Palo Alto Networks,Inc。(PANW) 出席花旗全球技术经纪人大会 - (成绩单)

Palo Alto Networks, Inc. (NYSE:PANW) Citi Global Technology Broker Conference September 5, 2019 11:00 AM ET

Palo Alto Networks,Inc。(纽约证券交易所代码:[PANW])花旗全球技术经纪人大会2019年9月5日美国东部时间上午11:00

公司参与者

Nikesh Arora - CEO & Chairman

  • Nikesh Arora - 首席执行官兼董事长

电话会议参与者

Walter Pritchard - Citigroup

  • 沃尔特普里查德 - 花旗集团

Walter Pritchard

Let's keep it going here in the southern part of the center. I'm Walter Pritchard, the software analyst here at Citi. I would ask, let's take the maybe a few empty seats. So I think we're going to have a decent crowd in the room here. So if there's any empty seats, I encourage you to take those.
We're very happy to have with us Palo Alto Networks' Nikesh Arora, the CEO. They had an Analyst Day yesterday. I think we could spend all session here recapping the Analyst Day. There's a lot out there yesterday in the slide deck and so forth. So I was going to try to dive into some of the questions I had prepared as well as some of the follow-ups that came up from yesterday from the Analyst Day, and we can take some questions from the field as well. We'll have a couple of microphones going around, and just raise your hand and we'll make sure we get that on the webcast.

让我们继续前往这个中心的南部。 我是花旗的软件分析师沃尔特普里查德。 我会问,让我们考虑几个空位。 所以我想我们会在这里的房间里有一群体面的人。 所以,如果有任何空座位,我鼓励你采取这些。

我们很高兴能与Palo Alto Networks的首席执行官Nikesh Arora在一起。 他们昨天有一个分析师日。 我想我们可以在这里花费所有会议来重温分析师日。 昨天在幻灯片中有很多东西,等等。 因此,我将尝试深入研究我准备的一些问题,以及昨天从分析师日那里提出的一些后续工作,我们也可以从该领域提出一些问题。 我们将有几个麦克风四处走动,只是举手,我们将确保我们在网络直播中得到它。

问答环节

So Nikesh, again, thanks for joining us here, especially with all that you have going on. I'm not usually one on overtly complimenting management teams too much, but I thought you did a very good job yesterday of sort of taking questions that were coming in and addressing those.
So I guess what I wanted to start, you've been CEO for about a year. I think one of the issues that have been out there is a lot of people, investors sort of didn't know you that well. You didn't know the security space well. You came in from a different background. I guess we'd love to hear a short summary of sort of how you've thought about the opportunity that you took at Palo Alto and sort of where you're taking it as we look at the future and how that might be different than we thought about Palo Alto before you arrived.

所以Nikesh再次感谢你们加入我们这里,特别是你们所做的一切。 我通常不会过分恭维管理团队,但我认为你昨天做得非常好,有些问题正在进行并解决这些问题。

所以我想我想要开始,你已经担任了大约一年的首席执行官。 我认为其中一个问题是很多人,投资者对此并不了解。 你不太了解安全空间。 你是从不同的背景进来的。 我想我们很想听到你如何看待你在Palo Alto遇到的机会的简短总结,以及你在看待未来时所处的位置,以及这可能与 在你到达之前我们考虑过Palo Alto。

Nikesh Arora

Nikesh Arora

Great. So first of all, thank you for having me, and I appreciate the compliment, especially since you qualify it by saying you don't compliment management. So I'll take it for what it's worth. We'll see what it is next here. But I came to Palo Alto about 12, 13 months ago. And at a macro level, I was convinced that cyber -- both technology spending and cybersecurity is a growth business, right? I personally believe that in the next 10 years, 30% of the market capital world will be tech-enabled businesses, right? And again, we can debate whether Uber is a tech-enabled business or a transportation business, but that's what I believe.
If you couple that with the fact that there is constant connectivity [indiscernible] your bandwidth, everybody has to be connected, which is both an opportunity and a challenge because you have to secure things very differently enough. I have to secure every interaction from every consumer and every business going forward.
So with that as a background, I came to Palo Alto Networks. I spent the last 12 months studying the space and obviously understanding the company and keeping us on track. And what is fascinating is that in cybersecurity, no company has actually made a successful long-term move from being a great single product company to being able to provide multiple products that talk to each other and make sense. And that's kind of the ding against the industry. If you look, there's been companies gone to $20 million [indiscernible] because they were great and people thought they were going to be the next best thing. And then suddenly, they got deflated to being a one-product play. And we talk about customers having lots and lots of vendors in their security infrastructure.
So with that as a background, we spent the last 12 months aligning on how we believe we can be a multiproduct business and make our products talk to each other in a way that it provides customers what they need and also allows us to leverage what people need built from a distribution perspective. So I'll stop there. And as we go through the rest of the session, we can elaborate on those things.

大。首先,感谢你拥有我,我感谢你的赞美,特别是因为你认为你不赞美管理。所以我会把它拿走它的价值。我们将在这里看到它的下一步。但是大约12个月,13个月前我来到帕洛阿尔托。从宏观层面来说,我确信网络 - 技术支出和网络安全都是增长型业务,对吧?我个人认为,在未来10年内,30%的市场资本将是技术型企业,对吧?而且,我们可以辩论优步是一家技术型企业还是运输企业,但这就是我所相信的。

如果你将这种情况与持续连接[音频不清晰]的事实相结合,那么每个人都必须连接,这既是机遇也是挑战,因为你必须以非常不同的方式保护事物。我必须确保每个消费者和每个企业的每一次互动都能得到保障。

以此为背景,我来到了Palo Alto Networks。过去12个月我一直在研究这个空间,并且明显了解公司并使我们保持正轨。令人着迷的是,在网络安全方面,没有一家公司真正成功地从一家伟大的单一产品公司成长为能够提供多种产品,相互交流并且有意义。这就是对行业的反对。如果你看,有些公司已经达到2000万美元[音频不清晰],因为它们很棒,人们认为它们将成为下一个最好的东西。然后突然之间,他们瘪了一个单品。我们谈论的是在其安全基础架构中拥有大量供应商的客户。

因此,作为背景,我们在过去的12个月里一直在调整我们如何相信我们可以成为一个多产品业务,并使我们的产品以一种为客户提供他们需要的方式相互交流,并且还允许我们利用人们需要从分布角度构建。所以我会在那里停下来。当我们完成剩下的会议时,我们可以详细说明这些事情。

Walter Pritchard

Sure. So let's take it up there. So undisputedly, the company has come in, taken a lot of share in the firewall market, is the leader in terms of new sales. We can talk about installed base and all that. But in terms of new sales, how do you -- I think one of the primary investor concerns I hear is the firewall is going to become less important as we move to the cloud. And you have this challenge of a large revenue base in the firewall market, trying to stay relevant as -- and trying to lead the relevance as the security world moves to cloud. So how do you sort of play that balance where near-term revenues, firewall, the future is cloud and you kind of you've got to balance it?

当然。 所以让我们把它拿出来。 无可争议的是,该公司已经进入防火墙市场占据了很大份额,在新销售方面处于领先地位。 我们可以谈论已安装的基础和所有这些。 但就新的销售而言,您如何 - 我认为我听到的主要投资者关注点之一是随着我们迁移到云端,防火墙将变得不那么重要。 而且,您面临着防火墙市场庞大收入基础的挑战,并试图保持相关性,并在安全领域转向云时尝试引领相关性。 那么,你如何在近期收入,防火墙,未来云计算方面发挥平衡作用,你必须平衡它?

