Palo Alto Networks at Morgan Stanley Conference: Cybersecurity’s Future Vision

On Wednesday, 05 March 2025, Palo Alto Networks (NASDAQ: PANW) participated in the Morgan Stanley Technology, Media & Telecom Conference. CEO Nikesh Arora highlighted the company’s strategic direction, focusing on robust cybersecurity demand and AI’s transformative potential. While Palo Alto Networks celebrates its 20th anniversary, it faces challenges such as market competition and the need for continuous innovation.

Key Takeaways

• Palo Alto Networks is experiencing significant growth in platform deals, aiming to double or triple its annual recurring revenue.
• The company is leveraging AI and machine learning to enhance its security operations and improve operating margins.
• A focus on SASE and cloud security positions Palo Alto Networks to capitalize on untapped market potential.
• The acquisition of Talon enhances the company’s secure enterprise browser capabilities, crucial for AI application security.
• Palo Alto Networks’ M&A strategy prioritizes innovative technology integration to drive future growth.

Financial Results

• Margins have improved significantly since Nikesh Arora joined, now in the high 20s.
• The company anticipates a 50 to 100 basis point improvement in EBIT margins annually, driven by AI and scale benefits.
• A long-term AI strategy could result in a 400 to 500 basis point increase in operating margins.
• Palo Alto Networks targets a 15% growth rate for the business.

Operational Updates

• Platform deals increased from 75 to 1,050, with a goal of reaching 3,000 to 3,500 to boost ARR.
• The IBM partnership is deemed highly successful, providing access to a substantial SIEM customer base.
• Only 15% to 20% of companies have adopted SASE capabilities, leaving significant growth potential.
• Talon accounted for 30% of the SaaS business last quarter, highlighting its strategic importance.
• The traffic inspection market is expected to double every three years, with Palo Alto Networks growing this business by 20% each quarter.

Future Outlook

• AI is expected to drive further SASE adoption and transform the SIEM/SOC market in the next five to ten years.
• Browser security is anticipated to become increasingly critical as browsers evolve into the operating systems of the future.
• Palo Alto Networks is well-positioned to leverage AI-driven efficiencies for improved margins and growth.

Q&A Highlights

• Customers value the reduced total cost of ownership and enhanced security outcomes from platformization.
• The Cortex XSIAM platform aims to disrupt the $40 billion SIEM/SOC market with rapid threat detection capabilities.
• Palo Alto Networks stands out in the SASE market by offering hardware, software, and SASE on a single platform.
• The secure enterprise browser enables safe access for contractors and protects against data exfiltration in AI applications.
• The M&A strategy focuses on acquiring and integrating innovative technologies to enhance the company’s platform.

For a deeper understanding, readers are encouraged to refer to the full transcript provided below.

Full transcript - Morgan Stanley Technology, Media & Telecom Conference:

Keith Weiss, Equity Research Analyst, Morgan Stanley: Excellent. Thank you, everyone, for joining us. My name is Keith Weiss. I run the U. S.

Equity Research franchise here at Morgan Stanley and very pleased to have with us from Palo Alto Networks, Nikesh Arora, CEO. Nikesh, thank you for joining us. My pleasure. Thank you for having me. So before we get started for important disclosures, please see the Morgan Stanley Research Disclosure website at www.morganstanley.com/researchdisclosures.

Nikesh Arora, CEO, Palo Alto Networks: All right.

Keith Weiss, Equity Research Analyst, Morgan Stanley: So with that out of the way, happy birthday to Palo Alto Networks, twenty anniversary.

Nikesh Arora, CEO, Palo Alto Networks: Thank you.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Yes, twenty years. Most cybersecurity companies don’t survive twenty years. No, no, definitely. And Palo Alto is definitely It’s

Nikesh Arora, CEO, Palo Alto Networks: also Workday’s twentieth anniversary. Did you know that?

Keith Weiss, Equity Research Analyst, Morgan Stanley: I did not know that.

Nikesh Arora, CEO, Palo Alto Networks: Carl sent me a notice. I sent him a note saying we turned 20, so so do we. Like, will you let me have a moment of glory?

Keith Weiss, Equity Research Analyst, Morgan Stanley: I should know that because we worked on both IPOs. Anyway, so thank you so much for joining us. Palo Alto has obviously changed a lot over the past twenty years. The cyber market has changed a lot over the past twenty years. Maybe narrow the focus in a little bit.

