Palo Alto Networks at Bank of America Conference: Strategic Platformization Focus

On Tuesday, 03 June 2025, Palo Alto Networks (NASDAQ:PANW) presented its strategic initiatives at the Bank of America Global Technology Conference 2025. The company highlighted its focus on platformization within cybersecurity, detailing both achievements and challenges. CEO Nikesh Arora emphasized the integration of security solutions into unified platforms, while addressing the competitive landscape and future growth strategies.

Key Takeaways

• Palo Alto Networks is integrating security solutions into two main platforms: Network Security Platform and Cortex.
• The company is leveraging system integrators to support cloud and AI transformations.
• XSIAM is reducing threat detection and remediation times significantly.
• The spending environment is stabilizing as companies continue cloud and AI investments.
• Palo Alto aims to double its business in five years by capitalizing on emerging trends.

Platformization and Integration

Palo Alto Networks is advancing its strategy of platformization, which involves merging multiple applications into integrated platforms. This approach contrasts with traditional methods of using separate products that do not communicate seamlessly. The company has made significant progress in integrating acquisitions into the Cortex platform, although some entities like Expanse and Unit 42 remain independent. A key development is the renaming of Prisma Cloud to Cortex, underscoring the importance of unified data management for real-time security.

Spending Environment and AI Security

After an initial slowdown due to tariff concerns, the spending environment has normalized, with companies continuing their cloud and AI transformations. Palo Alto’s Prisma AIRS platform addresses security challenges in AI deployments, ensuring data integrity and model protection. The platform emphasizes the need for persistent red teaming to continuously test AI deployments for vulnerabilities.

XSIAM and Future Growth

Palo Alto’s XSIAM solution is designed to automate security processes by analyzing large volumes of data with machine learning. It has successfully reduced the median threat detection and remediation time from four days to under ten minutes, with a goal of reducing this to one minute for all customers. The company’s vision includes expanding XSIAM’s capabilities with real-time threat prevention using edge network sensors.

Competition and Growth Strategy

In a competitive cybersecurity landscape, Palo Alto Networks acknowledges the rise of AI security startups. However, the company plans to grow by capturing emerging trends and expanding customer relationships through platformization. The ongoing shift from hardware to software in network security is expected to benefit Palo Alto, which has also secured a strong position in the SASE and XDR markets.

For a detailed understanding of Palo Alto Networks’ strategic initiatives, refer to the full conference call transcript below.

Full transcript - Bank of America Global Technology Conference 2025:

Nikesh Arora: Good

Unidentified speaker: morning. What a great way to start our conference with Nikesh. I know he’s gonna kill me now, so. I know, why would I do that? From you, know after that it’s easy.

I’ll kill you. So I’m very happy to host Nikesh and I prepared, we have about thirty minutes, I prepared the list of questions and we’re gonna go, I wanted to start with something more recent rather than the regular kind of tell me what you do. And if you have any questions at the end, have the microphone as always like every year we have the microphone around. So thank you, first of all, good morning. To start with the word platformization and I want to understand what is platformization for you and how is it different than let’s say Microsoft using the word platform, like the word platform.

What does it mean for you and what does it mean for others?

Nikesh Arora: You should bring the guy before me back, Matt. He works for Microsoft, Maybe he can tell us their version of it. I tell you mine,

Unidentified speaker: you should ask him about his. I’ll ask you about other companies.

Nikesh Arora: So look, if you go back historically and think about any functional space, whether it’s CRM or you think about ITSM or workflow management, over time, what has happened is multiple applications converged into a set of applications that shared data and talked to each other. And I worked at Fidelity when I started my career. I used to be in IT and we had 26 apps, which had we had master tables and the secondary tables and everybody had their own tables. We all brought our own software and we try to get stuff to come together. Today, you you don’t buy four CRMs, you buy one Salesforce, there’s one system of record in the back.