Nikesh Arora

Nikesh Arora

So 12 months ago, again, when I came, we were at $200 million plus of billings outside of firewalls. About 8% of our billings were non-firewalls, right? We spent the last 12 months taking that number up to 13%. And it's not just taking the number up to 13%. It's really understanding what's the right go-to-market motion, what's the leverage model, what's the customer success model to take it to 13%? We feel very comfortable that in the next 3 years, we can take it to 13%. And if you don't mind, I've asked my team to see if we can pull up a slide we showed yesterday at the Analyst Day. And if they can, I'd like to highlight that letting that fundamentally encapsulates what we're committing to and what we're trying to do. And hopefully, they can pull it up.
But we focused on cloud early 12 months ago. We've had success. We've got over 1,000 customers using our cloud security. There's no company in the cybersecurity space with 1,000 cloud security customers, none. And cloud security is not you're routing your traffic to the proxy. It's actually securing your AWS workloads, your GCP workloads, your Azure workloads, your containers out there in the public cloud. So that's cloud security. It's not SaaS securing your Salesforce. It's actually securing where the $60 billion is being spent this year. And if people move their stuff to cloud, you've got to secure it. We're the one company in the world with 1,000 customers. We spent the last 12 months getting there. We plan to stay in that leadership position for the rest of our lives at Palo Alto Networks.
So we believe it's a blue ocean. Nobody is out there. No other traditional cybersecurity companies have a play in that space. Every competitor of ours is less than 100 people either in some tech hub in Israel or in some tech hub in Silicon Valley, and hence, I think it's an unfair fight for them because they have to know how to scale this from a go-to-market perspective. So we feel comfortable on that.
And we spent the last 12 months, I think the best way to describe it is the next generation of EDR, which is called XDR, which is effectively probably what CrowdStrike does in the market, where I am taking firewall data and endpoint data, putting it together and being able to stitch it and to be around -- it's just like what CrowdStrike does with the endpoint, we don't have the endpoint and the firewall. Launched just 5 months ago, 250 customers, winning against CrowdStrike head-to-head in pretty much a majority of our installed base.
So we feel comfortable that those 2 product platforms that sit next to the firewall, we did $452 million in billings this year at 13%. We are committing to getting to between $800 million, $810 million in FY '20 and $1.75 billion in FY '22. If the slide was up there, we can -- we're technologically challenged right now. So we will get it there.
But we just did a little thing for ourselves to see how would that compared to billings projected by Okta, CrowdStrike and Zscaler. At $1.8 billion, we are $700 million more in FY '22 than Okta, probably $1 billion more or more than that than CrowdStrike or Zscaler. So if that's not us being able to build a second and third product leg for Palo Alto Networks in a span of 4 years, I don't know what is.

所以12个月前,当我来的时候,我们还有2亿美元以上的防火墙以外的账单。我们大约8%的账单都是非防火墙的,对吧?我们花了12个月的时间将这个数字提高到13%。并且它不仅仅是将这个数字提高到13%。它真正了解什么是正确的市场运动,什么是杠杆模型,客户成功模式是什么让它达到13%?我们感到非常舒服,在接下来的3年里,我们可以把它提高到13%。如果你不介意的话,我已经让我的团队看看我们是否可以提起我们昨天在分析师日展示的幻灯片。如果可以的话,我想强调的是,让它从根本上包含了我们所承诺的以及我们正在努力做的事情。希望他们可以提升它。

但是我们在12个月前关注云。我们取得了成功。我们有超过1,000名客户使用我们的云安全性。网络安全领域没有公司拥有1,000名云安全客户,没有。云安全性不是您将流量路由到代理。它实际上保护了您的AWS工作负载,GCP工作负载,Azure工作负载以及公共云中的容器。这就是云安全。保证Salesforce不是SaaS。它实际上确保了今年600亿美元的支出。如果人们将他们的东西移到云端,你就必须保护它。我们是全球拥有1,000家客户的公司。我们花了12个月才到达那里。我们计划在Palo Alto Networks度过我们余生的领导地位。

所以我们相信这是一片蓝色的海洋。没有人在那里。没有其他传统的网络安全公司在这个领域发挥作用。我们的每个竞争对手在以色列的某个技术中心或硅谷的某个技术中心都不到100人,因此,我认为这对他们来说是一场不公平的斗争,因为他们必须知道如何从市场观点。所以我们对此感到很自在。

我们花了整整12个月的时间,我认为描述它的最佳方式是下一代EDR,称为XDR,这实际上可能是CrowdStrike在市场上所做的,我在那里采取防火墙数据和端点数据,它可以在一起并且能够将它缝合在一起 - 就像CrowdStrike对端点所做的那样,我们没有端点和防火墙。仅在5个月前推出的250位客户,在我们已安装的大部分基础上与CrowdStrike进行了直接竞争。

因此,我们感觉很舒服那两个位于防火墙旁边的产品平台,我们今年的支出为4.52亿美元,占13%。我们承诺在20财年达到8亿美元,8.1亿美元,到22财年达到17.5亿美元。如果幻灯片在那里,我们可以 - 我们现在在技术上受到挑战。所以我们会在那里得到它。

但我们只是为自己做了一件小事,看看与Okta,CrowdStrike和Zscaler预测的账单相比如何。 22亿财年,我们比Okta多7亿美元,比CrowdStrike或Zscaler多出10亿美元或更多。因此,如果我们不能在4年内为Palo Alto Networks建立第二和第三产品,我不知道是什么。

Walter Pritchard

Got it. So if we focus -- so you've laid out this securing the enterprise, securing the cloud, securing the future. I think that's the third bucket. So on the securing the enterprise piece, I think as you sort of back-calculate the guidance and look at sort of the trajectory to 2023, you actually are still looking for growth in the securing the enterprise bucket. Where -- I think what gives you the confidence in the growth of that piece? Because I think we could talk about the other 2 pieces and how much growth -- the only question with growth markets. That's the one, I think, a lot of investors debate sort of what's the trajectory look like there as we go through this transition.

得到它了。 因此,如果我们关注 - 所以您已经确定了保护企业,保护云,确保未来。 我认为这是第三桶。 因此,在确保企业部分的安全性时,我认为当您回顾计算指导并查看到2023年的轨迹时,您实际上仍在寻找保护企业存储桶的增长。 哪里 - 我认为是什么让你对这件作品的成长充满信心? 因为我认为我们可以讨论其他两件事和多少增长 - 这是增长市场的唯一问题。 我认为,那就是那个,当我们经历这种转变时,很多投资者都会讨论那种轨迹是什么样的。

Nikesh Arora

Nikesh Arora

Look, I mean, if you look at our forecast, we have significantly tamed our expectations on boxes and firewalls. We believe a lot of the shift will be software form factors. For example, we highlighted it yesterday, a very large retailer trying to secure 2000 stores. They got a pitch from a traditional firewall company with a hardware box in 2,000 stores. We believe architecture is better to a software form factor because going to 2,000 stores and putting a hardware box and connecting it takes about 1 year for most customers. That's a long time for you to be going through a hardware refresh, 1 year.
Software form factor can be deployed in 3 months, and every software update is instantaneous. You can update. You can deploy it the next day in your entire enterprise. So we went to the software form factor. It's an over $10 million software form factor deal for Prisma Access competing with a hardware firewall. So what we discovered -- there we go, thank you.
What we discovered is that we think the shift is going to be more towards software. In addition to that, we added over 10,000 customers last fiscal year. We added 10,000 customers the year before. We don't see that trend stopping. So we believe there's customer additions going on. We have over 65,000 customers for firewalls. You see that trend continuing, being able to add customers, which adds to the revenue as well as this ability to replace competitors to software form factor.
Can we just -- so that's the slide we put up yesterday. We grew our next-generation security business, Prisma and Cortex, by 89% this past year, which compares well with the 3 -- somebody calls them 3 horsemen or horse people or horse companies of security or the darlings. We're just envious of their valuations, so we feel compelled to compare ourselves with them.
We're very comfortable getting the HO 5 next year, which we believe is approximately twice the growth rate of anybody else in this space. And we think that gets us to a bigger absolute billings number compared to any of those 3. And we believe in FY '22, if we get to $1.8 billion, which we are committing to get there, we would have been growing at 57%. And as I said, it puts us between $800 million to $1 billion more than any of the 3 who enjoy robust valuations.