I thought maybe we could start out with just like a state of the union. What’s going on right now in terms of the demand environment, the threat environment? And how sort of Palo is adjusting to that environment?

Nikesh Arora, CEO, Palo Alto Networks: I mean, look, the last few years, we’ve had a reasonably steady demand environment in cybersecurity and cybersecurity demand is driven by the technology market. The more excitement there is to deploy more technology, you see more automation, more consumer deployment, you’re going to see the need for security twofold. One, every new technology needs to be secured. And two, there’s still a large amount of technological debt that has not been paid in terms of upgrading of infrastructure that has a sort of course, which will take its course in the next five to ten years. Now, I’d say the last few months and perhaps year or so, we’ve had a new technological wave that is ahead of us called AI, right?

Can’t have a meeting or discussion without the conversation around AI. And from that perspective, while AI is taking its time getting deployed in enterprise, I think everybody is mostly in experimentation phase. There’s experimentation phase in the consumer side with the Geminis, Grox, OpenAI’s, Deepsea of the world. There’s enterprise use cases we’re all experimenting with. But what is also fascinating is you’re seeing the bad actors have figured out that they can also have AI assisted cyber hacking capability, which is going to accelerate the pace.

So every time the pace of cyber threats accelerates, the focus on cybersecurity continues to be there. So I think we’re going to see a reasonably robust cybersecurity demand market for the next few years as we go to this next technological cycle. Got it. I’ve always been on

Keith Weiss, Equity Research Analyst, Morgan Stanley: the mind. It’s similarly that security demand drives from expanding surface area and AI is going to expand that surface area, especially when we start to talk about agen to computing on a go forward basis. Rising threat environment and regulatory, right, if there are regulatory reviews. The one that I wanted to get your opinion on is the rising threat environment, because it’s been so persistent over the past ten years, fifteen years. Does that still work to drive demand?

Or is it just keep the demand at a consistent level?

Nikesh Arora, CEO, Palo Alto Networks: Well, look, there are new threats, right? I was having this conversation earlier in the investor group and there’s a discussion, they started banding the word agent around agentic AI in the future. Now I said the biggest example of what an agent can do is drive your car. Waymo is agentic AI, right? You’ve got an agent autonomous control driving your car.

Well, the next attack vector is I can hijack your agent. And That allows me to do all kinds of bad things that I want. So the question is, what is the security solution for agents that are going to get hijacked or agents that are going to get tampered with? So there’s a whole new threat vector that has now risen with the arrival of AI or potentially agentic AI. So I think the cyber threat environment continues to increase and you said it right, as the attack surface increases as the more scenarios opportunities we create for individuals to interact with technology or to technology to interact with technology itself.

So from that perspective, I think it’s going to be sort of, as I said, a robust demand for the next few years. Got it.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Pulling on the threat of AI and generative AI, there’s both the sort of demand side of the equation of AI expands the surface area, AI is in the hands of the threat actors. The phishing attacks that I’m getting are a lot more sophisticated. It’s harder to tell them apart. It also gives you guys more tools, right? It enables you guys to you’ve talked a lot about the lack of security analysts and sort of that being a critical need within security and something Palo can help pursue.

AI seems like a good new tool in your arsenal to be able to help solve one of those core needs in the marketplace? Yes.

Nikesh Arora, CEO, Palo Alto Networks: That’s a good point. Look, security is complicated. Many of our security products are complicated by definition, which means not only do we need great security for us, but we also need amazing practitioners and users on the customer side to be able to deploy our product and leverage them to their maximum. If you can imagine that AI can assist our customers in deploying our products, perhaps take over the task of automation or recommendation or remediation using some sort of agentic AI on the positive side, it’d be a lot easier to deploy our products. So from that perspective, we feel we’re in a better position than many because we have critical mass at scale as a cybersecurity company.

