Q&A: Palo Alto Networks CEO On High Growth, Partner Investment And Edging Out The Competition

One-On-One With The CEO

At Palo Alto Networks' Sales Kick Off event in Las Vegas this week, the excitement in the air was palpable as CEO Mark McLaughlin took the stage to outline the security vendor's growth, and pump up partners and top sales executives for the next phase of innovation. In an interview with CRN after the presentation, McLaughlin walked through how the company is investing in its partners, what it sees as the opportunity around new products and how it is edging out its competition with a platform-based approach.

Take a look at what he had to say.

Palo Alto Networks has been seeing incredible growth. What is driving it?

The digital age has advanced upon us, and it has really been for a very long time an approach that was incremental ... That incremental approach has led to where the vast majority of organizations and enterprises are today, which is a network that has truly been cobbled together ... Now, it's extraordinarily obvious on a global basis that that doesn't work. If it did, we wouldn't be reading about all of these problems. The reason that there is so much angst and anxiety about security right now ... is that [leadership] realizes that if we were to collectively lose trust in the digital infrastructure that underlies everything, it would be literally chaotic. It's not the big-bang sort of "digital Pearl Harbor." What's happening is more like paper cut, paper cut, paper cut. The trust is slowly bleeding out of the whole system.

What do we have to change to win back trust in security and the digital system?

From a security perspective, you have to start over with the concept that you can't just add the next thing. That obviously doesn't work. You really need to start over conceptually about what is your ultimate goal. The ultimate goal, we believe -- and this seems to be resonating -- is that you have to be really trying to solve for prevention ... If you're not solving for that, then you're, by definition, already behind the curve. Now we've got the opportunity to say that we have natively integrated, exponentially shared preventable outcomes; that's a highly automated process fighting highly automated adversaries. Now we have a shot at this, as opposed to what's been going on forever.

How big will the security market get? Will it flatten out at any point?

I think security has become a fabric item. What I mean by that is there absolutely is the security budget in enterprises, and that budget has grown and I think will continue to grow ... but in addition to that there are definitely no IT decisions made in enterprises where security is not discussed ...That's why I call security a fabric element. I think the security bucket itself has grown, and I think there's a fabric effect where there's more money being spent on security that's just not categorized by the traditional buckets around that. I think that's going to continue for a long time.

What about for Palo Alto Networks? What kind of growth is coming?

I think that Palo Alto has a really good opportunity as a real platform to acquire, over time, more market share than anyone has ever had in the enterprise security industry, which has been historically a very fragmented market ... I think that's our shot and we're clearly demonstrating the ability to capture market share quickly, but I think that's where this thing can go. There might be lots of these startup companies that are out there, but I think, over time, that sorts itself out into some companies will provide enough value to be stand-alone, some will and most will end up as feature sets of larger platform plays and some will just go away.

Talk about Palo Alto Networks' partner investment.

We're investing very heavily in the partner community ... We have thought for a very long time that our partners and us were a team, and we really want to continue to act that way and take it to the next level. We are extraordinarily transparent; we're giving them the same training, they're in all the meetings we're having with our new salespeople and our new SEs ... The reason we're doing that is they are just part of the team. If they hear everything at the same level that Palo Alto talks to itself and they are excited about that, then they will invest in that. We are 100 percent partner-focused.

How does that investment compare to what you see from your competition?

It is kind of interesting right now. I think about from an investment perspective what we're putting into that, we are investing very, very heavily at a time when we have competitors who are taking partners out of deals so they can increase their operating margins or cutting them back substantially to do that, and some folks in our industry are actively competing with partners now from a services perspective because they're trying to grow their top-line revenue that way. We're not doing that, and we won't. We view this as a very long game and we want very deep value-add partners with us along the way, because if we do that we know we are going to provide a lot of value to the customers. Everybody is going to win.

People say that prevention isn't possible. What's your take on that?

We believe that a good degree of prevention is possible ... If you think about what an attack has to do to be successful, the attacker has to actually do multiple things to succeed and not just get in the network ... We call that the attack life cycle. Our prevention orientation has been to say that if we could develop a very effective prevention capability at each point of the attack life cycle and build them all so they are completely integrated together, and communicate constantly in a highly automated fashion, then it's just math. The math on that is 99.9 percent [effective].

What's the balance, then, between prevention, detection and remediation?

I think it's in vogue to say prevention isn't possible and you have to deal with the post-attack remediation and resiliency, and those things are important ... but if that's your whole ball game, that’s extraordinarily manually intensive ... That can't be your primary strategy. It should be part of your strategy. We believe your primary strategy should be a prevention-oriented one so that you do the least amount of that as possible. You should be prepared for it, but that shouldn't be your whole plan. It's a continuum and you need to invest in the entire continuum ... so that you may have to know how to do that stuff, but you don't want to do it. That's where we differ from a lot of the folks in the business.

A lot of security vendors are adopting so-called platform strategies. How are you different?

