CRN Exclusive: Palo Alto Networks CEO On Security Platform Evolution And When Partners Can Expect Traps To Take Off

Palo Alto CEO Looks Forward

The security industry is at an inflection point, and CEO Mark McLaughlin maintains he is confident that Palo Alto Networks is positioned to win in that shift. The Santa Clara, Calif.-based company has seen increasing competition in the security market, with new, rising entrants in next-generation endpoint security and a crowded field for next-generation firewalls, a market Palo Alto helped create.

However, in an interview with CRN at the security vendor's annual Sales Kick Off event in Nashville, Tenn., this week, McLaughlin (pictured) said he's confident that the company's platform approach, improving technology and growing network of partners will position Palo Alto to stay ahead of the competition.

Here's what McLaughlin had to say about where Palo Alto Networks stands today around its platform, its upcoming refresh cycle, its Traps endpoint security business, managed security services, and more.

Big picture: How do you look at where Palo Alto Networks stands right now?

We're moving fast. When I was on stage yesterday morning, my message to the team -- in this case the team for us includes over 800 people here from our channel from over 300 partners…It's pretty clear that there is a very large paradigm shift…People are seeing the problem of the old paradigm of legacy technologies delivered as point products, usually hardware, that ultimately are really designed to just do detection and create lots of manual responses …The new paradigm is you have to have more next-generation technologies that are prevention-oriented and ideally are delivered in real platforms. Those platforms should have high degrees of automation and leverage … Mathematically, that's the only way to have a hope [to] fight an automated adversary ... If we don't do something about this math problem, collectively we're mathematically dead already. It's just a matter of time, so we have to change what we're doing. That was my message: That paradigm shift has been around for a long time, but it's becoming increasingly evident that customers, whether they be companies or governments or educational organizations, they are definitely moving in the shift.

How is Palo Alto Networks going after that paradigm shift in security?

For us, we think that, to a large extent, we invented that. We invented the right way to get the math to work for you, which is you have to have the real platform … [that has] high degrees of prevention from a native platform, with ever-increasing ecosystem leverage that can be consistently applied whether your data is -- that is the answer to this math problem. We have that. We think we can demonstrably show the difference to customers … This is really working … We're well over 30,000 customers today. We've been adding well over 1,000 customers a quarter for several quarters … You see the results in high customer acquisition, our revenue growth rates are at scale with more than $1 billion in revenue, growing at very high rates far in excess of any of the competition.

Most of the big security vendors are moving in this "platform" direction in recent months. Do you feel growing pressure from them?

From my perspective, I actually find that very perversely to be very helpful. If we were sitting here three years ago and talking about a prevention orientation … nobody except Palo Alto Networks was talking about that … Every one of our competitors does prevention now, every one of them talks about prevention … Now, to deliver on that, you need a real platform so everybody says "Let's build a real platform" … [But], are they actually native capabilities or did you buy them and try to smoosh them together or license it from another company and try to make it work with the rest of your stuff? Are they truly native and communicating with each other, actually update each other in real time? Do you actually get leverage from every single customer in a highly automated way, and can you make it work everywhere? ... We have a very good belief that when [customers] test the other folks, the difference between saying you have a platform and technically delivering that are very different. I think that really shows up in our growth rates. We're a significantly large company growing at significantly larger rates than everybody and, almost always, the everybody else is the incumbent.

There's a big refresh cycle coming up for your firewalls. Are you confident that will work in your favor?

I think it's beneficial … We have well over 30,000 customers today and we are growing at more than 1,000 a quarter. Every new customer, almost all of the time, is buying a device from us … When you then look at the average time to refresh, you can see that the vast, vast majority of our installed customer base is comprised of 2012 and beyond, getting closer to today … We know our customer retention rates are extraordinarily high. We know our renewal rates on our subscription services are very, very high. We know we have a lot of goodwill with the customers, so when they are either going to renew a subscription or refresh a device, almost always they are sticking with Palo Alto Networks. The size of the customer base, versus the size of the renewal rates in the customer base, is huge on a relative basis from 2012 to today, than it [was] 2012 backwards … We think there is a lot to be said for that … I think it's a good thing that has forward benefit for us and our partners, as the maturity of that plays itself out.

What about managed security services? Where are you investing for MSSPs?

From an MSS perspective, we work very closely with all of the large managed security services providers so that they know how to manage our platform for customers … In this paradigm shift [in security], there is definitely a move for customers to consume security -- when they can -- as software and as a service. We were a pioneer in that with this real platform. The real platform is subsuming what used to be stand-alone point solutions, very often delivered as hardware; they have been subsumed and are delivered as SaaS. The fastest growing part of our business is our SaaS portion of our business, which is great and exactly what we wanted. I think for our partner community it's fantastic as well, for a number of reasons. Those are recurring services … As a business model, it's great because we have constantly expanding wallet share in the customer because they keep adopting more and more and more of the platform capabilities. For our partner community, because we're 100 percent partner driven, they are in that stream of recurring services so the business just keeps getting better and better and better and the growth rates are high. It's a great business and those are high-margin businesses as well.

Do you think you have that full software add-on platform filled out? Or are there areas you still need to add to?