It’s a lot easier for a $120,000,000,000 cybersecurity company to go invest hundreds of million dollars in developing that future than for a startup, which has to go make their core product work to go deploy AI within their core product. So we feel we’re in a good place, but there’s a lot of work to be done. I think generally speaking, across any industry for any sophisticated application, we don’t have the right data. Most companies don’t have the right data because you haven’t collected the right data, you don’t have AB testing, you don’t know what good looks like. So we’re going to spend the next two, three years as industries across the board saying, here’s the right data, here’s what a good outcome means, here’s what a not so good outcome means and how we train AI to understand how to

Keith Weiss, Equity Research Analyst, Morgan Stanley: generate good outcomes. It’s an interesting sort of point you bring up about data. When I think about your tenure thus far at Palo Alto Networks, and I think it matches with what’s been going on in the industry is increasing focus on the data, right? Making Palo Alto less about we’re just blocking different threat factors, but we are sort of accumulating data about your threat environment, accumulating data about your positioning for that and making use of that data to help protect you on a go forward basis. And as part of the like platformization kind of strategy that you haven’t talked about and as part of what’s driving people to consolidate more of their solution, Is AI another kind of impetus towards that consolidation in that because AI is going to accelerate sort of the value of that data, it just it increases the value proposition of what you’re presenting in terms of a consolidated platform with that platformization.

Nikesh Arora, CEO, Palo Alto Networks: So look, if you look step back and look at first principle of security, typically security has been a scenario where you build a sensor, you put it at the edge and say it acts like security. It only lets good things get inside. It blocks bad things at the door. It’s like how security has traditionally worked, outside this store, outside the hotel door, right? That’s how security goes from perimeter perspective.

We’ve talked about SASE parameters and perimeter security is the thing. The problem is irrespective of how good your perimeter security is, things sneak in. That’s how hacks happen. People’s identities get taken over, People get into your databases, exfiltrate them. So the question isn’t well, question is how good is your perimeter security?

But the question is, if somebody gets in, what do you do? How do you figure them out? How quickly can you find them? And how quickly can you shut it down so they can’t see your data? The only way we think that’s going to be possible is if you look at all the data flowing through the enterprise, find anomalous behavior, have high signal to noise ratio in terms of good signal and shut it down.

Now if you believe that from an engineering perspective, the only way to get it done is you have access to all the data, you have low latency machine learning models running on a constant basis looking for anomalous behavior shutting down. If you want that future, you have to have all the data accumulated in one place. That’s why we’ve always maintained that the future of real time security is going to be an analytics based, machine learning based, AI based sort of system, which requires you to consolidate all data, make sense of it in one place, which has not traditionally been the model of security. The model of security was collect

Keith Weiss, Equity Research Analyst, Morgan Stanley: all the data and we’ll go look at it if we have a problem. It’s no longer that. You have to look at it while it’s happening if you want to get real time outcomes. And I go one step further. The model was get a best solution for every different data type, if you will, or every different threat vector and try to tie together all the solutions, which created risk in and of itself because the bad guys could sort of weave between your different solutions.

You guys present a concept last year of platformization of kind of bringing together more of the solution onto one platform, bringing together more of the data.

Nikesh Arora, CEO, Palo Alto Networks: How is that

Keith Weiss, Equity Research Analyst, Morgan Stanley: what’s the traction feedback you’re getting from customers about platformization?

Nikesh Arora, CEO, Palo Alto Networks: Look, we maintained, I’ve said this before, if you go back, I started working technology thirty plus years ago and we had 27 applications at a large investment firm, which made up the sum total of our CRM activity. That was thirty years ago. Today, at best, you have one system, maybe two that encompass the entire expanse of what you do from a CRM because we figured out that this stuff needs to talk to each other and work together. It does makes no sense to sit in 27 different systems. Today, security has that attribute.

It is 27 vendors to 50 vendors in each enterprise, which do security. Yet, you see breaches every day, billions of $18,000,000,000 lost in sort of economic value when people get breached. So that model has to change. And the only way we change that model is to start consolidating security capabilities into singular platforms. You can see that trend is beginning to happen.

I think the word platform is used by almost every security company, which may or may not be a platform. We have done we did 75 last quarter, we’ve gone to 1,050 or so in platform deals. We think we get to 3,000, three thousand five hundred, we double the business triple the business in ARR. And this is the best part of our business. It’s sticky, has high net retention, it has great customer value from a security benefit, it actually reduces the total cost of ownership for our customers.

So it’s generally a great commercial outcome for our customers, great commercial outcome long term for us, a better security outcome for them. So in an enterprise is 99% perspiration, so we got to keep our head down and perspiring to get there. Got

Keith Weiss, Equity Research Analyst, Morgan Stanley: it. Sounds great. What’s the friction? What’s the pushback you hear from customers about sort of driving that consolidation?

