Palo Alto Networks CEO Nikesh Arora On SASE, AI And Why Partners Are ‘More Important’ Than Ever

In an interview with CRN, Arora says that with the company’s product portfolio now established—including in key growth areas such as SASE, cloud security and XDR—2023 is ‘all about go-to-market and the channel’ for the cybersecurity giant.

Arora On The Record

Palo Alto Networks is driving hard toward its goal of transforming how cybersecurity is done in the era of distributed work and the cloud, with a broad portfolio of products “in the most relevant categories of today,” CEO Nikesh Arora said in an interview with CRN. Now, after spending his first few years with the cybersecurity giant focused on establishing that product portfolio, Arora is putting more attention on driving growth with channel partners. For Palo Alto Networks, 2023 is “all about go-to-market and the channel,” he told CRN in December at the company’s Ignite conference.

[Related: Palo Alto Networks CEO: We’re ‘Best Positioned’ To Deliver AI-Powered Security]

Customers that have seen their traditional security tools hobbled by the shift to hybrid work and the cloud are demanding the sort of “transformation” that Palo Alto Networks is uniquely positioned to provide, Arora said. Palo Alto Networks has aggressively expanded its product portfolio since he joined as CEO in mid-2018, acquiring 14 companies since then while investing heavily in its own R&D efforts to build out a full security platform. The Palo Alto Networks platform now covers key emerging areas such as secure access service edge (SASE) and zero trust, cloud and application security, extended detection and response (XDR) and AI-powered Security Operations Center (SOC) automation.

The portfolio of Prisma and Cortex offerings not only delivers the security capabilities that organizations need to provide secure remote access to workers and defend against intensifying threats, it also offers customers the opportunity to consolidate their security tools on a single platform, Arora said. Tool consolidation is something that organizations are increasingly looking for in response to challenging economic conditions and the complexity caused by security “tool sprawl” in their IT environments.

To achieve its aspirations, however, Palo Alto Networks will be relying on its channel partners more heavily than ever before, according to Arora. When it comes to partners, “I need all of their support to make that transformation happen,” he told CRN. In the current environment, where implementing security solutions requires a lot more than just setting up a firewall, “I think [partners] become more important,” Arora said.

When asked about his involvement to date with channel-related issues, he acknowledged that his focus has been on “fixing our product portfolio”—but said that this was exactly what the company needed in order to set the stage for the massive partner opportunity available today. “If I didn’t fix the product portfolio, it wouldn’t matter if I had a good channel strategy or a bad one,” Arora said. “If I’d focused on channel and we didn’t have the products we have today, we’d be having a different conversation. You’d be asking me how I am going to compete on firewalls with Check Point and Fortinet and Cisco.”

What follows is an edited portion of CRN’s interview with Arora.

Interview conducted by Jay Fitzgerald, transcribed and edited by Kyle Alspach.

What is your strategy for Palo Alto Networks in 2023?

What has happened is we’ve taken four and a half years to get to a place where we believe we have a robust product portfolio in the most relevant categories of today. Whether it’s cloud transformations with Prisma Cloud, whether it’s network transformation with our zero trust capability across hardware, software, SASE. Or it is the beginning of the SOC transformation strategy, to take people to more real-time protection from what I think is reactive protection. So our product portfolio is in place. The customers are trying to solve those three big problems. I think the real opportunity for 2023 is to really start transforming our go-to-market capabilities to deliver that transformation to our customers. And I’d say the last three or four years, I’ve spent 70 percent of my time on product to get our portfolio working with [Chief Product Officer] Lee [Klarich]. And the next three years I’m going to spend 70 percent of my time with [President] BJ Jenkins to make sure we actually take all these products to market and upsell all of our customers into a better security proposition.

You’ve said you want to double the company’s revenue in coming years.

In three to four years, which implies a growth rate north of 20 percent across that time frame.

How are the changes and enhancements in the partner program meant to help drive this growth?

The partner ecosystem is the key catalyst, enabler and amplifier of our ability to deliver those solutions. And as I highlighted in the keynote, what has happened is that as we’re going through the big transformation—both on the IT and security side—the partners that are getting more interested are global systems integrators and people in the MSSP space. Or even some of the traditional partners we’ve had for a long time—who’ve been great partners—have been reassessing and revamping their strategy to drive more services capability and more managed security capabilities. So there’s a whole influx of partners. Even the cloud service providers are getting into the game. So the partner ecosystem is expanding. They’re getting more solution-oriented and services-oriented. And it’s our job to make sure we have ample resources [to be] partnering with them to make sure that our strategy is amplified. Because now our products lend themselves to more transformational [projects] with our customers, which do require a significant services capability with our partner ecosystem.

What are you hoping the partners will do in order to help achieve your ambitious goals?

We have large transformation projects which customers want to engage in, which are typically led by a channel partner—be it a [global systems integrator] or a traditional partner with a transformation mandate. And we become the product partner. So we bring our product capabilities. We partner with them, we act as second-level support with them, they do all the transformation services, they do the implementation services, and they actually end up with a customer with a better security state.

