Seeking Alpha
We cover over 5K calls/quarter
Profile| Send Message|
( followers)  

Palo Alto Networks (NYSE:PANW)

Analyst Day

March 21, 2013 8:00 am ET

Executives

Mark D. McLaughlin - Chairman, Chief Executive Officer and President

Nir Zuk - Co-Founder, Chief Technology Officer and Director

Lee Klarich - Vice President of Product Management

Rene Bonvanie - Chief Marketing Officer

Mark F. Anderson - Senior Vice-President of Worldwide Field Operations

Brett Eldridge - Vice President of Global Customer Engineering & Support

Chad Kinzelberg - Vice President of Business and Corporate Development

Steffan C. Tomlinson - Chief Financial Officer and Principal Accounting Officer

Analysts

Keith Weiss - Morgan Stanley, Research Division

Joel P. Fishbein - Lazard Capital Markets LLC, Research Division

Aaron Schwartz - Jefferies & Company, Inc., Research Division

Gregory Dunham - Goldman Sachs Group Inc., Research Division

Karl Keirstead - BMO Capital Markets U.S.

Daniel T. Cummins - B. Riley Caris, Research Division

Michael Turits - Raymond James & Associates, Inc., Research Division

Jayson Noland - Robert W. Baird & Co. Incorporated, Research Division

Shebly Seyrafi - FBN Securities, Inc., Research Division

Unknown Executive

Good morning. Welcome to our first analyst day as a public company. I'm going to go cover some housekeeping items today. You have your agenda in front of you, very straightforward. We have 2 Q&A sessions interspersed throughout the day after each main section, so queue up your questions for each of those sessions. We do have a break right in the midmorning at about 10:15, and we'll end the day at 12:30 p.m. We have the entire management team here today, and we're really looking forward to telling our story. But let me first cover some housekeeping items.

We have -- any forward-looking statements that we have today will be covered by our Safe Harbor statement. And with that, I'm going to cover Mark McLaughlin -- I'm going to introduce Mark McLaughlin, our President, CEO and Chairman. Thank you.

Mark D. McLaughlin

Great. Okay. Can't have a meeting without a clicker. Good morning, everybody. Thanks for coming. I'm Mark McLaughlin, President and CEO of Palo Alto Networks, really happy to have everybody here with us today and appreciate you taking the time to learn a little bit more about Palo Alto and for us to get a little more involved in discussing our story.

With me today to help tell it, I have the entire executive management team from Palo Alto. So I just want to do a couple of quick introductions. You may know some folks already, but we have Nir Zuk up here in front, our CTO and Founder; Rajiv Batra, our cofounder who runs our engineering. We also have Steffan Tomlinson, our CFO. We've got René Bonvanie, our Chief Marketing Officer, who is in the back running -- Master of Ceremonies back there. We also have Mark Anderson who runs Worldwide Field Operations, which is a combination of our sales plus customer support team. Lee Klarich, on the front here, runs Product Management for us. You'll hear about our products from him today. Chad Kinzelberg, up front, is running our Corporate Development, Business Development and Strategy. Allison Hopkins runs HR for us; and last but not least, Brett Eldridge runs Customer Support and Customer Engineering for us. So got everybody here, encourage you to take the time in the breaks to talk to folks if you have any questions. Our main job here is to answer questions you have.

So as we thought about the day and what we wanted to try to accomplish here with you, our goals are really up here, which is we wanted to give you a sense of the market we serve. We've talked about that a number of times with you folks but just being pretty specific about the market that we're in, the opportunity we think we have in that market and where we are in that opportunity. We're winning in this market, which I want to discuss in fairly a detailed manner why we're winning, why we think we can continue to win the market. We'll get a view from Mark on how we're doing and then most importantly, like I said, answer your questions.

So to get all this done today from the agenda perspective, I'm going to talk through the following things. There's a lot of things that are happening from a market dynamic perspective that are -- that favor a company like Palo Alto Networks, and some of those are based on strategic technical trends and implications from those trends. So we'll walk through some of those with you.

We'll talk about how do we address those implications from a product prospective, which Lee will discuss for us. We're going to talk about how we serve the market, which René will get into a bit with us and how we're doing in the market. We'll get a view from the field from Mark Anderson about what's happening on the Street when we're out there selling and competing. Chad's going to give us a brief tutorial on how we're leveraging strategic partnerships in order to continue our growth. And then at the end of the day, we're all about results, so you'll hear from Steffan from some of the numbers perspective.

So one of the things that I wanted to try to do is, just to kick things off, was to sort of set the stage for Palo Alto Networks. We're doing fairly well as a company and in a lot of conversations as to why that's the case, we are very focused on the technology, which is true. We're -- have a highly differentiated technology, and there's a lot of focus on that. So you will hear from us today quite a bit about how the Palo Alto technology is different from what the competition has because that's a really important point.

A couple other things that I don't think we discussed as much in the past that try to put Palo Alto in context are a bit higher level, which is we believe we've got the right technology, and like I say, we'll define that. You'll hear about that later on. But we also think that there's a lot going on in the market that means that importantly, to be a winner in this market, you need to be in the right place, not with just with the right technology but in the right place. And by that, I mean the right place in the network because there are technical trends that are going on in the network security that favor folks who are in the right place, and by that, I mean the firewall level. And then the other thing is just sort of the right time. So you can have a company with great technology, be in the right place, but it also really helps if, in the really big picture, the things that are happening in the world favor what you're doing for your customers. And we think that's the case. I'll just going to walk through these fairly rapidly but to give some context around Palo Alto Networks and starting from the top to bottom, which is the right time.

So as everybody knows today, security is and cyber security is absolutely paramount. You can't pick up the paper or you can't turn on the browser, right, without seeing literally on a daily basis now somebody being breached, somebody with a problem, and it's very, very public. Just this morning, if you -- I woke up, fired up the laptop and saw 2 or 3 South Korean media companies were hacked by North Korea last night, and it's all over the front page. That's a real problem for these companies. But literally, everyday, we're seeing something like this, and these breaches have major business implications that range from stolen personal information, stolen passwords, intellectual property getting ripped off to things that are even more serious than that. And the people on the wrong side of this, meaning the companies, the entities that are being hacked and breached, are very concerned about this and rightfully so. And it's now a matter of major importance for all organizations but particularly enterprises all around the world, where the idea of security and cyber security has become a boardroom issue and lots of reports out there saying it's the #1, #2 or #3 issue discussed in every boardroom on a quarterly basis with a lot of enterprises are actually forming standing committees now at the board level that are security related to understand how does that company protect themself against all the stuff that's happening, how we're doing because the implications are becoming more and more important if they are unable to do that. And then on top of that, it's now a matter of -- officially a matter of national security because of all the potential threats for enterprise in America, which is the backbone of the economy and in addition to that, for the government as well. So just as recently as 2 or 3 weeks ago, President Obama issued an Executive Order laying down a number of things that were progress in the direction of public-private partnership and how do we take care of this issue. More likely than not, the precursor for congressional legislation will occur in the next 12 months, probably 18 months to try to define, from a legal perspective, what companies have to do in working with the government and vice versa.

So from a time perspective, when you have a situation like this, where there's a lot of problems, a lot of attention, a lot of focus, if you're a security provider, a network security provider, it's the right time, right? This stuff is not going away. It's getting worse, and you can see that almost daily on a weekly basis, is it kind of continue to heats up. So we think, us plus other players are in a position from the right time perspective that the world is more and more needing what we provide as a company. And when you've got a big problem like that and that much focus on it, you have to kind of ask yourself, so what's the problem, right? Everybody's agreed that this is a big deal, and there's lots of resources to throw at this. What's the problem on how do you fix this? Why is it getting worse and not getting better?

So one of the major technical things that is happening in the world today around this is really around the threats. So the kinds of threats that are out there, the ability for the bad guys to morph those threats, create new ones, change them rapidly, that is accelerating at a pace that is alarming. And so what -- really alarming if it's your job to stop it, right? And that's not slowing down. That's getting faster. And you can kind of see this playing out, too, with all those headlines before about the breaches. They're not all the same. They're different. And new ones are popping up all the time, and old ones, meaning ones that the company may have seen before, can very quickly morph. Even though you thought you defended against it over here, they change it slightly, and it comes in over here. And that's just because the level of sophistication is going up dramatically as well in the threat environment. For me, there's state sponsorship, lots of money involved, but it's very, very serious. So threats are moving very quickly, evolving very rapidly to the point where, again, if it's your job in the enterprise to stop this stuff, I've heard a lot of people say they can't throw their hands up, but almost want to throw their hands up saying, how do I just keep up with this, let alone trying to be in front of this.

So that's a big picture thing that's been changing for quite some time, we think will change in the future, meaning the rapidity of these threats and the ability to morph them very quickly is a real challenge when it comes to how do you stay in front of these things or at least, not fall too far behind of these things from a technical perspective on how do you defend. So I want to -- there's an implication of that I'll discuss in a second. But before that, in addition to the fact that the threats are there, changing rapidly, morphing very rapidly, you have another problem, which is the age of the application, right? So some of you have seen this slide before, but really what we're saying here is that with all these threats, they can exist, but until they're on your network, it's not really a problem, right? So how are they getting there? Well, one of the ways that they've been getting there, the biggest way they can get in there is from an application perspective. So in the last 7, 8, 10 years, we've seen a lot of macro trends playing out on the technical front. They're really important for companies for productivity, all sorts of reasons, things like SaaS and cloud, the acceptance of social networking as people use that more and more. You have mobility, which leads to bring your own device. So all these major macro trends that are playing out right in front of us is taking years, but they're very real, and they're here to stay. They're not going to get smaller. They're going to get bigger. But the one thing that all these things have in common is that they are causing an explosion in applications, and that makes a lot of sense, right? If you're an enterprise, enterprises very, very rarely anymore are writing their own proprietary application for anything. Why would you do that? It's expensive. You got to do it. You got to maintain it. You have to have staff for that. Some third parties out there who's willing to take care of you for that on whether it's very serious from a CRM perspective or something else, but more and more often, you're relying on third parties to provide applications for your enterprise. And then in addition to that, there's just a lot of applications that have -- they have nothing to do with your business, but they're finding their way onto your network. So if you took a poll 10 years or 12 years ago, the number of that third-party applications on your network would have been measured in dozens. If you took that poll 2 years ago, on average, it was 1,200. And if you took that poll last year, then average number of applications that are on the enterprise network is 1,600. And it's growing at that kind of rate, so it's getting -- you're getting more and more of these applications on your network whether you want them or whether you don't want them. So the combination of the fact that the threats are increasing, the rapidity of the threats are increasing, their ability to morph are increasing and at the same time, you have this explosion of applications coming onto your network is a dangerous combination because this is how they get in. They're writing the applications into the network. And the combination of those things makes security a real challenge for folks. And then just to make matters worse, this won't last forever, hopefully, right? But we've all been living in the environment for the last few years and it seems that we will for quite some time here of just budget reality trade. So at the same time that you have all of these big picture challenges going on, you're also faced with the fact that there's not all the money in the world to solve it. It's not security at any cost. They just can't be that way anymore. So if you're in charge of solving these problems, you're being told this is super duper important from the board down, and by the way, you have to do more with less. So go figure that out, right? And that is the world in which our buyers live in today. So we have -- we've got this really big picture stuff that's been evolving for 10 years and probably going to continue to evolve in the direction I just said, and in addition to that, they've got to do more with less.

So what does that mean from a buying pattern behavior? For a very long time, customers, the enterprise customers have purchased network security products with 3 things in mind: security, performance and value, and sometimes, I'll just say that's cost, right? Three -- and of those 3, obviously, the most important for enterprise is security, meaning, if you're not secure, who cares what it costs, right, when you have -- particularly with these kind of challenges.

The implication of things I talked about, about the big trends going on in the threat side of things and the explosion of applications has fundamentally changed, point number one. What does it mean to be secure? And what it means to be secure now, and this is what the world is recognizing, our customer base is recognizing in a fairly rapid manner, is it means I need to be able to safely use those applications on my network and I need to be able to if nothing else respond in fairly short order to the threats and the morphing of the threats that are occurring out there. That's a different definition of security than 5, 6, 8 years ago, and the acceptance of that is gaining ground very, very quickly. In addition to that, I have to do that, and I have the do that at a performance level that doesn't cost me my network, right? If you have a secure network and it's so slow that nobody can really use it, you didn't really accomplish anything, so you can't give up performance in getting that kind of security. And in addition to that, I have to have -- get a great value in all of this, right, because I don't have all the money in the world. So all the things you're going to do for me, whatever it means on security and performance, I need that to be a really good value and ideally an increasingly good value over time because I'm under a lot of pressure. So this is -- these are the conversations of how they go when you're talking to our buying universe. But the most important of these is, like I said, is point number one, which is just fundamentally changed.

And what that has led to for us is a few technical architectural changes that are being -- going on for quite some time, and it will continue to go on into the future, and this is what I call the right place, right? And the right -- what I mean by this is the right place in the network itself, and the right place to handle the security challenges if you have the right technology is to be the firewall and the reason for that is pretty simple. The firewall is the only security device in an enterprise network that sees all the traffic coming in and all the traffic going out. So because of that, it makes a hell of a lot of sense to try to either defend yourself, be proactive in nature at the firewall level. So that's the right place to try to take care of these issues.

And what has happened over time in our industry is all these threats have come up and evolved very quickly is the kluge network, right? As new threats evolve or new categories of threats evolve over the last decade, our industry has responded with best-of-breed providers doing things that, frankly, the firewall vendors should have done. The main firewall vendors, they didn't over time, so it gave birth to whole industries and whole sets of technology like IPS and web filtering and AV and malware now, right? They're all these things that should have been handled at the firewall, weren't, so it allowed or created the need for all these disparate technologies to come in to existence, and it forced customers to say, "If I'm going to deal with those problems, here's how I have to deal with it. I have to go buy a best-of-breed point solution, either in a device or software, and put it into my network." And more often than not, when you walk into an enterprise, the enterprise network looks like this, which is I got a firewall, and I got stuff stacked up all around it, right? And the reason for that is, is that I've got these -- these threats are evolving quickly. I'm trying to solve them, and somebody comes up with something, so I get it. I put it into the network. The problem with this is because of the underlying technology of all this stuff, Stateful Inspection technology, it fails the fundamental point of being able to safely enable applications. We'll discuss that in more detail today, but it fails the fundamental point of security, the first buying need, which is how do I safely enable the applications.

And in addition to that, now it's more and more failing the main point of security, which is because those threats are showing up much faster, evolving much faster, morphing much faster, putting multiple pieces of technology together is fundamentally insecure. You have no piece of technology itself that inherently understands the problem the first place with these applications, and then you string them all together, every one of those handoffs is a security issue for you in your network just because they're not all natively talking together.

And you can see this now. What we're hearing from enterprises, you're probably hearing this as well, is they don't like that anymore, right? And they don't like that not because of cost. I mean, that's the one we hear a lot is saying people want to integrate the technology because it's expensive to work with the vendors. That's all true. That's all true, but that is not the primary point. The primary point is that the professionals, the security professionals whose job it is to defend the networks, they get it. They're saying we need native capabilities ideally in a platform, the least number of platforms, that native capabilities that understand these applications from the ground up from the start in order to protect ourselves. And just as importantly, ideally, they'd be in a platform where all occurs in the platform because every time we have to string together a technology, we have 2 problems: The first is every one of those handoffs is, by definition, a weak point in our network from a security perspective; and the second thing is all these threats keep coming faster and faster, and we have to wait for somebody to come up with this best-of-breed box and then go get it, right, and put it in the network. You have to make all that work. This just doesn't work anymore for those 2 reasons. And that's what we're seeing. This is evolutionary in nature, right? These are things that are playing out over a decade of time, but it's really heating up now. I mean, this is becoming much, much more in the forefront for folks about the demand on what it takes in order to keep your enterprise safe. And because of that, the network is going here. This is the much more likely network architecture from a security perspective in the future, which is if I can get rid of all of the disparate pieces of technology, I can get a platform that natively understands all these applications and understands how to handle those threats and that platform is flexible enough that I can add continued protection as these threats emerge and evolve, that's the one I'm going to want, again, not because of cost. I said that's an added benefit. It's just more secure. And that is the major technical implication of playing out in the market, and that's why I said that in addition to having the right technology, meaning you can safely enable the applications with a flexible platform, being at the right place, which is the firewall, is really important because that's where this is going to happen, again, simply because it's the only device in the network, sees all the traffic in, all the traffic out.

Not -- if you're not a firewall in this market, one of the main implications of that is that your device, if it fails -- when it fails, it doesn't bring your network down. If you're the firewall and you fail, the network is down. There's a huge difference between the capabilities of firewalls and non-firewall devices, and that is the difference, and that's why they're so -- frankly, that's why there's so few firewall vendors because not just about technology. It's about your capabilities to be an in-line, high speed, all these things are required from an enterprise prospective.

And then in addition to that, you have to have the right technology, right? So what we mean by the right technology is a platform that is flexible enough to be able to add to it on a fairly rapid basis to take into account the threats, macro trends we're talking about that also and importantly is the one that can safely enable the use of these applications. It's a fairly simple definition, but it's really, really hard to do. So -- and that's where we think we are. We think we have the right technology in the right place in the network for these architectural implications, which is things moving to the firewall at the right time where this problem is paramount and becoming more and more important and evident for folks and their big desire out there in order to figure out how do you handle these kind of problems.

That has led to major market disruptions that will continue for quite some time, with or without us, frankly, right, but major market disruptions. We're serving the enterprise network security market, which is a very large market, $10 billion a year plus and growing, as you can see, by some estimates, into $13 billion in a few years' time. It's broken into some fairly discrete technical functionality here as you can see. So it's not a gazillion things. It's just a few things. They're in there, but what's happening, the reason I'm showing this slide, is what's happening in this TAM is money is moving around fairly rapidly, and I think that's picking up from an acceleration standpoint because of all the stuff that I just went through. So the money is moving not just greenfield opportunities, but the existing money is moving around, and it's moving in favor of the disruptors as it always will. And as a result of that, there will be winners and there will be losers in this market just inside that big TAM I just showed you. And the winners are going to be folks who have the attributes of -- that have the following things: The first is you have a next-generation platform that's purpose built for the problem you're trying to solve, the flexible platform, which is capable of safely enabling all the applications on your network. The losers will continue with legacy architectures and try to not purpose build it. They'll try to work with their legacy architectures. That platform, the next-gen platform has to have application enabling, understanding and threat prevention at its core, and you'll see that here. We'll show you in a little while exactly what we mean by that. And the losers here will take bolt-on approach. We'll continue to take disparate pieces of best-of-breed technology, continually try to slap it together in order to approximate the definition of security, the safe enablement of applications as opposed to just doing it right from the core of the technology.

The winners' platforms will be flexible, and what that means is, is that in light of all those threats that are coming faster, morphing faster, the platform will be flexible enough to take them into account so that you continually add to the platform as those threats evolve and be able to handle those as opposed to have to wait for a fundamental rebuild of the platform itself or like I said in the previous point, building on technology to take care of this. And the winners will have demonstrated enterprise capability as a firewall, not as an auxillary, what we call firewall helper. And that's very important because, as I said, the technical trend, if this stuff's moving to the firewall, simply because it's the only device that can see all the traffic at line speed and try to take care of these problems, where the auxiliary helpers are just solving one little problem, maybe important but trying to solve one problem, but they are not in line, and it takes a hell a lot, like I said, to be a firewall provider and be in line. So demonstrated firewall capabilities at enterprise-class levels of speed are critical and important for the winners.

And you can see this playing out. So this is the market recognition, at least, from Gartner. This is their magic quadrant. These are the firewall players. There's actually a lot more players in there. We took off the other ones only so -- only because they all end up in the bottom left-hand corner, just trying to show the major firewall players here, right? So I'm not to trying to muck up this slide. But this is what's happened from 2010 to 2013. As you can see, the major firewall players moving around here. Like I said, everybody else is on the bottom-left corner there, so don't worry about that. But -- and what these axes are on -- from a Gartner perspective is the x-axis is your visionary capabilities, right? So what they mean by that are the companies that are visionary enough to understand the things that I was just talking about, the big picture change in strategic imperatives, the big picture change in architectural implications because of those imperatives from a threat landscape. They understand it, and they're able to address that. So that's the visionary aspect. So the further you are out that way, the better from a visionary perspective.

And then the other axis here is your ability to execute, which is maybe the smartest guys in the world about that, but in order to serve an enterprise to be in line, line speeds, customer support, RMA a box in Nigeria in 24 hours, all those things that you have to do to serve global enterprises, that's the other axis end. So the higher you are on this is the better. And you could see from that sort of morphing, in the last 3 years' time, at least, Palo Alto's been doing better and better and better here because we're proving we're right on the vision part of this, and we're always continuing to prove our execution capabilities. That's also just playing out right from financially in the market. This was just last quarter, to give some sense of the relative, absolutely the relative performance of Palo Alto in the market. And this is the market recognizing everything I said and buying our technology because it's true. It works the way we said it works, and it helps solve those problems for folks.

So what's the difference between Palo Alto and everybody else? At a really high level, the differences are the fact that we started out by trying to solve the problem, which is how do you safely enable all these applications as opposed to being reactive to the problem in saying how do I do that with my existing legacy technology. We started out with the understanding that great security is native and not bolt on, and that means that because those threats are evolving so quickly, if you're bolting on technology for every one of those or waiting for the next best-of-breed solution, you have a problem just from an architectural standpoint about what security is going to mean for you from those various handoffs and weak points in your network.