Nikesh Arora, CEO, Palo Alto Networks: The people who like it do it for all the reasons I described, right? The people who are skeptical are often skeptical about the idea of putting all their eggs in one bag. And I ask them when they go to the grocery store, do they get one box of eggs or do they get 17 boxes to keep the eggs separate? Normally, it’s one egg, one basket, but they just don’t want them all in the same place. You’ll get the argument that I have differing duration of my economic contracts with seven twenty seven vendors.

How do I consolidate that? We provide a solution for that. So I think it’s a matter of time. It’s a matter of time as people start to see you have to show the benefit. And the benefit we have been able to demonstrate in our XIM platform is we are operating at a median time to detect security incidents to under a minute and immediate in under a minute, which is as close to real time the industry can get.

If I can get my customers who are on average at four to seven days to minutes or under an hour, that’s a good start. So we’re saying, forget about the conversation platformization. Imagine if I took your time to find a threat in an environment and remediate it down from four to seven days to one minute, how would you feel?

Keith Weiss, Equity Research Analyst, Morgan Stanley: Because the cost of the breach is going to be directly related to

Nikesh Arora, CEO, Palo Alto Networks: as long

Keith Weiss, Equity Research Analyst, Morgan Stanley: as the persistent

Nikesh Arora, CEO, Palo Alto Networks: The best time that people focus on cybersecurity when they just had a breach for that reason.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Got it. So you mentioned the Cortex I’m your next generation SIEM solution, it’s automating security operations center. It’s what we think of as the next major product cycle within Palo Alto. What makes you feel that this market is ripe for disruption right now? And where are you winning share?

Nikesh Arora, CEO, Palo Alto Networks: Look, when I started seven years ago, actually, I was at Morgan Stanley even four days after I started. And I had the pleasure meeting some of the EDR vendors and David Chen, who’s here somewhere, had me go for a walk with some of them and I sort of was new in the industry. I didn’t know how to spell cybersecurity. I thought it was two different words. Anyway, and I went for a walk with these guys and they told me how EDR was the next thing.

And if you look back, one of those companies probably worth $85,000,000,000 90 billion dollars They were $2,000,000,000 or $3,000,000,000 7 years ago, but they were at the inflection point of where endpoints were migrating from McAfee and Symantec to them. I think we’re at the same inflection point in the SIMSOC business where we are going through we are going to go change the entire landscape in the next five to seven years. Some vendors, which technically started seventeen, twenty years ago in the SIEM business when you couldn’t consolidate data as expensive, you couldn’t run machine learning models because they didn’t exist. And you did now not have a concept of real time security. It was a concept of offline query based security.

So I think that inflection point is here. It’s a $40,000,000,000 market. And in the next five to ten years, it transforms. And hopefully, we’re in a great position to be able to take advantage of that. Got it.

Keith Weiss, Equity Research Analyst, Morgan Stanley: I like that analogy a lot. It makes a ton of sense. In the EDR side of the equation, it was the core technique being used for doing endpoint detection couldn’t keep up with the threat environment. There was a necessity for technological change. If we sort of draw that analogy down to the technology layer, what is it about the Cortex I’m that is solving that similar technology problem?

And what exactly is that technology problem?

Nikesh Arora, CEO, Palo Alto Networks: Look, traditionally, security operation centers were designed to investigate a breach after you understood there was a breach. So he says we have a problem, we have a breach, go analyze what happens. You’d go into your data logs, you run a bunch of analytics, you’d figure out, say, oh, this happened this way, I found the cause, let’s go trace it back, here’s how much data we lost. The average time to figure out a security breach and remediate was anywhere from twenty seven to one hundred and twenty days. Twenty seven to one hundred and twenty days, you can shut down a business, you can take all the corporate jewels, crown jewels and leave.

Today, that time to go in and expilterate is eleven hours, right? You can get in, steal data and leave in under eleven hours. You’ve got to have something that goes solve the problem. So current technology is we take all the data, we ingest it, we run it through 5,000 machine learning models that ingestion to see does there’s any pattern recognition of 5,000 different ways that you can be hacked. We take that, we stitch events and we actually have all the data analyzed.

