Palo Alto Networks CEO Arora: ‘The Role Of VARs Is Changing’
“A lot of our platform, amplification and execution happens through the SI channel–we can't get it done with them,” Palo Alto Networks CEO Nikesh Arora said.
“A lot of our platform, amplification and execution happens through the SI channel–we can't get it done with them,” Arora told CRN during a recent event at Palo Alto Networks headquarters in Santa Clara, Calif. Aimed at the media and analysts. The event was held before the vendor’s quarterly earnings call Wednesday.
About half of Palo Alto Networks’ business comes from larger deals with longer sales cycles and more closely associated with SI partners, Arora said. That half of the business is growing faster than the smaller deals side with quicker sales cycles and more closely associated with VARs.
Arora said the resellers thriving in the software-as-a-service (SaaS) world of modern security are “value-added VARS” adding consulting and advisory services to their portfolios.
“I can ship an auth(entication) code in an email as delivery–that doesn’t deserve 9 percent” margin, he said. “That doesn’t require customization. … The role of VARs is changing. Now, some VARs have understood that a long time ago. They see the market conditions on a daily basis. Some have a large proportion of hardware still because Dell still exists, EMC, Cisco still exists. They still do that stuff. But some have understood that for the software business, they need to get in the game of being advisers, being evaluators, being deployment specialists.”
[RELATED: Palo Alto Networks Completes IBM QRadar Deal; CEO Touts Cortex Adoption Ahead]
Palo Alto Networks Partners
Arora continued: “The ones who have those capabilities, yes, we're playing well with them because they are no different than SI, because they lead us into deals. The ones who are still processing hardware, they will need to innovate or they will lose share to the value-added VARs.”
Palo Alto Networks has about 15,000 channel partners worldwide, according to CRN’s 2024 Channel Chiefs.
Heading into 2025, Arora wants services partners to know that Palo Alto Networks is at work on creating more wins together.
He highlighted deeper partnerships with the likes of CRN 2024 Solution Provider 500 memberCognizant as well as Infosys, Wipro and Tech Mahindra as signs of Palo Alto Networks investing in the channel.
Palo Alto Networks and its partners are aligning goals in the C-suite to avoid the old proverb “the fish stinks from the head down,” Arora said.
“I can talk to Arvind (Krishna, IBM’s CEO) as much as I want until I’m blue in the face, but until my field team and their field team feel that same kinship and partnership, it's hard to get business done,” Arora said. “It is almost like every salesperson is their own entrepreneur. My sales guy or their sales guy thinks we won't get it done with these guys. They're not a partner.”
Here’s what else Arora had to say during the press-and-analyst event on the vendor’s platformization approach to cybersecurity.
Platformization Overcomes Vendor Consolidation
I had a call with a CISO. … They are users of our firewall, a very large financial transaction processing company. …. They recently bought Prisma access for SASE (secure access service edge). … We do a quarterly catch-up, the CIO, CISO, me and BJ (Jenkins, Palo Alto Networks president). And we started chatting about enterprise browsers.
(They said), ‘I know Talon (Cyber Security). … We were trying to (do a) PoC (proof of concept) with Talon and (rival) Island, but we paused it when you bought Talon (last year) to see what you can do with it.’ … He can (now) use a VPN (virtual private network) client or browser. It's fungible. We don't care. It's part of the license.
And they've deeply integrated the browser into the same security policy that he would use. … Now this company has no reason to buy a different browser, a different VPN client from the firewall. That's the way we sell it. We don't go in and say, ‘Don't take best of breed.’
You have one security policy, same place. You can see it together. Or you can own three security policies. … Works a lot easier when you increment your way into a customer. That's typically how it's happening for us right now.
For example, when we bought Talon, we had a big debate. … Do we want to go sell every customer Talon? … Actually, no, let's deeply integrate it into our SASE solution.
We have 3,500 SASE customers. And we made it fungible for the licenses. And if you have enough licenses, you can use the browser or you can use the client. So that's how we try to introduce the idea of reducing vendor sprawl.
The Platform Pitch To Customers
We have all of our products … internally understood as land or expand products. In a browser RFP (request for proposal), me going and pitching SASE and firewalls is not going to help. … These are incremental benefits.
So in three cases in the last four months, I know we got the customer to consolidate an XDR (extended detection and response) and SIEM (security information and event management) RFP together three times when they saw that it's better together. … One of (CISOs’ and CIOs’) projects is to reduce spend, increase security posture.
But when I talk to an SD-WAN (software-defined wide area network) guy or gal, he or she is not on that boat. … It usually resonates better at the CIO level, the platform approach or the consolidation approach.
At the practitioner level, we have to convince them on a best-of-breed basis. It works. We announced (energy giant) Schlumberger as wall-to-wall Palo Alto (Networks). They bought everything. They come to us first and say, ‘Do you have it? If you don't have it, we'll go look outside. If you don't have it, who should we go look at together?’