We start off with macro trends in mind. We -- well, obviously, we don't know everything, right? And we can't see everything into the future. But when we designed a platform and continue to design things in the platform, we have a lot of big picture things in mind like mobility, malware, virtualization, ST and all the things that people are talking about today, we baked into the product in a lot of different ways and continue to evolve it with those things in mind. And one thing I should note is that we're not always the first mover, right, in a lot of these different areas. And that's by design because the first mover may have first mover advantage, but as far as having great security today [ph], that's what we've been able to prove again and again and again, is how do you -- what's the right way to solve these problems that will have longevity over time. We've been able to do that, and we started with a business model that scales because of this, which is we can answer any enterprise network security need in that entire $10 billion TAM. No matter what you think your problem is as an enterprise, we have a solution that's flexible enough that we can address that specific point, and more importantly, it can address all of your needs and the recognition of that over time once we get into the account allows us to expand inside the account and our platform is flexible enough that we can keep adding services to take care all these of these rapidity of these threats we've been talking about. And they kind of continue to extend our value proposition. And you can see that from our business model, which is scalable and one that we can operate with ever-increasing -- for increasing leverage.

That leads us to where we are. We think we're in early innings in a big market where big disruptions are occurring and will continue to play out for quite a long time. These things are not playing out in 6 months, they're either playing out in 5 or 10 years' time behind us, and that's accelerating in front of us is how they play out. We've got a really large and growing market opportunity. And because of that threat landscape I talked about and everything that's happening there, strategic imperatives are changing for enterprises. 5 years ago, this was not discussed in the board room, now it's discussed in every boardroom and that's going to continue over time, so the strategic imperatives, top-down in organizations are demanding answers to this problem.

That has led to the industry and the professionals buying this technology to want and demand major technical changes in the network. And the implications of that are things are moving to the firewall, because it simply makes sense to do that. You need to be in that position, and we are. Which just leads to the gaps between those who can and can't, meaning you're a demonstrated enterprise firewall player with a flexible platform that can safely enable applications. If you can do that, the gap between those who can do that and those who can't, is wide right now, and it's getting wider pretty fast, just because it's really, really hard to -- it's really hard to catch up to that if you don't have it already.

And then that results in those who can benefitting disproportionately from market perspective. And you can kind of see that not only from things like the Gartner thing, but also our results in the market, is the disruptors will get a good, good portion of that TAM, because you're effectively answering and efficiently answering the problem that these networks have.

So we are Palo Alto Networks, where our vision is to be the leading independent global enterprise network security provider. We think we've got a great start in that. We think we've got a long way to go in that, and we're very appreciative of you taking the time today to hear us try to prove that out to you, and you'll hear that from a lot of our team today. So thanks again for your time, look forward to talking with you a little later on.

[Presentation]

Nir Zuk

Good morning, everyone. I'm Nir, I'm the founder and CTO of Palo Alto Networks. And I want to talk a little bit today about what makes us different from a technology perspective and why is our technology enabling us to be so successful. And to do that, first I want to go back 7 years and show you what we've seen back then is the opportunity in front of us and then show you how we implemented it, okay.

So 7 years ago, we saw 2 major trends in the network security industry. The first one was the World War I style trench wars between the business represented by the CIO and the security group, where the business kept wanting to use the Internet for much more than they were using it and the security group keeps saying no to everything, so the business wanted to use WebEx. I know many of you work for financial services companies that don't even allow WebEx. The business wanted to use things like Facebook and other social media, and the security group said no. And then the business wanted to use things like Dropbox and box.net and Google Drive and others, and the security group said no. And the business maybe wanted to start using online office applications like Google Docs and Zoho, and now Office 365, and the security group said no. And this war between the business and the security group didn't make sense, because the role of IT guys is to enable the business, not to stop the business from doing its business. And the fundamental issue that the security group had, and the reason that they kept saying no, was the fact that the entire focus of all the technology that's being used or were used, was used, but by the security group was focused on protecting web and email. What I mean by that, is that you all use email. And today, when you receive email, if you work for a company that is not Palo Alto enabled, when you receive the email, the email goes through a lot of checks. The checks that the email goes through include, for example, making sure you don't receive an executable attachment, right. So if I send an executable attachment, your IT department is probably going to cut it off. It includes cutting the email for bad things, for viruses and for spyware and for botnets and for Trojans and for all kinds of malware. It includes scanning the email for exploits or vulnerabilities, such that if there is a PDF attachment that's going to try to exploit a vulnerability in Adobe Acrobat and take over your computer, your machine, then it won't make it in. And also on the way out, email gets scanned for a lot of things. It gets scanned for the same things I just described on the way in as well as for data leakage, making sure that you don't accidentally send out information that you're not supposed to send out. So the problem of securing email is well known and it's been like that for many, many, many years. The problem of web browsing is similar and has been known for the same amount of time. When you browse the Internet, same thing, your IT department makes sure that you don't receive any content that's going to harm you or your machine, and when you send something out to make sure that you don't send out anything confidential. They also make sure you don't go to sites that you're not supposed to visit, either for security reasons or for productivity/liability reasons, okay. So the problem of security for email and for web browsing has been well understood for many, many years, and that's surely what the security group has been focused on solving all these years. And what we saw 7 years ago is that if you want to use anything else beyond web browsing and email, then things like external SharePoint or WebEx or Dropbox/box.net/Google Drive, or online email like Gmail or any other online email, online office applications, instant messenger applications. Any kind of an application beyond web browsing and email, as an enterprise, you have 3 options. The first option is to block the application, which is pretty common, especially in the financial services industry. The second option you had is to stick the head in the ground and allow the application to go through, knowing that the same threats and the same bad things and good things that you control email for, are going to come in and go out with that application. The same executable that you block over email will come in over Dropbox, okay. The same malware that you block in email will come in via SharePoint. And the same data that you stop from leaking over email would be leaking out over instant messenger or whatever application you decide to allow. This is the second option, and many of your employers also do that. I mean, they took a conscious decision saying, we'll keep spending a lot of money protecting email and we'll ignore the fact that this new application that we'll let you use is going to carry the same risks that we're protecting email against. And then the third option you have is to use Palo Alto Networks today. There's no fourth option. These are the only 3 options that you have, okay. And we'll show you a demo later what we mean by that.

Now what Palo Alto Networks does and what the problem that we saw back then was, is the need to safely enable applications. And what it means to safely enable application is to make the application as safe to use as email, providing the enterprise the same controls over the application; for example, no executables; and the same security, meaning scanning the application traffic for all the bad things that you scan email for, and for the same data leakage that you scan email for. And we'll show you in a demo later, in the live demo, how we are different than our competitors. How we safely enable applications, how we can take any application and make it as safe to use as email, while our competitors are focused on blocking the application, okay. So that's the first thing that we saw then. The second trend that we saw 7 years ago when we started Palo Alto Networks is something that Mark described, which is the whack-a-mole approach to network security. Meaning, that every time there is a new security problem, a new solution emerges, a new submarket of the network security market is being created. You have a problem with exploits? No problem, we'll create an IPS or IDS, and then IPS market. You have a problem with content? No problem, we'll build a proxy market for you. You have a problem with con -- with filtering? No problem. we'll build a web filtering industry for you. You have a problem now with APTs? No problem, there are 10 companies that will be happy to sell you yet another box to solve your APT problem. And back then and today, of course, we still see -- or back then, we saw, and today, we still see that, that approach is not scalable. Enterprises can't continue paying for so many devices on their network. They can deploy many -- so many devices on the network. And more importantly, as you'll see a little bit later and as Mark described, it's not the right solution. From a security perspective, you cannot continue doing it. You are not going to be secure if you continue the whack-a-mole approach.

As Mark described, we believe that the core of network security has to be the firewall. Because the firewall is the only device even after almost 20 years since the launch of the Stateful Inspection firewall, the firewall is the only device that is everywhere on the network, from the small branch office to the largest data center, from the edge of the network to the core of the network. It's the only device that is installed everywhere. Other devices are either not everywhere or they don't see the traffic, all the traffic all the time. They see very small portion of the traffic, for example, specific port or a specific application. The only device that's positioned to block bad things is the device that is everywhere and sees all the traffic all the time, and that's the firewall. And the firewall has always been and will always be at the core of network security, okay.

Now the firewall can't do everything by itself. The traditional approach was let's have more and more and more devices behind the firewall. The newer approach that we're seeing to this and that we saw 7 years ago, is pairing the firewall with some centralized detection, a data center that is either hosted by the vendor, in our case, Palo Alto Networks, or hosted by the customer or by a service provider that's processing some of the information going though the firewall that the firewall cannot process, and then sending back information to the firewall for enforcement, okay. Again, the firewall is the only device that is positioned to enforce things and therefore, the firewall has to be the key part in this map.

Now, we've been doing this for a long time. Our URL filtering solution, from when we released it many years ago, worked like this. We have been sending -- or our firewalls in the field have been sending URLs to the cloud for categorization, and the cloud would send back the result. Recently, we added more functionality to this around malware, around APTs, where we send files from the cloud for analysis and then receive them back -- receive back signatures to block the bad things, we call that WildFire, okay. Now to achieve those things, the 2 things: number one, safely enabling applications; and number two, building a platform that can deal with all network security threats and not -- and excuse me, and stop the whack-a-mole approach. The network security, we had to do 2 main things. The first thing we had to do is to create what's called App-ID, which is sitting at the core of our device, such that when we receive traffic, we know which application it is and we analyze the application, such that the rest of the device, everything the other device does is based on the application, okay. So everything we do and no matter what functionality we add, as we add more and more functionality, it immediately applies to all applications. Because the concept of identifying and understanding the application is at the core of the product. So that's the first thing we have to do. And we'll show you later, in a live demonstration, how that's different than adding a blade on top of a Stateful Inspection firewall to identify and try and to block applications. It's a very big difference. The fact that we do it at the core of the product, and by that, make the entire product application base, makes the whole difference between us -- or a big part of the difference between us and our competitors. And you'll see it in a live demo and the implications of that in the live demo later.

The second core technology that we developed was the single path architecture, which essentially allows us to load the box with many different kind of signatures or other things to the tech stuff. The engine is running all the time and the engine is capable of looking for different things at the same time without losing speed. So for example, in the first version that we released of our product, we didn't have DLP. We had the engine, but we didn't have DLP, data leakage prevention. In one of the following releases, we released DLP, loaded the single-path architecture with DLP information, and by that, started detecting the leakage of information without degrading performance, okay. We unlocked that functionality on the engine by loading it with more and more things to detect, and we started doing it without degrading performance. And as we added more and more functions like APT, modern malware and so on, we load that engine with that functionality and keep looking at the same speed for all those bad things without degrading performance. And it is very different than our competitors, which with their UTMs or similar or blade-based products, add more and more software and yet another engine and another engine and another engine to detect things. And by that, they slow down every time you turn on a new thing, which means that they can't really do it, which is why all these other companies are thriving, selling devices to sit behind the firewall, okay. We stopped it. And again, the way we stopped it is by building an engine that is flexible enough and is also future proof enough, such that whenever new threats emerge, we can add detection for these threats and then load the engine with ways to block those threats without degrading performance. And of course, while doing it for all applications. And what I want to do right now is to give you one example of how we did that, okay. I want to show you how we solved the problem recently with WildFire of APTs, and we did it in a way that shows that our platform can solve problems without degrading in performance and doing it in a market-leading way, okay. So we'll use APTs as an example, and before I describe how we stop APTs, I'll describe to you how APTs actually work and how you're being attacked. And the way you are being attacked or the way our customers are being attacked, the way the world is being attacked is relatively simple, okay. The goal of the attacker, the first step in the attack, the goal of the attacker is to get an end user in the target victim to open a document. It can be an executable, a PDF document, an office document. Open a document, let's say PDF in this example, okay. So my goal, if I'm the attacker, is to get one of your employees to open a document. And what you do for that is pair phishing, it's actually easier than this. You don't have to take a stick and try to hit a fish with that, it's much easier. What you do is, first step would be, for example, to go to a link and figure out who is -- who are your employees, get a list of employees of the target. And then the second step is use social media and other tools to figure out not just who the employees are, but who their friends are, what do they -- what interests them, and then craft a special message for them that appears to be coming from one of their friends, can come in via Facebook, it can come in via instant messenger, it can come in via email, via any other application, and talk about something that interests your employee. So from your perspective, one of your employees or some of your employees will be receiving a message from one of their friends talking about something that interests them, and it's just a PDF, I mean, everybody here knows not to open executables, but PDFs, you cannot do your work without opening PDFs. They're going to click on it and open it, and that's going to lead us to the second step of the attack, in which the PDF document is going to exploit an unknown vulnerability in something like Adobe Acrobat Reader, and then a small piece of code, that we call an exploit or a droplet, is going to run on the machine. It can't do much. All it can do is execute the next step of the attack, which is go out to the Internet and download the backdoor program, install it on the local machine. The next step is for the backdoor program to establish a back channel or command-and-control channel back to the bad guy. And now that the bad guy and the backdoor program sitting on your network behind the firewall are in full communication, the bad guy can do whatever they want on the network. This is the way APTs work, okay. So how do you detect them, and how do you stop them? How do you detect APTs, how do you stop APTs?

So the first step is, of course, getting hold of the malware. If you want to block malware, you need to first find the malware, and there are 2 ways of doing it. There is the traditional way of detecting malware, in which AV vendors like Symantec and McAfee and all the others have been using for the last 20 years, which is using things like honeypots or using your consumer base to find something that is spreading quickly through the Internet, and we do that too. We are part of that network and we collect between 50,000 and 100,000 samples of malware everyday into our office in that way, between 50,000 to 100,000, closer to 100,000 nowadays, okay. The firewall companies like Cisco and Juniper and Check Point, they don't do that. They outsource their malware work to a third party. In the case of Cisco, that will be Trend Micro, okay. They count on Trend Micro to collect the malware, generate the signatures and send them to their customers, they don't do it themselves. They don't deal with malware. And the same is true again for Juniper and Check Point as well.

IPS companies like Sourcefire do it. I'll show you later why they need to collect malware. Modern malware companies or APT companies like FireEye, they don't do that, they collect malware in a different way. And there is also a set of companies represented here by Damballa, what they do is they look at outbound traffic, especially a DNS traffic and which servers you are trying to connect to, and try to detect the presence of malware in the network like that, they don't do that either. I'll show you later what they do. The second approach for detecting malware is using sandboxes. It's a 20 years approach, a 20-years old approach as well, just never been commercially successful until recently. And the way that works is you take objects coming into the network, executables, PDF documents, office documents and so on, you run them in a controlled environment and you see what they do to the machine that they run on. For example, if you open a PDF document and the next thing that happens is the connections opens out to Russia and downloads an executable, then guess what, it's probably not a good PDF document. So it's very easy to see whether an executable or a document are good or bad. And if they are bad, then you have a malware in your hand, okay. We do that through our WildFire service. Firewall companies, they don't do it, okay. IPS companies, they don't do that either. APT companies, that's their bread and butter, they do it. So companies like FireEye do that. And the outbound guys, like Damballa, they don't do that, they do other things which I'll show you later.

So now that you have collected the malware, what do you do with it? The question is, what you do with the malware? So maybe a step back, we do it, FireEye does it, we do it in a little bit different way than FireEye does it, in 2 ways. First, as you know, we do it in the cloud. But more importantly, we do it across all applications. Because the idea of applications is core to our product when we added our modern malware or APT solution, it immediately applies to all applications. We don't care if the bad document or the executable or whatever it is, if the APT comes in via email, via web browsing, via an encrypted session, via Dropbox or SharePoint or Office 365 or instant messenger file transfer or WebEx file transfer, we don't care how it comes in. Once we add the functionality, it immediately applies to all applications, because that's the way we built our platform. We build a platform in such a way that everything we do immediately applies to all applications. If you compare it to FireEye, or all the other APT companies, they only work for web and email, not even encrypted web, because they didn't build the platform that at the core, understands applications. This is the power or one of the powers of our platform. It's the fact that everything we do immediately applies to all applications, okay, such that our customers can safely enable the use of these applications. If you buy our APT subscription, it immediately applies to any application that you want your users to use.

Now once you have the malware in your hand, what do you do with it? The first thing you do with it, of course, is you generate anti-malware signatures, such that if the malware tries to get back again on the network via any application, you can stop it. We do that. The firewall companies, they don't do it. All their malware work is outsourced to either Kaspersky or Trend Micro or others depending on who the firewall vendor is. They don't generate malware signatures. They don't even know what malware is. They don't have malware in their hands. The IPS companies, even though they have the malware, they don't do that. And the reason they don't do it is because IPSs are not in the business of blocking malware. Why? Because it was a different mole that has to be whacked at a different period of time. They don't deal with malware, they only deal with exploits and with other things related to malware, which I'll show you in a second. But they don't deal with trying to stop the malware from getting in. The APT guys, they don't do it, okay. I'll talk about it a little bit more in a second. And of course, those that look at outbound traffic, they're not in the business of trying to stop the malware from getting in, so they don't generate anti-malware signatures either.

Now going back to the APT guys, they don't really block malware. And there are 2 reasons why they don't block malware. The first reason is because they don't really have anti-malware technology, they have URL filtering technology. And what they can do is they can block the place in the Internet from where the malware works, okay. And it's not the best approach. We believe that hackers tend to put their malware in more than one place on the Internet, they keep changing it. But more importantly and more strategically, the APT guys, like any other firewall helper, is not in a position to stop malware, because they are not everywhere in the network. If you want to stop malware in your data center, you need a 10 or 20 or even faster gigabit-per-second firewall to sit in -- or device to sit in the data center and block malware. They don't have it. If you want to block malware in a small branch office, you need a small branch office device that costs and operates like a branch office device. The only device that can do that is the firewall. The only device that can run in a small branch office and runs at multi-tens of gigabits per second in a data center, and of course anywhere in between, is the firewall. The firewall helper guys, like the APT guys, aren't in a position to do that. They are not deployed in the network in a position to be able to block malware.

The next thing you need to do with the malware is generate command and control signatures, such that if the malware is already in the network and is trying to communicate back with the bad guy over command and control or a back channel, you stop that. That's traditionally been the role of the IPS, we do that. When we run the malware in our sandboxes, we record the traffic that it’s generating, and then we generate a signature for that, such that if it's already on the network, we block it.

The firewall companies don't do that. Even though Cisco and Juniper and Check Point all have IPSs, not very market leading, but IPSs, they don't do that. Why? Because they don't have the malware. They outsource all their malware work to other companies. They don't have the malware so they cannot run the malware and look at what the malware is doing, and then program their IPSs to block the malware. They just don't it. The IPS companies do it. That's their bread and butter, of course. APT companies don't do that. Why? Because they're not the IPS. If FireEye or someone like FireEye wants to do that, they will need to become the IPS. They will have to go and replace not just the firewall, but also the IPS to be in a position to do that. But they aren't doing it, because they're not in IPS. They're not in a position to do it. They can detect the malware, not block the malware from communicating with the bad guy. And then we have the outbound guy that take a different approach to detecting the malware already being on the network. And the reason they do that is because it turns out that it's much more efficient and much more effective to try to detect the malware already being on the network, rather than trying to detect it coming in. I'm not saying you should not try to detect it coming in, I'm just saying that it's much harder and it's easier to miss the malware on the way in than it is to miss it on the way out, okay? And we see more and more value in doing both. And more and more value in detecting the malware trying to get out, not just with the IPS but using the other tricks. Tricks exercised by a company like Damballa, which I'm not going to get into, but in general, they have to do with the fact that the malware has to do a lot of DNS, domain resolution tricks, in order to figure out where the bad guy is, because the bad guys have to keep moving around. They cannot stay in the same place all the time. And the malware has to track them. And detecting those tricks that the malware is using is a very efficient way of detecting the malware presence on the network and even stopping it from being able to communicate to the outside. We do it. We can see no one else besides the companies that dedicate themselves to that because that's another mole that had to be whacked, do that.

And then the last thing that you want to do is to create URL filtering filters to block well-known malware sites, okay? You can see we do it, some of the APT guys do it, the others don't do that because they don't have the malware, so they don't know where the malware came from. If you put everything into a big picture, into a big matrix, you'll see that different companies focus on different things. You see that there is a group of companies, the IPS companies, that focus on detecting the back channel, focusing on detecting the malware already on the network, trying to communicate with the bad guy. So instead of companies like Damballa that focus on detecting the malware in the network using different tricks, there are APT companies that focus on trying to detect unknown threats, 0 day threats, getting on the network and then maybe trying to block the sites that they came from. There are companies, like -- the firewall companies, that really don't anything when it comes to security, just money. And there's Palo Alto Networks, okay? And there the reason we can do it is because of the things I've said before. It's because what we do, we do for all applications. And because we have a platform that is flexible enough that allows us to do that, okay?

Now can our competitors do it? Maybe, if they all come together. This is how it's going to look, right? You're going to have an APT vendor, like FireEye, finding the APTs. They are not in a position to stop it, so they'll have to send it to a firewall vendor, in this case let's say Check Point, they'll have to send it to Check Point. Now Check Point is not a malware company, so they'll have to take the malware and send it to Kaspersky. In parallel, they'll have to run the malware, see the traffic that it's generating to program their IPS. Kaspersky will be generating an anti-malware signature and sending it to the Check Point customer to the blade, to the AV blade. In parallel, Damballa will need to receive the malware and see what kind of DNS traffic it's generating and send something to the firewall. And -- or you can just do this, okay? You can have one device responsible for all the network aspects, and the cloud that's responsible for the detection. This is what we are selling today. We call it WildFire. And we believe that it's much more scalable than the approach that our competitors are taking. We do it, by the way, in order for WildFire, we also do it for [indiscernible], for URL filtering. This the way we approach URL filtering, this our approach to WildFire, and this is going to be our future approach for any other threat that's going to come up. And yes, with the next threat, they are going to see a few mushrooms popping up trying to solve that threat. But as we've said several times, they're not in position to do it. They cannot see all the applications, and they are not everywhere on the network, they're not in a position to block it, and we are. And we are -- we have an extensible platform. A platform that allows us, like in the case of APT, just an example of APT, but like in the case of APT, we can add more and more functionality for detecting bad things on the network, again mostly in the cloud, and then preventing them on our device. And when you do that, when we do that, we usually do it as part of our subscription services.