看,我的意思是,如果你看一下我们的预测,我们已经大大调整了我们对箱子和防火墙的期望。我们相信很多转变将是软件形式因素。例如,我们昨天突出了它,一家非常大的零售商试图获得2000家商店。他们从一家传统的防火墙公司获得了一个间距,在2000家商店中有一个硬件盒。我们认为架构对于软件外形更好,因为对于大多数客户来说,进入2,000家商店并放置硬件盒并连接它需要大约1年的时间。你需要花费很长时间才能完成一年的硬件更新。

软件外形可以在3个月内部署,每个软件更新都是即时的。你可以更新。您可以在第二天在整个企业中部署它。所以我们去了软件外形。这是Prisma Access与硬件防火墙竞争的超过1000万美元的软件外形交易。所以我们发现了 - 我们走了,谢谢你。

我们发现,我们认为转变将更多地转向软件。除此之外,我们在上一财年增加了10,000多名客户。我们前一年增加了10,000名客户。我们没有看到这种趋势停止。所以我们相信会有客户增加。我们有超过65,000个防火墙客户。您可以看到这种趋势仍在继续,能够增加客户,这增加了收入以及将竞争对手替换为软件外形的能力。

我们可以 - 所以这就是我们昨天提出的幻灯片。去年,我们将下一代安全业务Prisma和Cortex的增长率提高了89%,与3相比也很好 - 有人称他们为3名骑兵或马人或马匹公司的安全或宠儿。我们只是羡慕他们的估值,所以我们不得不与他们进行比较。

明年我们很容易获得HO 5,我们认为这是该领域其他任何人的增长率的两倍。而且我们认为这使得我们的绝对账单数量与其中任何一个相比都更大。我们相信在22财年,如果我们达到18亿美元,我们承诺实现这一目标,那么我们的增长率将达到57% 。正如我所说的那样,它比我们拥有强劲估值的3家公司中的任何一家多出8亿至10亿美元。

Walter Pritchard

So diving into this year, you have the Prisma and Cortex logos here kind of flagshipping the next-gen security. Maybe you could help us understand what are the -- are those 2 the biggest drivers? What are the biggest drivers to achieving this? And then do you -- you've done some organic build. You've done some acquisition. Do you have the portfolio you need at this point to get to the implied $1.8 billion in 2022?

因此,潜入今年,你在这里有Prisma和Cortex标志,标志着下一代安全。 也许你可以帮助我们了解这两个最大的驱动因素是什么? 实现这一目标的最大驱动力是什么? 然后你 - 你做了一些有机构建。 你做了一些收购。 您是否拥有此时需要的投资组合,以达到2022年隐含的18亿美元?

Nikesh Arora

Nikesh Arora

So Prisma has two parts. One is Prisma Access. The best way to think about it is Zscaler with security, which is basically where the market is going, the software form factor, the connected to the branch, mobile users, SD-WAN, that's Prisma Access, which is where as I explained, we just won a very large deal with a retailer. We showed a video yesterday, one of the largest health care systems in Europe with over 1 million employees. Both are over €10 million deals just for Prisma Access replacing hardware firewalls from competitors, right? So that's Prisma Access.
The other piece of that is Prisma Cloud, which is the combination of our acquisition of RedLock, Twistlock and PureSec, which will all be innovative before the end of this calendar year, which is where we have over 1,000 customers, which we announced last quarter, we had done $25 million in billings in our workload business -- workload security business. And that's doing really well for us. So the combination of Prisma Access and Prisma Cloud is where Prisma is.
Cortex is two pieces. One is Cortex XDR, which is effectively the next generation of CrowdStrike. And Demisto, which is an acquisition we made, which competes Phantom, which is bought by Splunk. They're both doing really well for us. They're part of our strong confirmation strategy and the future strategy we talked about. So those are the two big pillars we believe we can create the opportunity to get $1.8 billion.
The last 12 months we'd really have worked hard at making sure that these products win on technical merits and are best of breed. So Forrester just did a ranking, and they claimed Cortex XDR beats every competitor by at least 10 percentage points on security, which was not the case 12 months ago when we had the product.

所以Prisma有两个部分。一个是Prisma Access。考虑它的最佳方式是Zscaler的安全性,它基本上是市场的发展方向,软件外形,连接到分支机构,移动用户,SD-WAN,这是Prisma Access,这是我解释的地方,我们刚刚与零售商赢得了很大的交易。我们昨天播放了一段视频,这是欧洲最大的医疗保健系统之一,拥有超过100万名员工。两者都是超过1000万欧元的交易,仅用于Prisma Access取代竞争对手的硬件防火墙,对吗?这就是Prisma Access。

另一部分是Prisma Cloud,这是我们收购RedLock,Twistlock和PureSec的结合,这些都将在本日历年结束之前进行创新,这是我们有超过1,000个客户,我们在上个季度宣布,我们在工作量业务中做了2500万美元的工资 - 工作量安全业务。这对我们来说非常好。所以Prisma Access和Prisma Cloud的结合就是Prisma的所在。

皮质是两件。一个是Cortex XDR,它实际上是下一代CrowdStrike。而Demisto,这是我们收购的一项收购,与Splunk收购的Phantom竞争。他们对我们都做得很好。它们是我们强有力的确认策略和我们谈到的未来战略的一部分。所以这些是我们认为可以创造18亿美元机会的两大支柱。

在过去的12个月里,我们确实努力确保这些产品在技术优势上获胜并且是最好的。因此,Forrester刚刚进行了排名,他们声称Cortex XDR在安全方面至少比竞争对手高出10个百分点,而12个月前我们购买该产品的情况并非如此。

Walter Pritchard

Got it. So talking about that 1,000 customers and securing the workloads in the public cloud. I think investors have become pretty comfortable with the model on-prem, where there's an amount of IT spend and there's security spend that sort of almost is like you buy insurance for your house, you buy insurance for your car, you buy insurance for your IT. How do you think about, there's $60 billion, whatever the number is, if you want to talk about hyperscale. 1,000 customers each spending some money but not a lot. I mean it feels like, to some degree, the security opportunity in the public cloud, if you think about that on-prem model, isn't necessarily attaching at the rate that we see on-prem. How do you think that goes?

得到它了。 因此,讨论这1,000个客户并确保公共云中的工作负载安全。 我认为投资者已经对这个模型在内部变得非常舒服,那里有大量的IT支出和安全支出几乎就像你为你的房子购买保险,你为你的车购买保险,你为你购买保险 它。 您如何看待,如果您想谈论超大规模,那么无论数量多少,都有600亿美元。 1,000个客户各自花费一些钱而不是很多。 我的意思是,在某种程度上,公共云中的安全机会,如果你考虑那个本地模型,并不一定以我们在本地看到的速度附加。 你觉得怎么样?

Nikesh Arora

Nikesh Arora

There's two parts to it. When customers go to public cloud, they don't have to secure their data center anymore because it necessarily belongs to AWS, GCP, Azure, and those guys have figured out how to secure the data center. But when you go there and you take your workload, your take your application. You have an e-commerce application, which is your customer is accessing your store. It's running on AWS. How you write the application determines whether you get hacked or not, right? We had a recent big hack -- an insurance services client who -- not ours, who would deploy their workload to the cloud and they were not secure.

它有两个部分。 当客户进入公共云时,他们不再需要保护他们的数据中心,因为它必然属于AWS,GCP,Azure,而这些人已经找到了如何保护数据中心的方法。 但是当你去那里并且你承担了你的工作量时,你就会接受你的申请。 您有一个电子商务应用程序,您的客户正在访问您的商店。 它正在AWS上运行。 你如何编写应用程序决定你是否被黑客入侵,对吧? 我们最近有一个大黑客 - 一个保险服务客户 - 他们不是我们的,他们会将他们的工作量部署到云端而且他们不安全。

Walter Pritchard

Yes. Not Citi.

是。 不是花旗。

Nikesh Arora

Nikesh Arora

Sorry?

抱歉?

Walter Pritchard

I said not Citi.

我说不是花旗。

Nikesh Arora

Nikesh Arora

Yes. Not you guys. Not -- so that part is not fully appreciated that the amount of security is needed to protect it. Now our estimates are, if securing the enterprise is 6% to 10% of IT spend in the financial services and governments go to 10%, other customers at 6%, we think roughly 3% to 5% should be advanced to cloud security -- to cloud security. Now cloud security will come either from your native cloud provider. AWS, GCP, Azure have security products, but they only secure you for specific cloud, AWS or GCP or Azure. The moment our customers go multi-cloud, VMware and AWS, GCP, Azure, you need a multi-cloud product. So we're focused on multi-cloud security. That's why we believe we should be able to get share.
But we're 2.5% of the cybersecurity industry. From a market share perspective, we're number one. I'd love to have 30% of public cloud security. That's a pretty good place to start. I don't mind if the native guys have 70% or other people have it, but we're trying to make sure that we become a significant player in the cloud security space. And so far, as I mentioned, we don't have any competitor in the market who can do cloud workload, serverless and containers in one platform. And we intend to stay at the forefront of this. If there is a next-generation technology that's out there that somebody else has got, which we don't, we will either rapidly build or most likely rapidly acquire.