You have a bunch of applications sitting on top because that’s what you need to run an efficient organization. I think if you look at cybersecurity, it’s the newest area of technology. It came about after connectivity from a software infrastructure perspective. So in that context, industry lacks this backbone system of record integrated converged going to a platform. So our view is instead of going and selling individual products, these products which need to work together after we put in a platform together, and we can talk about various examples, but we have two fundamental platforms, one which we call our network security platform, which effectively secures a perimeter, whether it’s sort of hardware firewalls, software firewalls, now AI firewalls, or SASE or browsers.

And the other one we call is our Cortex platform, which is effectively the data oriented cybersecurity platform, which allows you to use all of the data in the enterprise and be able to protect against bad actors. I don’t know what Microsoft’s platform means.

Unidentified speaker: But the question is, you made a lot of acquisitions in this space. Is it about is platformization at the end of the day today, is it about the way you convince customers to consume more than one platform? Is it about technology synergy between the products or is it more about pricing bundling and pricing mechanism?

Nikesh Arora: The former, not the latter. The latter is a consequence of it perhaps. So take the instance, like let’s take a company which started off with a data center. You buy a hardware firewall. You can buy it from Ken, who I just saw in the hallway.

You buy from us. You buy it from Cisco checkpoint. They decide you’re going to go to Google cloud. You can buy a software firewall. You can buy it from Google.

You can buy it from Palo Alto. You can buy it from everyone. Then you say, I want to do SASE. Can get Jay Chodi to give you SASE or give Shlomo to give you SASE from Kato or Sanjay from Letsko. They got SASE, you got hardware files, you got software files.

Say, I need browser. Let me go to Island. What happens is let’s assume that’s your enterprise. You know this as well as I do, Tal. Then you’d have a set of policies you’ll have to set up for the browser with Island.

You’ll have a

Unidentified speaker: set of policies you’ll have to

Nikesh Arora: set up with Fortinet. You’ll a set

Unidentified speaker: of policies you’ll to set

Nikesh Arora: up with Zscaler. You’ll have set

Unidentified speaker: of policies that you have to

Nikesh Arora: set up with Google Cloud. Imagine if we set the policy once and have it perpetrate all four use cases. A platform will allow you to do that. A set of point products you’ll have been buying from four different companies. Now you have one policy pane, you have less errors.

Not just that, when you put one policy plane together, your data is talking to each other, which means if you ever want to use this wonderful thing I’ve learned recently called AI, it needs some consistency in the underlying data. You have to have that data to be consistent across all those four capabilities. So to me, platformization is a convergence of those point products into a single set of solutions over time.

Unidentified speaker: Yeah. Where are you on the integration of all the acquisitions into this kind of journey?

Nikesh Arora: So there is a fallacy that we bought 20 companies, we must be a raggedy muffin collection of products, which is kind of not true because our hardware firewalls, software firewalls, SASE is pretty much devoid of most acquisitions. That entire network security platform has about three acquisitions in there, which we have integrated over the last many years. A lot of our acquisitions concentrated on the cloud side, which we have just rewritten, which we talked about in the last earnings call. We used to have a bunch of raggedy products that connected together. We have rewritten the entire Prisma Cloud backend on Cortex in our data platform, which is about nine acquisitions being collected.

So nine there, three here. Expanse is different, Unit forty two is different. So a bunch of stuff are still standalone, which work independently of these platforms. So we’re pretty close to being connected. The only one we haven’t fully, we’re like 85% there on the browser and we are zero on protect.ai, which we haven’t closed yet.

Unidentified speaker: And you changed the name. I mean, there is a strategy behind it, but you changed the name from Prisma Cloud to Cortex, right? Philosophically, why was it important to take Cortex, which was more towards the endpoint and take cloud security, which was more towards the cloud and put them together?

Nikesh Arora: What we’ve discovered is either your perimeter products in the network security space or your products that leverage a lot of data to solve the security problem. I’ll give you an example. Take email security, right? Email security has traditionally been something that in line and it checks your email, looks at your email, says, am I being sent to the wrong internet address or the wrong URL? It stops you.

But if you go past it, if you click on that URL, your email security product is done. You’re gone. You have no visibility as to where you clicked, where you went to, whether it’s stolen credentials or it allowed you connect to your next AWS server. Now, funnily enough, we collect all that data in our SIM in Cortex. We can actually look at after you went through the email security, you sort of missed the bad URL, you clicked on it.

