Palo Alto Networks: Are These The Channel's Happiest VARs?
As one the more frequently buzzed-about companies in the network security space, Palo Alto Networks has made quite a splash with its so-called next generation firewalls, which manage applications and content by user instead of IP address or port. The company's subsequent ability to pack a range of advanced security features into single products at affordable price points for the enterprises has announced it as a major new network security player to compete with the Ciscos, Check Points and Junipers of the world.
But perhaps at least as impressive is the way in which Palo Alto Networks, in the short span of five and a half years, has ingratiated itself with nationally-known security-, networking- and data center-focused solution providers who thought they'd seen it all with firewalls and network security technology, let alone found a vendor who could back its engineering up with top-of-the-line marketing and channel support programs.
"People are starting to know who they are," said Helen Lesser, executive vice president at Nexum, a Chicago-based solution provider. "There are obviously big firewall companies out there and big companies in the IDS/IPS space as well, but without a doubt their name is coming up in conversation even before we bring it up with customers. That's definitely a tribute to the growth they've had the last few years but also the value and innovation they've created in this space."
Danny Timmins, CEO of NCI, a Mississauga, Ont.-based solution provider, said that within the past year, customers have been requesting Palo Alto versus the other way around -- a huge customer mindshare leap in a short period.
"They call it a disruptive technology and I think they've done a good job selling it that way," he said. "It used to be they'd have to ask to be looked at, but now they're being asked be on RFPs. It's not only the channel that wants it, our customers are also asking for Palo Alto and that's really happened in the past year or so."
Palo Alto executives offered perspective on the company's recent strides at its Double Down Partner Summit in New Orleans this month, which was Palo Alto's third annual North America partner conference and included about 155 partners.
To date in 2011, 26 Palo Alto partners -- of about 700 or so worldwide -- are doing more than $1 million in bookings with the company, versus nine partners who did so in 2010.
The company's average deal size and consideration rate are growing considerably, according to Brian Harmon, vice president of North America at Palo Alto, and Palo Alto wins more than 90 percent of deals when a customer has successfully tested its solution.
"We want a seat at the table for any opportunity," Harmon said, urging partners to get even more aggressive behind Palo Alto in the new year.
Mark McLaughlin, who became Palo Alto's president and CEO in August, said that one of Palo Alto's biggest growth advantages is the size of its market opportunity -- ample "headroom," as McLaughlin put it to partners.
Thanks to the evolving nature of threats and the pressures placed upon IT managers by trends like virtualization and mobility, those IT managers are forced to look at new ways to solve network security problems, he explained. McLaughlin cited research from IDC indicating that Palo Alto's addressable market, counting VPN, IDS/IPS, web gateway and firewall spending, will be more than $12 billion by 2014.
With Palo Alto still a private company -- and its financial picture a closely guarded secret among its top executives, especially with initial public offering (IPO) talk a daily reality -- McLaughlin and his team did not provide detailed revenue figures.
McLaughlin did say that Palo Alto Networks has doubled in size every year, has seen seven quarters now of positive cash flow, and has more than 5,000 customers in 80 countries. In addition, the company has more than 40 deployments sized $1 million or larger and is adding new million-dollar deployments at the rate of one per week. It has more than 500 employees and is adding between 100 and 125 every quarter.
"Competitors like to say, 'that's the little start-up," McLaughlin said. "But this a very late-stage private company. The company does not need to raise capital to do what it needs to do."
Solution providers interviewed by CRN in New Orleans said Palo Alto Networks has been steadfast in growing with partners, and protecting both their investments and their margins. Palo Alto, for example, denied a reseller contract to Dell -- an announcement that brought thunderous applause from partners gathered at a conference keynote -- and has also maintained it will leave professional services sales entirely in the hands of solution providers.
For NCI, which does about 60 percent of its revenue in professional services, that's a key message, said Timmins, whose organization also focuses on Check Point.
"We're not a box-pusher, we're a consultative solutions provider," he said. "Without knowing that we can get our professional services on the back end, we probably would not be involved with Palo Alto and certainly not at the numbers we're doing with them today."
"Our business is doubling year-over-year with them, and there are a lot of good vibes about the organization," said Steve Groom, security practice manager at Trace3, an Irvine, Calif.-based solution provider. "The product itself has made the short list at an awareness level, even at the bigger shops who usually wait for products to become stable before they invest. I'd love to say they could be doing something different, but they're really doing things the right way."
Next: Why Partners Are Investing
Palo Alto has kept its R&D engine humming, no doubt. The most recent addition to its product lineup is WildFire, an anti-malware product for on-premises firewalls that addresses new and unknown files in a virtual sandbox and then troubleshoots -- by creating unique, distributable signatures to protect rest of the the network -- if those files are determined to be bad. Based on a company's policy, WildFire grabs new and unknown .EXE and .DLL files and judges them against some 70 behavioral profiles to figure out whether they're malware.
One of the company's big strengths, say partners, is designing marketing programs around its technology story -- avoiding the pitfall of engineering-first companies that don't quite know how to spread the word about their creations in a way that makes sense to non-techies.