是。不是你们。不是 - 所以不完全意识到需要保护安全量的部分。现在我们的估计是,如果保证企业的金融服务IT支出占6%到10%,政府支持10%,其他客户占6%,我们认为大约3%到5%应该提升到云安全 - - 云安全。现在,云安全性将来自您的原生云提供商。 AWS,GCP,Azure具有安全产品,但它们仅为特定云,AWS或GCP或Azure保护您。当我们的客户走向多云,VMware和AWS,GCP,Azure时,您需要一个多云产品。所以我们专注于多云安全。这就是我们相信我们应该能够分享的原因。

但我们占网络安全行业的2.5%。从市场份额的角度来看,我们排名第一。我希望拥有30%的公共云安全性。这是一个非常好的起点。我不介意本土人有70%或其他人拥有它,但我们正在努力确保我们成为云安全领域的重要参与者。到目前为止,正如我所提到的,我们在市场上没有任何可以在一个平台上执行云工作负载,无服务器和容器的竞争对手。我们打算始终站在最前沿。如果有其他人拥有的下一代技术,我们没有,我们将迅速建立或很可能迅速获得。

Walter Pritchard

Got it. Okay. I want to return to that topic because I think there's a discussion, there's been a discussion ongoing here with you, the CEO, and so forth. But as it relates to the public cloud players, so I'd say you arguably know at least one of them very, very well given your tenure at Google. This debate about what the native cloud providers do themselves, I think no one argues there's not a role for an independent. The question is, do the native players do 90% of that and there's a management layer on top? How do you think about in terms of your observations from customers that are maybe on the forefront there of public cloud adoption, sort of what are they turning to the independent provider like you to do? And where in your product portfolios that's manifesting itself?

得到它了。 好的。 我想回到那个话题,因为我认为有一个讨论,这里正在与你,首席执行官等进行讨论。 但是因为它与公共云播放器有关,所以我说你可以说至少知道其中一个非常非常好,因为你在谷歌任职。 关于本机云提供商自己做什么的辩论,我认为没有人认为没有独立的角色。 问题是,本土玩家做了90%的事情并且有一个管理层吗? 您如何看待客户的观察结果,这些客户可能是公共云采用的最前沿,他们会转向像您这样的独立提供商? 您的产品组合中的哪些表现形式?

Nikesh Arora

Nikesh Arora

So let's talk about what does -- when Citibank goes to the cloud, what happens, right? You have two choices. You can delete your apps you have running in a data center or use publicly available apps, like Salesforce, Workday, which you do for some things. But there's a whole financial transaction app here, right, which is looking great now. I'm going to go write this apps into AWS. I'm going to use a combination of workloads and serverless code and containers [indiscernible]. Now that app is going to make calls back into your data center, where you're going to just keep your data and offering the cloud. So you're going to go back between the public cloud and your private cloud and you have other databases that belong to your data center.
Now you need a security product that allows you to look across the entire ecosystem, say, where is this thing going? Now when it comes out of the public cloud, it's going to go through a firewall and through a data center. If you don't have visibility in the firewall, then you lose sight the moment you come from the public cloud. You can start looking at Palo Alto firewalls. When you're in the public cloud, you're looking at AWS security bins.
So you need to be able to follow the journey of the entire application through a multitude of clouds or different data centers that you have. So you need a product that allows you to look at one end-to-end basis. Otherwise you're back to the SoC, where you've got secondary products, and you say, wait, how do I trace the journey of my application? So that's where we think our customers understand this, and they want to go operate a multi-cloud security product. The good news is unlike enterprise IT security, cloud security is priced just the way cloud is priced on a consumption basis, right? So depending on the number of workloads you're protecting, you're going to pay for cloud security. So customers don't have to go write a big $10 million check upfront and say I'm buying firewall. Okay, you know what, as my workloads go from 5,000, 10,000, 15,000, 20,000 to 40,000, I'm just going to see a 2% to 4% increase in my, like you said, insurance to make sure that my cloud is protected.

那么让我们谈谈做什么 - 当花旗银行进入云端时,会发生什么,对吧?你有两个选择。您可以删除在数据中心中运行的应用程序,也可以使用公开提供的应用程序,例如Salesforce,Workday,您可以执行某些操作。但是这里有一个完整的金融交易应用程序,现在看起来很棒。我打算将这些应用程序写入AWS。我将使用工作负载和无服务器代码和容器的组合[音频不清晰]。现在该应用程序将打回您的数据中心,您将在那里保留数据并提供云。因此,您将回到公共云和私有云之间,并且您拥有属于您的数据中心的其他数据库。

现在你需要一个安全产品,让你可以看到整个生态系统,比如,这个东西在哪里?现在,当它出现在公共云之外时,它将通过防火墙和数据中心。如果您在防火墙中没有可见性,那么当您来自公共云时,您就会失去视力。您可以开始查看Palo Alto防火墙。当您在公共云中时,您正在查看AWS安全箱。

因此,您需要能够通过您拥有的众多云或不同的数据中心来跟踪整个应用程序的旅程。因此,您需要一种允许您查看端到端的产品。否则你会回到SoC,在那里你有二级产品,你说,等等,我如何追踪我的申请之旅?因此,我们认为客户了解这一点,他们希望运营多云安全产品。好消息与企业IT安全不同,云安全的定价就像云在消费基础上的定价一样,对吧?因此,根据您保护的工作负载数量,您将支付云安全费用。因此,客户不必先预订1000万美元的大额支票,并说我正在购买防火墙。好吧,你知道吗,因为我的工作量从5,000,1,000,15,000,20,000到40,000,我只会看到我的保险增加2%到4%,就像你说的那样,保险以确保我的云是保护。

Walter Pritchard

Got it. So going back to the build or buy topic, I think that -- when you came in as CEO, there was a large acquisition that didn't -- that had to happen. You actually have spent a fair amount of money, say, in the few months, few quarters before you came as CEO until maybe last quarter. What is your sort of as you look at using capital to do acquisitions, how do you -- or the multiples? Is it return on -- you're looking for return? Is it a product hold that you have to get to market quickly? What's sort of the framework around buying? And how should we look at the future relative to what you've done over the last 15 months or so?

得到它了。 所以回到构建或购买主题,我认为 - 当你作为首席执行官进入时,有一个大型收购没有 - 必须发生。 实际上,在你担任首席执行官之前的几个月,几个季度,你可能花了相当多的钱,直到上个季度。 当你看到使用资本进行收购时,你是怎样的,你是怎么做的 - 或者是倍数? 是回归 - 你在寻找回报吗? 是否需要快速进入市场? 什么是围绕购买的框架? 我们应该如何看待未来相对于你在过去15个月左右所做的事情?

Nikesh Arora

Nikesh Arora

Yes. Great. So we laid out five very clear principles in M&A. So doing that, people say I'm going to go out and buy large companies just for shareholder value is not a good idea. So first and foremost, we prefer not to buy overlapping products. I don't want to buy another firewall company. I don't want to buy another endpoint company because it's a nightmare to maintain them, it's a nightmare to maintain 2 sets of code. And who do you tell your customer which is better? We've been fighting new sales if ever. So no large overlapping companies, not interested. We prefer blue oceans. We like spaces where there are less competitors, much easier to convince customers to use our products. Cloud security is one of those. I'd love -- just love PureSec, have small competitors, which are not big enough to compete with us.
We prefer product and team versus revenue. I want to pay 10x $100 million because that $900 million that I'd have to go generate enough revenue for the next 3 years to pay back for the multiple I pay. I prefer to have a team that has worked for 4 or 5 years, built a great product, a product market fit, has $2 million to $5 million, $10 million in ARR to show that they've actually got customers that are going to pay for their product. That's a wonderful sweet spot for me to go acquire them because I have a go-to-market machine now, which I can go in just and integrated product into and amplify 2,000 sales people on the field. So we prefer buying product, not revenue.
And we want to look at areas which have long-term large dams. So cloud security is a large TAMs. So cloud security has a large TAM. IoT has a large TAM for the amount we pay. We paid $75 million to buy Zingbox. We think if 10,000 customers pay us $52,000 each, that's $500 million, right? So that's a nice return on investment on a revenue basis. It may take us 3 to 5 years to get there. But anytime I can put $75 million to work and generate $500 million of revenue with low go-to-market cost and low friction, I'd like to do it.
And that's the only exception, that if we can attach it to a firewall, then we'll buy things which are in red oceans. But because our go-to-market, to illustrate that, we launched a product called DNS Security 6 months ago. We attached to our firewall as we get approximately 2,000 to 3,000 customers a quarter. We, in the last 2 quarters, have attached to over 500 firewall sales with one salesperson. Actually, one go-to-market person. That person generated 600 firewall attaches by purely educating our sales team going on in selling. I like that return on investment.