The security landscape doesn't stop … For each capability that is in the platform today, the efficacy of what it is doing threat-wise has to improve every day of the week because the bad guys are trying to improve every day of the week. Whatever you're already doing, there is no standstill. You have to get better and better and better. We put lots of work and effort from an R&D perspective to make sure each [capability is] as good as, if not better than, a stand-alone best of breed capability … The second thing would be to say: What are the capabilities? Every one of those capabilities is designed to interdict an attack in the attack life cycle … The third is that when you can do that, you can do that anywhere. There's a consistency point in saying can you do that for me in Azure, on my endpoints … We're never done because the world doesn't stand still… We will make sure we're modifying to keep up.

What about Traps? How is that growth actually going with customers? Is it as successful as you want it to be?

Very good. As we saw in the second half of our fiscal 2016, which we just closed out in July, we saw really great growth there. I'm very happy with that. I mentioned that to our partners on stage that we hit the inflection point on that and growth is great …That's going really well.

The next-generation endpoint security space is getting very crowded. Is that a challenge? Are you winning over those companies?

The historic paradigm for everything in security was with whatever the next aspect of a threat will be. Let me give you something that will solve that as a single point solution. What's clear is that, one, that doesn't work because they don't work together and, two, customers are saying they have too much [stuff] on their network and they have too many agents on my endpoint and it's crowded and expensive. The exact same thing that we witnessed in network security is playing itself out right now in front of us on endpoint security … The big thing in the endpoint space is people saying my primary defense mechanism, which is AV, obviously doesn't work. Now, there are 800 startups trying to sell me next-gen endpoint security, doing all sorts of different things, so there's a lot of customer confusion …

If you look at what we've done when we subsumed into the platform … what we did was we created the capability from having watched what everyone else was doing and learned what works and what doesn't and, very importantly, brought the platform leverage to play. We are now a huge player in every one of those markets [that we added], and we are going to be a huge player in endpoint security because we have a unique prevention capability and it's part of the platform. All of the next-generation endpoint security players ... have no platform.

If the platform play is so successful, why is it taking so long for Traps to take off since launching two years ago?

Whenever we brought something out to put it in the platform, we're in the market now. We do fast evolutions of releases and every one of them gets better and better and better and then we hit an inflection point and we become a major player. That has happened multiple times … I'm telling you that we hit that [inflection] point in the second half of 2016. ... If I draw an analogy to this, we could be sitting here if we were three years ago and you could have made exactly the same comment about Wildfire. As a matter of fact, people did. The partners said: "Wildfire is good but it's lacking A, B, C and D, and FireEye is way more mature because that's all they do for a living." What we told people was we're going to get better and better every release and, by the way, you can leverage the platform, so let's see what happens. Fast forward to today: We are a huge player because we improved it every release and we have the platform leverage. That's definitely happening on Traps right now. I would say people talk, but only results matter. Let's check in a year from today and I bet you that you won't be hearing that anymore.

Will you invest further around the endpoint going forward to build out that technology?

What we did with Traps was we have three capabilities that we brought to bear … From a competitor perspective, we're the only folks in the market who are doing real-time exploit detection, we're doing super high degrees of very low-positive malware detection, and we have a pretty significant customer base with Traps now that it's growing at very rapid rates and that is tied into our really large overall user base. The synergy between those for the ecosystem at large is huge. If I look around at competitors, I look at the competition in two buckets: There's the legacy AV players where that isn't working anymore, and then you have this slew of next-generation endpoint players who said they're trying to solve the problem. But when you look at all those endpoint players it's a point solution trying to do one thing for the customer by adding yet another agent to the endpoint that adds zero relationship to either your network or any leverage outside of your organization. The combination of these three things is very powerful. We're very happy with what we have.

For the rest of the year, what are your priorities and what can partners expect?

Having closed the book on fiscal 2016 and going into fiscal 2017, the situation with this paradigm shift [in security] is rapidly picking up steam. As the primary leader for this, I think we have benefited disproportionately and we will benefit disproportionately There were 300 partners in the room today [at the Sales Kickoff] and the average growth rate of those folks [with Palo Alto Networks] was over 70 percent year over year … I think that's clearly working and my expectation is we will continue to see very high rates of success here because the world is definitely going to this platform play and I think we have the advantage around that ... I'm super excited not just about fiscal 2017, but beyond that. I think this platform is at an inflection point … these are all working really well for us because the platform is the answer and all these capabilities are along for the ride.

What is your message to partners about succeeding in security in the year to come?

First of all we want you to think big. The second thing is we definitely think it's obviously to your benefit to put your time and resources into what's winning in the market, despite what your historic relationships might be … It's clear we're winning in the market, so put your time and resources with what your customers want -- they're clearly voting -- as opposed to what your legacy relationships might be … The third thing is absolutely to invest and be a leader with your customers on the value that they want you to bring, which is a lot of strategy and thought leadership. The world is changing very rapidly to software delivery, subscription services delivery for security, cloud deployments, IoT -- customers are looking for a guide there to make it through the woods … If you just look to sell a deal, versus providing higher value to your customers, you're missing a huge opportunity. We want to help [partners] capture that.