Our view is if you don’t analyze every alert, every piece of data, you’re not going to block bad activities. So it’s kind of gone from an offline query based post breach model to an inline real time analytics model because latency is low, cost of data is a lot cheaper than what seventeen years ago. So you can actually deploy those techniques and you can save a lot of economic value and people not getting breached. So I think it’s new tech, it’s using machine learning, it’s AI. I think that’s where the future needs to be.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Taking the focus from reactive to proactive, right. You guys, last year, I believe it was signed that IBM partnership, where two folds like one, you have over 1,000 IBM consultants that are helping you guys sell this I’m solutions. To it gave you access to the QRadar asset and you can start to bring those customers on board to this I’m How has that partnership been running for you guys? It’s amazing. It’s one of

Nikesh Arora, CEO, Palo Alto Networks: the best partnerships I think we’ve done. It’s one of the best partnerships from a model perspective in the industry. IBM got to now suddenly work with us and deploy multiple cybersecurity solutions best of breed in the market from Palo Alto. Earlier, they had their own captive products. We got access to a large SIEM customer base and we got the support of IBM.

There’s instances where Arvind and I both called on the customer together, our Head of Sales and their Head of Sales have called on customers together. They’ve actually been very proactive in helping us migrate their customer base from QRadar to Palo Alto XIM, which is great because they can over time end of life that product. They can focus on their new acquisition HashiCorp and the developer side. We can focus on security and their consultants now have the option of selling the best security for

Keith Weiss, Equity Research Analyst, Morgan Stanley: us in the market. Got it. How far through that customer base have you guys gotten so far?

Nikesh Arora, CEO, Palo Alto Networks: It’s a robust pipeline. I think, as I said, economically is going to end up being one of phenomenal deal for us. We are some part through their customer base. Some of them have renewed the Quroc subscriptions, which you over time be able to migrate Palo Alto.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Got it. I want to switch gears and talk a little bit about Sassy and kind of where we are in that transformation. Is there still we’ve seen a lot of transformation within network security. SASE definitely met a need in the marketplace. It aligned to sort of what we’re seeing in terms of the explosion of cloud based applications.

Is there still that same type of appetite for a transformation? Is there still as much sort of opportunity for Sassy on a go forward basis that we’ve seen over the past couple of years?

Nikesh Arora, CEO, Palo Alto Networks: I think we’re only about 15 to 20 of the way there. I think there’s 80% of the companies haven’t transformed their Sassy capabilities yet. Morgan Stanley hasn’t, whole bunch of banks haven’t. So a whole bunch of people out there who are actually still analyzing that journey. I think AI is going to be a continued stimulant in terms of getting people who have been reluctant so far to move towards that future.

The first big inflection point in SaaS came from the pandemic. Most companies were set up to have 10% of employees be able to access everything remotely. And you had to still go to the office and do half the things because you didn’t have access from home. You don’t want to touch portfolio attribution systems or trading systems from home because they were proprietary, they were stuck in a data center. The pandemic hit, you had to provide access, employees couldn’t work.

So we had a big inflection where people had to make every system accessible from anywhere at any point in time, not just cloud based system. That caused the first inflection point that caused us to build our SASE product, where originally SASE was more of a Internet access product, which is typically provided by Zscaler. That has gone through one more cycle of evolution where people saying, wait, now I don’t need to take my employees or employees straight to my data center, I can take them to cloud and decide where traffic goes cloud or data center. And as we go more and more cloud, as we have private applications sitting in the cloud, the customers are being forced to deploy some sort of a SASE solution. And I think the next leg of SASE from our perspective is over time, we think the browser becomes the operating system of the future.

We think a lot of people who are in their iPads or their laptops right now, you have some version of a thin sort of OS in there for the most part. I’m pretty sure majority of you would have to shut down your laptops and start paying attention if the Internet was down, right? You’re only able to use the same because the internet exists. 90% of your work is being done in a browser. If that’s true, the browser is a phenomenally better way to secure you than any other technology in the world.

So we think the world goes towards the browser. We think 50% of enterprise accesses through a browser. We were lucky enough to buy a browser company about a year ago. A third of our users in SaaS last quarter were browser based, which is interesting. Got

Keith Weiss, Equity Research Analyst, Morgan Stanley: it. So can we expand upon that in terms of a lot of opportunity left? You’re talking about 80%, eighty five % of the opportunity ahead of us. There’s new technological changes that can help to accelerate sort of that transition towards SaaS. The competitive market in SaaS has definitely expanded as well.