是。大。因此,我们在并购中提出了五个非常明确的原则。所以这样做,人们说我出去买大公司只是为了股东价值并不是一个好主意。首先,我们不希望购买重叠产品。我不想再买另一家防火墙公司。我不想购买另一家端点公司,因为维护它们是一场噩梦,维护两套代码是一场噩梦。谁告诉你的客户哪个更好?如果有的话,我们一直在争取新的销售。所以没有大的重叠公司,没有兴趣。我们更喜欢蓝色的海洋。我们喜欢竞争对手较少的空间,更容易说服客户使用我们的产品。云安全就是其中之一。我喜欢 - 只是喜欢PureSec,有小竞争对手,它们不足以与我们竞争。

我们更喜欢产品和团队与收入。我想支付10倍1亿美元,因为9亿美元我必须在接下来的3年内产生足够的收入以偿还我支付的倍数。我更喜欢拥有一个已经工作了4年或5年的团队,建立了一个优秀的产品,适合的产品市场,200万到500万美元,ARR 1000万美元,以表明他们实际上已经有了支付的客户为他们的产品。这对我来说是一个很好的最佳选择,因为我现在拥有一台上市机器,我可以将其整合到一起,并将2000名销售人员扩展到现场。所以我们更喜欢购买产品而不是收入。

我们想看看有长期大坝的地区。因此,云安全性是一个很大的TAM。因此,云安全性具有很大的TAM。物联网对我们支付的金额有很大的TAM。我们花了7500万美元购买了Zingbox。我们认为,如果10,000个客户每人支付52,000美元,那就是5亿美元,对吗?所以这是一个很好的投资回报率。到达那里可能需要3到5年的时间。但是,任何时候我都可以投入7500万美元用于工作并以低市场成本和低摩擦产生5亿美元的收入,我想这样做。

这是唯一的例外,如果我们可以将它附加到防火墙,那么我们将购买红海洋中的东西。但是,由于我们的上市,为了说明这一点,我们在6个月前推出了一款名为DNS Security的产品。我们连接到防火墙,因为我们每季度大约有2,000到3,000名客户。在过去的两个季度中,我们与一位销售人员进行了500多次防火墙销售。实际上,一个上市的人。那个人通过纯粹教育我们的销售团队继续销售产生了600个防火墙附件。我喜欢这种投资回报。

Walter Pritchard

Yes. Yes. Got it, got it.

是。 是。 得到它,得到它。

Nikesh Arora

Nikesh Arora

So that's our strategy. So don't expect us to go out and buy large cybersecurity companies. We prefer competing against them.

这就是我们的策略。 因此,不要指望我们出去购买大型网络安全公司。 我们更愿意与他们竞争。

Walter Pritchard

Got it. One other thing I get a lot of questions on from investors and there's been a lot of CRM coverage, sell side coverage. There's been -- you came in as CEO and there's been a fair degree of turnover within the company. Can you talk about the management team as it stands today sort of how you're sort of pushing that to evolve and maybe just a broader employee population given you're evolving from an appliance-centric hardware business to a business that's going to be 1/3, at least 1/3 these software products over time?

得到它了。 另外一件事我从投资者那里得到了很多问题,并且有大量的CRM报道,卖方报道。 曾经 - 你作为首席执行官进入公司并且公司内部的营业额相当高。 你能谈谈现在的管理团队吗?考虑到你从一个以设备为中心的硬件业务发展到一个将要成为1的企业,你是如何推动这一过程发展的,也许只是一个更广泛的员工群体 / 3,随着时间的推移,这些软件产品至少有1/3?

Nikesh Arora

Nikesh Arora

Yes. So I think that's a good question. Look, we were a 92% firewall or firewall attached business when I walked in 1 year ago. That means our DNA is to have appliances. How do you make sure the boxes get out in time? How do you revenue upfront? It's the whole DNA of the company is set up to sell hardware. As many of you know, it's hard to change DNA quickly in a company who's been doing something very successful. 11 years of success and 11 years of competing with Fortinet, Check Point, Cisco. All these guys are actually building the largest firewall business to supply it in the way people did things.
Now you've got to make sure you can build category 2 and category 3 products. So I'll give an example. When I walked in, we bought a company. We discombobulated that company and put it functionally into different teams. Now remember, our product development structure was a hardware structure. So QA is a very big part of product development and hardware because if you send a box out which has a bug or a flaw, you've got to call all the boxes back. That's not a good outcome in any hardware business.
So QA is very important, very, very critical and takes a long time. We took a software company and put it in the same model. You can spend 2 months doing software QA. Your developer is sitting, twiddling their thumbs, saying, okay, hurry up guys. Do you like my code? I only got version 7 of what I gave you 2 months ago, right? So we discombobulated the software business and tried to put them into a hardware model. We can't do that. You have one software business that's different than a hardware business and appliance and go-to-market. How do you sell software versus hardware?
So we have to make sure we were creating a new motion across the company on customer success and go-to-market, on product development, which is more akin to the two platforms we're trying to create as opposed to the hardware model. That requires different DNA. We've added about 15 -- or we have about 1,500 people in Prisma and Cortex out of 7,000, which is to be much smaller number. We got about 1,000 last year in that space, which is effectively DNA across the entire stack from all the way from entry level, all the way to senior management. But we had to make the management DNA adapt as well to this new place we want to be.
So part of the evolution you're seeing is you're seeing us bring in management who understands the different places we want to play in and none of the transitions that you read about are surprises to us. These are managed transitions. There's a logic why these happen and the timing of these.

是。所以我认为这是一个很好的问题。我看,当我1年前走路时,我们是92%的防火墙或防火墙连接业务。这意味着我们的DNA就是装备。你怎么确保盒子及时出来?你如何预先收入?这是该公司的整个DNA设立销售硬件。正如你们许多人所知,在一家非常成功的公司里很难迅速改变DNA。 11年的成功和11年与思科Check Point的Fortinet竞争。所有这些人实际上正在构建最大的防火墙业务,以人们做事的方式提供它。

现在,您必须确保可以构建第2类和第3类产品。所以我举个例子。当我走进去的时候,我们买了一家公司。我们将该公司解散,并将其功能性地分配到不同的团队中。现在请记住,我们的产品开发结构是硬件结构。所以QA是产品开发和硬件的重要组成部分,因为如果你发送一个有错误或缺陷的盒子,你必须把所有的盒子都打回来。这在任何硬件业务中都不是一个好结果。

所以质量保证非常重要,非常非常关键,需要很长时间。我们选择了一家软件公司并将其放在同一型号中。你可以花2个月做软件质量保证。你的开发人员正坐着,歪着大拇指说,好吧,快点。你喜欢我的代码吗?我只得到了2个月前我给你的第7版,对吗?因此,我们将软件业务分解,并尝试将它们置于硬件模型中。我们做不到。您有一个与硬件业务和设备不同的软件业务,并且是市场推广的。你如何销售软件与硬件?

因此,我们必须确保我们在整个公司内创建一个关于客户成功和产品开发上市的新动议,这更像是我们试图创建的两个平台,而不是硬件模型。这需要不同的DNA。我们已经添加了大约15个 - 或者我们在Prisma和Cortex中有大约1,500人,其中7,000个人的数量要小得多。去年我们在那个空间里获得了大约1,000个,从入门级到高级管理层,从整个堆栈到整个堆栈都是有效的DNA。但我们必须让管理DNA适应我们想要的这个新地方。

因此,您所看到的部分演变是您看到我们引入管理层,他们了解我们想要参与的不同地方,而您所读到的任何过渡都不会给我们带来惊喜。这些是托管转换。有一个逻辑,为什么这些发生和这些的时机。

Walter Pritchard

Got it. I'm going to pause a second and see if there's anybody out there that has a question. Yes, there's one in the back.

得到它了。 我要暂停一下,看看是否有人有问题。 是的,后面有一个。

身份不明的分析师

Yes. Thinking about on the last point in terms of go-to-market and channel strategy. We have seen some conflicts in February. We've seen some very hard phrases from channels in the Internet.

是。 关于进入市场和渠道战略的最后一点思考。 我们在2月份看到了一些冲突。 我们在互联网上看到了一些来自频道的非常难的短语。

Walter Pritchard

I'm sorry, what?