We know you hit the firewall. We know from the firewall, you went somewhere else. We know from there where you went because we have all the data. So we just launched a new email security product, which does all the hard problems that email security products don’t solve. So you realize once you collect all this enterprise data, you’re going do a lot more security, which over time lends itself to real time because they have all the data in the same place.

So in that context, you know, it was important that all the cloud data be residing in the same place as the enterprise data was. So we had to rewrite the whole thing and it’s very exciting. It’s exciting because I think allows us to converge our real time security capabilities, not just for the enterprise, but also for the cloud.

Unidentified speaker: Did you have to change your go to market or how did you have to evolve your go to market when you started implementing platformization? Is it the same buyer, for example, for various?

Nikesh Arora: Yeah, yeah. Look, I have many examples where when a customer is a Palo Alto hardware firewall customer or Palo Alto software firewall customer that they see the natural gravitational pull to buy SASE from us or vice versa. They land as SASE, third of our net new customers, network security or SASE customers over time, we get them to evolve into hardware and software. So we are seeing the benefits of a land with a certain part of the platform and expand to the rest of the platform. And I think it’s hard work and grindy right now, but to me, it’s abundantly obvious that in five years from now, when you are sitting here or somebody else is sitting here, you’ll look back and say, that made a

Unidentified speaker: lot of sense. Five years, I’m still going to be here. Okay. No worries. It’s a long time.

Got it. But I asked you, is it by the way, the same buyer, for example, for Cortex and for network security or are you going Depends.

Nikesh Arora: Eventually the CEO is the buyer, the CIO is the buyer, the CTO is the buyer, the CISO is the buyer. So yes, as deals get larger, give you an example. Last quarter, announced a $90,000,000 deal, which we did across both platforms. The CIO was involved. There’s no way you’re doing a $90,000,000 deal with the company if the CIO is paying attention.

And even the CEO knows that the deal

Unidentified speaker: is getting done. So as deal sizes increase, everybody knows in the organization where it’s happening. Got it. You also started to cooperate more with system integrators. What’s behind it?

Nikesh Arora: Well, if you look at what’s going on right now, many companies funnily enough, are accelerating their cloud migration because they’ve discovered if you’re not in the cloud, it’s harder to deploy OpenAI or Gemini or WAMMA, whatever have you. So they’re all busy trying to chase the cloud transformation. The cloud transformation, the AI transformation, the network transformation, a lot of these are complex transformations, which are now being front or led by system integrators. You hire an Accenture, Deloitte, a Pricewaterhouse, a British Telecom. All these people are actually sitting with the CIOs, planning how to take them from point where they are today to where they need to be in the future.

So it’s very important that the systems integrators understand our strategy, understand the capabilities, understand how much we can offload from what they have to do if they actually use a consistent set of products. So as you would expect, we’ve partnered with all of them and are working hard to make sure that they understand our portfolio so they can help us implement it. Got it.

Unidentified speaker: Does it have any margin implications for you, by the way, or no? It’s all the labor work is offloaded basically to system integrators? Look, for

Nikesh Arora: the most part, we are a product company primarily. We have a small services business like many of our peers in the industry, because that allows us to make sure we’re doing it right. We’re learning from it. So the small services business will maintain the services business. The idea is to make sure these third party partners, the system integrators or MSSPs or telecom companies, they do a good job implementing with us.

So they get the service business, they get the consulting business, we get the product business. Got

Unidentified speaker: it. Okay. I want to talk to you about one question that we ask all the companies that are here about the current spending environment. You made some comments that April was tougher and then things went back to normal. REPRESENTATIVE:]

Nikesh Arora: depends what normal is. That’s exactly Every week the normal changes. We’re to put tariffs in Europe, we’re not going to put tariffs in Europe, we’re return in China.

Unidentified speaker: Where are we in terms of spending environment?

Nikesh Arora: You know, when you see something out of the normal happen, every sort of deer in the headlights, holy shit, what do I do now? So when the original tariff conversation came out, we all went deer in the headlights. Holy shit. What happens now? And the stock market moved and everything moved.