Every vendor that I’ve talked to this week has a SASE solution, so expanding their SASE solution. How does

Nikesh Arora, CEO, Palo Alto Networks: Palo Alto It would be horrible if nobody else thought it was a great idea.

Keith Weiss, Equity Research Analyst, Morgan Stanley: It’s true.

Nikesh Arora, CEO, Palo Alto Networks: How do

Keith Weiss, Equity Research Analyst, Morgan Stanley: you guys look to differentiate the Palo Alto Networks solution from all the other vendors out there?

Nikesh Arora, CEO, Palo Alto Networks: Our underpinning is security. When SASE originally was Internet access market, you access cloud applications and you believe that Salesforce is secure, ServiceNow is secure, others are secure, you don’t have to worry about it. But the moment you started having to access your private application in your data center using a SASE front end, you wanted better security. So we come from a security background, an underpinning of strong security from firewall perspective, which translated well and us being able to do that. Our differentiation is we are the only vendor in the market that has a hardware, software and SASE form factor, which runs on a single platform.

To replicate us, you’d have to at least have three to five vendors to replicate a network security platform. So that’s the differentiation. Our browser is the sort of the cherry on the pudding, because nobody else has integrated browser in the SASE solution, which allows us to go differentiate ourselves in the market. Seven years ago, we were not a SASE player in the market. Today, our SASE business is almost as big as the hardware business.

Keith Weiss, Equity Research Analyst, Morgan Stanley: And in terms of being able to leverage that firewall installed base, having that hybrid solution between hardware and software, how do we think about the ASP uplift when a customer goes from being just a more traditional next generation firewall customers to a SASE customer for Palo Alto?

Nikesh Arora, CEO, Palo Alto Networks: Well, we’ve done the math before and shown that our customer value goes up 2.5 times as they go from being a hardware customer to a SASE customer because of the more expanded sort of queue or bond that SASE provides instead of you don’t need to deploy hardware, you don’t need to recycle hardware, you don’t need to go send people to go replace the boxes, you can run this as a SaaS service in the cloud. So it’s a phenomenal economic outcome for us. But more importantly, it’s a great outcome from a customer, total customer ownership, because it’s expensive to replace hardware, it’s expensive to configure hardware, it’s expensive to service hardware.

Keith Weiss, Equity Research Analyst, Morgan Stanley: If you’re running the SaaS platform, remember, everybody is the same version, the day we decide to upgrade the version. In hardware, it takes two years to get everybody the same version. Right. Got it. You mentioned the Talon acquisition, getting that secure enterprise browser.

Relatively early days in terms of this concept and pushing this out within SaaSci. What’s the initial customer response been? Have you guys started to get traction with this solution yet?

Nikesh Arora, CEO, Palo Alto Networks: Yes. If you think about it, the few use cases which are horrible technology use cases in our industry is one, most companies don’t have a solution for contractors. If you have a third party contractor, they don’t want to put your software on their devices. So how do you protect your enterprise if 30%, twenty % of workforce doesn’t want to put a security solution delivered by Morgan Stanley or delivered by Home Depot or delivered whoever you are. So from that perspective, a secure browser allows a third party contractor to access your capabilities, shut off the browser, go do what they need to do and they’re comfortable with that.

There’s a use case called VDI, which is clunky, high latency, hard to use that can be replaced with the browser solution. Mobile devices can be replaced with browser. The most interesting impetus we’re seeing right now is companies want their employees to access AI applications. But their biggest fear is my employee is going to take proprietary information and upload that into ChatGee with your Gemini and ask it a question and oops, my corporate data, my drug formulation, my CAD design for my chip is now being used to train a public model and I didn’t know that was going to happen. The only way you can see what people are doing in your company in an unencrypted way through a browser.

So we have customers who are deploying AI application in the company saying every employer AI leaning organization use the browser from Palo Alto. As a result, we can see and block you from entering proprietary information. So literally, we have a customer who’s about 240,000 instances of browser because they want to be an AI first company and say you can all use AI, just use it with the Palo Alto browser. So I think that’s going to be the inflection point because organization enterprises rightfully so one visibility into the traffic between AI models or AI applications and their employees to make sure proprietary doesn’t go back and forth from that perspective. That’s the only way to inspect it and to protect it.