Thank you very much.

[Presentation]

Lee Klarich

Good morning. My name is Lee Klarich, Head of Product Management at Palo Alto Networks. And today I have the pleasure of being here and being able to talk about product, that's what I do. And today in particular, I'd like to focus on our unique approach to the network security market. And so to lead this off, I'm going to show you for the second, and not even the last time, this chart. But I'll use it to -- in a whole different way. Really, it's just a set up for what is the network security market composed of? And what are the traditional approaches to that? And how does that differ from our approach?

And so when you look at this, you see from a network security perspective, firewalls, web gateways, IPSs, APNs. And the traditional approach to these, and Mark has covered this and Nir has covered this to some extent as well, have a couple of really, sort of serious fundamental flaws.

First, all of these were invented in sort of a pre-2000 application user landscape. And I'll go into this in a little more detail, but basically what this means when you think about it, firewalls were invented when there was basically web and e-mail. The same is really true of web gateways, it was when web browsing was just people going to cnn.com and things like that. The IPSs were invented when the way hackers worked was, they tried to attack the server. And so IPSs were formed when that was the threat landscape. And VPN was formed when you just needed to find a way to connect the user to their webmail. And so that was the environment when these technologies were invented.

Second, the approach that the traditional vendors take to all of this is, they look at this as opportunities to have different products doing different things. The firewall is the firewall. The web gateway is a different product, it does something else. The IPS is yet another product, it does something else. The VPN, yet another product, it does something else. This siloed approach that treats each of these as like a completely separate thing simply doesn't work. And so what do we do? We fundamentally looked at this differently. First and foremost, we start with a whole different understanding of what the application and user environment looks like. Applications have changed radically from pre-2000 until today. Not just the number of applications, as Mark talked about, but the technologies they use and how they worked has phenomenally changed, it's amazing. Second, we looked at this as a single network security market and problem to solve. We don't look at it as 4 distinct, different things. And this allows us to solve much more complex problems than you can do if you approached these in a siloed way.

So let me now sort of describe this in a more graphical way, to really show how this is different. So this is the pre-2000 landscape. This is what things looked like when the world was simple. Users worked in the office, mostly they had desktops, they'd even had laptops, pre-2000 for the most part. Certainly there wasn't anything called mobile at that time. The applications they used were basically web and e-mail, and where it wasn't web e-mail, it was an application the IP deployed in the data center. It was -- the application's simple. And the attackers were just kids basically having fun. Often when I talk about this with network security people, I tell the joke, I guess it's sort of geek humor, but I will say, we long for the day of the I Love You virus. You knew when you had it, and you knew when you didn't. So I don't know if, I hope you remember the I Love You virus, it was like 1999, it hit, everyone was scared because it brought down e-mail for a day. And then next day, everybody had it cleaned up. And things were back to normal, right? I mean, that was the threat landscape in 1999. Like that was the thing you worried about. And compared to today, that was great. At the time it was so bad, but in hindsight that was great. And so, this was the simple world. Drew a little box around it, contained it, that's how traditional products were designed for these traditional markets. The world is not simple. Users are no longer contained to the physical network. Users are everywhere. With laptops and mobile, everything. Those users are using whatever application they feel like, for the most part. When they're off the network, they use anything, for sure. When they're on the network, they also use anything they want, because the application vendors have realized how to encrypt applications, how to hide them, how to port hop, how to tunnel inside of other apps. So users can use applications on the network, off the network, whatever they feel like doing.

And then for the applications that IT deploys, they might not even be deployed on the network anyway. As data centers get virtualized into private clouds, private clouds morphing into public clouds and hybrid clouds and community clouds, even the IT-deployed applications might be anywhere. And to make all of this worse, the hacker understands this. If you're thinking about trying to access data, applications, things, on someone else's network, they understand this landscape. They understand the applications that users use. They understand how to get to those users. They understand how applications encrypt and tunnel and port hop and find their way in and out of networks. And so if you're a malware writer, you simply leverage that. You don't even have to write it yourself. You leverage what everybody else has already figured out. And you see those play out publicly. Servers are, via sophisticated hackers, servers are not attacked directly. They're attacked by first finding users, attacking the user, which is much simpler, and then using the user to access the ultimate data on the server that you're trying to get to. And so the whole attack vector has changed. So how do we approach this, if the traditional mechanisms don't work?

You have to start by fixing the core problem on the network. We do this with a next-gen firewall. We do it in the firewall for all the reasons that Nir talked about and Mark talked about as meaning, being in the right place, with the right technology. App ID, user-ID, content-ID that the, the management capabilities, everything that we do starts by you first protect the physical network of the enterprise. As users, though, have moved off of that physical network, we then had to extend this technology, to be able to handle users no matter where they are. Physically on the network is easy, because they have to get through your secure infrastructure to get to whatever they want to get to. But when they're off the network, what we do is with a product called GlobalProtect, we've actually, logically keep the users on the network, so that we can apply the same security capabilities for those users, no matter where they are. This, by the way, would traditionally be viewed as VPN, but for us it's way beyond that traditional, just give them encrypted access to e-mail. It's all about how to keep the user on the network all the time, connect to the closest gateway.

Third, we then have to extend this technology into the data center, as these data centers are evolving toward private cloud, public cloud, leveraging virtualization, eventually SDN-like concepts. And we do that through, first and foremost, flexible platforms, VM-Series launched recently. It's a software form factor of our next-gen firewalls that is designed specifically for deployment into cloud environments. Extending that through context awareness of the virtual environment, understanding VMs as they move around, get spun up, turned down, moved into other data centers, keeping that context from a security perspective, no matter where the virtual machines are, tying in to the automated workflows, and you'll see as we talk about some of the trends on the cloud perspective later, why that is so important. And then partnering with key vendors, and Chad will talk about this later, VMware, Citrix and others that are really helping to define these software-defined data center environments.

And then lastly from a threat perspective. There's a lot of things we've done from an IPS perspective, anti-malware perspective and most recently, WildFire, detecting the unknown threat. And doing this in a very sophisticated way, leveraging the existing technologies, existing single pass architecture, but then also leveraging cloud for compute and scale and timeliness of updates, most recently with the subscription service for WildFire, where we can actually take new malware that we find from anywhere in the world, and turn it into signatures that are then available to all of our customers in 30 minutes.

Power of the cloud, right? Plus the power of a next-gen firewall being in line in the network. And soon we'll even be able to extend the cloud-based capabilities into local scanning capabilities to provide even more flexibility in this solution and giving customers choice as to where files are scanned, their network versus our cloud infrastructure, et cetera.

So that's how we look at this, as a network security problem not just for technologies, not just for products. So when you combine all that together, you get to the product line. So this is how we take the technology and the things that we do, productize and offer to customers. And it all starts with the platform, of course. Wide range, from small branch office boxes, all the way up to big devices designed to sit in front of high-speed data center environments and core enterprise networks. Most recently augmented with the PA-3000 series, new midrange platform, and the VM-Series, as I mentioned before, designed for private cloud, public cloud kind of environments. And you'll see from us that this will continue to evolve. This never sits still. We'll have bigger boxes, we'll have smaller boxes, so they'll be able to continue to take the technology that we have and extend it further and further.

One of the things that is so great about this product offering is ability to then augment these platforms with subscription services. Threat prevention, URL filtering being the first services we offer, back when the product first launched 5.5, 6 years ago. More recently with GlobalProtect and WildFire coming into play. And being able to do that, add those new services, without fundamentally changing the harder platforms they run on, but rather just through software updates, being able to enable whole new capabilities on those existing platforms.

The flexibility of being able to adapt to new market requirements through the simple addition of a new subscription service is wonderful, and I'm speaking from a product perspective. Steffan will talk about it from a financial perspective ability; that is obviously wonderful as well. But that is the power of the platform, the single-pass architecture that we've come up with. And in the use cases, of course, firewall, Web Gateway, IPS, VPN, and then manage all of that through a single management platform, Panorama, most recently the M-100 hardware platform for management scalability, but flexibility, integrated management, large use viewing, reporting and all of that, packaged up in a single platform. And then of course, PAN-OS being the underlying operating system that really drives all of this. And so, that's what the product line looks like. Single line of hardware, services on top of that and then wrapped with a single management platform.

Two things that are very clearly top of mind for many of you, and so go into just a little more detail on. The first would be APTs, and we've talked about WildFire. Nir's talked about it; I've talked about it. There's just a couple of more points that I think are really important relative to APTs, WildFire in particular. Number one, we talk about this all the time, but it's really, really important: Prevention matters. If you just detect, then you'll see malware, and then you'll see it again and again and again, and companies when that happens, they have people running all over the place, trying to reimage machines to clean them up after they got infected. This is a chart of data that shows, even if you wait 24 hours before you have a signature to prevent it, 50 samples will turn into over 8,000 instances of potential malware infection on the network, versus if you can prevent that within the first hour, you can reduce that by almost 10x. Prevention is a huge timesaver, data saver, threat saver if you can compress the time from first detection to prevention, okay?

And we can back this up by simply saying, we have over 1,300 customers today using WildFire. This is a phenomenal number given that WildFire just launched about 15 months ago. On a typical month, we now see over half a million unique files that we scan. Of those, we find over 26,000 new pieces of malware a month. And of that, 13,000 are net new, meaning we are the first company to find that malware. And I'll show you here on the chart, but what we found even is, that 13,000 pieces of malware, even 7 days after we find it, roughly 40% is still unique to us, meaning we are still the only vendor that knows that, that malware exists. So we're not just the first to find it, but many of those malware are so evasive that the traditional mechanisms just never catch up. 500 pieces of malware a day that falls in that category.

The second big topic that comes up all the time is virtualization SDN, what does it mean? Is it good? Is it bad? From a virtualization perspective, what we have today, what you see on your left, virtualization. Flexible form factor of the VM-Series and the hardware platforms, both are relevant in virtualized data centers, context for dynamic VMs and dynamic motion within these data centers, and tie-ins to automation through APIs and things like that. That is the solution today for private cloud, public cloud environments. As virtualization morphs toward SDN, software defined networking, or software defined data centers, those same principles we have today extends perfectly into an SDN world. Flexible form factor extends into a world where, of SDN where software trumps everything else. Dynamic objects that we have for tracking down the motion of VMs morphs toward all decisions being made on context. Nothing is static anymore. And automated workflow integration morphs into integrating into the orchestration. And that is probably the most important point, because in a software defined network, everything is orchestrated, the network, security, everything. And so all the things that we have now, blend perfectly as virtualization moves toward SDN, okay?

Now I'd like to finish by answering a few questions proactively, things that we hear all the time, because quite frankly it's a big market. There's lots of vendors and there's lots of things that get said that aren't necessarily substantiated. And so there's 3 in particular I want to touch on today.

The first is, management doesn't scale. They don't mean the management team, they mean the management platform of our product. You hear this all the time. The reality is not true. Our management platform scales 1,000-plus devices. We have software form factor of Panorama, very flexible. More recently, that extended to the M-100, which is a hardware-based form factor of our management platform. And that can extend into a distributed model where central management is separated from distributor log collectors, geographically dispersed, 1,000 devices. We can scale a number of devices, we can scale in the amount of data they collect and report on. All in an integrated way, where all of the things that we do are under a single policy.

Second, hear all the time, switching is hard. Honestly, switching can be hard, which is why over the last several years, we've put a lot of effort in trying to make this as easy as possible. Some of this is training, some of this is education, some of this is professional services. But one of the things in particular we're proud of is, we've built a very sophisticated policy migration tool that allows us to migrate existing configs to our configuration form. And now we're doing migrate to config, but we can also fix problems with the configuration. We do config migrations where, we'll decrease the number or rules 10x, 100x in some cases. We reduce duplicate objects. We fix things that are broken in the current configs as we do the migration. So we make this as easy as we can.

And last thing, continue to hear, performance drops as you add additional capabilities. Nir talked about this, Mark talked about this. It's simply not true. Just take a platform that we have that can do 10 gigs of app ID, firewalling, threat prevention. If you enable QOS, it still does 10 gigs. If you enable URL filtering, it still does 10 gigs. And if you enable WildFire, the most recent service, it still does 10 gigs. We have proven this out again and again. The platform scale, the single-pass architecture works.

So what I'd like to leave you with is fundamentally designed from the ground up products, with today's application and user environment in mind. Seamlessly integrating the technologies and functionality that we have to solve today's complex challenges in an integrated way. Single-pass architecture, scaling and flexible enough to incorporate new technologies as they're needed, to adapt to the changing threat landscape. And ongoing product execution that will continue to evolve, both the next-gen firewall core capabilities, as well as adapting to the new landscapes of mobility, SDN and other types of things like that, okay? And now we're going to show you a little bit of this.

[Presentation]

Rene Bonvanie

Good morning. I'm René, I am responsible for marketing in Palo Alto Networks, and we thought that, well Nir and I thought, that it would be very insightful for you to see how our products actually functions in the field, see how it compares to other products. And to do that, we thought it was a good idea to do that not through slides, even with all the customer testimonials, but to actually show it side by side. I know that's not what you see very often in analyst days, but we keep hearing, over and over again, that certain vendors claim certain things and we wanted to kind of set the record straight on that, because we believe what we build is fairly unique and, therefore, why not show the product?

To do that, we looked at 3 things that you may have been told. Right? When you speak with vendors in this industry, they may tell you, "Oh, well, we do what Palo Alto Networks does." Typically in that order. Right? Typically referring to us. Now the good thing is that, that kind of looks like a benchmark. The bad thing is we won't actually take them to task on that. Do they actually do what Palo Alto Networks does? The second claim that is made and that you will often hear in the market is, "Oh, we have better performance than Palo Alto Networks, our proxies are faster and so forth." And again, we want to make sure that you understand what is being said there and how that compares.

And then thirdly what you will hear is "Oh, by the way, we're much cheaper." Well they typically don't use the word cheap, but they say we're more cost-effective than Palo Alto Networks. And it may be in a different order depending on who makes those claims, but at the end of the day, these are the 3 things that we typically hear. Right? So let's take that to task in this demo. Now, to do that, actually -- because why would you believe the marketing guy, right? But it's my job to say these things are not true, but let me actually introduce you to a few folks who know this much better.

Of course, this is Nir. Nir, 19 years ago, was there when certain technologies were invented by him. Other folks here, on my right is Frankie. Frankie joined us from Fortinet. So he knows a few things about this industry. Jerrish [ph] on the left. Right? Who joins us from Juniper. And in the back is Matt. Matt has a long history with -- also with Check Point. I bring these engineers with me because you should believe engineers, not marketing guys, in general. Except for me, of course.

Now the -- what we also brought is a couple of friends. And these friends are actually involved in our side-by-side demonstration. We brought some members of the Palo Alto Networks family. They're in the back, humming away in the back there, so if you turn around, you can see Matt there. If you want to see these things, because you may have never seen a Palo Alto Networks box, or you may have never seen a Check Point box or 2, we also brought some Check Points. Right? So what you're going to see here is real products. These are no videos. These are no slides. This is the real product as it works. In fact what we brought, we brought the PA-3050 the model that we launched in November, which is a 4 gig firewall, 2 gigs firewall with everything on. And to compare and contrast it, we brought a very similar-sized box, in fact physically exact same one unit box, but more importantly, a box that when you turn IPS on, it's in the realm of performance of a Palo Alto Networks product. Now of course, it's marketed as an 11-gig firewall but when you actually turn on the IPS, it does a 1.5 gigs, which is very typical for Check Point gear. All right? So here you have 2 boxes -- forget about the price for 2 seconds, forget about all of this. This is very equivalent technology. So with that -- and they're humming in the back if you want to see them during the break, we're more than happy to demonstrate them.

So what are we going to show you? Let's start here with the most simple thing that you guys, 19 years ago, tried to do, which is manage web and email, yes. So since you all work on Wall Street or are associated with it, I thought the easiest thing to do was to have 2 completely default firewalls, who, by definition, don't allow anything because why would you have a firewall if you put it there and everything still goes through. Right? So a default firewall doesn't allow anything in. And let's only enable web browsing, like the problem that Check Point said they were going to solve 19 years ago. So how are we going to do that here? What kind of things do we need to do to do that? So let's switch to the 2 screens. What you're going to see here is Check Point, so Frankie represents Check Point, and let's go to that. And on the left, you see Palo Alto Networks. Right? So this is -- what are we looking at here in the Palo Alto Networks side?

Nir Zuk

So this is our policy editor. This is actually our GUI. The GUI connects directly to the PA-3050, they're in the back. And here on the Check Point side, you see Smart Center, which is running off a dedicated management appliance of Check Point that then controls the 48.

Rene Bonvanie

Right. So Check Point actually is 2 boxes. A management appliance and the 48...

Nir Zuk

Yes. You could have connected directly to the box to manage it, but you'll see later why we didn't do that. So here you see the Palo Alto policy editor. Here you see one of Check Point's dozen policy editors, specifically this is the application and URL filtering blade policy editor.

Rene Bonvanie

So let's start with Palo Alto Networks then. Let's start with what -- so what can we expect from this policy? This policy allows us to web browse, right? Same with what you're still looking at here.

Nir Zuk

So there's only one rule enabled in this policy right now, the other 3 are not. And it allows the -- all the necessities for web browsing, which is DNS, SSL and, of course, web browsing.

Rene Bonvanie

Web browsing. So if -- with this policy enabled, right, I should expect to be able to go to MSN or something, so, Jerrish [ph], can you show, right, that we can actually get to the website? Okay. So if we go to MSN or CNN.

Nir Zuk

CNN is also good.

Rene Bonvanie

CNN. Okay. There we go.

Nir Zuk

MSN.

Rene Bonvanie

And then MSN. All right. Can we go to MSN, for example? Because this is expected, all right? We enabled web browsing and there we go. What about Google? Is -- so Google is a website.

Nir Zuk

So depending what? Google Search is a website.

Rene Bonvanie

Okay. So can we go to Google?

Nir Zuk

So Google Search is a website and that's why we can go to it. It's web browsing.

Rene Bonvanie

So what wouldn't be a Google property that is a...

Nir Zuk

So for example, we can try to go into mail.google.com or docs@google, site mail -- yes, Gmail.com is fine. And you cannot explore it. Because Gmail is a web-based application, and it's identified as such, and since we only enabled web browsing, of course Gmail is blocked.

Rene Bonvanie

So mail is a clear app, but what about things like Facebook or Twitter? I've...

Nir Zuk

We can try them. Facebook is an application.

Rene Bonvanie

Yes. Facebook isn't a website, it's a web application.

Nir Zuk

So it's blocked. Twitter is an application. So we can try to go to Twitter here. Blocked.

Rene Bonvanie

Okay. So this is exactly what you would expect?

Nir Zuk

Yes. That's what the policy says. That's what the Palo Alto device does.

Rene Bonvanie

Okay. Now -- so Check Point says that they do what we do.

Nir Zuk

They say. It's easy to say that.

Rene Bonvanie

Okay. So can we go -- can we switch...

Nir Zuk

Yes, of course. So here we have a similar policy, so this is the application blade policy, the app blade policy. And you can see there is one rule enabled, and it's the same rule, it allows web browsing, DNS and SSL. We can ask Frankie to also switch to the firewall tab over there, and you'll see that we have included something in the firewall tab, because Check Point has a separate inspection policy. And on top of it, there is an application blade policy. So the firewall policy -- the separate inspection policy also allows DNS, HTTP, HTTPS and SSL version 3 and then, go back -- Frankie, go back to the application, and as we've seen here, here we allow the web browsing application, not the web browsing port, back there it was the port. We allow the DNS application and we allow the SSL application, and the other rules right now are disabled. So it should allow those 3 and block everything else.

Rene Bonvanie

But -- so I would say this is not exactly how Palo Alto Networks does it, because there's already 2 policies instead of 1.

Nir Zuk

No. Correct. You'll already see that it's a little bit different.

Rene Bonvanie

It's a little bit different. But let's give it the benefit of the doubt, right? So they have more policies, which is not the same, but does it work?

Nir Zuk

We can try.

Rene Bonvanie

Okay. So Frankie, can you -- does the 3D security actually work?

Nir Zuk

If you have a 3D printer.

Rene Bonvanie

Okay. Well we can go to CNN. All right? So CNN...

Nir Zuk

CNN works. Okay. MSN?

Rene Bonvanie

Can we go to MSN?

Nir Zuk

Yes. Google?

Rene Bonvanie

Google?

Nir Zuk

Yes. Gmail?

Rene Bonvanie

Gmail? Hold on. Wait, wait, wait. What is this happening here? So why can this -- this is not what Palo Alto Networks does.

Nir Zuk

No. So I guess it's because we didn't have a rule to block applications, and you expect a firewall to block things by default.

Rene Bonvanie

Correct.

Nir Zuk

Apparently, the Check Point application blade doesn't block things by default.

Rene Bonvanie

So even though it has lots and lots of applications in the application database, it doesn't know that Gmail...

Nir Zuk

Gmail is different than web browsing, so...

Rene Bonvanie

Wow. what about with Facebook and Twitter. Because...

Nir Zuk

You can try Facebook, you can try Twitter.

Rene Bonvanie

They always take about Facebook being the easy application, can you -- so can we go to Facebook? Uh-oh.

Nir Zuk

Frankie, you need new friends there.

Rene Bonvanie

Yes, your friends are freaky and...

Nir Zuk

Twitter?

Rene Bonvanie

Twitter.

Nir Zuk

Yes, of course it works.

