a. Palo Alto 101
Palo Alto is a cybersecurity company competing across endpoint, cloud and network.
Bucket #1 – Cortex:
Cortex includes its endpoint and security information and event management (SIEM) products. SIEM aggregates context to foster better decision making. Extended Security Information and Event Management (XSIAM) combines extended detection and response (XDR) and SIEM to provide Palo Alto’s Security Operations Center (SOC).
- XDR infuses non-endpoint data sources into breach protection to extend coverage beyond strictly that endpoint. Adding more data without sacrificing cost and latency performance is where XSIAM shines.
- SOC is the central security monitoring engine. It uses holistic data (1P & 3P) to give companies a bird’s-eye view of their businesses.
- XSOAR helps automate and guide best practices for incident response while ranking severity of threats. It relies on SIEM for its scaled, complete data ingestion to actually know how to instruct optimal workflows.
The practice of PANW (and others) tying the SOC into information technology (IT) operations is called SecOps. Effectively doing this is not only good for cross-selling and product utility but market expansion. It makes security players like PANW a bigger part of day-to-day IT.
Bucket #2 – Network Security:
Network security is where Palo Alto is supplanting legacy firewall vendors. Here, it offers software-enabled firewalls alongside a suite of network security software and some modern hardware-based firewalls too. It deploys software-defined wide area networks (SD-WANs) within firewall environments, which are virtual network securers.
Palo Alto protects networks using a “zero trust” architecture. Zero trust means a bad actor cannot penetrate the most vulnerable part of a digital ecosystem and move freely within it thereafter. Zero trust ensures consistent and complex validation of these permissions at every turn. It ends the game of “everyone within a firewall environment getting perpetual, unconditional access.”
- Its hardware-based firewalls provide contextual app inspection, intrusion prevention, URL filtering, data loss prevention (DLP) and more.
Within network security, it offers Secure Access Service Edge (SASE). This is the overarching software offering that ties its network platformization approach together. It is built on the aforementioned zero trust foundation. SASE integrates tools that help prevent unauthorized access to data, network abuse (like phishing attacks to overwhelm networks with traffic) and broad visibility into network health and performance. Prisma Access Platform (PAP) is a key part of SASE. It’s a cloud/network product hybrid and includes SD-WANs, its Secure Web Gateway (SWG) and a Cloud Access Security Broker (CASB) to decide who gets access to what. PAP also includes its Secure Browser, which encrypts and fortifies remote network connections.
Bucket #3 Cloud Security:
Cortex Cloud: Like XSIAM and SASE are the platformization pillars in endpoint and network, in cloud it’s the Cloud Native Application Protection Platform (CNAPP). CNAPP includes:
- Cloud Security Posture Management (CSPM) organizes compliance, provides overarching cloud visibility, and proactively blocks misconfigurations. They have a dedicated posture management offering for applications (ASPM) and data (DSPM).
- Cloud detection and response (CDR) proactively hunts and protects customers from cloud-based threats with run-time support.
- Cloud Workload Protection Platform (CWPP) is very similar to CDR, but for cloud workloads specifically, rather than identities, API calls etc.
- Cloud Discovery & Exposure Management (CDEM) “evaluates internet exposure risks and discovers unknown internet-exposed cloud assets.”
Cortex Cloud works very closely with its other pillars, as cloud environments naturally and constantly interact with networks and endpoints.
AI:
AI security involves Cortex, the network suite and the cloud suite. It touches everything. Prisma AI Runtime Security (AIRS) is their platform for AI security. It’s purpose-built for protecting all AI assets – models, agents & apps – from initial development to scaled deployment. PANW also uses this product internally to scan, optimize and test these tools when need be. Posture management and configuration analysis products are quite common; effectively protecting cloud environments in actual runtime products like this one is less common.
It also features AI Access Security, which monitors and protects against sensitive or improper employee usage of 3rd-party AI. It shields against data poisoning, malicious prompt injection and provides AI red-teaming (simulated attacks to test weak spots) support.
Elsewhere, PANW offers a suite of agents called “AgentiX” within the Cortex platform. This is PANW’s set of pre-built security agents to help customers customize, build, deploy and maintain their own agents. They’re mightily helpful with expanding 1st-party coverage without adding large teams of security analysts. Capabilities include automating and triaging alert management to lower false positive-based fatigue.
Platformization Objective:
As a reminder, PANW calls one complete purchase of a platform (Cortex, Network, Prisma AIRS, Cloud or now Identity) a “platformization.” If they purchase 3 platforms, it counts as 3. They’re hard at work on creating these types of relationships with customers to enjoy the natural retention, margin and lifetime value benefits that coincide.
b. Key Points
- M&A drove large guidance raises for the year.
- XSIAM crossed $500M in ARR.
- The landmark CyberArk deal is closed and integration is underway.
- They're purchasing Koi Security to add agentic endpoint capabilities.
c. Demand
M&A didn’t materially impact revenue this quarter. The Chronosphere deal closed late in the quarter and CyberArk didn't close until after the period ended. Still, remaining performance obligation (RPO) and next-gen security annual recurring revenue (NGS ARR) were both impacted by Chronosphere (not CyberArk until next Q) as that business was added to both bases.
- Slightly beat revenue estimates & identical guidance.
- Beat RPO estimates by 1.2%. Excluding M&A, RPO was in line with estimates.
- Current RPO rose 18% Y/Y to $7.1B.
- Beat next-gen ARR estimates by 3.3% & beat guidance by 3.2%.
- 33% Y/Y NGS ARR growth included a $200M contribution from Chronosphere. Excluding this, NGS ARR rose by 28% Y/Y and was roughly in line with estimates.
- 85% net new ARR growth would have been 11% Y/Y ex-M&A. This was also roughly in line with estimates.