Got it.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Got it. One more area of the next gen portfolio I want to touch on, cloud security. Paolo is an early mover and early market leader in cloud security. How is the market like where are we in terms of kind of market penetration? How is that opportunity evolving for you guys

Nikesh Arora, CEO, Palo Alto Networks: over the past couple of years? So the cloud market, I think, is in its sort of third iteration, which is where it’s going to live. The early days of cloud security was I’m going to Google, I’m going to Microsoft, I’m going to AWS, what do I need to worry about? So you’re going to have to configure AWS, Microsoft and Google for yourself. When you configure, you can make mistakes.

When you make mistakes, people can hack you. That was called cloud security posture management. You had APIs coming from all these places. You looked at the configuration mistakes. Oops, you got a problem, fix it.

This is fine because you figured, oh, shit, but I’m writing my own software. What if my software that written has flaws? So then you had this notion of code security. How do you protect your software code and sneak in the world? Other people like that showed up.

It’s okay, great. Then you sat there in security and said, holy shit, I’m getting a lot of alerts. I’m getting 100,000 alerts and none of this stuff is in production. It’s all sitting in some developer’s laptop or sitting in some configuration. So the whole world started moving towards only protect was running in real time in production.

Pay attention there, all the other stuff is sort of before all the production issues, which is where agents come into play sitting in the public cloud from a real time perspective. So the first wave was the version of CNAP. The next wave was code security. The third wave is how do you marry real time and the other two. So we spent the last nine months, moved our entire stack into our Cortex stack, which is where we do real time security.

We relaunched the product called Cortex Cloud, which does all the connective tissue. So our view is that you go forward seven to ten years from now and look back, you realize security is a data problem. All the data has to sit in one place. If you look in our industry, there’s either analytics products or perimeter products. Perimeter products, we have reasonably good market share and we have a lot of products that play in that space.

We think over time, the entire analytics industry collapses into some sort of platform like XIM. So we’ll see slowly as we collect all the data, we will be able to build analytics product because otherwise every analytics product tries to ingest the same data, we already have it. So we can provide a lot lower cost of operating a lot more integrated solution as long as you can run the analytics on one large data lake. Got it. Old habits die hard, so

Keith Weiss, Equity Research Analyst, Morgan Stanley: I got to ask you about the firewall refresh side.

Nikesh Arora, CEO, Palo Alto Networks: Yes, old habits.

Keith Weiss, Equity Research Analyst, Morgan Stanley: And it does feel like we’re in an upcycle early innings

Nikesh Arora, CEO, Palo Alto Networks: of We’ve been listening to our competitors.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Yes. It’s not a I don’t know.

Nikesh Arora, CEO, Palo Alto Networks: I’m just guessing. Okay. I’m listening to Hamzah.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Could this be a positive for the platformization trend, right? Like as these customers come up for refresh, does that give you a good opportunity to go in there and sell the broader base?

Nikesh Arora, CEO, Palo Alto Networks: There’s this fallacy about a refresh, which is perpetuated in industry since I don’t come from the industry traditionally. We don’t sell iPhones. Like, oh, there’s a new one in pink I really wanted. Forget the fact that I bought one last year. Let me just go throw it away and get a new one.

Our industry works pretty much in a cycle. I bought it seven years ago. It’s getting old. I need a new one. If I don’t get a new one, I have a security breach.

So our refreshes are very well documented, cataloged with our customers. They know after six to seven years, you have to change the firewall. If you wait for eight years, it doesn’t get serviced in which defeats the purpose from a security perspective. So I know every firewall I sold seven years ago is up for a refresh all the way from between five point five to seven years. So it’s a very well understood cycle.

If I sold $800 of firewalls six years ago, dollars 800 or so are going to come up renewal. Some people stop using them, some people want to get a bigger one, etcetera, etcetera. So it’s a very defined cycle. I don’t think there are spikes in the refresh business. I will tell you, if you step back, what does the firewall do?

It inspects traffic. Any traffic that goes between you, your company, that goes between one company and the other company, that goes between the machine to a machine, every bit of traffic has to be inspected. It’s like everybody goes through an airport, has to go through security check, every bit of traffic has to be inspected. If you step back and say, the global network traffic doubles every three years, which means you have to inspect more traffic. There’s only two ways to inspect traffic.