Now it’s like every morning you go, shit. There’s another piece of news about tariffs. The market keeps doing its thing. And don’t don’t underestimate how many CEOs, how many CFOs get knee jerked by the market. You see the market go down 10%, you see that, oh my God, this must be true.

If the tariffs come, the market’s down 10%, I’m going to have to pay $20 for my thing I was going to pay $5 at Walmart for. So everybody goes into this mode of holy shit, what’s going to happen? And honestly, at that point in time, I was with a bunch of retail CEOs the week after the tariffs. And I said, oh, we got a big deal with you guys. He’s like, well, actually we’re trying to figure out how many Christmas trees to order because the price of Christmas trees is determined this week and then amount of Christmas trees are going to ship, we have to order now four months in advance.

They’re more busy figuring out what the price of Christmas trees are going to be in October and November than buying Palo Alto cybersecurity. So obviously, the bogey changed in people’s heads. All of that stuff is kind of normalized, so people are sort of business as usual. Now, I don’t know how all the tariff stuff is going to manifest itself in the second half of this year in terms of the macroeconomic conditions. But the initial shock is out of the system.

And people still need to go do their AI thing. They still need to go do their transformation thing, So

Unidentified speaker: that takes me to AI. You announced Prisma AIR’s AI security platform. Elaborate on I’ll ask you like I ask startups, what is the problem you’re trying to solve? Meaning what is the solution? What’s the position for it in the market and why?

Nikesh Arora: Right. So as all of us have seen this beautiful AI expression, whether it’s a chat GPT expression or a VO3 expression, make a video, we all understand the answers in a consumer context. When it gets to a professional context, our desire for accuracy is higher. You can go to deep research from Gemini or Google and go ask it to produce a research report in Palo Alto, but it’ll pale in comparison to Taliani’s report in Palo Alto, which I have a few suggestions for that we’ll talk about later, but that understanding. So one point is our desire for accuracy is way higher in the enterprise world than that you’re seeing on the consumer side from an AI perspective.

So every enterprise company is busy trying to understand how to deploy AI. The first thing you have to do is to deploy AI is either you use a package software from the outside, there are legal lawyers using harvey.ai, or you could be using chat GPD, or you build your own. Now, if you think about it, I think AI will end up in the same proportion as we use SaaS software versus self developed software in companies in terms of how much we use our own, how much we take from the shelf. If you believe that, you have to make sure that whatever SaaS software you’re using, it’s going to be called AI AAS, AI as a Service, whatever AI as a Service software use is equally secure in enterprise. We’re not sending our corporate documents into it.

We’re not getting data stolen. We’re not getting we don’t have a large drug discovery AI software being trained by every company’s proprietary data. You don’t want that. So there’s a lot of requirements in enterprises to deploy AI in such a way that data doesn’t escape because that’s kind of the intellectual property. There are lot of requirements that you can’t hijack my AI.

So I’ll tell you this. The most fundamental difference between AI behavior and SaaS behavior. SaaS software delivers a predictable outcome. You ask a question to a SaaS app, it does the same thing at 7AM in the morning, at 9PM in the night. Today, tomorrow, it does the same thing every day.

You have Salesforce, Workday, ServiceNow, you pick your SaaS application, do the same thing. AI is fundamentally different because you’re constantly training. So you expect as your LLM gets trained, your application gets trained. It’s going give you a better answer, which means it is no longer a predictable answer. Now, it’s very hard to understand the difference between a better answer and a not a better answer.

But we know that if the output constantly changes, you have to test it for security on a constant basis. What do say, hey, what’s the formula for X? And it says, click on this link. The link is a malware link. You have no idea whether that link is accurate or not.

Yesterday, it wasn’t doing it. Today, it’s doing it. So in the AI security world, you have to constantly bash your AI deployment to check that it’s not creating security risk. So there’s something called persistent red teaming. You have to persistently bash against your application to make sure they’re not hacked by somebody else.