I think part of what’s happened the last four years, if you think about the industry, there’s been rapid change in the industry. The application of AI, the emergence of XDR and the emergence of SASE, the emergence of the whole area of cloud security—these are all net-new areas. These are areas where we’ve had to transform ourselves at Palo Alto, deploy a lot more engineering capability to the product. The channel needs to invest in learning the same products. Because this is no longer the traditional firewall or the traditional security product. I think the explosion of new security capabilities across the industry has been even more rapid in the last four years than it was in the years before that. So the channel partners need to stay on top of their game and enable themselves to learn these capabilities so we can actually go out and deliver that security outcome that the customer wants.

Do you think that partners have been staying on top of their game?

I think so. They are very focused on the customer—they’re customer-centric. We have to build product and go-to-market capability, they have to build capability to satisfy the customer. They have one objective, which is to put the customer in a better security state. And they’re good at it. And they sense the transformational change in the market. They’ve all been building capabilities to some extent. At the same time, what is also happening is because of this consolidation theme, partners also want to concentrate on a lower number of security vendors because there’s too much to learn across too many security vendors. So that’s helping us too because now that we represent a large part of the potential portfolio, it’s a lot easier for them to come and learn Palo Alto, and go pitch Palo Alto in multiple situations, than have to learn 17 different vendors to go solve the customers’ problems.

Given your past focus on enterprise-level customers, do you see yourselves getting more into the midmarket and SMB market?

There are certain parts of our product portfolios that lend themselves to the SMB market—like our firewalls. We have form factors across the board, from very small to medium to large, which lend themselves to the SMB and midsize market as well. I think for some of the newer capabilities, we rely on our managed services partners to deliver that capability. So we’ll have a company who will run a multitenant SOC, they can do SOC management for customers, they can deploy our technology in their SOC. Or we can have a partner who manages a multitenant SASE capability. They can then service all those customers in the SMB and midsize space through those multitenant SASE capabilities. And they get both a services margin as well as they get the managed service part.

When you first joined Palo Alto Networks, how much did you know about security and about the channel?

I didn’t know security, I didn’t know enterprise sales, I didn’t know the channel. But at the end of the day, I think the reason why Palo Alto has been successful is that it’s seen the channel as a partner. We partner with them, we help them get capabilities, we help them get trained. I think we have a phenomenal relationship with the channel. I think it’s only gotten better.

What’s your long-term vision for the channel?

The channel is becoming more relevant in the new world of cybersecurity. The reason is our customers are realizing they need to get rid of the point products that they have in the infrastructure. They need to go toward a more consolidated solution outcome. And that solution outcome requires a transformation at each customer’s end. But customers don’t have the resources—we’ve heard about the cybersecurity [talent] shortage. So they rely on somebody else. I don’t have the resources to go transform every customer. I have resources to build great products. But to create that transformation capability, I need to rely on a partner. And the partner is the channel. And the channel—[whether it’s] the system integrators, the traditional channel partners, the [service providers] as well as [cloud service providers]—I need all of their support to make that transformation happen. So I think they become more important.

How is this greater importance for the channel related to the changing security tools, such as the shift to SASE?

They’re more important because it’s no longer selling a box that the customer needs to implement. In the past, we sold boxes. The boxes were taken by the channel and delivered to the customer. The customers typically had some of their own engineers or channel support to do the deployment. You can’t do that on SASE—you need implementation capability. You can’t do that on MDR [managed detection and response]. You need managed services capability. That’s where the channel has been great in the last four or five years—transforming themselves to build that capability. Because they also like services revenue and they like the margin on managed services.

Since joining Palo Alto Networks, how involved would you say you’ve been with channel-related issues? How would you respond to those who suggest you haven’t been especially visible in the channel?

When you are a triage doctor and somebody rushes in and they have a bleeding arm and a broken bone—you focus all your attention on the bleeding arm and the broken bone. You don’t pay attention to the eczema they have on their leg or other issues that are not as urgent. When I came to Palo Alto, I said, ‘We have two years to transform our product portfolio. Otherwise, we run the risk of being yet another cybersecurity company which [loses relevance].’ I spent a disproportionate amount of my time focusing on fixing our product portfolio. Think about it—we built SASE, we built Prisma Cloud, we built Cortex. I had to learn the product industry to be able to make those decisions and buy those things and get the respect of [founder and CTO] Nir Zuk and Lee Klarich in that process. So I spent a disproportionate amount of my time doing that. I let BJ Jenkins, [Chief Business Officer] Amit Singh, [President of North America Sales] Rick Congdon, [Senior Vice President of Ecosystems] Don Jones worry about go-to-market and channel. Because if I didn’t fix the product portfolio, it wouldn’t matter if I had a good channel strategy or a bad one. So I spent my time [on products]. People didn’t see me in the channel because I was busy fixing the broken elbow and the bleeding arm. Now, as I said, the next year is going to be all about go-to-market and the channel, and they’ll be surprised to find me. But once you have the best product portfolio, then you can go spend your life trying to sell it to all the customers out there. If I’d focused on channel and we didn’t have the products we have today, we’d be having a different conversation. You’d be asking me how I am going to compete on firewalls with Check Point and Fortinet and Cisco.

