Palo Alto Poised To Set Traps For Competitors

Palo Alto Networks on Tuesday will formally launch Traps, a next-generation endpoint prevention product that is already helping the company win multimillion dollar data center deals as an enterprise-wide security platform prevention company rather than just a next generation firewall provider.

Traps, a next-generation endpoint offering that blocks a complex set of 23 known malware techniques, rather than millions of pieces of malware-choking endpoints, has been tightly integrated into the Palo Alto Networks security offerings as the final piece of a next-generation, enterprise-wide security prevention platform alongside next-generation firewall/network security and cloud-based threat intelligence.

Traps, which is being sold on a one-, three- and five-year subscription basis, has customers already making big bets on an end-to-end Palo Alto Networks platform in a bid to shut down the endless barrage of security breaches wreaking havoc on corporate America.

Palo Alto Networks CEO Mark McLaughlin said in an interview with CRN that Traps is driving enterprise-wide security prevention platform conversations that are resonating with CEOs, Chief Security Officers and CIOs.

"This is all about not just detecting bad things, but more importantly preventing them in the future," McLaughlin said. "That is an enterprise-wide value proposition. Closing the loop between the network and the end point with Traps is very, very powerful."

Powerful indeed. Solution providers said just the anticipation of the new end-point offering, which is the result of Palo Alto Networks' $200 million acquisition in March of Israeli security software maker Cyvera, has helped them win enterprise-wide security prevention deals. They said the new endpoint offering means big trouble for large rivals like Cisco and Juniper who are going to face a deeper threat now that Palo Alto Networks is being embraced by companies as an independent end-to-end security platform prevention provider. Partners said it is also going to put the heat on longtime, end-point players like Symantec and McAfee.

Traps isn't the only help Palo Alto Networks is getting in its enterprise-wide security prevention platform offensive. The security software company is also readying a massive joint marketing offensive with VMware which is positioning Palo Alto Networks as a critical tightly integrated security component for its NSX software-defined networking platform.

"This is very compelling," McLaughlin said of the automated security policies that are part and parcel of Palo Alto Networks for NSX.

"It is very cool. All the VMware guys are going to start selling this soon. It is on their price list. It is a SKU. That is another example of us trying to be very far ahead of the market from an innovation perspective."

One sign of the power of the Palo Alto Networks enterprise platform prevention story came in the company's fourth quarter ended July 31 with one of the company's partners winning a $1.5 million, five-year deal with a major university that was previously an all Cisco network shop with a Juniper firewall.

"We won because we gave them the picture of a security platform for many, many years to come versus we have got a better (security box)," said Palo Alto Networks Vice President of Americas Sales John Spiliotis. "That is a massive trend. The (security prevention platform) triangle is the biggest differentiator we have. And we are just delivering the third leg of the stool."

Critical to the big university win was "confidence" that the Palo Alto Networks security platform would be able to manage tens of thousands of endpoints in a tough to secure university environment, Spiliotis said.

Beside the university deal, Spiliotis pointed to a fourth-quarter, $2 million deal with a Canadian school district in which the Palo Alto Networks end-point platform story also came into play.

"The (platform prevention) vision matters," Spilotis said. "These are five-year deals. I love these deals and we are just in the first inning of implementing this."

The Traps end-point protection offering is accelerating data center sales momentum that kicked into high gear this year as a result of Palo Alto Networks PA-7050 chassis which is increasingly being used in corporate data centers. Palo Alto Networks data center sales grew from an estimated $79.2 million or 20 percent of total sales in fiscal 2013 to $239.28 million or 40 percent of sales in fiscal 2013.

Palo Alto Networks had more than 250 sales of $1 million or more in fiscal 2014 compared with 100 in fiscal 2013.

"There is a pretty good slope in the last four quarters of $1 million transactions which directly correlate to data center segmentation and the 7050 chassis," Spiliotis said."The data center average selling price is between 15 to 25 times the traditional average selling price of an internet gateway which we have done for many, many years. This is an opportunity for partners to take the investments they have made and expand."

NEXT: The Appeal Of Traps

Palo Alto Networks estimates the enterprise security market in the Americas as a $6.7 billion opportunity in 2013 growing 5.4 percent annually to $8.4 billion in 2017.

Customers are buying into the Palo Alto Networks end-to-end security prevention platform story, said Andrew Segal, president and CEO of Albertson, New York-based security solution provider Vandis.

"Customers like the fact that Palo Alto has a platform," he said.

As for Traps, Vandis said the product will appeal not only to Palo Alto Networks' installed base, but to customers who have never done business with Palo Alto Networks.

"People who are not Palo Alto customers are going to want to see this," he said. "Palo Alto has a unique perspective on end point."

Besides Traps, Vandis said Palo Alto Networks for NSX has the "potential to be an industry-wide game changer. As NSX gets adopted and Palo Alto is taken with them it becomes more and more significant."

J.D. Butt, vice president of technology for Nexum, a Chicago, Ill. solution provider which has grown its Palo Alto Network sales 50 percent consistently for six consecutive years, said he sees Traps as another step in Palo Alto Networks best of breed security innovation offensive.

"Palo Alto is continuing to be innovative," he said. "They are building out the platform. They have next-generation firewall, Wildfire, and then they went and did the Cyvera acquisition. All the large manufacturers are playing catch up."

Dan Wilson, senior vice president of partner solutions for Denver, Colo.-based Accuvant, which grew its Palo Alto Networks business 50 percent this year, said of all the things Palo Alto Networks is doing, it is Traps that has him most excited. He said customers are "chomping at the bit" to get their hands on the endpoint protection product because of Palo Alto Networks' "reputation for delivering consistent, solid technology. "

McLaughlin, for his part, is making sure that partners are armed and ready to go to market with the enterprise security platform prevention story. At the company's Americas partner conference earlier this month, he spent the bulk of his presentation on what he called the "money slide" that showcased the company's "next-generation platform" approach focused on prevention. That's because, he said, CEO, CSOs, CTOs and CIOs get it.

"They understand what we are saying," he said. "It's something very real."

One sign of the enterprise prevention traction with C-level executives: the success of Palo Alto Network's cloud-based architecture, which is showcased in the company's Wildfire subscription offering. Palo Alto Networks now has 3,000 Wildfire customers, 1,000 added just last quarter.

"Why is that working?" McLaughlin said. "It's because this is a true platform."

The fundamental difference between the Palo Alto Networks and the competition is the disparate pieces of technology being being brought to the table by competitors versus a native integrated platform from Palo Alto Networks, McLaughlin said.

"When we use the term platform we mean technology that is native, purpose-built from the ground up, super tightly integrated and highly automated," McLaughlin said. "You cannot be secure in today's environment if you take disparate pieces of technology and try to make it work together."

PUBLISHED SEPT. 29, 2014