That’s the capability we bought with ProtectAllAI and that’s kind of one of the underpinnings of what we’re doing with Prisma Airs, which is AI runtime security. So when you deploy AI, you can deploy it safely by putting a security envelope around it.

Unidentified speaker: Are we there in terms I understand the need, I understand why you’re doing it and what you’re doing, but are we there in terms of willingness of enterprises to look at it, to invest in it, to buy

Nikesh Arora: I was reading this wonderful deck from Mary Baker, who used to be at Morgan Stanley. We’ve got this 300 page deck on AI. And I saw some of the AI stalwarts on the weekend and I found out that the use of Gemini tokens of 50x for the last one year. So somebody’s using it. It’s probably being used in apps like coding assistance for now or it’s being used in it’s going to get used in a bunch of creative use cases, you’re beginning to see the usage.

Now if a coding assistant becomes popular, every enterprise deploys coding assistant against it needs to be deployed securely. You can’t just have any coding assistance at the right point. At Palo Alto, you have to go to 17 hoops before you can deploy a coding agent to help you because we’re scared. We don’t security software. If our software gets exposed to the public world, they figure out how it works or where the flaws are, they can use it to reverse engineer us.

So there’s a lot of security requirements as you start using the LM. So I don’t know in the short terms, don’t know they’re not, but I know that the current state of AI is the worst it’s ever going to be. It’s only going to get better. And I remember my first brick phone. It used to be in my car.

I had to put a charger into it and it cost $2.99 a minute. And you told me that was the state of technology and we weren’t there. But today, you can’t leave home without those things, right? So if you imagine five years out, what is going to be the state of AI? It’s going be a very different world.

In that scenario, who is going to be there? So we have to be constantly paranoid in our business that we’ve got to protect for something we don’t understand fully

Unidentified speaker: feature on your other solutions or is it the product standalone? Meaning will we be able to measure it in the future or is it going to be just integrated into other solutions?

Nikesh Arora: No, it will be measurable by itself. But like you said, there’s a lot of people evaluating AI, but if you can ask all your companies to come here and say, how much AI are you using internally? The answer is going to be, we’re still experimenting or we have one project, we have five projects. We’re using 37 models at Palo Alto. Thirty Seven, right?

Half of our experimentation. But that’s again a stark departure from the notion that enterprise is going to use one. We’re not just using OpenAI. We’re not using Gemini. We’re using 37 different models.

When use 37 models to make sure they’re all secure. Suddenly your security attack surface has increased. If I was using one, Google can help me protect Gemini or Sam Altman can help me protect OpenAI. But if I’m using 37, it’s my job to make sure I’m protecting these all 37 models being hijacked. So we made this bet seven years ago that we didn’t think most customers are going to be in a single cloud, which has turned out to be true.

If you look at any company, they’re on two or three clouds. So I think the same thing. You’re going be using so many different models that you have to find a way to protect against them.

Unidentified speaker: As you speak, I ask myself, take for example the bank I work for publicly, they said that they have 300 secondurity solutions. Guys have too many. Right, but you’re talking about a platform that has a pricing advantage as a technology advantage. What needs to happen and maybe it’s already happening. What needs to happen for enterprises to abandon this issue of best of breed and optimize each domain separately and migrate more to a platform approach because anything we’re going to touch on XIM, Cortex and AI, there are benefits of having a platform.

Forget the price. There are technical benefits of having a single platform. So what needs to happen in the market for the market to migrate from the historical deployment of point solutions to a single vendor that is going to provide you I’m taking it to extreme. It’s only going to be this way.

Nikesh Arora: Look, it’s happening. The problem is we’re sitting on a trillion dollars of security plant, just unamortized. People bought this over the last ten years. It’s a trillion dollars of security spend in the last ten years, which is in production being used right now, which is a large mesh of all these things you talked about. Getting that sorted out, understanding the renewal cycles of those, understanding the replacement cycles of those.

Look, the the easiest thing to do is to do nothing, right? It’s working. Why mess with it? I don’t understand the tangible benefits security. Of course, the day you get breached or hacked, you understand the tangible benefits of not or the tangible downside of not having the security.