Rene Bonvanie

So this is not what Palo Alto Network does, is it now?

Nir Zuk

No, no.

Rene Bonvanie

Now so more policies. By default, they actually do not control these applications whatsoever, even though they claim that they can control.

Nir Zuk

Correct.

Rene Bonvanie

But I heard a rumor that there is a policy in Check Point, right, that can block all known applications.

Nir Zuk

Correct. They are saying that they can do that and -- we can actually ask Frankie to go back to the policy. So you can see here, at the bottom, there is a rule that says, source any, destination any, any recognized, I think that's what you're referring to, and block.

Rene Bonvanie

Yes. Any recognized application. Yes.

Nir Zuk

So what we're going to ask Johnny now.

Rene Bonvanie

Hold on. Hold on. Two seconds. Two seconds. Two seconds. So this would imply that we had to set yet another policy to block any known applications.

Nir Zuk

Yes. You expect firewalls to block things that are not explicitly permitted by default.

Rene Bonvanie

Right.

Nir Zuk

They don't.

Rene Bonvanie

No.

Nir Zuk

Fine. Okay. So it's a little bit different than Palo Alto Networks. Let's add a rule to actually block all the things that are not web browsing.

Rene Bonvanie

So this is a lot of management overhead now.

Nir Zuk

It is.

Rene Bonvanie

So this superior management platform that they say they have, might actually -- I'm already 3 policies in. Right?

Nir Zuk

Yes. I guess, saying things is easy.

Rene Bonvanie

Yes. Okay. So can we...

Nir Zuk

Actually, doing them is not that easy.

Rene Bonvanie

So can we implement this rule?

Nir Zuk

Yes.

Rene Bonvanie

I want to see if it actually works.

Nir Zuk

So what we're going to do right now -- just wait for a second. So, Johnny just pushed the push policy button, which is now going to check the policy, compare it with some internal format and push it from the management platform to the actual Check Point firewall. So we're going to hit okay. And with this superior management system, we only have to wait about 1.5 minutes to make this little change.

Rene Bonvanie

Hold on. 1.5 minutes, what are we going to do with 1.5 minutes? Can I make you some coffee?

Nir Zuk

That would be great.

Rene Bonvanie

Can you -- so how would you like your espresso and your...

Nir Zuk

Let's see how many shots we can get when Check Point pushes the policy. I heard they're coming up with an espresso blade, you'll see in a second why.

Rene Bonvanie

You want a single or a double?

Nir Zuk

Let's see how many we can get.

Rene Bonvanie

Okay. Let's do a double first.

Nir Zuk

And luckily we brought -- this is why we brought a separate management appliance, because if it was on the device itself, it would affect in 10 minutes, not 1.5 minutes. You can see it's working. It's very fine. We made a little change, a lot of verification. By the way, if we ask Jerrish [ph], we got a moment to ask him to do that, it would affect in about 10, 15 seconds to do the same thing on the Palo Alto device. Managing the device directly, not with Panorama appliance, not to the M-100, which is faster. Still very fine. Good. How many have we made so far?

Rene Bonvanie

This is your double. This is your double.

Nir Zuk

Thank you.

Rene Bonvanie

I'm going to make myself a single. I am a single guy, so let me do a single here.

Nir Zuk

So I mean, in reality what happens here right now -- when I was at Check Point it wasn't that slow. What happens is that -- it's not me. So I think what's happening here right now is that because Check Point has so many different blades and each blade is developed by a different group inside Check Point, sometimes it's developed by a different vendor, right? The OEM is from a different vendor. Each of them now has to go and compile sequentially and be pushed to the device, because there are so many different policies, so many different engines, so many different functionality that is completely separated.

Rene Bonvanie

They're done.

Nir Zuk

So 3 shots, 4 shots?

Rene Bonvanie

I made 3 shots and I actually drank mine.

Nir Zuk

Okay.

Rene Bonvanie

Okay. Wonderful.

Nir Zuk

Now let's try it again.

Rene Bonvanie

Now what's surprising is does it work? Right? Because we've waited for 1.5 minutes, right, to push 3 policies. So, Frankie, can you go back to...

Nir Zuk

Go to cnn.com.

Rene Bonvanie

Go to CNN. Okay, that still works, so nothing broke, right? But what about ...

Nir Zuk

Go back to Facebook.

Rene Bonvanie

Go back to Facebook. So it didn't work.

Nir Zuk

Of course it still works.

Rene Bonvanie

It didn't work. Yes. So what is going on here? Because now we've given them everything that they asked for. All right?

Nir Zuk

Almost.

Rene Bonvanie

Almost.

Nir Zuk

Yes. So if you go back to the policy -- so the issue is that this is not a real firewall. This is really a URL filter. As you can see, they integrated both together, and this is not the way URL filters work. So in reality, Check Point can block Facebook. But to block Facebook, what you have to do is to go and add the rule above the rule that allows web browsing and say block Facebook. You cannot do it by saying block anything other than web browsing, you actually have to go and specify all the applications that you want to block, and Check Point supports about 100,000 applications, so you need to go and add about 100,000 rules. You can make a lot of espresso while you do that, and then push it. And even worse than that, when they recognize a new application and come out with it, you have to remember to wake up early in the morning and add more rules to do that.

Rene Bonvanie

Okay. So Check Point doesn't quite do what Palo Alto Networks does. No.

Nir Zuk

They certainly can't even block applications.

Rene Bonvanie

So the management overhead here is tremendous. Right? Because the operational implications of this is you have to set many, many, many rules.

Nir Zuk

No. It's not even complicated. It's just -- it's impossible. You can't expect customers to go and set 100,000 rules to block -- to allow just web browsing.

Rene Bonvanie

So let's go to the next scenario. So we can put the slides back up just to quickly show. So we've shown you the scenario. Now that wasn't even safely enabling these applications, that was just to make them work.

That's not my slide. Can I have my slides back? Okay. Yes. So the scenario that we want to enable here is a more complicated scenario. We have 3 groups in the company, a group -- a marketing group that wants to do -- fellowship [ph] files over SharePoint, a group of bankers, i.e. people like you who want to do PDF over box and then a group of IT folks that want to exchange zip files over FTP. And these are now very specific policies that allow these users to safely enable those applications.

Nir Zuk

And really, this is a real-world scenario.

Rene Bonvanie

This is a real-world scenario.

Nir Zuk

For example, you have to set -- okay, why allow the IT department to send zips over FTP and not over a box? That's because box stores all the files at box and maybe you don't want to enable zip inside box. Because...

Rene Bonvanie

Right. Because there could be source code in there or something like that.

Nir Zuk

Yes. So you want zip to be able to be exchanged via an application, like FTP, that doesn't store things online, and you want PDF to be shared over box which store things online. And it's a valid scenario. It's a scenario that we see all the time, and it's one of the reasons why customers buy our product.

Rene Bonvanie

Okay. So let's go back to the demo and see how the 2 products enable this. Very small there. Okay. Well, we'll do it with what we have.

Nir Zuk

We have to live with that.

Rene Bonvanie

Yes. We can live with this. So we're now -- where are we now?

Nir Zuk

Can you can just cancel for a second, Jerrish [ph]? So we're back to the Palo Alto policy. There is one policy, as you can see. We just enabled 3 rules. The first rule there allows marketing to use SharePoint. The second rule says allow bankers to use box.net and the third one says allow IT to use FTP. That's still not enough. We have to go in now and enable the specific file types that we want them to use. So I'm going to ask Jerrish [ph] to click there and add to file blocking something that will block -- excuse me, that will allow only for the short PFD files. This is, of course, a predefined -- a policy that we've predefined, it doesn't come with the product. You can, as a customer, you can go and create these kinds of little policies and attach them to the rule. We're going to ask also to add here allow PDF, and then on the last one, we're going to add zip. So that will really achieve what you showed on your slide. Now we have 3 different groups inside the company. They are allowed to use 3 different applications. Each can use a different application to transfer one kind of a file. This is how you achieve it. The next step is to push the policy, we're now going to do it right now. And it works.

Rene Bonvanie

Yes. So with that in mind, all right? So a single policy for these combinations of users, applications and content, right? That's what you would expect.

Nir Zuk

Yes.

Rene Bonvanie

So let's see if Check Point does what Palo Alto Networks does. Let's go here and explain to me what we're doing here.

Nir Zuk

So what Johnny did here is enabled 3 new policies that allow specific groups to use specific applications. That was done in the application blade, in the application and URL filtering blade, the app blade. As you've seen before, we didn't even have to do that. These applications were enabled already, even though we have to block them. But let's give them the benefit of the doubt. So we enabled those 3 applications. Now the next step is to go and control file types.

Rene Bonvanie

Hold on. So in the single policy, in the app blade, you can actually not specify the content type at all?

Nir Zuk

No. Because the app blade is only about enabling or disabling applications, and here we enabled those 3 applications with specific users, but the app blade is not the element in Check Point's product that controls file transfers.

Rene Bonvanie

So this is what your -- this is a wholesale allow or a wholesale block of the application?

Nir Zuk

Correct. Correct.

Rene Bonvanie

Okay. But that's not quite what Palo Alto Networks does. Is it now?

Nir Zuk

No, it's not.

Rene Bonvanie

Okay. So where would you do the file type?

Nir Zuk

So file type is available in the DLP blade, data leak -- data loss prevention blade. So John is going to go there now. And here, you can see that you can define something like graphic design file, source marketing group detector, or just detect don't prevent. So this rule will allow the marketing group to transfer graphic files, but it will happen across all applications.

Rene Bonvanie

So you cannot specify the application here?

Nir Zuk

No. You cannot. And this goes back to the architectural difference between Palo Alto Networks and our competitors. Where at Palo Alto Networks, the fact that we identify the application at the core of the product makes it available for the rest of the product. With Check Point and with others, the core of the product, except for inspection, it doesn't identify the application. Okay? There is a blade identifying the applications. There is a blade identifying the file type, but they don't talk to each other.

Rene Bonvanie

Okay. That's amazing.

Nir Zuk

For -- the right architecture is to push the concept of application to the core of the product and then maybe all the blades will be able to do that. But that requires you to completely rewrite the core of the product, which is completely new hardware, completely new software. It's much easier to say that you do what Palo Alto Networks does and do this.

Rene Bonvanie

Now there's one more scenario that I want to go through, so if we can go back to the slide once more and show -- because there's one more element. Because the safe enablement also has to do with the level of tolerance that you give to certain users or certain groups using those applications.

Nir Zuk

Correct. So let me just to summarize what we saw here, René. What we saw here is that with Check Point, you can block PDFs, or allow PDFs, but you do it for every one across all applications. Or you do it not for everyone, but of course, all applications. So if you allow PDFs via box, you also allow PDF via email and you also allow PDF via other application, which you might think are dangerous for PDFs. Or more specifically, if you allow zip via STP, you also allow zip via Dropbox, which means that now zip files are going to be stored by the -- in the cloud against your policy.

Rene Bonvanie

Right, right. And then we'll be very much...

Nir Zuk

Okay? And to fix that, Check Point would have to go and completely rewrite the core of the product, which really means rewrite their product.

Rene Bonvanie

So that they can set a policy that specifies both user application and content.

Nir Zuk

So the application will -- the concept of application will be available to blades other than the application blades.

Rene Bonvanie

Okay. So one more scenario. If you can go back to the slides very quickly, because there's a way to look at the tolerance that we have. So what if I want to give -- be more strict with the bankers, as we should be, right, in policy and a little bit more loose with the IT guys. In other words, IT guys could do a few more things because they know what they're doing and the bankers may not necessarily know what they're doing and...

Nir Zuk

It's not about knowing what they're doing. It's not just about knowing what they're doing. I mean that's one thing, but it's also about risk management. There is always the balance between security and connectivity. The more things you try to block, the more you're going to err. I mean, sometimes you'll err. And with the bankers, if you block more, you will err, and sometimes you'll be blocking good things.

Rene Bonvanie

Okay.

Nir Zuk

And it could be that the security requirements of the banking environment is much higher than the security requirement of the IT department that you're willing to risk blocking some good things so that you can block more of the bad things, whereas with IT, you don't want to take that risk. Or you don't have to take that.

Rene Bonvanie

Okay. Fair enough, I understand. So can -- if we go back...

Nir Zuk

This is a very common scenario. All our customers do this.

Rene Bonvanie

It is, yes. All our customers, yes. So can we go back to the demonstration, because I want to see how this works. So let's look at this in Palo Alto Networks first. So we're back in the policy.

Nir Zuk

The same policy. And what we're going to ask Jerrish [ph] right now is to go into one of the rules and add a vulnerability protection profile called strict. Yes, this is for the bankers. So we decided that strict -- what strict is, it's something that you can define. I mean, we're not going through the definition here, but if you go in as the customer and define what does it mean to be strict, you can define which attacks you want to -- what kind of attacks you want to block, what kind of attacks you want to just know about, what kind of attacks you want to ignore. You define what strict is. And then we're going to ask Jerrish to do same thing for the bankers' rule, and we're going to choose a profile called loose. And again, the customers gets to define what loose is. It's not predefined.

Rene Bonvanie

Okay. So we didn't change tabs or screens or blades or anything.

Nir Zuk

No.

Rene Bonvanie

It's just in the core of the firewall.

Nir Zuk

Correct.

Rene Bonvanie

Okay. So where would I do this in Check Point?

Nir Zuk

So first in Check Point, you'll have to go into multiple blades because Check Point doesn't have a threat prevention blade. They have an IPS blade, so we're going to ask John here to go into the IPS blade.

Rene Bonvanie

His name is Frankie.

Nir Zuk

Frankie, sorry. I don't know why I called you Johnny. Sorry, Frankie. I'm going to ask Frankie to go into the -- I did it last night, too. Into the, sorry for that, the IPS blade. And you can see here that you can choose which protection profile you want to apply, but you apply to the entire gateway.

Rene Bonvanie

But that's not...

Nir Zuk

It's not user based and it's not application based.

Rene Bonvanie

So it's everybody on all applications...

Nir Zuk

Everybody on the firewall.

Rene Bonvanie

Across everything.

Nir Zuk

Yes. And it's again, it's the same problem that we discussed before. The fact that the core of the product only knows ports and protocols and IP addresses means that, that information is not available to the individual blades.

Rene Bonvanie

Understood.

Nir Zuk

So the application blades understand application, the DLP blades understand files. The IPS blades understand threats, but doesn't understand application files or users.

Rene Bonvanie

There are more blades, right?

Nir Zuk

And there are more blades because to do threat protection with Check Point, you have to go into like 50 different blades. Well, I'm exaggerating, but you have to go into the anti-bot and antivirus blades and do the same thing, and then you have to going into the, I think the -- NDAS [ph] firewall. I mean, you have to go into -- I don't think we have license here for all the blades, but you have to go into other blades as well and configure the same thing. And in any case, it's going to apply systemwide, again, because the core of the product doesn't understand applications and users. The individual blades don't understand application and users.

Rene Bonvanie

Got it. So what would Check Point have to do to really do what Palo Alto Networks does?

Nir Zuk

So, Palo -- I don't know. So probably, so I mean realistically, what they have to do is to go and rebuild the product. They have to go and rebuild the core of the product. They have to rebuild the hardware because if you move the concept applications to the core of the product, then now you have to run the application ID engine all the time and their hardware cannot support that. So they have to build new hardware, completely new software, and rebuild all the blades. And the issue with that is that some of these blades are theirs. Some of their blades are OEM. They'll have to go and build a single top engine, which means everything has to come home and be built from scratch in a single-pass engine.

Rene Bonvanie

Okay. So if you can go back to slides, because there's one point you made about the operational efficiency here and which also, to me, translates into margin or room for error. So if we can get the slides back on? So this is kind of what you told me. There are multiple policy that you have to set, and we took 5 here, 5 blades where you need to set policy. And depending on the blade, right, you can either look at it from an IP address perspective or UB [ph] perspective or port protocol or app or content.

Nir Zuk

Correct. So most blades understand IP and protocol.

Rene Bonvanie

Some not apps.

Nir Zuk

No, no. IP and Protocol. Some blades, only one blade understands application, which is the app blade, but it doesn't understand anything else. You have the content blades, which are the IPS blades, the antivirus blades and so on, that understand IPs but they don't understand users and don't understand protocols, and it's...

Rene Bonvanie

So this is -- to operationalize this is extremely hard.

Nir Zuk

It's so hard, it's impossible.

Rene Bonvanie

It's impossible.

Nir Zuk

You cannot do what Palo Alto Networks does in the sense that the concept of users and application are not available for you in all the blades. And even if they were, which is, I think, what you're trying to say, you would still have to go and set at least 5 different policies, make sure they are all synchronized.

Rene Bonvanie

Which is not a given either.

Nir Zuk

Which is not a given either. And make triple espresso every time you push a policy.

Rene Bonvanie

So this is what it looks like for Palo Alto Networks?

Nir Zuk

Yes. So in Palo Alto Networks, as you've seen, there's one policy. All the information is available in that policy, and that policy controls all the aspects of the product. So everything that we can do, you can do based on user, based on app, based on content and, of course, if you really want to, based on IP and ports and protocols.

Rene Bonvanie

But, Nir, at least they're fast, right?

Nir Zuk

Depending what you try to do with them, okay? They fall fast. They're very aerodynamic.

Rene Bonvanie

So because I looked at this and I was like, wow, that's some pretty fast boxes.

Nir Zuk

Yes, you can see there how fast their boxes are. And -- but you can see what happens when you turn on things.

Rene Bonvanie

Nir, my eyes are not quite that good, so which box are we looking at here?

Nir Zuk

So Check Point just announced the 21700 is their latest platform. We can try to zoom into there.

Rene Bonvanie

Yes, I'm [indiscernible] years old. I'm sorry, I cannot even see it there.

Nir Zuk

Yes, so let's try to zoom more into this. So this is their latest platform that they announced, and this is data sheet information. This is not an assessed tested information or anything like that. We know what happens when they are tested. We then assessed their performance, and you can see there are so many numbers on it.

Rene Bonvanie

But hold on, Nir. I -- why would they have lab performance and production performance?

Nir Zuk

Because lab performance looks good.

Rene Bonvanie

Okay. So that's the 110 gigabit number, right?

Nir Zuk

Yes. So Check Point is selling this as a 110 gigabit firewall. And what they mean by lab performance is that if all your traffic is a large UDP pocket with a very small set of policies, this is what...

Rene Bonvanie

Which nobody uses, right?

Nir Zuk

Nobody uses, no. And this is, by the way, not tested. I mean this is Check Point's labs.

Rene Bonvanie

This is Check Point's labs or NSS Labs.

Nir Zuk

Not NSS.

Rene Bonvanie

Not even NSS Labs.

Nir Zuk

No, no. It's still new, it wasn't there. So 110 gigabit per second. And the other thing they tell you is that in production performance, whatever that means, firewall performance goes down to 25 gigabit per second and IPS performance is 4.1 gigabit per second.

Rene Bonvanie

4.1. So that 110 just became 4.1.

Nir Zuk

Correct. So you lost more than 90%.

Rene Bonvanie

And that's IPS?

Nir Zuk

That's IPS.

Rene Bonvanie

What happens when you turn on all these other blades?

Nir Zuk

So Check Point doesn't say that here, on their data sheet, they don't show the other blades, what any third part shows, and even their own configurator on their -- it used to be on the support side, will tell you that if, for example, you want to turn on the anti-malware, the antivirus blade, performance will go down another 90%. Or to put it another way, if you go to their configurator and you ask to configure a 5 gig, for example, or even a 4 gig anti-malware device, they don't have a platform for that. They'll tell you, "Our highest end platform doesn't support that."

Rene Bonvanie

So this is very common for all Stateful Inspection firewall vendors, isn't it?

Nir Zuk

Correct. So not just Check Point. It's all the other Stateful Inspection vendors, Fortinet, Juniper, Cisco, they're all like that.

Rene Bonvanie

So in fact, if you want to see this, because we don't have the data here, but Jonathan Ho, where are you sitting? Jonathan Ho has a brochure with him from Fortinet. And he can show you what that 110 gigs becomes in Fortinet and how fast it degrades to next to nothing, right, when you turn these things on. So Jonathan is going to be my lovely assistant here, showing the Fortinet numbers. What would you buy from Palo Alto Networks to get about 4.1 IPS?

Nir Zuk

So to get 5-gig IPS, you would buy the PA-5050. So this is -- as you can see there, over there, over there.

Rene Bonvanie

Okay. That's a 5050. Now 5-gigs firewall, FID, IPS, what happens when you turn more things on?

Nir Zuk

So when you turn more things on, it stays at 5 gigabit.

Rene Bonvanie

Right. And remember, we don't actually turn things on, do we now?

Nir Zuk

So we don't turn things on. What we do is we sell you a license that unlocks server functionality. That functionality runs all the time. The single engine runs all the time and the license key that you get or that you subscribe to, [indiscernible] from a different service will unlock functionality that will allow you to...

Rene Bonvanie

Because I keep on hearing...

Nir Zuk

Use that engine for more things.

Rene Bonvanie

Right. Because I keep on hearing people say, when you turn things on, well, no such thing as turning on because it's already there.

Nir Zuk

It's already there. You just get a license or you ask for us to show you the information.

Rene Bonvanie

Right. So when you do firewall plus FID plus IPS plus QRS plus antivirus plus URL plus WildFire plus whatever things that you might...

Nir Zuk

Like whatever we -- whatever the mix, you will run at 5 gigabit per second.

Rene Bonvanie

Okay.

Nir Zuk

And NSS verified. I mean not on this platform, in another platform, but NSS verified.

Rene Bonvanie

Absolutely, yes. Absolutely.

Nir Zuk

Their performance doesn't degrade.

Rene Bonvanie

On the 5020, that's absolutely true. But, Nir, at least they're cheap, right?

