you to start out with that starting point? If I think about the last several...

You think I should have started lower, is what you are saying?

No, I'm trying to understand...

I'm just trying to understand what you want. I'll give you what you want. Just tell me. It's easier.

What do you think is unique about this year that's allowing you to guide to a better demand function based on all of the blocking and tackling?

I think it's a good demand function. it's consistent with our experience, and you have to make sure that all the investments we made in SASE or Cortex XSIAM, that we have to have some -- with the IBM deal, all that has to factor into our expectations for next year. So I told you, the friction on selling XSIAM should go down, given that we just went and acquired a large customer base. We can upsell into it. So put all of that together, as I said, and you have to go out and execute.

I want to spend a couple of minutes on how you think about unit economics of the business. And we've talked before about how, as you cross-sell into our largest customers, there's an incredibly rich LTV to CAC, so to speak, that comes off of that business. And then we've talked about the renewals business as well. What are some of the metrics that you look at internally to measure unit economics? It's not as clean as a pure SaaS model where you just look at LTV to CAC. So a little bit of insight on how you think about that.

You think SaaS model has clear unit economics?

Well, it's all subscription, whereas you'll have a little more...

Yes, but there's a ramp and early deployment cost for net new business, which makes it very hard to understand SaaS unit economics, right? All the customer support deployment is early loaded out into the SaaS deal. It's a per user deal, so you got to make sure the users show up on the customer side. So all I'm saying is SaaS economics and also unit economics are no easier than our economics. But at the end of the day, we understand our businesses. We understand what it takes to land the product. We understand what the upsell opportunities. You've got to make sure you don't give away the farm in your first deal. We understand the consumption curve. I think the biggest shift we've had to make on the unit economic side is that the consumption is consistent with our sale. Because you don't get the consumption that we sold, and the risk is you want to get the right renewal and the economics work really well for the land, but then you may not get renewal and your business becomes bad. So we have had to pivot some of our business practices as we've sold more and more SASE, more and more cloud, more and more XDR, to make sure we're watching consumption and making sure we have people to go there and talk to customers saying, "Listen, you bought a lot of product. We want to make sure you're using it because come 3 years from now, you're going to have to go renew that deal." So that allows us to understand the unit economics today, but what's most important is not just today's unit economics, because unit economics get way better on renewal because all the early costs are out. So we look at it from a longer-term perspective. I don't know what LTV-CAC means, but...

Fair. So you made an interesting comment on consolidation last week. And specifically, some of your peers, all the industry companies in security, that are at a smaller scale and are looking at the scale that you've accomplished and saying, "How do we get there?" Share with us a little bit about how you think of the future of the industry in terms of consolidation?

Look, there was a wave in the last 6 years that we walked in this industry. We said this industry, people need to think about it more coherently and more cohesively than individual swim lanes. Cybersecurity was swim lane industry 6 years ago. I do endpoint. I do firewalls. I do SOC. I do identity, and the customer stitches them together. We tried to break the paradigm signal. We do cybersecurity. We do 3 -- we do 4 out of the 5 now, right? And we don't do the fifth one yet, but we take the data integrated. So we changed the paradigm. We said we need to make this work together for the customers. We discovered we had technical debt. We didn't have products in those categories, so we had to go out and fill that technical debt with great companies. So we went out and said, we're going to buy some companies. We're only going to buy #1 or #2 in the market, #3 is #3 for a reason. We will take 1 or 2. We ended up buying about 19 companies in the time frame. I would say we have a 75% hit ratio. If a quarter didn't work as well as we thought, I think 3 quarters worked. We deployed very specific principles as to how to integrate, deploy and merge and work with them. We're at a point today where we're done with the easy purchases. So we can't buy companies and slap them in our go-to-market motion. So we've now gone back to building from scratch ourselves because it's easier to build on our platforms than to go integrate third-party companies. With that said, we discovered after the first year when people said, what's this crazy guy doing buying cybersecurity companies? Doesn't work like this. Now we have [indiscernible] tracker that every time you buy a company, 4 other companies in the same sector get bought by competitors. So that's good, which means that we're causing more M&A for VCs. They should be happy, right? I think that trend is also going to be done for now, because there's possibly 500 cybersecurity companies funded in the last 1 year, which are going to focus on AI. I don't think most of them are going to make it, because AI requires in-line security, and a lot of the existing vendors will deploy that capability themselves. I do think that we're coming to a place where $300 million to $700 million ARR cybersecurity businesses are going to be in the graveyard. They'll be struggling to figure out how to get past and break the sound barrier, to get ahead, because, I've said this before, customers want better security at a good price. And it's very hard. Customers have discovered that the number of breaches is going up, [ they'd expect ] a number of point solutions they deploy. So you will see that shift towards platformization. I think since we started talking about it, every other player in the industry has now said they also have a platform, which is good, which means you're in the right direction. So I think you'll see some consolidation. If you look around, there's a lot of $3 billion to $7 billion market cap cybersecurity companies for sale because they figured out it's very hard to break through the sound barrier. So we'll see.

Very good. Please join me in thanking Nikesh for his time. Nikesh, thank you.

Thank you, Gabriela. Thank you.