And that’s kind of becomes the holy grail for all of us. We all rush to that plane and say, can I help you transform the whole thing? That works. But normally, I walk to CIO and said, do you want to replace this entire backbone? You’re going say, dude, I got to go to AI.

I’m busy. I got to cloud. I’m busy. So the natural inertia of technology organizations is to not fix what’s broken until you get to an inflection point where it’s so bad that you look silly by not changing it. Look at and you know this, like, look at the endpoint industry, right?

For a long time, you didn’t have to replace semantic and McAfee. It was great. Eventually you said, holy shit, you can’t be using Symantec and Macrophies. You got to get off that, whether it’s Broadcom buying Symantec or whether it’s Macrophies going through three private equity cycles. Eventually everybody moved from there to CrowdStrike or Microsoft or Carbon Black, or you have your favorite pick your favorite XDR vendor.

So the industry inflects and transitions. At that transition point, you have to figure out how to find a platform solution that provides the incentive to migrate. So take Xi’an for us. SIM was not inflecting five years ago. We started building five years ago.

Today SIM is inflecting. Every company either has a SIM replacement or migration plan project started or about to start in the next twelve to twenty four months. We should use that opportunity to inflect and replace like today on the average, you need to play XIM. We replace four to seven vendors. It’s a good start.

Unidentified speaker: Last question on airs or maybe one and a half questions. So there is security of AI, there is AI being used for security. What problem are you solving with this solution? Both or one of them?

Nikesh Arora: No. AIRS is fundamentally to help organizations deploy AI securely. If you want to deploy your own AI in your own company, use Prisma Airs and it puts a wrapper around it and protects you so your data doesn’t get stolen, your models don’t get hijacked, people don’t inject prompts. There’s all kinds of fun examples. Example like all of you are in San Francisco, some of you might try Waymo outside.

That’s an AI model telling the car when to turn, when to stop, when to brake, where to drop you off. If somebody was able to crack the security of that car, how do you feel about that? If you take that analogy and apply that to every agent you want to run your enterprise and protect every agent from being hijacked or being taken over by bad actors, that’s what needs to be protected. That’s what Prisma Airs will do. Using AI for security is a different problem.

For that, you need a lot of good data. Our biggest challenge in the security industry is we have a lot of data but not a lot of good data. And that is why I said to you the SIEM industry is inflecting because that’s where the data was supposed to be. But the old models were charged so much money to ingest data that there was a natural disincentive to collect a lot of data. So if you look at the traditional companies, won’t take names, but who were in the SIM business, the number one gripe CIO has had, oh, it costs too much money and it’s a lot of data and I have to pay a lot to ingest the data.

So they create a natural disincentive. So he flipped that in his head. Today, collect anywhere from 70 to 100 terabytes per customer of data at the right price for the same price they were ingesting half of that earlier that allows us to deliver better security outcome. Yeah.

Unidentified speaker: So you launched XIM a few years ago, grew tremendously. Thirty months ago. Thirty months ago, grew tremendously. What’s your differentiation? There are when we talk to vendors, everyone tells us they have a SIM solution, some kind of a SIM solution.

What’s your differentiation in the space? The intelligent people

Nikesh Arora: understand, will understand the differentiation. Look, fundamentally, SIEMs have been large data stores. We collect a lot of enterprise data and then run solutions on top like UEBA and a bunch of workflow management to figure out how to figure out the most important security issues they have today and solve them. The problem is like playing whack a mole. Every morning you wake up, there’s a new set of issues.

You got to play whack a mole, it goes away. Our whole principle was ingest all this data, analyze it using machine learning and use humans as a training element. We said that five years ago. Now it’s becoming more real with AI, the way it’s being deployed. Our intent is to eliminate everything in your security infrastructure, any issues using some version of automation or technology or machine learning.

I’ll stay away from the word AI, but effectively what is traditional AI or precision AI, we like to call it. So that’s the point of view we had. That’s how we did it. And the proof of the pudding is, and it’s eating, we have taken, we’ve deployed at about 150 customers so far out of 200 plus that we’ve sold. The average or medium time to detect and remediate has gone on average from four days to under ten minutes across every one of the deployed customers.