Nir Zuk

In the way they market their product, yes.

Rene Bonvanie

So what would that box cost?

Nir Zuk

From us or from them?

Rene Bonvanie

From them.

Nir Zuk

So this is Check Point online configurator. And we configure the 21700 to do IPS and other things as well, I mean, $159,000. So that's the first year cost.

Rene Bonvanie

That's the first year cost. And so with Palo Alto Networks?

Nir Zuk

So $84,000, okay, first year cost. And you get much more because you get also the other things that are included in the threat prevention subscription that Check Point doesn't provide for free.

Rene Bonvanie

Now again, if you want to run more, if you want to enable more of the services...

Nir Zuk

Yes, if you want to enable WildFire 1 hour or 30 minute signatures, you pay another 20% a year of the base price. Most of the base price ...

Rene Bonvanie

Of the $70,000 or so.

Nir Zuk

Of the $70,000 or so. As you pay another $14,000 a year, and you just enabled APT signatures and performance, of course, does not degrade. Another $14,000 a year, you'll get URL filtering and performance doesn't degrade.

Rene Bonvanie

Fantastic. Good. Well, Nir, thank you so much for the demonstration. Thank you, Frankie. Thank you, Jerrish. Thank you, Matt. So in conclusion, I think hopefully, right, we have shown you that in this case, Check Point does not do what Palo Alto Networks does, right? Despite the claims, marketing is easy, but product is actually hard. When you see it live, right, it doesn't do what Palo Alto Networks does, right? The argument that it performs better, you saw the management claim, you saw the efficiency of the management platform, right? You saw also the comparison between lab results and real-life results. It's not the same. And finally, the argument that, oh, it's also more cost-effective than Palo Alto Networks doesn't hold, right? It's not true that like-for-like, right, these are same things. They may get there through excessive discounting and try to do that, but remember, that's not why people buy network security. They buy it, first and foremost, for security. And the security you saw, right, in the demonstration that Check Point was not at all what Palo Alto Networks delivers. So with that, thank you very much. We're going to have a quick break, right? Coffee and snacks are served outside, but before we do that, hold on, hold on. All right. But before we do that, right, I want to have a few questions from the audience. So I'll bring both Nir back up and Lee, right, and if you have a question, raise your hand, wait for the microphone because otherwise, the folks on the webcast cannot hear you. So Keith Weiss over there, and that's the first question.

Question-and-Answer Session

Keith Weiss - Morgan Stanley, Research Division

I was wondering, Nir, if you can talk to us a little bit more about the virtualized offering. You said some of your competitors came out with a virtualized offerings in the past. Can you talk to us about what you're doing differently, first of all? And then second of all, how you see sort of industry penetration going? Are we at the time when people are starting to deploy these virtualized solutions into their environments?

Lee Klarich

Yes, I think -- so first of all, the core difference is that our virtual firewall is a next-gen firewall. So previous attempts to do this have all started by trying to put Stateful Inspection into software into the data center, which is probably the most useless thing to do, because in the data center, almost all of the applications run on just 1 or 2 ports anyway. And so you need to be able to identify the applications. Everything that we talk about applies in the data center. And so the first difference is the VM-Series is a next-gen firewall. It doesn't leverage Stateful Inspection. The second thing is in these virtualized data centers, things are moving from static to dynamic. So when you had physical servers with an application, you knew what the IP address was, it didn't change. You wanted to play a new one, it takes weeks to get a new server in with a new IP address. And so you could have static network security policies. In a virtualized data center, everything is dynamic. And so one of the capabilities that we launched in addition to the VM-Series was the dynamic object capability where we can actually track movement of VMs dynamically through APIs, integrate them to the orchestration layer. And so VM gets spun up, IP address gets mapped dynamically, policy hasn't changed. VM moves, gets a new IP address, we track it. VM gets torn down because you don't need the scale anymore, we remove the IP address. And all of that is dynamic as opposed to static, right?

Nir Zuk

Just to extend on that, the customer problem that this solves is the fact that in the virtualized data center with our competitors, whenever you, say -- let's say that you need more computing power for database, right? So you add -- you flip about them and then you add 10 more database servers. With our competitors, you still have to wait for Saturday night for a window where you're allowed to make firewall changes. So it took you a second to add 10 more instances of database, but you have to wait a week for all the approvals to change the firewall policy to actually allow access to those 10 instances. Whereas with us, because of our partnership with VMware and because of our ability to integrate into the orchestration system, when you flip the button in the orchestration system wherever that is, we know about it immediately and we immediately allow access to those 10 new database servers. Or if you shut down 10 database servers, we immediately block access to those 10 database servers, and that's without having to push a new policy and to get all the approvals that involve that, okay? So that's the customer benefit.

Rene Bonvanie

Joel, did you have a question? Because I see Maria [ph] next to you.

Joel P. Fishbein - Lazard Capital Markets LLC, Research Division

Yes, just a follow-up one. At the RSA Conference, obviously, it was a lot about advanced threat protection. You did a nice job about talking about the offering here, 2 unrelated questions. One is, are you saying that with WildFire running on a next-generation firewall that you are as good, if not better, than what FireEye is offering and getting $300,000 for instance that they're offering? And related to that is, obviously, you had a lot of buzz at the booth around WildFire, and I wanted to see if you had any -- if there was an uptake since that time on the subscription services since then.

Nir Zuk

So on the technology side, so if you compare us to FireEye, here are the things the we do that FireEye doesn't do. And some of them are tactical and some of them are even more important and that are architectural. So what we do, we do across all applications. FireEye can only protect non-encrypted web and email, meaning if the threat comes in via SSL or via an application like SharePoint or Dropbox or WebEx or anything else, they don't see it, which is a big issue. That means that their customers have to shut down all applications and only use the Internet for non-encrypted web, no more Amazon.com for you, and no more online shopping or online help for you and email. So that's the first difference. The second difference in us and FireEye is more architectural, and that is on the prevention side. That's the fact that FireEye can't really prevent the threats from coming in. They can detect them, they can tell you about it. But to prevent the threats from coming in or detecting them already on the network trying to get out, you have to be everywhere on the network, as I explained in my presentation, okay? You have to be in the small branch office running at a few megabits per second, you have to be in the data center running at 10s of gigabits per second. You have to be in between the Ethernet edge, at the core of the network and so on. And they are just not there. And more than that, you need to be the IPS for that. You need to be the anti-malware for that, anti-malware device, you need to be the application device for that, and they aren't, okay? So I think that architecturally, if they don't become the next-generation firewall of choice, they, for the customer, long term, I just don't see them being deployed in network, and they're going to go the same way that the IPS vendors went and the proxy vendors went and the content filtering vendors went. Again, there is a problem to be solved right now. It's being solved, but long term, architecturally, this belongs in the firewall.

Rene Bonvanie

Okay. There's another question.

Unknown Executive

And now, there was also a question about...

Rene Bonvanie

So we'll answer their sizing and customer acceleration questions in the next QA, Joel. Just so you know, because there's another guy qualified to talk about that as you know. Okay. There's a question in the middle there. Wait for the mic, please. You stole the mic.

Aaron Schwartz - Jefferies & Company, Inc., Research Division

It's Aaron Schwartz from Jefferies. You guys talked quite a bit about the advantage of not bolting on different technologies and really natively integrating, I guess, a lot of different functionality. Can you talk about how you think about an acquisition strategy longer term, and maybe if you do go down that road, how you would integrate differently than other companies?

Rene Bonvanie

Yes, I can -- so I think from a technology perspective, not from an M&A perspective.

Nir Zuk

No, of course. From a technology perspective, as I've said, we believe that the firewall is the place to enforce things, and the single-pass engine is the one that's going to actually execute the enforcement. And if and when we acquire a technology company, it's probably going to be someone that can detect more things that we cannot detect today. And the way you integrate something like that is the actual detection happens in the cloud. So you place their technology in the cloud, and that sort of enforcement happens in the single-pass engine. So the integration will be, puts their software in the cloud, detect more bad things going to the network, generate signatures based on that and push them to the single-pass engine. Okay, that's how we scale and that's how we integrate different technologies. And frankly, I mean, this is the way we integrated WildFire and other things into our product, okay? I mean, WildFire was not an acquisition. We developed it in-house. But that's the way it worked. We have a group of engineers developing the cloud-based technology and then creating signatures and pushing them to the already existing firewall, which is single-pass engine.

Unknown Analyst

Howard Weinfield [ph], [indiscernible] Research. I kind of had a 2 for -- one, you claimed that Sourcefire couldn't stop malware. They actually spent about 40 times earnings on a special acquisition that was supposed to have a honeypot that would be the -- their management talked about all the other malware players that this would be freeware, I guess, in 2012, and would catch fire in 2013. Fires are simple so -- and I would just like your opinion on if you know about that solution and what's the difference between yours and theirs. And then the other thing is at the RSA Conference, you actually were giving out a review from NSS Labs, talking about the 2013 network firewall security value map, and actually, Fortinet Fortigate800F is the appliance that is the highest enterprise management security effectiveness and QCO [ph] per protected MBMS [ph], and I'm surprised you haven't mentioned them and just talked about Check Point, which, I think, we all realize Check Point has a very low valuation for a reason, and you guys have a very high valuation for the reason you showed at the other side.

Rene Bonvanie

So I'll take that last question first. You didn't get it from us. I can guarantee it. But no, you did not. You got that from Fortinet or from Check Point, because I don't give out NSS materials. Very importantly, the -- what you see there is classic Stateful Inspection throughput. This is not throughput with lots and lots of things actually enabled to do the inspection. And I will always tell you, if you want a very, very fast, very cheap traditional firewall, right, Fortinet is probably the best firewall to get there, but from the cost perspective. It has ASICs, it does all that's optimized with it. That's not what we do, right? We tend to think of performance with all of these things actively inspecting all the traffic for all the applications for all the users. That's not what you see on that as VM. That's a very different thing. That's actually not something that NSS actually tests. So that's why we referred to the numbers.

Unknown Analyst

[indiscernible]

Rene Bonvanie

No, no, no. They're making it up. They're testing for a very specific use case of traditional firewalling, right, with no other inspections than classic firewalling. That's what I'm saying. NSS doesn't make this up, absolutely not, no. And back to the question about Sourcefire, that was another question.

Nir Zuk

Yes, so without giving too many details, the product that you're talking about is a desktop product that they give away for free. It has nothing to do with network security. And specifically, Sourcefire is an IPS company. Sourcefire is not an anti-malware company. Company -- customers don't buy anti-malware gateways from Sourcefire. They buy them from Blue Coat, okay, or from company similar to Blue Coat. And that's why Sourcefire is not in the business of blocking malware. And that's the point I was trying to make in my presentation.

Unknown Analyst

[indiscernible] next generation firewall.

Nir Zuk

Again, I think we showed on the stage here that it's very easy to say things. It's a bit more difficult to do them. And specifically, with Sourcefire, we have never ever seen them in a single firewall deal. We compete against them as an IPS. We have never seen them as a firewall in a firewall deal.

Lee Klarich

I think it's important to note that building a firewall is not something you wake up one day and just have. Firewalls take a long time, a lot of technology developed. The in-line capabilities, the reliability of the performance, the HHA, the network, and there's so many things that go into being an inline device. It takes years, honestly, to get there, if you do it well.

Rene Bonvanie

One more question from Greg Dunham, the last question before we go to break.

Gregory Dunham - Goldman Sachs Group Inc., Research Division

Switching gears a little, you mentioned WildFire. The opportunity in service providers, virtualization, so there's a number of different areas where you're putting development dollars. How do you actually allocate in terms of when you strategize, these are the areas we need to be in? And kind of from a philosophical standpoint, what's the best way to approach kind of the opportunity in the threat landscape?

Lee Klarich

I don't know. It's not -- if you're asking like how do we -- do we say 10% needs to go here and 5% needs to go here, we don't really approach it that way. I think that would be sort of a more traditional approach of new problem, new product. Because the approach is so integrated, we work really closely with customers and always meeting with them. We take their feedback, we understand the problems they're dealing with, and then we take that back and we just work with engineering teams, develop good solutions for it, often leveraging the existing infrastructure we have in the product, including things like single-pass architecture and things like that to enable these new capabilities. So we don't really think about it in terms of carving out percentages of resources and applying it that way.

Nir Zuk

And specifically, because we can leverage existing technology, for example, if you wanted to build a standalone APT company today, you would need to build actual device. You would need to build an operation for the device. You would need to build a management system for the device. You will need to build reporting and all these other things that we already have. The number of engineers that actually worked on WildFire to get WildFire to be a product was probably handful, okay, and they did it over a year. So it's not like we needed a complete set as our APT competitors, because a lot of the technology was already there. They built it and now they moved on to the next project.

Rene Bonvanie

Okay, good. So at this point, let's break for 10 minutes. Coffee and snacks are being served outside, and be back here in about 10. Okay? Thank you very much.

[Break]

Rene Bonvanie

If I please, may I have your attention. Take your seats. We're going to move on to the go-to-market part of the presentation, as well as the results part. So I've already introduced myself. The part that I'm going to speak about in this section is our view on market dynamics, what is going on in the market, how does the market view Palo Alto Networks, but also how do we view the market and the evolution of that. And also take a look at our go-to-market strategy. There were quite some questions during the break about it and I want to start there, and then Mark Anderson will continue that conversation, right, because I think it's a good thing that you get the view from both the person who generates the demand, as well as the person who then closes that demand and turns that, I think, to revenue for the company.

So there are many ways to look at the market. We chose to look at the addressable market but in, I would say, a rather consistent way. Ever since we started to publicly talk to the market about what we believe the opportunity is for Palo Alto Networks, what elements we believe our technology can address. We have shown you this picture. You've seen it a few times today, and I want to dissect it and look at some of the dynamics, also introduce you to some of the players that we see, and our take on who those players are, what the dynamics are, and then give you our opinion about what we believe what the game is and why we believe that we are different in this market.

So IDC and others, but I refer to IDC here, has sized this market very consistently. Now there are many ways to look at this, but if you -- at the bottom and it is a somewhat traditional way of looking at the market, look at it, there are firewalls but sometimes, they come out as UTMs but firewalls. There are web gateways. There are threat prevention systems and there is VPN technology. That is a $10 billion market, growing very nicely over the next few years to a $13 billion-plus. Now there's a lot of movement happening inside that market. A big player here, a very, very big player doesn't have 40% market share. There is no such player in this market that has overwhelming market share. In fact, when you look at these markets, the core players are actually somewhat different, all right? The strongest player in firewall is not a player, but a very strong player in things like web gateway. But the dynamics would suggest that this market, even though people are spending money on this, may be piecemeal today, will start to shift.

So let's dive in and look at each of these slices in a little bit more detail. So that first slice is in fact the biggest slice, and that is the UTM slice, or firewall slice, in this market. That slice is characterized by a, first of all, a refresh cycle that is 3 to 5 years, these companies have -- that's not the product refresh cycle of these companies but quite the opposite. It is the refresh cycle that enterprises have on these technologies. These technologies are very wired into the infrastructure, especially firewalls, and there are 2 very distinct players in this market. There is a large group of traditional legacy Stateful Inspection based firewall companies that are based on 19-year-old Stateful Inspection. And in order of their size, that's Cisco, Check Point, Juniper and Fortinet, in that market. And then there's one player, Palo Alto Networks, with a very different core architecture. And as we've shown, those architectures are not identical, all right? Whether you look at Cisco's or Check Point's or Fortinet's, all right, a UTM example versus a next-generation firewall example, it's not the same. There are many, many things that those legacy Stateful Inspection based technologies cannot do right in the firewall. Even if you attach blades for application control, even if you attach blades for other types of functionality, it still doesn't do what Palo Alto Networks does, right? It took a fundamental re-architecture at -- of the core of the firewall to get to where we are.

So shares are shifting rapidly. We are the big grower in this market. All the others are not.

In web gateway, you see a very different landscape. Web gateway is characterized by technologies that traditionally we based on proxy-type solutions. So Websense, Blue Coat and just so much then, even Cisco. These companies, all right, are in a position today where, because of the legacy architecture, but more times they are being replaced by modern technologies, right? And in the modern category, there's Palo Alto Networks and companies like Zscaler. Zscaler does it in the cloud, they have a different approach to solving this problem, all right? But as you can see, only one vendor, right, is here, right, that was on the previous slide as well, apart from Palo Alto Networks, which is Cisco.

When we go head-to-head against a web center Blue Coat in these deals, we can win, in fact, we oftentimes win. We replace those Blue Coats. We replace those Check Points. We replace those Ciscos for this function, right? It's almost never, if ever, that we see Juniper or Check Point in these kinds of deals. So this big chunk of market, all right, is not where we would see Check Point, all right, or Juniper or Fortinet, for that matter, right. That is already very different.

You go to the next slice in the market, IPS and IDS. You have modern vendors and I would include clearly Sourcefire and FireEye in this market, right, and you have legacy vendors, IBM, McAfee, TippingPoint but all of whom have been part of acquisition strategies, and have lost focused on this market. You don't see Check Point in this market as a stand-alone IPS vendor, when there are IPS projects, right, we run into Sourcefire, not FireEye, but I put FireEye there because I think what will happen in the next few years is that the non-existing APT market, because there is no such thing, all right. But this market will kind of embrace the APT functionality and what was known as the traditional IDS/IPS market will evolve to a market that is very threat prevention-centric and will include, all right, whatever money gets made, whatever people spend on APT, all right, the majority. There may be some other moneys being found, all right, but fundamentally, this market might -- will collapse, all right, into this. So I don't think there will ever be a completely separate layer, because that would suggest, right, that the best way to solve this problem is done outside of the firewall, which we don't believe is true. Not even Sourcefire believes it is true because that's where they're moving, right? They know that they have an interesting solution, but they're in the wrong spot. They have to move the firewall to make it operational.

Now again, what is very unique is that when there is a pure IPS opportunity, all right, we're now the only vendor that can bid on both firewall opportunities, gateway opportunities and IPS opportunities. There is a sliver that will continue to exist, all right, for VPN-ish technologies. When we introduced GlobalProtect that isn't necessarily a classic kind of VPN, but again, from a modern perspective, there are companies here who are good at this, right, who continue to sell ways to securely get into the corporate network. And that include Cisco, Juniper and F5, all right? The legacy vendors here are guys like Microsoft and SafeNet, all right? But the consistent themes are all of this is that we believe that we can bid and win very consistently on all of these 4 slices in the market. And that shows, when you look at the relative performance, year-over-year, of what I call the big 6. And the big 6 include Palo Alto Networks, Cisco, Juniper, Check Point, Fortinet and Sourcefire, right? You can see that Sourcefire and Fortinet have shown very decent performance, right? Very different characteristics, right? Often times, very different markets, right? I would say that very rarely do we run into Fortinet. I always joke that if one of us shows up in the same deal, 90% of the time, one of us is in the wrong deal, because the use case for Fortinet, right, in the enterprise is typically a very, very big box that -- the Stateful Inspection, and we don't sell that, or it is in an extreme distributive model where, in the branch, they need a $200 box with ears for WiFi, which we don't have either. That would be the situation. But believe it, when we are in that situation, we're in the wrong spot. That's not the use case for us to fulfill yet.

So you look at the relative performance and what you see is that other than a pure specialist, Sourcefire, who is the last man standing, so to speak, in that IPS segment, the growth is in there, right? In fact, when you do it on a dollar basis, the last quarter was a very interesting quarter, right? This combined the 5 other vendors here, right, less additional dollars last quarter than we did, right, in that same quarter. So you can see the money moving, right? The market shares are shifting. But the argument that I sometimes hear that others are gaining market share, the numbers don't show that, right? If you take it -- if you look at the big guys, right, they're barely growing at market rate, if even that, right? So that would suggest that somebody who shows consistent 50-plus-percent growth rate is taking market share. So the dynamics have changed substantially, right, in the last quarters.

The dynamics are also very important, all right? So Mark showed you a condensed picture of the MQ; the full picture is here. You can see that there are a whole bunch of vendors there, all right, that have firewalls but aren't necessarily seeing the traction, right, and the big guys have all moved to the left, all right? They have a terrible time keeping up with the technology rate of change that we were introducing to the market. But I wanted to give you a little bit more insight into what is behind this graphic, because the graphic itself is only one dimension.

I have to explain something before. There were some questions about, well, there is other opinions in the market. Well, we made the point in the demonstration to talk about what happens in the lab and what happens at customers. A lab report is what it is, right? In the lab report, you look at what we call sometimes synthetic data, right? The best they can do, right, with synthetic transactions or synthetic users or synthetic applications or synthetics threats. And then there is what customers actually say about how the product works. So someone like NSS, right, is on the lab site, right. Someone like Gartner talks to thousands of customers and forms an opinion about whether it actually works, right? So people vote with their money and you can see them in growth and people, right, vote their confidence to companies like Gartner who talked to -- they don't talk to us about this process whatsoever, right? They tell us what they are doing, but we don't actually have a vote in any of this. We don't go in there and tweak and optimize and change and turn knobs. This is an opinion that they form by speaking to thousands of customers. So what did they hear? Well, first on the market. The market, right, looks at quality of features, right? They actually don't think that the quantity is important. Now that doesn't -- shouldn't be confused with what features do you have? It is how you factor out your features, right? So in the case of Check Point, as we showed, Check Point -- the way Check Point factors out its features is its many, many, many new blades, right? 20-plus blades, right, in which they will -- they have 20 blades, you only have 4, right? That's not how you should think about it at all, right, because threat prevention or URL filtering, all right, or even the core firewall does so much more, right, and so you should really get the quality of those features, how they work in your environment, rather than whether you have 20 or 27 or 35 blades. That's not at all how you should think about this. The other part is that it still is early days in the move from traditional firewalls to next-generation firewalls. And this is, by the way, less of a technology argument. But as you heard Motorola say, this is more an argument of how do you put that in with the oversight that you need, right? Lee showed that technical migration actually is not so much the challenge, right? That's not what's hard. But typically people have to do as well, is make sure that the policies that they implement are the right policies. That it is okay with the compliance teams and with the legal teams and with the audit teams, because now, while you're safely enabling these applications, the impact of that has to be understood. So what you see, though, is that the install base will rise rapidly to 35% but more importantly, new purchases will rapidly move, right, in the next 2 years to be next-generation firewalls. And then lastly, all right, they're not going to buy them from traditional vendors, where they've brought their switches and drivers from. They're going to buy them from very few specialists, right, which tells you that the money will disproportionately shift to those who have a true next-generation firewall and no longer come from the leveraged vendors, right, which you would include companies like Cisco.