Every vendor is going to come in here and say they have a platform. Every one of them. Let me define it for you in the negative ... what we don't mean is that we have a bunch of products that we strung together; we don't mean that we have a suite of services with a common management interface; and we don't mean a lot of things when you drill into it. That's what [our competitors] mean. What we actually mean is it's a technical platform ... It has to have the common understanding of threats; they have to be completely integrated together; they have to be highly communicative with each other, and you just can't do that when you are out purchasing other companies and trying to cobble things together. It just doesn’t work ... The market, from a customer perspective, has really come around to that.

How do you demonstrate that platform difference to customers?

We can prove it in two ways: One is to say that we didn't buy anything. Who's your vendor: Cisco? Here's all the acquisitions they have made, and it still doesn’t work. I can go down the whole list. More importantly, if you let us go in there and do a proof of concept with you, we can definitively show you the difference between the products, and that is extraordinarily effective ... You can see just from the numbers that you heard this morning that [purchases from that] happens at an extraordinary rate, where people are saying, 'I want to do that because I know what I have doesn’t work' ... and they start to implement the platform capability by capability ... Almost of all of them say they're more secure and they're spending less -- it's a good story.

Talk about Traps. What are you planning there, and what sort of growth are you expecting around that?

We're very excited about it. Traps is the advanced endpoint capability ... We bought [Cyvera] and took them off the market for months and months to integrate it into the platform so you would have these highly integrated automated outcomes of not only the network, but the endpoint as well. For our road map, what that has brought us is realtime prevention capabilities and detection capabilities on the endpoint. The other two aspects of isolation and remediation, we were happy to announce an exclusive partnership with Tanium, [who] does a really nice job of finding things on the endpoint. We're super excited about that.

Do you expect most partners will begin selling Traps right away?

We've been at it for a year in the sense that we've been in the market, we've been talking and training not only our team but our partners as well, so hopefully they're pretty far down the path on this. I think the partners are, and will be, continually really interested in this, and the reason for that is the endpoint security landscape is completely up for grabs ... The timing is spot-on. The market really wants the answer, and we are excited about what this year is going to hold for us and we're working with the partners to make sure they understand the technology ... To get the prevention story, they know how to sell that platform -- that endpoint thing is an important aspect of the next chapter of that. I think they are going to be very interested and excited to figure it out and sell it.

What about your partnership around VMware NSX? What is the growth opportunity there?

We love VMware. They are a very strategic partner for us. The reason that we're excited about that, and it's doing well in the market, is that, if you go back to the prevention capabilities ... .every customer that I talk with is on a journey where they have some stuff on-premise, in hybrid cloud, in public cloud environments ... Security should not dictate what your deployment model is or hold you back from your deployment model, so a couple of years ago, we virtualized everything we have and we integrated it deeply with NSX, and now AWS too ... You have that total better security at lower cost, no matter where you are on your cloud journey because we already did all the work. That's why we're so excited about the cloud and NSX, in particular, and so is VMware.

How many partners do you have offering that right now?

Lots. We have a lot of partners who have studied up on that, and they know the technology and have been technically trained on that and know how to take it to market.

Palo Alto Networks is on a pretty high-growth trajectory. How do you make sure that continues?

It's very important to be focused ... We don't do everything, and we don't have aspirations to do everything. The reason for that is companies who usually have those aspirations, they start to think that their brand is strong enough to carry them into different things. As they get into them, usually through acquisition, they find out that they didn't actually do anything special ... Then they start to end up doing lots of stuff at a mediocre level as opposed to important stuff at an exceptional level. We're trying to be very focused on doing very important things exceptionally well for customers. That's what we've been doing for a number of years, and you can expect us to continue to be very focused like that ... What we are trying to do is continue to strengthen those prevention capabilities and make that math better and better.

If you continue with that growth plan, then, will legacy players like Cisco and Check Point and others be able to catch up?

I think about possibilities and probabilities. Is it possible? Sure, it's not impossible. Is it probable? I think it's extraordinarily improbable. That's just an observation going back to, say, for 25 years like this, the competition, many of who had the opportunity to clean-sheet this thing didn't, they took the cobble-together approach. The longer that that goes on, the harder it becomes to get yourself out of the innovators' dilemma. That is exactly what is happening in the security industry today, and exactly what Palo Alto is riding, that all of the legacy providers are in the innovators' dilemma. They have chosen, as most companies do when facing the innovators' dilemma, not to disrupt their legacy businesses in favor of reinventing themselves and that is a spiral that, at some point -- and I believe we are well past that point -- [is hard] to get out of. It's a real tough problem.

Who is your tough competition then? Is it An up-and-coming startup?

Anything is possible. When I joined Palo Alto Networks four years ago, I thought about the same thing ... I looked around four years ago, and there's tons of security companies getting funded, but not to be the platform play that Palo Alto Networks is. The ones that I've seen are more likely than not to end up being features of platforms over time, but not the platform itself ... If you went to [venture capital] with Nir Zuk's business plan from nine years ago -- his business plan said give me $100 million to build hardware to take on big legacy providers like Cisco in a market that they have commoditized. Fortunately, that got funded and you now have Palo Alto Networks ... That's a very difficult business plan to sell into the venture community, and that's why they're not there.