And everyone is a case study, right? So that’s what we go with as our credentials say, you take three to four years, four days to find out what has hit infrastructure. That’s too long. Today, the fastest ransomware attack was simulated by us at twenty seven minutes. So twenty seven minutes from start to finish, we can get into a company and take their data and leave and hold them to ransom.

If your time to detect and fix it is four days, and the time for me to get it and get it out is twenty seven minutes. We have a problem. You’ve to go below twenty seven minutes. We’re at ten. At Palo Alto we’re at one.

We want to take all of our customers to one. Eventually it needs to get to as close to real time as possible.

Unidentified speaker: And you spoke about the expansion of XIM to email. What are the areas XIM can grow to? What can you just think about kind of your strategy for the next few years. Where would it go?

Nikesh Arora: Look, the long term, as latency continues to improve, as cost of storage continues to decline, as bandwidth continues to become more and more abundant, you have sensors which are effectively at the edge of your network or Azure solutions. Those sensors collect data. They have some technology or models at the edge, which say, I know this is bad. Stop it. Most security attacks happen when something is bad.

You don’t know it’s bad. If it’s bad, you know it. You stop it. So this is a prevention at the edge problem. This is a, I didn’t quite understand this was bad, hence it got through.

So when it gets through, it becomes a data problem. So our view is that eventually there’ll be sensors and large streams of data running into a large analytical backbone where it’s going to be analyzed on the fly and the analysis of the fly will tell you, ah, it looked good. It was bad. I figured that out in a second. Let me go back and block any activity post that.

That’s the Holy Grail, right? That’s where you want to get to. You want to be able to real time stop bad things from happening and analyze them. Otherwise, you keep fortifying the doors with more and more things to do. Like we take off our shoes at the airports, right?

Every time something happens in the security industry, we have one more thing to do. No liquids, take off your shoes. All these new rules are written because that was bad. We didn’t know it was bad then. Now we know it’s bad, so we protect for it.

But somebody causes new attack factor, which is no longer known. So you got to take off your socks as well now. Don’t know.

Unidentified speaker: Try to use non security analogies, still learning security. We have two minutes left. I want ask you one more question before I pass on the mic. Curator, you acquired the IBM’s Curator SaaS assets. Can you give us just an update on the experience after the acquisition?

Nikesh Arora: I guess it was great because it allowed us to partner with Microsoft and go to many of their customers and take them as this journey of migrating their SIM and SOC. It added a tremendous sort of boost to our abilities in the SIM space, because if IBM decides that they should partner Palo Alto and effectively allow us to manage their product for them, we’ve seen a lot of the, many of their large customers convert to Palo Alto. We’re still in the midst of converting a lot of them as well. You could see that the migration had already begun on the customer end. They were already thinking or planning to move off the platform.

So we showed up at the right time. Think it’s still go to go down as one of our best deals that we’ve done from a, which is non traditional. We didn’t buy product. We actually bought, I’d say go to market in a way. And so far so good.

Great.

Unidentified speaker: Is there any question from the audience? We have, yes, one here and one here. Here we go.

Nikesh Arora: We’re going go like one

Unidentified speaker: or two minutes into the

Unidentified speaker, Audience Member: Okay, I’ll be quick. So with all of the capability that the platform is now powering, right, can startup AI security companies really gain much traction when you’ve penetrated increasingly the data stack as well as the network side? Is there room for those players in the existing market?

Nikesh Arora: Look, that’s a good question. Like, I can’t say no, because if you look at the history of cybersecurity, it’s always been two or three companies come from the side and become big, whether it’s CrowdStrike or Zscaler or now Wizz. So you’ll see always somebody chasing that. But I will say the environment today then is very different from seven years ago. Seven years ago when I started the job, we all used to sort of stay in our swim lane and live and let live was a philosophy.

Today, I’d say somebody said the top five cybersecurity players in the market, they’re all paranoid. We’re all looking to see what else can I acquire? What else can I expand? I think somebody has bought a SIM solution to enhance their capabilities. Somebody bought CNAP capabilities to enhance their firewall business.

