Gold

How Palo Alto Networks became the gold standard of cybersecurity – and what it has to do to stay on top


Palo Alto Networks Inc. has earned a reputation as the leader in security. You can measure this in revenue, market cap, execution and, most importantly, conversations with chief information security officers.

The company is on track to double its revenue to nearly $7 billion in fiscal year 2023 from 2020. That’s despite macro headwinds that will likely continue through next year. Palo Alto owes its position to a clarity of vision and strong execution of a total available market expansion strategy bolstered by key acquisitions and integrations into its cloud and software-as-a-service offerings.

In this Breaking Analysis, and ahead of Palo Alto Ignite, we bring you the next chapter on top of last week’s cybersecurity update. We’ll dig into the Enterprise Technology Research spending data on Palo Alto Networks, provide a glimpse of what to look for at Ignite, and posit what Palo Alto needs to do to stay on top of the hill.

The problem is clear

The challenges for cybersecurity professionals are dead simple to understand. Solving them is not so easy.

The taxonomic eye test above from Optiv is one of our favorite artifacts to make the point. The cybersecurity landscape is a mosaic of stovepipes. Security professionals have to work with dozens of tools, many legacy, combined with shiny new toys to try to keep up with the relentless pace of innovation, catalyzed by incredibly capable, well-funded and motivated adversaries.

Cybersecurity is an anomalous market in that the leaders have low single-digit market shares. Think about that. Cisco Systems Inc. at one point held 60% market share in networking and it’s still deep into the 40s. Oracle Corp. captures around 30% of database market revenue. EMC Corp. at its peak had more than 30% of the storage market. Dell Technologies Inc.’s personal computer unit market share is in the high 20s. From a market share standpoint, cybersecurity is even more fragmented than the software market.

The point is, despite its position as the #No. 1 player, Palo Alto has maybe 3% to 4% of the total security market, depending on your denominator. Regardless, the leader has only a tiny slice.

Why is Palo Alto considered the leader?

This CISO’s comments from a recent ETR roundtable discussion with our friend Erik Bradley sums up Palo Alto’s allure pretty well in our opinion.

Why Palo Alto Networks?

Because of its completeness as a platform. Its ability to integrate with its own products… or they acquire, integrate, then rebrand them as their own. We’d looked at other vendors. We just didn’t think they were as mature. We had already implemented some of the Palo Alto tools, the firewalls and stuff. We thought, Why not go holistically with a vendor, a single throat to choke if you will if stuff goes wrong? And I think that that was probably the primary driver and familiarity with the tools and the resources that they provided. – CISO in a recent ETR roundtable

The push to consolidate redundant vendors

Here’s another stat from ETR’s Erik Bradley. He gave us a glimpse of the January survey. The percentage of information technology buyers stating they plan to consolidate redundant vendors went from 34% in the October survey and now stands at 44%. So we feel this bodes well for consolidators such as Palo Alto Networks. Same for Microsoft Corp.’s “good enough” approach. It should also be true for CrowdStrike Holdings Inc., although last quarter we saw softness in their small and medium-sized business market, whereas MongoDB Inc. actually saw consistent strength from SMB, so that’s something we’re watching closely.

Palo Alto’s stock has fared better than its peers

Although all growth stocks have been hit hard over the past year, Palo Alto Networks has held up better than most security players.

The chart above gives you a sense of how well. It’s a one-year comparison of Palo Alto with the BUG ETF, CrowdStrike, Zscaler Inc. and Okta Inc. Now remember that Palo Alto didn’t run up as much as CRWD, ZS and OKTA during the pandemic, but you can see it’s now down “only” 9% for the year. The cyber basket ETF is off 27%, roughly in line with the Nasdaq (not shown). CrowdStrike is down 44%, Zscaler is down 61% and Okta is off 72% in the last year.

As we’ve indicated, Palo Alto is making a strong case for consolidating point tools. We think it will have a much harder time getting customers to switch off platforms such as Cisco, another leader in network security. But based on the fragmentation in the market, there’s plenty of room to grow in our view.

How the traders see it

We asked Breaking Analysis contributor Chip Symington for his take on the technicals of the stock and he said the following:

Despite Palo Alto’s leadership position, fundamentals don’t seem to make much difference these days. It’s all about interest rates. Even though this name has performed better than its peers, it looks like this stock wants to keep testing its 52-week lows.