On us, there were some interesting observations as well, right. We move the needle. Everybody says that they do what they do, right, because we do what we do. They cause them to react, right. To be honest, in the last 5 years and I don't think anybody has announced ahead of us, has done anything in their firewall or in their product ahead of us. So very different. We do it because the design at the core was different and that allows us to displace traditional competitors. And this argument is made over and over again. Are you just helping another competitor or are you displacing competitors? Gartner believes, by talking to customers, that we displace the customers you've seen today, displace and we'll come back to that in a second. And then finally, all right, the -- what we do is different. It's not just a little bit better, it is very much different from what others do.

Okay. So how do we move this to the market? Our model has been very consistent for the last 5 years, right? We go through 2-tier distribution. We build a channel to move the product like to the end customers to augment our ability to reach those end customers and to properly service the end customers after they've done the purchase. We always start with going directly to the end customer as far as the storytelling is concerned. When we tell the story, the end-users get it from us. We tell that story. We do it in many, many ways but we raise the demand for that product. Then, in parallel, we build the channel organization so they can do this. We enable, so we recruit, enable and then optimize the channel partners involved, both distribution partners as well as resellers. Both of these add value to what we do, in terms of services, in terms of presence, in terms of all kinds of scales that we don't necessarily want to put in front of the customer. We believe that our partners are better suited and more trusted to do that, right? Mark, clearly -- Mark is -- resellers will also go to those customers and we do that in a go up model where we jointly execute on the demand. Then when we sell, right, the predominant way, of course, the only way that we sell, is through that channel. In other words, 100% out of our business flows right this way. It comes, right, generally the demand, it flows back from us through the channel, but no stalking, no funny deals, right, it is all clean as a clock, where the customer, right, picks that value-added reseller, the value-added reseller picks the distributor and we transact, right? We have general account managers to work with these distribution partners, and we have, of course, we augment our own high-tech sales force, right, with the sales force of our channel partners, right? We don't take those deals direct, it's not because we have people in the field that we then get greedy and pick deals off of the table. No. Every one of those deals, 100% flows back to the channel. This model has been implemented globally. We've run it for many years and what it gives us is visibility, right, into a pipeline development. And very importantly, it gives us great predictability that of our business, because the way it works, the way we transact in this model, the deal registration and automation, that gives us very good insight into where we stand on demand, where we stand on recruitment and so forth.

Now I specifically highlighted here our strategy with VARs and resellers. That was the model that got us to where we are. The more and more our customers also tell us that they truly want to engage through service providers and systems integrators. So after me and Michael come up and talk about little bit more about those relationships, they're somewhat different. They're not necessarily the pure security VARs that you know so well. But we also believe that the market dynamics are such that our customers, especially the larger ones, want to be serviced by people, right, in the category of service providers and systems integrators.

So this model has worked well for us, right? It's a model, again, of quality, not quantity, right? A 900-ish channel partners. That growth hasn't been excessive because we believe that the best way to make our customer successful is by having high-quality resellers and distributors in place. All of them augment what we do. They don't just push boxes or sell through. These are people who are involved in a daily basis with our customers. And we provide benefits, based on their commitment and based on their performance, in terms of deal registration, margin, multiyear protection and so forth, right?

Now we're very demanding in terms of accreditation, certification and so forth. So unlike, right, partner or e-partner ecosystems of thousands and thousands and thousands of resellers, we don't believe that, that is the right thing to do for the enterprise customers that we serve. We believe that they benefit from specialists and from people who are committed to services. Okay. Now I want to end my section, too, because after all, I am the marketing guy.

Unknown Executive

[indiscernible]a little technical glitch for a second.

Rene Bonvanie

Okay, yes. So it is kind of the fact or fiction part of every presentation. Fact or fiction, right, always comes down to whether something that is being claimed is true or not. So the first faction is, you can't keep growing your customer count like that. Like what does all these people -- can you sustain it? Have you done it? And how have you done that? Well, first of all, clearly, we have done it. We have consistently grown our end-customer count, right, to a very, very advanced level, 1,000 plus in the last 5 quarters, each, right? But that helps us with one part of our strategy, the land strategy, one that Mark referred to. Landing 1,000-plus customers allow something equally or even more valuable to the customer, which is then to expand and extend that footprint in those 10,000 customers, right, by repeat buying of our technologies for different parts of the network or for different security functions. So while we're very proud of this, right, you shouldn't just look at it this way. But clearly, because of our expansion, because of the attraction in the market, more and more so have we been able to attract these customers. And we're still in early days in some of the markets that we operate, right, like China and India and Russia. And so, where there are, by the way, very big companies, very large enterprises, in desperate need of good network security.

There's also a question of, well, have you -- you've picked the low-hanging fruit, right, all the easy ones, like the guys who were very disappointed with old technologies. Those are the guys that you displaced. Well, that would suggest, all right, that -- 2 things. It would, first of all, suggest that what we do is a one-off, right? The customer buys one thing and then they're done buying from us. It also would suggest that we've done so with small customers, right, not necessarily the big enterprises on the planet. So let's look at that claim as well. What it takes to become a top 25 customer, right, has grown substantially in the last 5 quarters. You look at the movement of this bar from only a very short time ago to now, and you can see that, that bar has moved up substantially from less than $1.6 million to more than $2.8 million, right? That number, right, when we were in the IPO road show, which is only 7, 8 months ago, right, was in that 1 point -- so almost $2 million range, right? Even in that short period of time, you can see how much it has grown. That certainly wouldn't suggest why the people, right, are selling us low-hanging fruit, that we pick low-hanging fruit, right? This means this points to an infrastructure-type of transactions with these companies. We also, at the time of the road show, right, started to share with you the repeat buying behavior of these large customers, right? And what you can see is that this actually has evolved, right?

Only the time of the IPO, again, 7, 8 months ago, right, was that number, 3x, right? We're now at 4-point -- sorry, that number there was 8x, of the top 25. That was 8x. It is now 11.4x, right? So they bought 11.4x what they started out with. So they keep on expanding and extending their purchases with us. So that's not low-hanging fruit. That means, right, becoming more and more part of the infrastructure. Similarly across all customers, right, the number that was 3 at the time of the IPO road show is now 4.6, grows substantially. This is repeat buying across all of our customers. So even for the average customer, this metric has gone up substantially, right? You keep on seeing them buying and buying and buying, right, in each subsequent quarter.

And of course, then, well, yes. The big companies don't use you, right? Now I'm going to say something that you shouldn't take personal, Mark Anderson, but without a lot of effort, because Mark only joined us right about 8, 9 months ago. Without a lot of effort, we actually have already seen tremendous growth in the world's largest customers. Mark will explain to you how much of an emphasis that is in his organization, all right? But today, we service 500 of those global 2,000 customers, right? Very, very good growth year-over-year, which means that, a, there is lots of headroom left in that market, with focus, that Mark is putting in place, right, that is both on the count but also the penetration in those existing 500. Because you'll look at what we've actually sold to those guys in the last few years, right, we may be 10%, 15% penetrated in the networks, right, which would suggest that we have both an opportunity to get more global 2,000s but also more from those customers.

Okay. There is a claim that we're only succeeding in a few verticals. I sometimes hear this on earnings calls, where, yes, we see them in the 1 or 2 verticals, but never in all of them. Well, I want to reiterate that our model is such that we have a very wide distribution, both on the customer side, as well as on the vertical side, right? No single customer accounts for more than 10% of our revenues, end customers, and no industry accounts for more than 15% of our -- even in any given quarter, right? So even what is traditionally a Fed quarter, right, or a Japan quarter or whatever it is, right, it's never more than 15%, which tells you that, first of all, we're diversified and when you look at the industries we service, it's very, very broad.

Now the last thing I want to cover are the ones that really go to my heart, because this is what I always hear from you guys, and from everybody else. You're not deployed at the firewall, so somehow you made all these money and all these customers not being deployed at the firewall. I don't know if anybody else who has done it in the past, but supposedly we are the first that gets all this money without being deployed as a firewall. So only 7, 8 months ago, we gave you a statistic where we said that we believe that, at that point, about 50% of our customers had deployed us as a primary firewall, and about 55% of the new deals that we were involved in were for primary firewall.

So these numbers that we update [ph] you, once a year, in an event like this, we update [ph] you today on what we believe they are, right, based on our analysis, right, of our deals, our customers and so forth. So more than 75% of new customers in fiscal '13, so the last 6 months of selling, right, 75%, right, have chosen us as the primary firewall. These are deals in which we replaced an existing traditional firewall, in the primary position, in the data center, in the perimeter, in the enterprise, which then yields a number of more than 60% of all our customers, right, who have now put us in place as a primary firewall.

And then there is a claim that, well, yes, that may be true, but we never lose against you. You never win in competitive deals, right? So you get this from somebody else, not us, right, which also isn't necessarily supported by the data looking at the growth numbers of others, but is another reporting data point. So we said -- have always said that we do very well when we get the opportunity to get the product tested, right? The way we want to update that number to you is that when we do a technical evaluation of our product, that our win rates are best in class. We win more than 85% of deals, right, after we've done a technical evaluation. A box was on the network, we've delivered the application visibility and risk report, right, and the customer knows what our technology does versus what other technologies do. So with that, I'd like to thank you very much. And Mark, please come up. Thank you.

Mark F. Anderson

Good morning, folks. Thank you so much for taking your time to listen to us this morning. My name is Mark Anderson, I manage the worldwide field operations team here at Palo Alto Networks. And I've seen a lot of faces here before in my previous slides, and some of you have asked me, why did I leave a good company like F5 to join Palo Alto Networks here 9 months ago. And for me, I think it was really simple and basic. First of all, I love the size that we are right now. When I joined F5 back in 2004, we were a little smaller, but we grew really quickly over the next 8 years, and I really loved that ride. It's a really fun ride, especially like F5 had. And like we have today, we have disruptive technology leadership. It's fun to win.

Second thing is, the market here, it's massive. We've heard $10 billion, $13 billion by 2016. It's a huge market. We have less than 5% market share. And we're competing against some good companies that have 20-or-more-percent market share, 3 of them in fact. And when you have that disruptive technology leadership, it's good to go up against companies and take share from them. That's also very much fun. And really, the third thing is the team that I get to work with. I get the privilege of meeting Nir before I joined and how can you not be inspired by a bada** cool CTO like Nir; Mark McLaughlin, an amazing CEO and leader, and really the entire leadership team, it's really humbling to work with. So I'm really, really psyched to be here, and I'm excited to talk to you today about, first of all, what I've seen in the first 9 months since being here and the things that we're doing to exploit and take advantage of that technology leadership in the market, like growing our focus, growing our footprint. And then finally, you're going to hear some real examples about customers. I'm not going to talk about fiction. What we do in the field every day is fact. We're with customers and we're doing deals that put money on pieces of paper that you guys like to evaluate on us, and I love to talk about that because I love to meet with customers.

So first, let me talk a little about -- a little bit more about the land, expand and extend strategy that you've heard about. For us, landing means we put an enabled, trained sales team, subject matter experts, these high touch sales teams that we have that we're growing. We put them in front of a customer, partnered up with a partner, a security, VAR, MSSP or systems integrator, and we tell our story, the story that you heard Nir and Lee and Mark tell this morning. It's a very compelling story about differentiation, about how we do things differently. We show up, and as you just heard Rene talk about, we put our network in a proof-of-concept mode. We connect it off-line in a TAP port into their network, and we blow their minds. We come back a week later with an application visibility report, and we show them what's going on in their network today, things that they said were happening. We're not enabling Facebook, we're blocking BitTorrent. 25% of our network traffic is not video, like YouTube and other nefarious video applications. It really blows their mind, and that's a really fun thing to do. And as you heard Rene just say, when we do that, we win 85% of the time. That's nontrivial. That's technology leadership, and that's fun to win like that.

Then, of course, we expand. We typically get in, in an initial deal, and we win on -- in 1 corner of the network, they want to prove out all the great things that they've heard about Palo Alto Networks from their friends in security. We expand that into other areas. There's 4 major use cases, but there's dozens or hundreds of different places in an enterprise network that we can sell these use cases. We expand into those, and we continue to leverage our relevance and our performance in execution in that customer.

And then, of course, we extend by selling more features. Maybe we got in as an IPS as we have with one of our largest customers that's a big -- a real big Tier 1 bank here in New York that we only have about 15% market share, and it's just IPS today. So we've got a lot of room to extend there. We can sell them WildFire, we can sell them URL filtering in our innovative business model that sells these as a subscription, not just as features.

So we're winning 85% of the time. Well, what the heck is happening to the competition? Well, they're facing the traditional innovator's dilemma. Of course, they can't change. They can't wind down their current cash generation machine by selling extension to compete against us. They have to continue to try to surround themselves with the firewall helpers that you've learned about today, and that gives us the opportunity to go in and talk about massive differentiation.

Our competitors are resulting to some things that if I were in their position, I'd probably do the same thing. They're dropping their drawers on price. They're trying to find places where we don't play. And we've got some good competitors and good companies like Check Point, Cisco, Juniper and others.

Cisco's always going to get 20% market share because they're Cisco. But when we show up and compete against them, we win based on technology leadership and scalability. And we do it against all of them at a pretty alarming rate.

So what are we doing? So, obviously, beating our competition is not the challenge. We're doing it every day. It's showing up. So what are we doing to get more at bats, if you will, to get up to more places? We're not just that annoying little competitor that you read about in the trade rags. We're scratching the surface last quarter of a $0.5 billion run rate in billings. That's pretty significant. And I think -- as I think you will hear Steffan say, we're growing ourselves more than the rest of the market is combined. That's a fun market to be in. It's fun to be in sales from that perspective.

So what are we doing to build out the team, build out the footprint? So let me talk a little bit about the team that existed back in 2010. It was a great team, but it was a small team. It's subject matter expert, reps, SEs scattered around the world really just covering just a few of the NFL cities in the United States, nothing in LatAm, nobody in India, nobody in China, a few people down in Australia and then a few of the major cities in EMEA with a small but highly skilled team. And if you just take a look here, 3 years later, we've really fleshed out the footprint by attracting world-class people that are experts at selling security that want to come to a place like Palo Alto Networks. They want to come here to win with technology disruption because it's fun.

And you can see we've really invested aggressively not just in EMEA by going East and West but all across APAC. I've visited Singapore a few weeks ago, and we headquarter out of Singapore. We've got a really good team there. A new leader for APAC that's doing a terrific job. He's building out the team up and down and across the entire theater. We have a very good team in Japan as well. And the gentleman that runs EMEA for us is continuing to expand in the major cities. But we're still really just scratching the surface as we build out our footprint. And let me give you a few examples of that.

So before 2013, we just had 2 sales teams in Chicago. Now, there's 5. We had 1 person in India. I think there's more than a few -- more than a billion people in India, but we're -- but today, we have 3 teams there, and we're investing aggressively. We'll announce at the beginning of next month a new leader that's going to really provide us some aggressive scale there. We're also aggressively investing in China. It's a part of the world that we didn't have focus in before, but it's a large country. We need teams in all of the key geographic areas. There's some verticals there that we're allowed to sell into, banking, telco, and they spend a lot of money. And we had 4 teams in California where our headquarters is. And today, there's 3 different districts that have people in California selling into service providers, large enterprise and commercial enterprise. London, one of the most populous cities in the world. Certainly, in EMEA, we've got 6 teams there today that are selling to large and commercial product -- excuse me, commercial customers. And we really didn't have -- as Rene may have mentioned earlier, we really didn't have a lot of sales resources focused on the channel that was all placed back in marketing. Today, we're building out a channel account organization that's focused on enabling these partners and helping us get into new partners and get into larger leverage opportunities. And before 2013, we had 2 major account managers doing a really good job, but 2 is a small number. Right now, we have 32, and I'll talk a lot more about that in a few slides.

So we're not doing anything that's rocket science here. We're salespeople. We got to keep it very simple, keep our knuckles from dragging off -- keep our knuckles off the ground. But we're following a proven model to productivity, and it's a model that I learned back in the '90s at Cisco and, certainly, that I leveraged at F5 throughout the last 8 years. And for me, it always starts with the center of the universe. As much as I hate to say this to account managers because they tend to have large egos, it starts with the account manager. That person is the center of the universe. They're the CEO of their territory, whether it's a list of accounts as a major account manager or a global account manager or whether it's a regional sales manager that covers the geography. They need resources to be productive, so we give them resources. We give them an SE, a dedicated SE. For every account manager in the world, at least one. There's 1 sales rep here in New York that has 2, but that's a different story. So the SE team we have here is amazing. It is a technical sale. We have to show technology differentiation. This SE team, I would put them up against any SE team in the world. I inherited a great one 9 months ago, and we're really building aggressively into this team. We need to. Customers love our SEs.

For every account manager, there's 1/2 of an inside salesperson. We have inside salespeople in Europe -- across Europe, excuse me, in Asia Pac and a large team here in the U.S., in Plano and in Santa Clara. The inside sales folk is -- does a lot of things. They take the leads that are cranked out by Rene's marketing machine and process them into qualified opportunities and really act as the tip of the arrow when it comes to going to the customer, talking with partners, play a real valuable role. They actually reduce our overall cost of sale a little bit, but they actually improve our productivity for that account manager in a dramatic way.

Then, of course, we're building out this channels team I'll talk about in a few slides, the channels team that's going to help make our channel partners smarter and more able to sell our technology and tell the story that we're talking about today.

Of course, around all of this, we have to have the sales operations team that provides us with the infrastructure, the tools, the enablement to make all of us productive, not just inside the company but outside the company to partners, distributors that are going to be selling and representing and supporting our technology. We have an amazing sales operations team that we're aggressively building out because we need to provide tools not only for people to manage their accounts and build sales plans and get better and smarter but also to managers, to look at analytics about ability to forecast so that we can forecast accurately, really trying to build the discipline in this team, now that we're a publicly traded company of kind of a commit culture, I like to call it. So every Monday morning, an account manager sits down with their first-level manager all around the world and commits their business for that week. Here's my commit for the week. Here's what happened last week relative to my commit for last week. I'm going to validate my commit for the month. I'm going to validate or update my commit for the quarter. It happens every week. There's laser-like focusing on this, and this allows us to manage our investments. If we see our linearity go a little better, we crank up our investments. If we see it slow down, we take a pause and have a look. Thankfully, it's only been the former.

And then finally, we have a global customer service organization, you're going to hear from Brett in a few minutes, that really supports all of us, our partners, our customers, our distributors in a world-class way and in an incredibly impressive way. And you'll get a lot more details on that

So let me talk a little bit about the focus that we're applying to global and major accounts. I mentioned geographically focused regional sales managers. They still exist here today. They've got a geography, a patch of dirt that they manage that doesn't include the list of major accounts. There's still tons of large opportunities. A couple of weeks ago, we did $0.5 million deal at a community college in Toronto. Now that was in a regional sales manager's territory.

Starting August 1, we bifurcated the sales organization to add the title of major account manager and global account manager. They typically have anywhere from 6 to 25 accounts around the world. By the end of this year, there will be 40 major account managers around the world, primarily in EMEA and the Americas. We'll be rolling this out -- excuse me, and Japan. We'll be rolling this out in APAC probably by the end of this year and the beginning of next year. It really helps us drive focus to these major accounts because we're competing against companies that are much larger than us. We're competing for wallet share against giant companies like IBM and HP, and we really need to have a discipline and a focus. And we actually created that discipline and focus ourselves. We got together early on when I joined with folks from marketing, from sales operations, from product management and created a strategy to go after major accounts and build sales plans that engage resources, resources like the ones I mentioned earlier but resources like executives like Lee, like Nir, when it's appropriate to go into customers and tell the story and blow them away with our technology differentiation. So we're really very focused on executing here. We think, based on my experience, there's tremendous amount of leverage to get out of these major accounts that we're already seeing and certainly in the future.

The other thing I talked about is investing in channels. I am really proud of the development that we've done so far. Before 2013, it was again primarily in the marketing organization, focusing on enablement, certification and investing market development funds. It was -- there was a minimal investment in sales resources. I think we had 2 CAMs in the U.S., I think we had 2 CAMs in EMEA and maybe 1 in Australia. So starting August 1, we hired somebody to run the Americas, a leader, really great background from Cisco and Iron Port. We hired a person in EMEA, again, really good background. And they're getting busy hiring people. We're going to go from less than 10 to 25 today, and we'll continue to invest in that in the future because building scale with our partners by teaching them how to sell our solutions is a great leverage opportunity for us.

We're also surgically recruiting additional VARs, systems integrators and MSSPs, and I'll talk a little bit about that more right now.

So let's think about what a managed service provider or a systems integrator does for us and for their customers. They provide outsourced services for people that don't want to own their own infrastructure. So they might provide just -- 10 years ago, they might have just provided circuits. Today, they're providing just clean circuits that have security solutions added to them. They are the trusted advisor. They're typically large companies like Verizon or AT&T. And they have great relationships that span many years and, in many cases, millions of dollars a month. And the program facilitates solutions like monitoring, managing either remotely or on-premise and other value-added services that these customers are paying premium dollars for.