That's why the metric we put out on the street is platformization, which tells you that there is more than one product already in there. … And the reason we did that is, in the past, we weren't stitched so it was hard to convince people.
Palo Alto Networks Sales Team Changes
We (now) have UI (user interface) that consolidates everything but presents it together, so you see the benefit of one pane of glass. We didn't have that. One year ago, we didn't have a single pane of glass for a platform. … It's hard to send a Ferrari, if you don't show me one.
What has also changed the last six-to-nine months is our go-to-market teams actually identifying where they can pitch the platform. … The go-to-market team didn't have a single UI. They couldn’t show you everything.
So part of what we're discovering is, you show them the vision and what's possible, then say, ‘Oh my God. Wait. So if I make a decision on SASE differently than the firewall. … I may just be doing one project today, but I want to get to that (other) one (eventually).’ Ripping and replacing everything is hard.
You can't change your hardware firewall, software firewall, rip out Check Point, rip out Cisco, rip out Fortinet, put in Palo Alto (Networks) and do a SASE deployment–we may or may not be replacing somebody–it's complex. It takes a lot to get it to work. … Don't forget, we do have 62,000 firewall customers in the world. … We have 3,500 SASE customers in the world. We have 33 percent market share in software firewalls.
These are all people who have some piece, part of it. So it is almost as an extension play. You already have this. You already deploy some part of it. … The good news is, the more I can keep convincing my existing customers to expand the footprint, the better it gets, because the thing starts to work together.
And the way I see it, once we get there, there's lower churn. And there's no turning back. It's like, ‘Oh, wait. I have all these. Three-in-one pane. Should I replace them with three planes of glass?’ That's never going to happen.
So I just have to power through this phase of getting it together. It's going to take a while. It's a grind.
Platforms As A Differentiator
This platform approach is differentiated. Fortinet doesn't have software firewalls at the same scale and SASE at the same scale as we do. Zscaler doesn't have hardware firewalls and software firewalls, Check Point doesn't have SASE as good as we do, Netskope doesn't have hardware firewalls.
So when I look at the landscape, suddenly I get very differentiated. … We’re the No. 1 market share leader in software firewalls in the world today. … We are approximately a third–25, 30 percent–of the SASE market. Zscaler ran the table for 10 years. There was nobody in sight. … So we're grounding it out.
Cloud, we think we're neck-to-neck, still, with Wiz. … XDR, we're down to one of four players. We were No. 14 when we started. SIEM, we're going to make it to the Magic Quadrant. … We will because we just want IBM's business. We don't see anybody but Microsoft and Google. … Here's the beauty of platforms. We have ServiceNow. We have Workday. We have Salesforce.
The cost of replacing that is enormous from a business interruption and efficiency perspective. If you look at the history of cyber–history of tech for that matter–the only time people replace software products is if there's a fundamental lack of competence or quality in the company that sells it or if a product gets left behind technically too far.
Symantec. McAfee. Juniper. Cylance. … The last thing a CIO wants is to sit and say, ‘I'm going to replace the following four vendors this year.’ That's the kiss of death. … It's a pain in the ass.
When I joined (Palo Alto Networks) six years ago, Symantec, McAfee were market share leaders. They ran the table. … The old tech was so bad compared to new tech that you had no choice but to move.
And the old guys were not going to catch up. … (A platform works because) the alternative is no better, and the cost of replacement is too high.
XSIAM Replacing SIEM
Why is XSIAM (extended security intelligence and automation management) interesting? … Splunk is 17-year-old technology. It was designed as a data repository with correlation rules slapped on top.
And it was designed as a data store with not the right cost economics to ingest lots of data. … There's a natural disincentive to put more data into Splunk because everything is charged by the terabyte.
All the intelligence is paid for in terabytes. … We have separated intelligence data. … The new SIEM is the same inflection as the XDR moment or the next-generation fireball moment.
And there's only three people in the new SIEM space. It's Microsoft, Google and us. … People don't understand there's a difference between the three new SIEMs and the five old SIEMs. They don’t understand that. … Where is the meat of the cyber spend in the market? … About 40, 50 percent is somewhere in network security still.
That's where the spend is. You go to customers, it is firewall … SASE, remote access, SD-WAN. Part networking, part security.
It's probably 5, 10 percent in identity and email, give or take. There's probably, growing, 5 to 10 percent … on cloud and AI. … Twenty percent, 25 percent is SIEM.
I mean, endpoint today can go down all the way up into $8 to $14 an endpoint, all in. It used to be $75. … It's a race to the bottom. … You want to compete with SentinelOne, Microsoft Defender and Palo Alto (Networks)? … I can tell you three features I'm better at.
They'll tell you three they’re better at. … It goes down to, which company do I trust? Who's in the door? Who do I want to consolidate around? … In my personal opinion, CrowdStrike has a great product. SentinelOne has a great product. We have a great product in XDR.
CrowdStrike was early. They burned the rubber. Got the market. They play down market.I don't think CrowdStrike’s SIEM product is any good yet. (ButA) it's early days.