So what’s happening is everybody is starting to cross over into territories, which traditionally they’d left alone for somebody else. And you’re seeing they are getting some degree of penetration. So you’re seeing two, four or 10% market share in many of these categories by incumbents, which was never seen in the past. In the past, a whole new category. You take the XDR category, McAfee and Symantec were kind of doing their thing.

You saw Cylance, Carbon Black, Cyber Reason, CrowdStrike. There’s a whole bunch of them that showed up and all of us just watching. Nobody did anything, right? Suddenly now, that’s not possible anymore. You say CNAP, every security member says, I got it.

Commoditization. What it does is it says, everybody says, I have the capability. Then you have to go discern which one has them. So I think it’s more competitive from that perspective. Having said that

Unidentified speaker, Audience Member: A scale is going to matter.

Nikesh Arora: Yeah, scale is going to matter, but incumbents have to be careful. There’s always somebody smarter, faster than you. So our job is to identify them and hopefully they partner or sell to us. If Protect dot AI hadn’t sold to me, I’d have to build that capability myself. I’d six months behind them.

So the key is can you get momentum? Can you move fast enough? And can they see the value of being part of your platform as opposed to going something and doing it? And platforms take time to consolidate. If we get cloud security, there’s Wild West about five years ago, there was DivvyCloud, Laceworks, Dome9, all these things are gone.

Now you’ve got Wiz, you’ve got Palo Alto, you’ve got Libra CrowdStrike on the cloud side. So suddenly it’s beginning to consolidate into existing platforms as the industry matures from the solution set. Today in AI, we don’t know what the solution set’s going to look like. We’re still evolving it. Said, oh, you should be reading the red teaming was important.

Now we think it is important. We think model scanning was important. Now we think it’s important. Now there’s a whole bunch of agentic AI security that needs to be built, which just doesn’t exist. So can a startup show up tomorrow inside of agentic AI security?

Sure.

Unidentified speaker, Audience Member: Thank you.

Nikesh Arora: Question I have was, you know, it’s a lot of migration. Me? Yes. Yeah, let me, since everybody may not have heard the question, he’s asking the question is, just tell me what’s growing really fast and what’s not growing so fast, right? Is what you said?

Okay, got it. Yes. It’s easier to put that in your model. I’ll give you the financial answer. The financial answer is we have a portfolio and in some quarters, some things are a lot better than the others, but they sort of normalize over time.

The way I see it is if I do this for the next five years, so we can keep compounding our business in the mid to low double digit percentage points and this business doubles in five years, right? If this business doubles in five years, decide what multiples you want to put on it. But with the combination of the portfolio we have, we’re seeing all the right trends. We’re in the hardware to software migration and network security better than anybody else in the industry. Seven years ago, we have a SASE business.

Now our SASE market share, we’re probably number two in SASE after Zscaler in the world. Nobody expected us to be in that space. We didn’t have an XDR business. And we’re one of top four in XDR and we’ll see what happens to one of the three players. It’s Microsoft CrowdStrike, us, SettleOne.

So I think we’re slowly making inroads into categories which are important for the future. In SIM, we didn’t play until thirty months ago. Today, we’re one of the three people that people consider moving into from their existing SIMs. So we are catching the right trends. We’ll see how the AI trends shows up.

The whole idea of catching the right trends to make sure that the portfolio grows at a certain percentage and over time allows us to platformize. And the more we show up as a solution, the customer says, I already have Palo Alto. Why do we need to go buy something else to attach to this? So our view is land the platforms, grow the platforms. I’ll give you an example.

There was a customer when I joined Palo Alto whose total spend was $3,000,000 a year on a product that was, I’m pretty sure they’re ripped out had you not refactored the product two years in. That customer went from 15 over five years to 20 threethree to 70 over three. There was an upgrade mid cycle. They’re probably going to be 140, right? That’s platformization.

You go from $3,000,000 a year to going to $30,000,000 a year. That’s the 10x over time when you keep working with the same customer and keep helping consolidate. If I can do that for a few thousand companies in the world, we can get a real business going.

Unidentified speaker: Thank you. Have to thank you so much.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.