It also feels a little more comfortable for some, especially larger customers, to ease in some of the next-generation firewall features and ease out some of the legacy fire -- Stateful Inspection firewall technology that they use. So this is a ripe market for us to go after. And between Chad Kinzelberg, our Head of Business Development, and his team and our channels team, we're very laser-like-focused on going after these partners. And I'll talk about that in a little more.

So Rene talked about this. We've got our direct touch subject matter expert sales team selling through distribution partners, in many cases, value-added distribution partners that provide Tier 1, Tier 2 support. And traditionally, in the past, they've sold to VARs, I mean, great VARs like FishNet, Acubon [ph], large, either regionals or super regionals, that cover geography, in some cases, with hundreds of reps. These companies have been great partners for us. They will continue to be great partners for us in the future. And based on my experience, they'll grow at or above the quip of rate that we're going to be growing because customers need security expertise like this. But as I mentioned, we're also spending a lot of time with service providers and systems integrators to give us the scale and leverage to go after that end customer in broader numbers. And we have 11,000-something customers today. To continue to cover them, we can't invest in the expensive direct touch only model for sales, so we're really doing both and really trying to manage the investments wisely.

So just a few names of the people that we partner with today. They're not mom-and-pop shops that you might have heard some of our competitors tell you about us. We're talking -- we're working with IBM, who is reselling and doing managed services today with their customers and our customers. Companies like AT&T and Verizon with their national and global footprints are providing managed services for us today. NTT Communications out of Japan, a huge customer, either -- both directly and through the managed service offerings that they provide.

So as Mark, I think, said first thing this morning, this is a vertical for us that represents multiple opportunities to sell to opportunities because they're huge enterprises with, in some cases, tens of thousands of employees and then to sell through opportunity because they are large channels as well, we want them to be our channel, but also selling to in a managed service environment where we leverage the technology that Lee and Nir and Rajiv have developed that can be shared with multiple customers or dedicated to customers that managed in a way that no one can compete with us. And there's lots of customers that want to buy next-generation managed service solutions, and they can only buy it through these partners with Palo Alto Networks because our competitors are stuck in that innovator's dilemma world of old, bloated, Stateful Inspection firewall technology and the surrounding firewall helpers.

I want to talk a little bit more deeply about Integralis. For those of you that may not know who they are, they're a division of NTT, acquired a few years ago, a great company with a global footprint. They're really becoming the security -- the security SI for the NTT group of companies and the NTT global footprint. And they're a great partner. They've got a great sales team around the world. Simon Church, the CEO, done business with them previously. He's -- they make a great partner for us. And they're going all in, in their investment with Palo Alto. They -- might know them as one of Check Point's largest resellers in EMEA, and they're able to do business with both Check Point and Palo Alto. And I think what you'll see the business that we've done with them today and the business that we'll do with them in the future will be substantial. And it's going to help us, and it's going to hurt our competitors.

So I want to talk about some real-life customer examples here as I close out. I'll sort of just go back to our go-to-market. Landing, as you hopefully now know, can mean our sales teams touch a customer and sell a solution or it could also mean Integralis sells a managed service solution. And then together with our partners, we go and look for expansion opportunities and extension opportunities.

So with that framework, let's talk about some real examples. First one, large media company in the U.K. The use case was protecting online content management system as they started to roll out their services on iPads and iPhones and other devices other than televisions. Key differentiators for us, it was a long technology bake-off. They invested $20,000 for a test system in one of their smaller markets for us a year ago, and then they worked with us for 1 year to test our capabilities because they wanted to see it in equipment that they owned, running in production environments that they owned. And we proved it to them. They were -- one of our legacy competitors wasn't very happy when we pulled out a $2.9 million opportunity for some of our largest devices across their entire network. It was a huge expand deal for us, and it was a great example of staying focused with a major account, with the kind of coverage model and a partner, a large systems integrator, that gave us the span of the relationship that made this deal happen in the end. We also have opportunities over the next 2 years to continue to build out the footprint as their business scaling to iPads and iPhones continues to grow.

A large global carrier based in Japan, next-generation service offering with our mid-sized 5000 series and our largest 5000 series in data centers today in Japan and the U.S. And in the future, it's going to be across the data centers that they have all around the world. Differentiators here, they really embraced the technology and are actively promoting the next-generation features on our firewall -- network firewall technology to their customers as a managed service. They have been a customer in some of their entities in Japan directly using our equipment to safely enable applications, but we expanded with an $800,000 deal with our largest system here just recently in a really nice expansion opportunity. We believe there's millions of dollars to go after. Just in this use case alone and, of course, continuing to replace the legacy Check Point equipment that they have in their enterprise represents a great opportunity. So we built the team to go after this customer around the world both from a marketing standpoint and from a sales standpoint to cover them as a global account.

A large financial services company in the United States. This one I love because we did a quick land deal for $75,000 as they started to, again, play with our technology. And in an example like Rene showed about how customers increase their long-term value spend with us over time, most recently, in a new data center that they built up, they spent almost $900,000 with us, $840,000. There's a very conservative customer based in the Midwest that has long legacy relationships with companies like Cisco and others. In this case, again, we competed against Check Point. They dropped their prices. The customer still went with us because of the massive technology differentiation. And this is 1/6 of the opportunity that exists at this large company over the next 2 years. So lots of expansion opportunity here as well.

A large retirement fund based in Australia, the brand new customer for us, a land deal. It did take us 1 year to convince them, but it was a huge win. I don't want give you the impression that all of our sales campaigns take a long time. In many cases, in many of our specialty commercial territories, 50% of the business that a sales rep will sell will be found and closed in the same quarter. But in this case, this was a very conservative customer that we applied a multi-tier campaign to, to win. And, in fact, the customer visited our booth a couple of weeks ago at RSA and brought the partner, a large systems integrator, with them to -- and had a meeting with me right in our booth while Nir was in the background, screaming on stage about how great our technology is. And the customer went to great details to say how impressed they were with our persistence and our technology differentiation. These guys have 2,000 remote offices. That's the next phase for us, so a tremendous expansion opportunity.

A large chip maker here in the U.S. Again, a brand-new customer that did a couple of months worth of testing and did a land deal for us for $1.3 million. Real competition here from everybody, but at the end of the day, based on the customer's buying criteria, they couldn't compete with us on scale and on price. And we have the opportunity in this huge account for becoming the primary firewall, which will represent millions of dollars of opportunity.

So in conclusion, I want you to know that we're responsibly maturing and aggressively investing into our go-to-market to get in front of more customers, get more at-bats. And unlike anything I've ever seen before, and I think that worked for some really good companies, we're attracting world-class talent at an amazing rate. I mean, I see LinkedIn requests and resumes come across my desk every day from people that I don't think we would have ever attracted even 1 year or 2 ago.

And we're very, very focused on driving productivity in the field fast. We realize that getting an account manager and that ecosystem of resource around them to be productive and be productive fast is really important. So we're investing in enabling tools, like a learning management system. We're investing in training methodologies that aren't just show up and throw up with PowerPoint, like I'm doing right now. But we're really focused on not only making our salespeople and sales resources more productive but also our partners.

And we're also focused on being the very best next-generation partner. So as I mentioned, it's a fun place to be, it's fun to leverage technology leadership and it's really fun to win. And I think when you get the opportunities that we do with our customers to be in line in security devices around their networks, to be a single point of failure, you can't take that lightly. To do this, you've got to provide a total customer solution. One of the reasons is that when Mark hired me, he combined the focus of sales, and post-sales customer support was to really provide a unified face to the customer here at Worldwide Field Operations, to really have a very elegant handoff between the pre- and the post-sales environment.

And I'm going to call Brett Eldridge up on stage, who's the VP of our Global Customer Support Organization. It's a tremendous -- he's done a tremendous job building this organization from the ground up over the last 3, 4 years. And I think in the last year, we've almost doubled the size of the team to accommodate the demand from our customers. So please welcome Brett Eldridge.

Brett Eldridge

Thanks, Mark. Thank you, everybody, for your time this morning. As Mark said, my name is Brett Eldridge. I run the Global Customer Services team at Palo Alto Networks. And I'm just going to spend a few minutes giving you some insight into the strategy of our support organization and some customer SAT scores and where we're going.

So first, this really ties into what Mark and the company is trying to do around expand and extend. We know for a fact that customers that are happy with the buying experience with Palo Alto and with support buy more products, and they buy it faster. So our mission is to be the strategic differentiator for Palo Alto Networks by ensuring customer success, satisfaction and loyalty.

In order to do that, we really have 3 main strategies we adhere to. The first is enterprise-grade services and support. What does that mean? That means that we have an organization that can successfully help our customers, our large enterprise customers, deploy the products and maintain it. World-class online experience. We've made significant investments to building our online systems both for automation and for our customers to have access to key information. And then third is global scalability. Obviously, we sell to customers that are all over the globe, multi-national corporations, and we really need to be able to support them no matter where they are.

There's something that's very unique about Palo Alto Networks, and I don't think you'll find this at any other vendor of our size. As Mark mentioned, we have a unified technical organization in the company. There's not siloed organizations between pre-sales and post-sales. And the end effect of that is that customers get a much better experience with our technical organization. Our SEs work very closely with our support engineers. We've got cross-training that goes on. Our professional services engineers get a smooth hand up from pre-sales. And these teams really act as a unified team to our customers, and they're much happier with that approach.

So speaking of customer satisfaction, I just wanted to give you a few statistics to give you an idea of how satisfied our customers are. We measure it in a few different ways. These are just 2 of them. This data is from the first half of our fiscal year. So on average, if you look across all of our customers, on average, they give us a score of 8.8 on a scale of 1 to 10. That's a really amazing result, especially when we're growing the company and our customers as fast as we are. The second statistic is, 86% of our top customers, our largest customers, rate us an 8, 9 or 10, and that really is a world-class result for a customer support organization, especially when you consider that we're selling to extremely large customers that are globally distributed.

I also thought I'd give you just a couple of quotes. I picked these 2 for specific reasons. The first one really shows you that the engineers we hire into the support organization are really talented engineers that have a broad base of skills, in addition to Palo Alto Networks skills. So when a customer calls up and they get an engineer on the phone, which is usually less than a minute, that engineer can immediately start troubleshooting, and they have a knowledge of other products in their network. And then the second one shows the length to which we go to support our customers, and it really highlights why this approach is different. We hear all the time that customers are really satisfied with our support because they are really good engineers.

It's not a fact or fiction slide, but I can tell you that I've heard in the past that Palo Alto support isn't scaled, it's completely fiction, I can guarantee it. We've got support in 7 locations. Kind of the size of the dot gives you an idea of the scale of the organization there. We currently, obviously are 24 by 7 by 365 all around the globe, follow the sun. We don't plan on expanding into new physical locations. However, we will be building the organization and scaling it out to support all the new customers we're bringing on in these current locations.

The last thing I wanted to cover is, what are we doing in the organization to gain leverage? Obviously, everybody in this room wants to hear about that. There's 3 primary areas where we've been doing this, and we're going to continue doing it. The first is customer self-service. As I said, key strategy is a world-class online experience, and that ties directly into this. This means that customers any time of day, any time they want can get easy access to a lot of content. That content includes self-training videos, exams you can take online, knowledge-based discussions. We've built an amazing infrastructure for customers to do that. And the end result is they open fewer cases with us.

The second area is automation. It's something that Palo Alto does in all different departments, and we take it to heart and support. So instead of hiring what most people do, which is a bank of people to answer the phone, to triage a case, we build automation into that. So instead of having 30 people answering phones, when somebody calls up, we know who they are, and we know how to route their case and who to route it to. And it happens automatically, which is why they get directly to an engineer. And again, the end result of all that automation is you save on people costs.

And then the last approach is obviously through partners. We work extremely closely with one partner and one partner only worldwide, and they help us build flexibility and scalability into the organization. And at the same time, we get to reduce costs and ensure very high customer satisfaction scores.

So again, I just wanted to give you a little bit of insight into our customer support organization, and you've heard me talk about our satisfied customers, you've heard Mark talked about our satisfied customers, and I thought it'd be great if you could hear from 2 of our actual customers.

[Presentation]

Chad Kinzelberg

Good morning, everyone. I'm Chad Kinzelberg, and I'm genuinely excited to share our technology partnership strategy with you. Our partnerships span a variety of categories and vary in nature. We have some basic technology integration partnerships. Usually, they're done to satisfy customer requests or overcome buying objections.

Over the past year or so, we've really focused on cultivating strategic partnerships with a select number of vendors. And these strategic partnerships hold the potential to broaden our appeal to a lot of customers, to extend our competitive advantage and to broaden our distribution.

If you think about strategic partnerships and tactical partnerships, we're trying to do all of these things to deliver better solutions for our customers. Our goals are to facilitate customer acquisition and increase customer satisfaction. Quite simply, we engage in these partnerships to drive revenue, not issue press releases. I'd like to say, POs trump PR, and that mantra really governs over our day-to-day business development activities.

When we look at where we spend [ph] ecosystem, our partnerships really fall into 5 different categories. And those 5 categories are: Networking, mobility, Big Data and security analytics, enterprise security and virtualization and SDN. I'd like to briefly describe our initiatives in all 5 of these categories, and also have some executives from our strategic partners comment on our collaboration.

So let's start with networking. Firewalls are really at the intersection of networking and security. And networking vendors tend to have really strong relationships with their customers just because networking is so central to IT strategy. So by partnering with the networking players, we really gain leverage into a lot of accounts. Citrix is a great example of that. So there's tremendous synergy between Citrix and Palo Alto Networks. We're focused on safely enabling applications and Citrix's focus on optimizing performance for those same applications. Together, we've delivered a new application-centric network architecture that better suits customer needs. And most importantly, Citrix has done a great job at penetrating large accounts. 99% of Fortune 500 companies are Citrix customers. So gaining their endorsement and integrating with their products carries a lot of weight with some of the largest customers in the world.

Here's Sunil Potti of Citrix commenting on our partnership.

[Presentation]

Chad Kinzelberg

Service providers represent a significant portion of the overall network security market and are essential to our continued growth. In order to accelerate our penetration into carriers, we forged a relationship with Ericsson. Ericsson is the world's largest supplier of equipment to service providers. They have their finger on the pulse of the carrier market. And what they've consistently heard from carriers is as they contemplate building out their next generation of fixed and mobile networks, they need a more robust security solution. So Ericsson wants a strong partner in network security, a partner that can handle the modern threat landscape that can be deployed in a wide variety of use cases and is innovative. And they've chosen to work with us to build out those solution.

Here's Trevor Adey of Ericsson talking about the carrier market and how we're going to work together.

[Presentation]

Chad Kinzelberg

The next category is mobility. And clearly, mobility is a secular trend that's having a profound impact on our market. Smartphones and tablets are becoming ubiquitous in the enterprise, and we've established a range of partnerships to make it easy for enterprises to embrace this whole BYOD phenomena without compromising security. We've partnered with Aruba Networks, a leader in mobile enterprise and wireless solutions. Effectively, we've combined Aruba's wireless network products and our next-generation firewall to share user, device and application information in order to establish and enforce security policies for mobile devices.

One example of that is we've exposed some functionality via an API and Aruba has written a plug-in that extends user ID so that when guest users or employees bringing their own mobile devices come onto the wireless network, they are governed by the appropriate security policy.

We also have some partnerships in the mobile ecosystem designed to augment our GlobalProtect product. As Lee described, GlobalProtect ensures that the same policy that you establish for the traditional network is extended to mobile users regardless of the location or device type. And we've partnered with the leading mobile device management vendors, MDM vendors like MobileIron and Zenprise, in order to simplify the deployment of GlobalProtect and ensure ongoing compliance. These MDM platforms can be used to initially deploy the GlobalProtect client, to configure security settings and in the case that there's some type of a security violation, actually disable access or quarantine those devices.

So we have a range of partnerships in this mobile ecosystem that mean companies can let employees use mobile devices to access sensitive corporate applications and data, but without the security risks ordinarily associated with those devices.

Our next category is security analytics and Big Data. And our customers use a whole range of products in order to monitor and analyze their security information, and we effectively integrate with all of them.

So if you look at the SIM market whether it's Q1 labs from IBM, ArcSight from HP, Symantec, they all use our rich data around applications and users in their security information management solutions.

We're also doing some really innovative useful work with Splunk, the leader in Big Data. And together, we're developing this next generation security analytics platform that really leverages the unique strengths of both companies. Ordinarily, when we talk about natively identifying applications, and users and content, it's done on the context of setting security policy. But that same functionality and those same constructs are really useful if you want to do any type of security analysis or forensics investigation.

So if you want to identify the root cause of a breach or respond to a security incident or generate context-rich insightful reports that capture your security posture, we're much better off starting with the rich data that we have around applications and users as opposed to relying on IP or protocol information that are supplied by competitive firewalls.

So it's yet another example of where our proprietary technology and FID and user ID extend our sustainable competitive advantage.

The interesting thing here is by working with Splunk we're doing -- we're able to do things to satisfy customers that we wouldn't be able to do alone. And Splunk really recognizes this competitive advantage that we have and the rich data, and has developed a killer app. Nobody has been a bigger advocate of this solution than Splunk's CEO, Godfrey Sullivan.

[Presentation]

Chad Kinzelberg

The next category is enterprise security. And you'll notice that our partner ecosystem here is a lot different from our competitors. Because we have a next-generation firewall, we address the entire spectrum of network security needs. So you won't see us partnering with IPS vendors and web filtering vendors. Our firewall competitors on the other hand have to partner with those companies to make up for the inadequacies of a Stateful Inspection firewall. We don't have to do that. We address the entire spectrum. So what we do is focus on the adjacent categories and think more broadly about what are the problems that CSOs are trying to solve, and we partnered with companies in endpoint security, security configuration, risk management, authentication, access control, things of that nature.

For example, we partnered with RSA in order to safely enable access to sensitive corporate applications and data, coupling what we do on a network security side with RSA's market-leading 2-factor authentication solution.

We also have a set of partnerships to complement WildFire. So with WildFire, we have the best-in-class network-oriented approach to forward APTs. And we're supplementing that by partnering with companies with endpoint products and incident response services. At the RSA Conference a few weeks ago, we announced integrations with Mandiant and Bit9 to provide a holistic approach to APTs.

If you look at the network detection and prevention capabilities that we have, we're coupling that with the ability to actually resolve incidents at the desk -- at the endpoint. And the way that, that works is, when we identify malware in WildFire, there are certain indicators of compromise associated with that malware. We'll send those indicators of compromise down to the Mandiant and Bit9 consoles where all of the endpoints on the enterprise can be pulled. You can quickly identify which endpoints have been affected and that just accelerates the whole remediation process. So again, a very broad range of partnerships here that complement what we've done.

The last category is virtualization and SDN. In the case of SDN, we're very much at the embryonic stage in terms of enterprise adoption, so I think it's a little premature to comment on exactly how it will impact our business. Lee described the way that our efforts on SDN kind of dovetails from our virtualization efforts. We're complementing that by partnering with some of the emerging leaders in the SDN space, companies like Arista Networks and Big Switch Networks. So for example, we have an automated networking solution in which security policy can be attached to virtual networks segment in Big Switch, using their open SDN protocol.

In the case of virtualization, we're seeing massive adoption right now. This is the single biggest trend in the data center in the last decade. And it has a very profound effect on the way people think about network security and it's causing a lot of disruption. And that disruption is wonderful for us because it means more at-bats.

Last November, we introduced the VM-series to address the security needs of private clouds, public clouds and just virtualized data centers. And not only was this product very innovative and flexible, but it's also the first step in a very important relationship with VMware. As you know, VMware is driving this whole virtualization revolution. So they pioneered the concept and they've really driven the acceptance of these private clouds and what they're talking about as the software-defined data center. However, they realized that one of the impediments to virtualizing mission-critical applications is security. And they've chosen to partner with us to develop a well-conceived tightly integrated solution that will remove this security barrier. We're very optimistic about the long-term implications of this strategic partnership with VMware. And if you listen to Hatem Naguib, Vice President of Networking and Security at VMware, I think you'll get a sense of their enthusiasm as well.

[Presentation]

Chad Kinzelberg

As you can see, we have a vibrant ecosystem of technology partners. We're working with some of the leading and most innovative technology companies in the world. Our combined solutions result in better and more comprehensive products for our customers. We'll continue to cultivate these relationships in order to accelerate our land, expand and extend strategy.

So with that, I'll turn the floor over to Steffan to review our financial performance.

Steffan C. Tomlinson

Thank you. Thanks, Chad. So I'm Steffan Tomlinson, the CFO, and today, I'm going to be covering our trends, some recent financial results and then I'll wrap it up with our business model.

So to level set everyone, our Q2 '13 results, which we posted for our January quarter about a month ago, we have record revenues of $96 million, which grew 70% year-over-year. Our hybrid revenue model enabled us to grow our services revenues to $35 million or 36% of total revenues, which increases our visibility. Deferred revenue of $188 million grew 92% year-over-year, and we had very robust gross margins at 72.2% on a non-GAAP basis.

Q2 also marked the fifth consecutive quarter of adding over 1,000 end customers. And we ended the quarter with a robust balance sheet with $368 million in cash, cash equivalents and investments.

Our results demonstrate that we continue to grow faster than the competition, faster than the market and we're gaining share. But this quarter is just part of a trend. And you could see from both the annual and quarterly revenues, we've been growing much faster than market. And that's due in part to not only our disruptive technology, but to our sales and go to market function that we have in our customer service organization. When we're -- when everything's firing on all cylinders, you get this type of growth.