What separates you from competitors on EDR and XDR, such as CrowdStrike and SentinelOne?

We have been working on a broad portfolio. The best way to deliver a solution for a customer is to have a solution for their biggest pain points. If a customer still believes that they want best of breed in certain categories, we’re going to compete with CrowdStrike, we’re going to compete with SentinelOne on XDR. But honestly, XDR is best delivered by cross-correlating firewall and endpoint data. For most of our customers that have deployed Cortex XDR, our Palo Alto firewall customers understand we can reduce the noise in the SOC by deploying our XDR solution—which CrowdStrike or SentinelOne may not be able to do as effectively as we can. It makes it a very easy outcome for our customers. We can then put XSIAM on the back of XDR so we can then transition that customer to a full SOC solution.

Is there anything that your competitors have done that you would say you particularly respect?

What I say is there’s something to learn from everybody. So yes, when it’s XDR, CrowdStrike has done a great job on selling XDR and building a great business [around] XDR. For SASE, in the past, Jay Chaudhry has done a great job with Zscaler at building a SASE capability that nobody else had in the market. Now we’re giving them a run for their money. Similarly, we want to give CrowdStrike a run for their money on XDR. And you look at Microsoft—Microsoft has a comprehensive platform approach where they’re able to couple their cloud capabilities with Sentinel and Active Directory. So they’re running a platform play as well. You can learn from them—so we are. We learn from CrowdStrike every day. We learn from Zscaler, we learn from Microsoft. We learn from other cloud security startups that are out there.

What do you see as the future for AI and automation?

I think that with [recent] events, with the ChatGPT unveiling, the world is getting a public view of the capabilities of AI. DALL-E 2, ChatGPT, GPT-3—these are all windows into what AI can do. I think AI is going to catch the fascination of technologists, who will realize that the traditional way has been particular to data, try to organize it, build dashboards, build ways of interacting with data. In the future, it’s going to be like search—you can just ask the question to your computing device and it should be able to give you the answer you want—as opposed to having to trawl through a whole bunch of information to figure out what you’re looking for.

What do you think this advancement in AI will mean for cybersecurity?

It’s a data problem. We have an unfair playing field. We have to be right 100 percent of the time, the bad actor has to be right once. That’s unfair. I need help. And the only person who can help me is this thing called AI. Because I need to consume lots of data, I need to analyze a lot of data, I need to be able to sense what the data is telling me so I can block attacks that I’ve never seen before. This is not a human problem. We ingest 35 billion events a day. It’s impossible for us to design a human-based system to analyze all those 35 billion events, to figure out good versus bad. I need computing. I need AI. So this is a data problem.

How are you working to enable partners to improve their delivery of managed services to customers?

We want to give them a lot more efficiency in our products so they don’t have to apply as much human intervention. Our job is to create more and more automation and consistency so our partners have to do less customization. Because today, every customer is a unique collection of cybersecurity assets. Look at the world of CRM, look at the world of inventory management, look at the world of HR—you have Workday, you have SAP, you have Salesforce. You don’t have a collection of 40 different tools that do CRM for every company. So over time, this industry has to go toward a platform approach. The interesting thing is nobody’s ever had one before. So the question is, can we build it?

[Previously] people said, ‘Nobody wants a consolidated platform.’ But there has never been one offered. So how would you know? I think the key is you’re beginning to see the beginnings of a platform delivered by Palo Alto. I think the market is ripe for a platform because the older [approaches] haven’t worked. That’s our aspiration. And if you crack that code, I think the sky’s the limit.

Do you see yourself ever returning to the pace of acquisitions that you did in the last three years?

No—as I said, I spent 70 percent of my time in product to build the capability in areas we thought were important for Palo Alto. I think we’ve done a lot of that. I think now it’s more opportunistic. It’s more specific to certain capabilities we see emerging in the market. And it’s more about providing a comprehensive platform for our customers so they don’t have to go elsewhere to bring in one tool or one capability which we don’t have.

You’ve gotten a lot of credit for seeing the cloud security opportunity ahead of many others.

There’s three impacts of cloud. The first is, you can’t be a cloud security company if you don’t eat your own dog food. So we burned the ships, we’ve pivoted all of Palo Alto to the public cloud, we shut down our data centers. Because we wanted to be that company that delivered cloud capability by deploying cloud ourselves. Two, we felt the need was in cloud security, in all the new application development that needed to happen. So we built Prisma Cloud. And three, we said once the cloud becomes prevalent, it’s going to change network architecture. So we tripled down, quadrupled down, in SASE. So those three things have worked out so far. I still think it’s early days on cloud security. I still think it’s early days on SASE. Both those markets are huge markets in the future.