But he thinks the Palo Alto got oversold during the last big selloff, and the fact that the company’s free cash flow is so strong probably keeps it at the 150 level or above. If it breaks that to the downside, its next test is around the 140 level, according to Symington.

Palo Alto’s opinionated point of view

As we said earlier, Palo Alto has strong convictions. Its founder and Chief Technology Officer Nir Zuk is extremely clear on his view of the market and sets the tone for the company’s strategy. Below we take a look at how Palo Alto got to where it is today and how we should think about its future.

The company was founded about 18 years ago as a network security company focused on firewalls. What Palo Alto did was different. It didn’t try to stuff too much functionality inside of a box. Rather, it layered network security functions on top of its firewalls and delivered value as a service through software – running at the time in its own cloud and now heavily leaning into public clouds. A pretty obvious move today but forward-thinking for the time.

Palo Alto has invested in building a true cloud native platform. In February 2020, right before the pandemic, we reported on the divergence in market values between Palo Alto and Fortinet Inc. and cited some challenges Palo Alto had transitioning to a cloud-native model. At the time we said we were confident that Palo Alto would make it through the knot hole and you can see from the previous stock chart it has done so.

The company’s architectural approach was to do the heavy lifting in the cloud. This eliminates the need for customers to deploy sensors or proxies on-premises. Same with sandboxes on-prem, which can be vulnerable to overwhelming attacks. Think about it: If your sandbox is on-prem, it’s not getting updated every day — no way. Or even every week. Perhaps even longer. And if the capacity of your sandbox is 20,000 files per hour, a hacker will just overwhelm you by sending 100,000 email attachments so your sandbox will choke and they’ll have the run of the house while you’re figuring out what happened.

The cloud won’t completely prevent this problem, but it definitely increases the hackers’ cost so they’ll probably hit easier targets. Return on investment is the simple algorithm for hackers. ROI = benefit/cost. Increase the denominator and ROI decreases, making you a less attractive target.

TAM expansion via acquisitions

The next thing that Palo Alto did is start acquiring aggressively. We counted 17 or 18 acquisitions to increase the company’s total available market beyond network security. Endpoint, cloud access security broker, platform as a service and infrastructure as a service, containers, serverless, incident response, software-defined wide-area network security, continuous integration and delivery or CI/CD pipeline security, attack surface management and, with the recent acquisition of Cider Security, supply chain security.

Palo Alto by all accounts takes the time to integrate these acquisitions into its cloud/SaaS platform called Prisma. That’s unlike many acquisitive companies – EMC was a good example — where you ended up with a “Franken-portfolio.”

Palo Alto: building the security supercloud

Consolidation of redundant vendors is the No. 1 customer cost optimization strategy today. Forty-four percent of ETR survey respondents are actively pursuing this strategy. This leads us to believe that Palo Alto wants to be the consolidator and is in a good position to do so.

But beyond that, as multi1cloud becomes more prevalent, customers tell us they want a consistent experience across clouds. This will be the same with the “internet of things.” Customers don’t want another stovepipe for edge security. So we think Palo Alto is in a position to build what we call the security supercloud, a layer above the clouds that brings a common experience for developers and operational teams.

Can Palo Alto remain best of breed?

The obvious question for a company rapidly expanding through acquisition is can it continue to effectively integrate new capabilities and still maintain best of breed status? Does it even have to? As Constellation Research analyst Holger Mueller talks about all the time on theCUBE, integrated suites will always beat BoB in the long run if the suite vendor can incorporate important features quickly. Maintaining best-of-breed inside of a suite would be a “game over” strategy.

Palo Alto’s portfolio is impressive

This next graphic underscores the point.

Above is a picture we don’t expect you to digest fully, but it’s a screen grab of Palo Alto’s product and solutions portfolio. Security in areas including network, cloud, secure access service edge, cloud-native application protection platform, endpoint, Unit 42 (its threat intelligence platform) and every imaginable security service for customers. Well, not every. We’re sure there’s more to come, such as…



Read More:How Palo Alto Networks became the gold standard of cybersecurity – and what it has to do to stay on top

2022-12-10 16:35:01

Get real time updates directly on you device, subscribe now.

Business News Updates

Having a business name does not separate the business entity from the owner, which means that the owner of the business is responsible and liable for debts incurred by the business. If the business acquires debts, the creditors can go after the owner's personal possessions. A business structure does not allow for corporate tax rates. The proprietor is personally taxed on all income from the business.

You might also like More from author
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

We respect your privacy and take protecting it seriously