对不起,什么?

身份不明的分析师

You have seen some very harsh phrases from channels. What happens since then? And what's your philosophy? Do you prefer to basically do the writing for the long term and sacrifice the short term, meaning, getting into more conflict with the channels for the sake of cloud sales model? Or the other way around, you say, hey, I want to get to the quarter if that means that I will delay my strategy transition to the cloud sales model?

你已经从频道中看到了一些非常苛刻的短语。 从那时起会发生什么? 你的哲学是什么? 您是否更愿意长期写作并牺牲短期,这意味着,为了云销售模式而与渠道发生更多冲突? 或者反过来,你说,嘿,如果这意味着我将推迟我的策略过渡到云销售模式,我想进入该季度?

Nikesh Arora

Nikesh Arora

Yes. Thank you for the question. I've read a lot of analysts notes, and there has been a lot of consternation around that topic. We had a customer advisory board last year in February, where we talked about the cloud model, how the cloud model is evolving. As AWS, GCP, Azure require you to list your cloud products in their marketplace and sell it to their marketplace, they have no role for a channel in that model.
So I think we shared that with the customer advisory. That got taken and blown out of proportion. And we're still sort of talking about it 1 year later. I put up a slide yesterday to show that over the last 2 years, 99% of our business comes directly to the channel or through the channel, which hasn't changed. And the more important part I showed yesterday was in the last 2 quarters, we've done a lot of work with the channel, and our channel originated business has gone up by 300 basis points. So 42% of our business now is originated by the channel and many of our large channel partners are growing literally at twice the rate of our revenue because the amount of impact they have.
So look, channel is an important component of doing enterprise sales today and in the future. Channel is struggling with their own challenges. In cybersecurity in the last year, there is a strong surge from telcos and system integrators. So Accenture, Deloitte, PwC are building very large cyber practices. AT&T has a very large cybersecurity practice. Verizon is building one. So Telefónica has got one. So what's happening is because these people have realized the big shift to the cloud and cybersecurity, they're building cloud consulting and cybersecurity practices because both have a consulting arm as a managed service piece. So channels got more challenges from that vector as opposed to us wanting to change our models like that. I'll give anybody the 12% or 18% they need to sell more of my product. I'm not trying to be a different enterprise company.

是。感谢你的提问。我已经阅读了很多分析师的笔记,围绕这个话题引起了很多惊愕。我们去年2月份有一个客户顾问委员会,在那里我们讨论了云模型,云模型是如何发展的。由于AWS,GCP,Azure要求您在其市场中列出您的云产品并将其销售到他们的市场,因此他们在该模型中没有任何渠道角色。

所以我认为我们与客户咨询分享了这一点。这被采取并且不成比例。而且我们还是在谈论它一年后。我昨天张贴了一张幻灯片,表明在过去两年中,我们99%的业务直接来自渠道或通过渠道,但没有改变。而我昨天展示的更重要的部分是在过去的两个季度中,我们已经对渠道做了很多工作,我们的渠道创业业务已经上涨了300个基点。因此,我们42%的业务现在来自渠道,我们的许多大型渠道合作伙伴的收入增长速度是我们收入的两倍,因为他们的影响力很大。

所以看,渠道是今天和未来进行企业销售的重要组成部分。渠道正在努力应对自己的挑战。在去年的网络安全中,电信公司和系统集成商的数量激增。因此,埃森哲,德勤,普华永道正在建立非常庞大的网络实践。 AT&T拥有非常庞大的网络安全实践。 Verizon正在建设一个。所以Telefónica有一个。所以正在发生的事情是因为这些人已经实现了向云和网络安全的重大转变,他们正在构建云咨询和网络安全实践,因为他们都有一个咨询部门作为托管服务。所以渠道从那个向量中获得了更多挑战,而不是我们想要改变我们的模型。我会给任何人他们需要销售更多产品的12%或18%。我不是想成为一家不同的企业公司。

Walter Pritchard

Just another topic I think came up yesterday was highly anticipated into the Analyst Day yesterday was some of the financial parameters. And you gave a very clear, I think, 2022 path. One of the debates was around cash flow and companies' stocks have been valued on cash flow basis. And much of the sales come in as customers make three year commitments and to a high degree pay three years of cash upfront. The notion, you look at the SaaS world, a lot of customers pay you at a time, and you talked about consumption-based and so forth. You gave some very clear parameters. But as it relates to how you're running the business, what changes are you making that will impact sort of the way cash flows through? And how do you have confidence in the scenarios that you put out given the amount of changes going on within the business?

我认为昨天出现的另一个话题是昨天分析师日备受期待的一些财务参数。 你提出了一个非常明确的,我想,2022年的道路。 其中一个争论是现金流量,公司的股票已经按现金流量计算。 当客户做出三年承诺并且高度支付三年的现金时,大部分销售都会进入。 这个概念,你看看SaaS世界,很多客户一次付钱给你,你谈到了基于消费的等等。 你给了一些非常明确的参数。 但是,由于它与您如何经营业务有关,您所做的哪些改变会影响现金的流通方式? 考虑到业务中发生的变化,您如何对所提出的情景有信心?

Nikesh Arora

Nikesh Arora

Yes. So thank you again. So we generated approximately $1 billion of free cash flow this year. We expect to generate over $1 billion a year over the next 3 years. We've set out a target that we will generate $4 billion of free cash flow over the next 3 years, right? So look at that out there. If you look at our products, the firewalls sold cash upfront, subscriptions have sold roughly in 3-year bundles cash upfront. Some of the newer cloud products, they're more 2-year deals as opposed to 3-year deals on average on Prisma Cloud. Prisma Access is again a 3-year bundle because it gets compared to firewalls. Cortex XDR is kind of like firewalls because it's firewall data and endpoint data. Again, 3 years.
So when you look at it, in the last quarter, we're going through a very rigorous analysis whether we should become an ARR business and go to analog billing model. Our Board wanted us to take a look at it. I looked at it. And honestly, the rationale I think was the market gives better multiples to ARR companies. But we're not an ARR business. We're a hardware business, 87% of it this year. And I like cash flow upfront. It's phenomenal. Like people pay you upfront for 3 years in cash. It's stickiness. You paid me but you'll have to use my product for 3 years. And if I create products that are good enough, then you will come back and renew it. And our renewal rates are in the high 80s across our products. So why would I go to a shorter duration, give up cash, take a big hit from my operating margins for the next 2 or 3 years because my revenue is going to change for what, to get a better multiple 3 years out? I think we can get a better multiple growing our business at $1.8 billion of billings.
The other problem of going -- changing our model is -- and it took me 3 months to figure it out. And Kathy, our CFO, has already done this analysis before for the Board but the Board tried a new guy. So the new guy had to go and analyze it again, and I did it. And I learned right off my sales guys. The sales guys said, look, Nikesh, I'd go to a 3-year deal upfront. I will get paid commission on a 3-year deal. You ask me to do a 1-year deal, you're asking me to do 3 times as many deals to feed my family the same amount of money I've got last year. You're making my job three times harder. You sure you want to do that? The one thing I learned in enterprise is do not move the cheese around with your salespeople. It changes -- you don't know what impact you're causing. Cause-and-effect are not easily determined if you take 700 sellers and move their cheese another two months.
So as a consequence, we said we like the way our business runs. We can run to it. We can run it. Cloud is naturally going to be two year deals. So we've said we expect an erosion of duration by about 10% over the next 3 years. Our duration is in the mid-30s. So 10% duration still keeps us in the 30s. 30 months, 31 months, something like that, 28, 29 months, somewhere in that range. I think that's fine. I think that allows us to stay and generate $4 billion free cash. We have approximately $3.8 billion of cash in our balance sheet. So 3 years from now, we'll be sitting and some of that will be used for bolt-on M&As as we've described. So we're happy about our cash flow.