Palo Alto, for example, recently launched its Marketing Council, which focuses on how to help partners tell the Palo Alto story in the context of other, more established network security players as well as rewards them with market development funds (MDF) and other incentives.
"They're ahead of the ball on that one," said Nexum's Lesser. "We're seeing how much innovation is going into their product line, so the challenge is making sure all of that knowledge gets transferred to the channel so we can tell the story, get it working right with customers and get them to understand as many of the exciting features as possible."
Trace3's Groom said his VAR has seen big wins -- "heart transplants in major financial organizations," as he described them -- behind Palo Alto, and said the company has done much to excite partners to go after bigger customers. He pointed to the Dell reseller decision as the type of critical call that, for most vendors on the up-and-up, would have gone the other way.
"Those make a big difference," he said. "We have to manage risk associated with the acquisitions of our partners all the time. The key as they get bigger will be hold on to the things that made the company new and different and made is such a pleasure to go to market with."
Tom Gobeille, president and CEO of Network Computing Architects, a Bellevue, Wash.-based solution provider, said that he, like many partners and customers, had to be sold on Palo Alto at first.
"I was made aware of them through a business friend of mine and I remember thinking, thanks, but I need another firewall vendor like I need a hole in the head," he said. "I then had to sell the concept to my security teams, because their response was the same: it's a crowded space, and we already had an information security posture and practice. So it took patience and education, but what happened -- and why they're so successful -- is that the more people learned about it, the more passionate and excited they got about it, and next thing you know we're sharing that with customers."
Gobeille agreed that Palo Alto's success has been in part about technology but also about a good story being told at the right time.
"You're not selling your customers on firewalls so much as you're helping protect them in the tech world with this mutation around mobility and social networking," he said. "The interesting thing about Palo Alto is that it almost goes beyond a firewall. You can tell the Palo Alto story about four or five different ways. The risk is at Layer 7 -- you really need to be afraid of where the threats are coming from in these handhelds and devices. Palo Alto has a solid story around that."
Mike Porter, vice president of business development at SOS Security, a Houston-based solution provider, said Palo Alto has one of the strongest stories of any vendor behind the concept of unified threat management, and being able to pack several security capabilities into a single device, with a range of flexible options for customers.
His company's Palo Alto Networks business has grown "exponentially," Porter said.
"It all depends on how you slice it. If you talk to an IPS vendor, for example, Palo Alto may seem like a competitor, but they're not really a direct competitor because it's not an apples-to-apples comparison," he said. "Some of the IPS solutions are more granular, because of how advanced malware is, you still have to augment that with more advanced IPS and URL filtering with other products. So why do you want best of breed -- why pay for best of breed -- when you can get 80 to 90 percent of what you do need from Palo Alto?"
"We knew it was a good product," added NCI's Timmins, who first looked at Palo Alto two and a half years ago and added them shortly after. "When customers get the understanding that it actually meets the performance demands, and that they get the three or four components Palo Alto has in a box, plus the energy and a lot of the things that come into play with an organization, that makes them unique."
Next: Partners Urge Palo Alto To Protect Margins, Loyalty
That Palo Alto is still small enough to quickly tweak its partner program in response to partner feedback, is part of why it appeals so much to the channel, VARs said. The challenge now is to balance new partner recruitment with protecting the loyal VARs that have invested behind Palo Alto, and most solution providers acknowledged that isn't an easy tightrope to walk for a company so obviously focused on growth.
"The program is pretty good but for the partners that have continually engaged and put money in technology resources and done their training, that could increase," said Tobi Sickelsteel, director of sales and marketing, at AmeriNet, an Ann Arbor, Mich.-based solution provider.
AmeriNet is among the Palo Alto solution providers that have made a big bet with the vendor, and according to Sickelsteel, AmeriNet now does about 90 percent of its firewall business with Palo Alto Networks after several years focused on Juniper.
"When we were re-evaluating the firewall space we were looking for a solution that was end-to-end," she said. "In the beginning there were other features that they were going to need, but now they're getting into data centers and we're seeing a lot of that."
Other partners said that the company's partner support resources are still a work in progress, but the introduction of deal registration a year ago and the formalizing of other program elements has been consistent.
"They protect registered partners on margins better than most vendors in this space," said SOS Security's Porter.
"If you want us to grow our business, help us grow," said NCI's Timmins. "We need to make a profit to hire more people to help us go out and sell more of your product. I think they see that. You can get to a certain level with them now where you can get good margins. They are true to their word in that they've rewarded us with opportunities. It has to be a two-way street for organizations to be successful, and the people involved have been in other organizations where they've seen what worked and what didn't work and they've brought it to Palo Alto to start from scratch."
Palo Alto has figured out how to align partner programs and marketing with their technology gains in a way it takes other startup vendors years to figure out, said other VARs.
"I like the fact that they know they have something different," said NCA's Gobeille. "It's a time-to-market issue. They don't have a large competitive landscape now, but they will. With their roadmap and passion around doing the right thing and being disruptive, they're wrapping programs around that to support us going to market with them."