You have a big hardware box and all the traffic goes through it or you send it all to the cloud and you inspect it there. So I think generally the market for traffic inspection needs to double every three years. The cost per inspection goes down every year. As a result, there’s an 8% to 10% increase in the market value every two to three years. That’s the combination of hardware firewalls, software firewalls and SASE, right?

We’ve been growing that business about 20% every quarter for the last many years. So which means we’re taking share in the inspection business. That’s how I look at it. The hardware refresh is just an artifact of face of part of our business. But if I can do more software inspections, it lowers TCO for my customer.

If I can do more SAPI, it lowers TCO for my customers. But in some cases, hotter inspection is the cheapest cost of inspection.

Keith Weiss, Equity Research Analyst, Morgan Stanley: Got it. I want to shift gears a little bit and talk about M and A strategy. And this is something that’s been super impressive in the Palo Alto story. I remember early days when you took over as CEO, while the industry view, a lot of the investor view on M and A had been very sour, there was a lot of consolidating acquisitions, a lot of acquisitions that didn’t work. You came out with a point of view saying, listen, there’s nothing inherently bad about M and A.

You just have to target the right M and A. We have to be buying in the areas where the customers are going, not where the customers have been. And it’s been remarkably successful. I think talent falls into that category. Is that the same philosophy you take on a go forward basis?

And any areas that we should be kind of focusing on of where the puck is going on a go forward basis?

Nikesh Arora, CEO, Palo Alto Networks: You know, cybersecurity is one of the most innovative industries in the world. We always have to stay one step ahead of the bad actors. So we are not sort of vain enough to believe that all innovation will come from Palo Alto. There’s a bunch of smart people out there innovating on a constant basis. So we’re constantly scanning the market.

We look at about 200 to 300 companies a year. The idea being that if they’ve got something that is cool that needs to be deployed in our market, we can bring them on board and use our go to market engine and integration engine to go make it useful to Talend. We sold 30% of our SaaSy business was Talend the last quarter from an endpoint perspective, where one year ago, we didn’t have them. So we are able to buy, integrate and deploy, but it’s getting harder because we are now in 25 categories where we sort of win from a magic quadrant perspective. But we’re always on lookout.

Like now the new kid on the block is AI. You’ve got to see where AI lands. It’s the same philosophy. It’s hard to do go to market acquisitions because we don’t feel like paying multiples of revenue. But it’s good to

Keith Weiss, Equity Research Analyst, Morgan Stanley: be able to buy products which you can then put into our go to market engine and go amplify that in the market. Got it. I want to sneak in one last one on the profitability side of the equation. Powell has seen pretty significant improvements in EBIT margins over the last year. Can you talk to a little bit on a backwards perspective, what’s driven that sort of improvement in profitability?

And is there significant upside on a go forward basis? Is there still further room for leverage?

Nikesh Arora, CEO, Palo Alto Networks: Look, when I joined seven years ago, our margins were 20 plus range. I had to take it down to go invest because we hadn’t invested enough in innovation. We had to go buy some companies. We had to go a whole bunch of go to market changes. We’ve now gotten it to the high 20s, which I think is a good place to live.

You’re trying to grow the business in the 15% range. I think the AI sort of opportunity from an efficiency perspective, all this agentic stuff, all the stuff that allows you to run a much better business is going to be positive. I think we’re going to be able to eke out 50 to 100 basis points a year of improved margins over time, both from scale benefits and AI. I do think there’s a bigger price on AI, which is three to five years out, if you can get it right. And we’re leaning in heavily from our perspective, because if you believe we can get a 400 to 500 basis point improvement in operating margin with AI in the next three to five years, that allows us to be a very different cybersecurity company, then we can start looking at other companies, which are not operating at our level of efficiency and justify acquisitions, which can allow us to selectively grow in the right way.

Keith Weiss, Equity Research Analyst, Morgan Stanley: So just to be clear, that three to five year opportunity is just compounding the improvements from utilizing AI internally and becoming that kind of next generation company in terms of how you’re operating. Yes. Outstanding. Well, unfortunately, that takes us to the end of our time. But Nikesh, thank you so much for joining us and sharing the Palo Alto story.

Nikesh Arora, CEO, Palo Alto Networks: Thank you, Keith. Thank you very much.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.