是。再次谢谢你。因此,我们今年产生了大约10亿美元的自由现金流。我们预计未来3年每年将产生超过10亿美元的收入。我们制定了一个目标,即在未来3年内我们将产生40亿美元的自由现金流,对吗?所以看看那里。如果你看看我们的产品,防火墙预售现金,订阅大约在3年捆绑销售现金。一些较新的云产品,它们是2年期交易,而不是Prisma Cloud平均3年交易。 Prisma Access又是一个3年的捆绑包,因为它与防火墙相比。 Cortex XDR有点像防火墙,因为它是防火墙数据和端点数据。再次,3年。

因此,当你看到它时,在上一季度,我们正在进行一项非常严格的分析,我们是否应该成为ARR业务并转向模拟计费模式。我们的董事会希望我们看看它。我看着它。老实说,我认为理由是市场给ARR公司提供了更好的倍数。但我们不是ARR业务。我们是一家硬件企业,今年占87%。而且我喜欢现金流量。这是非凡的。就像人们用现金支付你3年前一样。这是粘性。你支付了我,但你必须使用我的产品3年。如果我创造的产品足够好,那么你会回来更新它。我们的产品续订率高达80多岁。那么为什么我会缩短持续时间,放弃现金,在接下来的2到3年内从我的营业利润中受到重创,因为我的收入将会改变什么,以获得更好的多年3年?我认为我们可以以18亿美元的收入来增加我们的业务。

改变我们模型的另一个问题是 - 我花了3个月的时间来弄清楚它。我们的首席财务官Kathy之前已经为董事会做了这个分析,但董事会尝试了一个新人。所以新人必须再去分析它,我做到了。我从我的销售人员那里学到了东西。销售人员说,看,Nikesh,我会提前做3年的交易。我将通过3年的交易获得付款佣金。你让我做了一年的交易,你要我做3倍的交易,为我的家人提供与去年相同的金额。你让我的工作难三倍了。你确定要这样做吗?我在企业中学到的一件事就是不要和销售人员一起搬家。它会改变 - 你不知道你造成了什么影响。如果你带走700个卖家并将奶酪再移动两个月,那么因果关系并不容易确定。

因此,我们说我们喜欢我们的业务运营方式。我们可以坚持下去。我们可以运行它。云自然将成为两年的交易。所以我们已经说过,我们预计在未来3年内,持续时间将减少约10%。我们的持续时间是30多岁。所以10%的持续时间仍然使我们保持在30年代。 30个月,31个月,类似于那个,28个月,29个月,在那个范围内的某个地方。我认为没关系。我认为这可以让我们保持并产生40亿美元的自由现金。我们的资产负债表中有大约38亿美元的现金。因此,从现在起3年后,我们将坐下来,其中一些将用于我们所描述的螺栓式并购。所以我们对现金流感到高兴。

Walter Pritchard

Got it. Any other questions in the audience here? Happy to entertain if somebody's got one. Maybe I'll move on to another product area we haven't talked as much about, but there's this idea, there's the existing SIM market, which sort of aggregates all your security events, puts it into one place ideally and then you can take action from, respond to incidents and so forth.
You've unveiled this idea of the Cortex data lake. And can you talk about on the sort of backdrop of that existing SIM market, what you hope to accomplish in that market? And what convinces you that you can take share in that space?

得到它了。 观众中有任何其他问题吗? 如果有人有的话,很高兴娱乐。 也许我会转移到另一个我们没有谈过的产品领域,但是有这个想法,现有的SIM市场,聚合你所有的安全事件,理想地把它放在一个地方然后你可以采取 行动,应对事件等。

你已经公布了Cortex数据湖的这个想法。 您是否可以谈谈现有SIM市场的背景,您希望在该市场中实现什么? 是什么让你相信你可以分享那个空间?

Nikesh Arora

Nikesh Arora

Yes. Look, we fundamentally believe the SIM market is broken and the architecture to sell security is wrong, right? The current SIM model is you take a lot of data and put it into a large data lake. There's a lot of unstructured data. There's some very successful companies which have made a living out of it, large market caps again. You collect all the data. You put it in one place. You get paid a lot money for it.
The challenge in collecting all the data without normalizing it that you can't do much with it because you can't run analytics against a normalized data set because an alert from Palo Alto is different from an alert from Check Point. It's different from a log from your IDS device. So how do you make sense of that?
So then you run analytics software against it. Analytics software choose certain data sources, normalize them, the ones that they understand, and get you to decide what you do with the rest. So SIMs take all these alerts, put them into a large bin, you look at it and then you write rules and say, hey if it's a phishing alert, put it as priority 1. If it's this, put it as priority 2. So you write your own rules.
That's a lot of manual labor, a lot of policy-setting against an alert. So you get an alert because you got a policy. Then you bring it to a SIM, you got another policy to prioritize the alert. So there's tons of manual labor. It takes between 4 days to 157 days to remediate an alert as target. They saw the alert. They didn't pay attention to it because their rules didn't rank that alert high enough. And if I'm a bad guy and I understand how SIMs work, I want to stay under the radar. I will be always below you 58% of the time. So the only way to sell security in the long-term is to make sure you look at every alert and either decide it's not important actively or you decide to investigate it. You can't do it today. A company gets 174,000 alerts a week. You've got to remediate.
So what we've decided is we are focused on alert elimination, if that's a simple way to think about it. Demisto, which we acquired, reduces alerts by 50x. So we can walk into a company and say, we can take 175,000 alerts, automate them and take them down by a factor of 50, right?
Then our XDR product goes in and takes our data from Palo Alto data. On average, we can reduce it by 8x. And so you take Palo Alto firewall alerts and endpoint alerts and VM alerts, put it together, stitch it and say, okay, these are actually 1/8 because it's the same event triggering. It's like you're having a mouse running around and triggering trapdoors around your room, and there are 14 trapdoors. One mouse can trigger all 14 trapdoors, which ends up in 14 alerts. And if you don't know it's the same mouse, you're sitting and looking for 14 different things that are happening, but actually it's one mouse.
So the key is you've got to be able to stitch these. You've got 14 different vendors, you have to figure out how do you make sense it's the same mouse and it's not 14 different alerts. So we're going after alert elimination, and we're doing that through automation at Demisto, where we use playbooks, where customers write their own automation. We can work that automation to AI over time as we get more and more experience, our customers do it. And we're only collecting data which we believe can be normalized and analytics can be applied to it. So we collect our own data. Yesterday, we announced we're going to collect third-party data with all firewalls. Hopefully, that trend will continue. We'll keep normalizing more and more data. So we'll build out the security use case for the next generation software, if you will, which is effectively Cortex for us.

是。看,我们从根本上认为SIM市场已经崩溃,销售安全的架构是错误的,对吧?当前的SIM模型是您需要大量数据并将其放入大型数据湖中。有很多非结构化数据。有一些非常成功的公司以此为生,大型市场再次出现。您收集所有数据。你把它放在一个地方。你得到了很多钱。

由于您无法对标准化数据集进行分析,因此收集所有数据而不对其进行规范化是一项挑战,因为您无法对标准化数据集进行分析,因为来自Palo Alto的警报与来自Check Point的警报不同。它与您的IDS设备的日志不同。那你怎么理解呢?

那么你就可以运行分析软件了。分析软件选择某些数据源,对它们进行标准化,以及他们理解的数据源,并让您决定如何处理其余数据。因此,SIM会接收所有这些警报,将它们放入一个大容器中,然后查看它然后编写规则并说,如果它是网络钓鱼警报,请将其作为优先级1.如果是这样,请将其作为优先级2.所以你写自己的规则。

这是很多体力劳动,很多针对警报的政策制定。所以你得到一个警报,因为你有一个政策。然后将其带到SIM卡,您有另一个策略来确定警报的优先级。所以有大量的体力劳动。将警报修复为目标需要4天到157天。他们看到了警报。他们没有注意它,因为他们的规则没有足够高的警戒级别。如果我是一个坏人并且我理解SIM卡如何工作,我想要保持警惕。 58%的时间我总会低于你。因此,长期销售安全性的唯一方法是确保您查看每个警报,并确定它不重要或者您决定调查它。你今天不能这样做。一家公司每周收到174,000个警报。你必须得到补救。

所以我们决定的是,如果这是一种思考它的简单方法,我们就会专注于消除警报。我们收购的Demisto将警报减少了50倍。所以我们可以走进一家公司并说,我们可以接受175,000个警报,自动化它们并将它们减少50倍,对吧?

然后我们的XDR产品进入并从Palo Alto数据中获取数据。平均而言,我们可以减少8倍。因此,您将Palo Alto防火墙警报和端点警报以及VM警报,将它们拼接在一起并说出来,好吧,这些实际上是1/8,因为它是相同的事件触发。这就像你有一只老鼠跑来跑去并在你的房间周围触发陷门,并且有14个活板门。一只鼠标可以触发所有14个陷门,最终有14个警报。如果你不知道它是同一只鼠标,你就坐着寻找正在发生的14种不同的东西,但实际上它只是一只老鼠。

所以关键是你必须能够缝合这些。你有14个不同的供应商,你必须弄清楚你是如何理解它是相同的鼠标,它不是14个不同的警报。因此我们正在消除警报,我们正在通过Demisto的自动化来实现这一目标,我们在那里使用剧本,客户可以在其中编写自己的自动化。随着我们获得越来越多的经验,我们的客户会这样做,我们可以随着时间的推移将自动化应用到AI。我们只收集我们认为可以归一化的数据,并且可以应用分析。所以我们收集自己的数据。昨天,我们宣布我们将收集所有防火墙的第三方数据。希望这种趋势能够持续下去。我们将继续规范化越来越多的数据。因此,如果您愿意,我们将为下一代软件构建安全用例,这对我们来说实际上是Cortex。

Walter Pritchard

Got it. It looks like we have a question in the back there.

得到它了。 看起来我们后面有一个问题。

身份不明的分析师

What are your thoughts on e-mail security? Is that relevant to Palo Alto at all?

您对电子邮件安全有何看法? 这与Palo Alto有关吗?

Nikesh Arora

Nikesh Arora

Look, e-mail is the largest SaaS application in the world, right? It's bigger than Salesforce, it's bigger than Workday because we all have e-mail. That's effectively a SaaS application, and it is a large repository of threat data because a lot of the malware comes from e-mails, a lot of the attacks come from e-mail. It's a great market. We like the data that comes out of it very much. We have a partnership with the last company that's up here, where we share data with them and Wildfire. We use that. We use it for phishing attacks. I don't have a next-generation e-mail security talk in our team in terms of what we can do. My customers are perfectly happy buying it from Proofpoint or Office 365 or G Suite. I can add value to it. So shall I go spend $7 billion and make ourselves a $27 billion company? You guys can buy both stocks individually if you want. So I don't have the value. I can't bring enough synergies and value. And I've never seen a company do a value play and a growth play at the same time successfully. So it's either you're a growth company, you're focused on building new markets and generating $1.8 billion of new billings and new categories and changing the world; or you're a company where you're supporting 3,000 salespeople and doing PLAs and say, buy my chips, buy your chips from me, buy your consulting from me and now buy our security. It's kind of the Walmart strategy versus the other one. So we're going to stick to the break new ground, change the world and let other people clean up the messes of the past.

看,电子邮件是世界上最大的SaaS应用程序,对吧?它比Salesforce更大,它比Workday更大,因为我们都有电子邮件。这实际上是一个SaaS应用程序,它是一个庞大的威胁数据存储库,因为很多恶意软件来自电子邮件,很多攻击来自电子邮件。这是一个很棒的市场。我们非常喜欢它产生的数据。我们与最后一家公司建立了合作关系,我们与他们和Wildfire共享数据。我们用它。我们将其用于网络钓鱼攻击。就我们的工作而言,我的团队没有下一代电子邮件安全谈话。我的客户非常乐意从Proofpoint或Office 365或G Suite购买它。我可以为它增加价值。那么我将花费70亿美元并使自己成为一家价值270亿美元的公司吗?如果你愿意,你们可以单独购买两种股票。所以我没有价值。我无法带来足够的协同效应和价值。我从未见过一家公司在成功的同时做价值游戏和增长游戏。所以,要么你是一家成长型公司,要么专注于建立新的市场,并创造18亿美元的新账单和新类别,改变世界;或者你是一家公司,你支持3,000名销售人员和做PLA,并说,购买我的芯片,从我这里购买你的芯片,从我这里购买你的咨询,现在购买我们的安全。这是沃尔玛与另一个战略的战略。因此,我们将坚持开辟新天地,改变世界,让其他人清理过去的混乱局面。

Walter Pritchard

Any other questions out there? So Nikesh, I want to ask you about you haven't even in security market for 15 months, 14 months. There's, I think, probably more macro cross currency out there in the world. Generally, there is this sort of same or more malicious threat environment now as you had before. How do you think about you look at the space, you look at your business, economic cycle has gone up for a while. How do you think about the risks from a macro perspective, the climate we're in right now? And what are you doing as the CEO of the company to help plan for that contingency and so forth?

还有其他问题吗? 所以Nikesh,我想问你关于你甚至连15个月,14个月都没有进入证券市场。 我认为,这可能是世界上更多的宏观交叉货币。 通常,现在存在这种与以前相同或更多的恶意威胁环境。 你怎么看待你看空间,你看你的生意,经济周期已经上升了一段时间。 您如何从宏观角度考虑风险,我们现在所处的气候? 作为公司的首席执行官,您在做什么来帮助计划应急等等?

Nikesh Arora

Nikesh Arora

So look, from our perspective, we don't see as much of a macroeconomic risk to our business over the next 3 to 5 years. Maybe on the margin, 100 basis points, 200 basis points, but we don't think it has a big impact. Because when you look at it, right, I think technology is going to be an existential issue for most companies in the next 10 years, right? If you're competing with Uber, you're competing with Airbnb and you're a hotel, you're competing with some of the tech-enabled new businesses, you have no choice. You have to go stack up the tech or back up the truck and technologically make yourselves leading edge because you're not going to compete with Amazon if you're not deploying everything in e-commerce. If you're not in AR/VR and you're a Walmart store, you're going to have to figure out how to.
So I think the generational shift in the tech spend is so much more overwhelming than the macroeconomic impacts, and I don't think tech spending is going away in the next 10 years. And you guys might have a different view. It may have marginal impacts in certain companies, one.
Two, we don't have a lot of businesses in China. We don't make our product in China. Our products are made in Milpitas, California because if you make your product in China, it causes consternation in the security industry. So we're making it all here in the U.S., right? So we don't have that impact. So we feel like on a macroeconomic perspective, our business is reasonably sort of protected, less impacted. From the margin, there's a 100 to 200 basis point change. I think we're more protected than most other companies, which might have a larger impact.

因此,从我们的角度来看,我们认为未来3到5年内我们的业务不会出现太大的宏观经济风险。也许在保证金上,100个基点,200个基点,但我们认为它不会产生很大影响。因为当你看到它时,我认为技术将成为未来10年大多数公司的存在问题,对吧?如果您正在与优步竞争,您正在与Airbnb竞争,而您是一家酒店,那么您正在与一些技术支持的新业务竞争,您别无选择。您必须将技术堆叠起来或备份卡车并在技术上使自己处于领先地位,因为如果您没有在电子商务中部署所有内容,那么您就不会与亚马逊竞争。如果您不在AR / VR而且您是沃尔玛商店,那么您将不得不弄清楚如何做。

因此,我认为技术支出的代际转变比宏观经济影响更加压倒性,我认为未来10年科技支出不会消失。而你们可能会有不同的看法。它可能对某些公司产生边际影响,其中一个。

二,我们在中国没有很多业务。我们不在中国生产我们的产品。我们的产品是在加利福尼亚州米尔皮塔斯生产的,因为如果您在中国生产产品,它会引起安全行业的恐慌。所以我们在美国一切都在这里,对吧?所以我们没有那种影响。因此,从宏观经济的角度来看,我们的业务受到了合理的保护,受到的影响较小。从边际来看,有100到200个基点的变化。我认为我们比大多数其他公司更受保护,这可能会产生更大的影响。

Walter Pritchard

Got it. Got it. Last question before we let Nikesh go? All right. Well, Nikesh, thank you very much for coming despite your busy schedule.

得到它了。 得到它了。 在我们让Nikesh去之前的最后一个问题? 行。 好吧,Nikesh,非常感谢你,尽管你的日程繁忙。

Nikesh Arora

Nikesh Arora

Thank you, Walter.

谢谢你,沃尔特。

Walter Pritchard

Thanks, everybody, for coming.

谢谢,大家,来吧。

相关问题

  • Palo Alto Networks 电话会议
  • Palo Alto Networks 财务报告

互联网券商的港股、美股开户教程

如果您对美股 或者 港股也感兴趣, 或者想要了解如何开户, 可以加我wechat: xiaobei006006, 同时也可以拉您进美股交流群哦。
最后的最后 祝大家都有一个美好的投资生活哦。

大家也可以关注【美股指南】公众号, 即可获得《小白投资美股指南(雪球「岛」系列)》电子书

写在最后

友情提示 转载请注明出处: https://investguider.com/topics/12405
暂无回复。
需要 登录 后方可回复, 如果你还没有账号请点击这里 注册