Now let's put a finer point on revenues. You can see revenue by theater for the last 5 quarters. And you can also see the corresponding year-over-year growth rates which are really best-in-class. So for a moment, let's focus on sequential performance because that indicates momentum.

You can see that in the Americas, we've had very consistent sequential growth. In EMEA, for the first 3 quarters of this chart, you can see that revenues have been flat, and part of that was due to macro issues and part of that was also just due to us making more investments in the region. The last 2 quarters however have posted meaningful sequential growth, and that's due to the sales traction that we're getting, as well as some timing of large deals that have been working from a fairly long gestation period.

Now looking at APAC, you can see we've had, again, very nice sequential growth over the past 5 quarters. Q2 flattened out a little bit. And Mark mentioned this earlier, we consciously made a change in the APAC region to put a new leader in place at the beginning of Q2, and we did this consciously because we're preparing to scale for long-term growth. So we're doing these things in a position of strength. And with the investments we're making in our sales and go-to-market organization, we're just starting to see the benefits of building what I'll call real diversity of revenues by theater.

Another way that you can look at diversity of revenues is by vertical. On a lifetime to date bookings basis, we don't have one vertical that's over 11%, and that makes sense, every enterprise needs network security. Now you can also see the customers on the right. This is a small sample of our 11,000-plus customers, many of them are household names: AT&T, General Electric. Some aren't household names, but nonetheless, they are very large in their industries. For example, Elavon, it's a large multinational corporation that focuses on payment processing services for over 1.2 million merchants. The reason why these customers are important to us is our land, expand and extend strategy. We're nearly one of the only vendors out there that has the versatility to sell into any network need -- enterprise network security need, whether or not that's next-generation firewall, threat prevention, filtering, WildFire, et cetera.

So to put a finer point on that, we like to look at our top 25 analysis, and you've seen a number of different variations of this data. And what you're looking at here is the trended line of the repeat purchasing metric, which really is the embodiment of what I would call our expand and extend strategy. Once we land an account -- and this is representative of our top 25, in Q2, on a cumulative lifetime basis, our top 25 accounts have spent 11.4x more in aggregate lifetime repeat purchases than their initial buy. And again -- and that's selling for a next-generation firewall or an IDF IPS project, and now, malware, APTs, URL filtering, et cetera. So it's very compelling. Now one customer in our top 25, we acquired in 2009. And it was a Check Point displacement for a very small part of the network segment. Since 2009, in that initial purchase was $60,000, they've spent 6.5 million times more in repeat purchases as we get deployed throughout their broader network, and not only the data center but the distributive perimeter firewall business, and we feel like we're about 30% penetrated. So that indicates that there's a very long tail.

What's providing the foundation for the land and expand business is our hybrid revenue model. And for those of you who have followed the company, you've heard me talk about this before. But just to level set folks, we have 2 elements to our revenue model, we have products and services. Within the product category, we have our series of appliances, we have our VM-Series, we have our M-100 and our Panorama. And from a revenue recognition standpoint, once all the criteria are met, we recognize that revenue upfront. Now the services revenue is bifurcated into 2 buckets. The first is subscriptions. We have 4, each of them are a list for 20% of the appliance list price per annum. Those subscriptions provide a fast type revenue element, which is why we call our revenue model a hybrid revenue model.

Within the last quarter, the number of subscriptions per appliance shipped was greater than 1.5. And historically, what we told folks is, we ship anywhere between 1 and 2 -- 1 to 2 subscriptions per appliance. So the bottom end of that range is actually coming up.

On the support side of the house, we have a number of very different programs that we offer. But as a proxy, support is about 16% of the appliance list price. And the attach rate on support is very strong. You can't buy enterprise network security equipment without buying support. It provides you updates, upgrades, bug fixes and the like.

Now for both the subscription and support, these are either annual or multi-year contracts. And what we've seen is, over the past, call it, several quarters, we've had an uptick in multi-year deals. We'll take that business all day long. That provides us a very nice foothold into the account and now we're more structured and ensconced in the account.

And you can see how this model translates into our revenues. On the left-hand side, you can see the product versus services revenue split. And you should train your eyes to the bottom row there which is services as a percentage of total revenue, that continues to grow. And as I've mentioned previously, last quarter, it's 36%. That provides incremental visibility as we go forward. And to the extent that we're successful in selling multi-year deals and selling more subscriptions like our new paid for subscription of WildFire, that will translate into a growing deferred revenue stream.

Now let's turn to margins. Our gross margins have been operating at a very steady band. Last quarter, they were 72.2%, and that's represented by the green line. Underneath the total gross margin, we go back to products and services. Products are always going to fluctuate a little bit, especially a company of our size and given where we are in the evolution curve. Anytime we come out with a new product like the PA-3000, there will be a higher initial cost to goods sold, but as volumes increase over time, gross margins will improve.

Our services business is comprised of both subscriptions and support. Subscriptions have a high -- very high gross margin profile, think of it like software-type business. Our support is very people-intensive and systems-intensive. And we've added over 5,000 new end customers in the last 5 quarters. So we've had to make the investments in order to scale. And there are kind of countervailing forces there, but over time, we will get scale. So the net result of that is we've been pretty steady in total gross margin, but there will be fluctuations amongst the contributors there.

Now turning to operating margin. We've taken a very conscious approach to making investments in the business to really drive our innovation engine, and our sales and go-to market organization. Last November, we came out with 5 new products, which is, I would call, industry-leading. And we've been able to do all this and post the revenue growth in a very profitable manner, and we're pleased with that. We're not going to be stretching to get to higher operating margins in the short term because we feel like we have the opportunity in place to really capture market share while doing it profitably.

Which takes me to our balance sheet and other metrics. You can see the trending in cash, and cash equivalents and investments, trending up to $368 million. And in other metrics that we track, cash flow from operations, free cash flow, very strong in fiscal Q2 '13. We have no debt on the balance sheet. Our DSOs were 58 days. We're going to be monitoring that because as the profile of our business evolves, with more services being sold, there could be some pressure on that, but we'll keep you posted on that.

Now turning to headcount. At the end of the quarter, we had 949 heads worldwide. The vast majority are in sales and marketing in our services organization and R&D. We have what we call the minimum required investment in G&A and operations, I'd like to keep that lean. And as far as future investments are concerned, you've heard today about our product roadmap, our innovation, our go-to-market, that's where we're going to be making the investments, and about 2/3 of our expenses are headcount and headcount related.

So let's turn to our planning assumptions for approximately the next 12 months. We plan on hiring about 75 to 100 heads per quarter. The legal costs for our litigation with Juniper will ramp up over the next 12 months as we approach trial, which will be in February 2014. From a CapEx standpoint, we're calling what a normal range for our run rate is, is about $5 million to $10 million per quarter. We also entered into a new lease facility, I guess a couple of quarters ago now. And we're going to have incremental investments to our normal run rate of CapEx for approximately $10 million in FY '14.

Our tax rate on a non-GAAP basis is estimated to be approximately 39%. This will fluctuate. We haven't removed our valuation allowance yet. And also, it's very sensitive, the rate's very sensitive to the pretax profit mix from an international and U.S. standpoint.

Additionally on tax rate, we have a project underway where we're scheduled to go live with this in about 6 months, which is our IP cost-sharing project, which should decrease our longer-term effective tax rate. Now once we go live with that, we'll give more guidance on that going forward, but that should bring our effective tax rate down over time that would be more comparable with our peers.

And then finally, many folks ask, in fact, I was asked today, what about seasonality in the business? Seasonality, still kind of too soon to tell. Our growth rates masks seasonality. But if we were to have just a preliminary indication on a go-forward basis of what seasonality could look like from a revenue standpoint, an early indication would be Q4 and Q2 would be the stronger quarters. Q4, well, because it's Q4 and we have natural business momentum built up throughout the year. And Q2, because the end of year calendar budget flush happens, and we participate in that. So we expect growth in all of our quarters but Q4 and Q2 being the strongest. Which brings me to my wrap-up slide, which is our target non-GAAP operating model.

Our gross margins are forecasted to be in the 70% to 73% range; R&D, 13% to 15%; sales and marketing, 30% to 33%; G&A, 5% to 6%. Leading to a total non-GAAP operating margin target of 22% to 25%.

Now when we went public back in July, we had mentioned that we felt we could achieve this in, call it approximately 4 years. As we sit here today, we've made some very good progress to date, and we think we're about 3 years away from achieving the target model.

I will say that very much consistent with our investment philosophy, we want to ensure that we are adequately investing in the business in order to capture market share and do it in a profitable manner so we will be growing operating margins. Our plan is to grow operating margins in more of a slow and steady progression, and we'll see how the actual results play out.

So that concludes my section of the presentation. And what I'd like to do is bring Mark McLaughlin and Mark Anderson up on stage, and we can open up the floor for Q&A.

Mark D. McLaughlin

Thanks, Steffan. Put me live. I'm sorry, just before we start the questions, just a couple of things just in case people have to leave. So we said we had a number of goals when we started off today and hopefully we accomplish a lot of that but one of the things we fundamentally believe as a company is that a lot of those trends that are playing out in security are great for security providers. So it's a very helpful tailwind for us and those will play out over a long number of years as we see them behind us, we see them in front of us as well. And the second thing or point we're trying to get across was the fundamental place you need to be in order to capitalize on the security trends in the network is the firewall as the functionality that you'll need in order to protect yourself continues to move in the direction of the firewall. And then the third thing is obviously, having the right technology as well, which we believe is a flexible platform you can continue to add to take care of those threats, and with the ultimate goal that can safely enable the use of all applications. So just a couple of points around that is one, we're trying with the demo here to get across the point that there truly is a technical difference because we hear a lot of marketing going on in the market, we've really tried to show it, it's hard to do that, as you can tell. Hopefully, the demo got some of that across. Firewalls are hard, it's policies, all sorts of stuff. So our goal there was just try to simplify the depth and show you that. We also -- obviously, we use Check Point in the demo because they're fairly vocal about, they can do what Palo Alto does but that's just a proxy for every other Stateful Inspection provider in the market today is the same from a functionality perspective. So we're not just trying to pick on those guys, it's just the one that we can use Cisco there, we can use Juniper, we can use anybody for it and it doesn't really matter on that. And the other thing I want to get the point across back to the flexible platform and the right place in the network is we spend a little bit of time -- we're overweighted on APT and malware just because it's on -- it's a hot topic today. People are talking about it. We look at that as a great opportunity for us. But we're also just trying to show that with our platform that we've developed, it's an example, it's an example of yet another thing that we're able to put into that platform in a native way. And there'll be more those in the future. So I just want to put some context around all the stuff that we were trying to get done hopefully, got the points across. And with that, we'd be happy to open it up for some questions. How about we go -- we'll just start upfront here and try to work around, thanks.

Karl Keirstead - BMO Capital Markets U.S.

Karl Keirstead, BMO Capital Markets. I've got a question for Mark Anderson, actually, you mentioned in your comments that one of your big initiatives is growing the number of major account teams, I think you said from 2 to 40. I guess at first blush, that sounds like a big change, and I'm wondering if you could add a little color into what the catalyst for that change is, maybe a little deeper on the process and whether a team approach like that involves any kind of comp changes for your reps.

Mark F. Anderson

Okay. Yes, sure. So I think it's pretty natural a company of our size and scale going through this evolution. I want to be really clear on 2 things. Firstly, the 40 is by the end of this year, not right now, I think I said 32 right now. And secondly, we did transition some existing RSMs, regional sales managers, into major accounts, especially ones that already started to get some traction with major accounts. We just narrowed their focus down to a tighter list of accounts. And I think that's also important, I try to communicate this within the company, there are 2 really important functions, whether you're an RSM, whether you are a MAM [ph], they both have roughly the same comp plan. They are both held to pretty closely the same expectation on productivity, although there can be spikes with major account managers where they might do a lot in 1 quarter and then a little less in the next quarter. But they're both really important roles. But they both require a different set of skills and a different set of enablement and training. And so we're really focusing on that because our bigger customers aren't really asking us for that. They're asking us for more attention than just 1 account manager, 2 account managers in Chicago that do flybys on their 150 customers once a quarter or so.

Unknown Executive

Over here.

Daniel T. Cummins - B. Riley Caris, Research Division

Dan Cummins from B. Riley. A question for Mark and Nir, if he's still here. I had a question about -- you talked about your capabilities that were pretty comprehensive with respect to network security, and there wasn't a lot of talk about data loss prevention. But I wonder if, Mark, you could talk about how much focus DLP is getting in big complex deals, number one. It sounds to us as if it's very, very well prioritized and not necessarily a niche product or a niche market. It seems like Gartner's actually been talking about a product market that's approaching $1 billion. What are your ambitions and capabilities around network DLP, particularly now with Fidelis being acquired out of the market? And what's your relationship to the host base DLP players?

Mark F. Anderson

Sure. Let me give you a general on that and I get Nir for more specifics or Lee. Can you bring a mic over here for one of these guys? Yes. So as a general matter from a DLP perspective, there's obviously a market there that's important and it's related to network security, although it's arguably in more in the enterprise security side than in the network security side. So from a functionality standpoint for us, you heard us talk about DLP a bit. A big part of that for us is the ability to see what's leaving the network because we see all the traffic, we see all the applications, we know the users, so that's a major portion of what we consider from a DLP perspective. There's a lot of other things that happen in the DLP world that we don't do. Some of which are end point, host sort of things, that are possibilities for us in the future, but they're not at the network level. We're very focused right now from a network security perspective, on the network related things, and there's pieces of that DLP functionality that are valuable to our customers we do there. There's a whole separate market, a whole different way to market, a whole different set of technologies that we haven't addressed at this point.

Lee Klarich

You answered it well. The only thing I'd add is I think when we look at it, DLP, just like a lot of things, is relatively complicated when you think of the entire problem. A lot of what we can do through applications, implication, user ID and things like that, is simply reduce the scope of what's going on. Controlling what applications are being used, controlling what kinds of content can be transferred in and out of organizations. That actually solves a big portion of the DLP problem and it helps narrow it down for the specialist who do host and e-mail DLP kind of things to really focus on other things that they can do to augment the parts that we're doing. Did you guys already pick somebody? Okay, we'll just go over here, then, in the middle. Thanks.

Unknown Analyst

Just 2 questions. I think the first one probably for Lee, Nir or maybe, Mark, given your legal background. It's been about 15 months since, I think, you were presented with the lawsuit out of Juniper, and not expecting sort of detail on your defenses and so forth, but just wondering what progress, if any, you've been able to make around potentially engineering around the patents? And then secondly, just, I guess, for Lee, on APT. Should we think about -- you talked about 1,300 customers for WildFire, I understand some of those are using the free product today, should we think about your traction on the paid WildFire products as a proxy for your success in the APT market? And if so, could you give us any sense as to how many of those customers, the 1,300, are paid today?

Mark F. Anderson

Yes, sure. On the Juniper side, again, there's only so much you can say in litigation. But let me talk with where we are procedurally in all the switches, kind of in the middle process of going through discovery and expert witnesses is all occurring at this point, will occur for some time up until the next real procedural item that's material, which is some rejudgment motions Markman hearing coming up in November of this year. So not a lot of -- no news there. On the question of from an engineering standpoint, on workaround and stuff, we can't talk about that directly though, though you'd imagine that, yes, we would, like anybody playing defense in a patent case would explore all your defenses you could have and the mitigation strategies, so I wouldn't be surprised if we were thinking about those things as well. On the question on the APT side, I'll try to take this one which is -- what we're -- we're talking about 2 different statistics here, but intentionally, we're talking more about 1, which is how many customers are using WildFire today, and you heard Lee say over 1,300, that keeps going up. Not all of those are paid. The other thing we talked about on the call was the number of paid users, which we haven't disclosed in there is, well, going well, and ahead of where I thought our expectations were given the product's only been out for a short period of time and you have to be on 5.0 to use it, right? So there's a couple hurdles to get over for us which will happen in a relatively short order, through the course of the rest of this year as the customer base migrates to 5.0 to be able to use that. So I think the question from a proxy standpoint is, it's not exact. And the reason for that and the reason we continue to talk about the free ones plus paid ones is, is that even if the customers are not paying for it, they still provides great value for customers who will. So this is a network, so it's a network effect. So we encourage people to use it, that's why we seeded it for free and we'll always keep the free version out there because if a customer is using the free version, they're not getting all the benefits of the paid version but we're getting their malware samples into the system, which we can federate, for lack of a better term, out to everybody who is paying, and it creates more value because we're seeing lots of malware across lots of vertical across the whole globe. So we continue to encourage that kind of behavior. Naturally, anybody who's using the free version is a great prospect for the paid version as well. So we would -- that's our primary target as we brought that thing to market is go back into that pace and we're doing pretty well there.

Next question. How about right there in the end, right there.

Michael Turits - Raymond James & Associates, Inc., Research Division

Michael Turits from Raymond James. So 2 questions. One, in terms of verticals, you showed 7% of your bookings or billings coming from the service provider, telco space. Fortinet is about a 28%, so how much do you view this as an incremental market opportunity? And if so, what's the product strategy for getting in? And then second question was if you quantify on the legal expenses ramp.

Steffan C. Tomlinson

Sure. So I'll take the first part of that. Yes, so Fortinet's business there is fundamentally different than ours which is their -- 28% of their business is mostly the service providers using their technology in order to push service offerings to the SMB. So before we said and we reiterate here, our target audience right now from a go-to market perspective is not SMB, it's enterprise. There is 2 reasons for that. The first is that the enterprise network security market is over $10 billion a year. The SMB network security market is about 1/3 or 1/4 of that depending on whose research you look at. So we're playing in a much bigger market. And the second -- that we're not anywhere near penetrated in yet, right, for what we can do. And the second thing is that for the SMB market, there's different technology, there's different go-to market, there's different support costs, there's different margin structures around that. But most importantly, that market is primarily driven by cost. And remember, we said security performance value. The enterprise market primarily driven by premium security, and we'll pay for that, that market's predominantly driven by what can I get from a security perspective for this cost. A great go-to market avenue to touch that market is service providers and that's what Fortinet has done there. We're working with service providers as well for service offerings. Ours are directed to the enterprise levels, so all the ones you heard Chad talk about, that's those guys selling our technology into the high-end of the market. We can go there. We can go down market, if we did, we would go with a service providers because it's an obvious way to go get that done. We just choose not to at this time mostly from a focus perspective of just keeping our eye on the ball and the brand, the premium brand as opposed to kind of confuse the market with the best technology but at the low-end of the market. So that's how we're doing this.

Unknown Executive

Part of our focus on expanding into major accounts really include service providers, as I mentioned, as customers, but also as partners. So the focus that we have today is really significantly bigger than the focus we had just a year ago in selling to service providers. I gave one example of a 6-figure deal to a service provider, but there's many of them that we've done. The teams have really ramped up, not only just here in the U.S. but across the world. And just think, just a year ago, we had salespeople that were calling on medium and large enterprises and service providers, and it's a different go-to market methodology, it's a different type of sales person, you need to be successful there and we're very mindful of that.

Unknown Executive

Yes. On the cost for Juniper litigation, the ramp, for competitive reasons, we're not going to give a forecast for that. But we are considering potentially disclosing that on a retrospective basis on our earnings calls, just so folks can understand what the costs are, we're considering that. We'll go to this side.

Jayson Noland - Robert W. Baird & Co. Incorporated, Research Division

Jayson Noland with Baird. Mark, to start with, hiring, are you getting account managers and SEs from competitors? It sounds like they're experienced, and how long if so does it take them to ramp? And the second question, on evals, an 85% win rate with technical evals or proof of concepts, that's very high. So how do you manage a sales force that could easily bring hundreds of these to you every quarter?

Mark F. Anderson

Yes. Well, thanks for the question, Jayson. So on the proof of concepts, we're very focused on being very good at that and really just telling the story of how different our technology is, and then proving it with the application visibility report that I talked about. So we have a large pool of eval equivalent that we own and manage but our partners, I believe, have an even larger pool. But they've purchased our technology and they, along with our own subject matter experts, are going out and doing these evals. So a big part of the enablement focus with them is to teach them how to do this in an effective way and teach them how to get more at-bats. And as far as hiring, we're seeing inbound requests from people at all of the Tier 1 network and network security vendors, I'm not going to name any specific names, but it's pretty consistent across the board. I think salespeople are a pretty predictable bunch, a lot of us are really addicted to the opportunity to grow and to take a territory, and take it from a little to a lot. And I'm very focused on creating an environment that leverages a great culture, gives them a competitive comp plan that really competes with the Tier 1 vendors that are out there, and shows them a path that they want to be promoted. And of course, when you're growing the team from very small to very large, there's lots of opportunities to be promoted to SE managers, SE directors, first level managers, second level managers. It's really part of an overall culture-building picture. Productivity, we actually don't talk about the times of productivity but what we do talk about is we're very focused on trying to make it happen earlier.

Unknown Executive

How about we go in the back, the lady back there.

Unknown Analyst

So you talked a lot about the platform approach that you're taking and you showed statistics on primary firewall use cases. I'm curious how has the customer buying pattern itself change? Do they still come to you for specific product or use case, like, say, a firewall or an IDS deployment or do you have more strategic conversations with them?

Mark D. McLaughlin

Both. So it's very well ingrained in the customer mindset, just as you kind of think about the last decade, the 15 years about all these technologies we mentioned and the kludge aspect about how they think about the networks in the first place and from a defense perspective on how they purchase for a really long time, and these things get done at refresh cycles, so it's fairly consistent still. There are folks who'll say, it's time to do the such and such refresh of this piece of technology and that's your opportunity to kind of get in there. What we have seen, though, is a rapid increase in the focus, probably from the board rooms, as I mentioned, it's one these top 3 items, down where the sea level folks who are in charge of the CIOs, CTL are -- they understand, I mean, not that -- they're living it, so they're kind of telling us; it's not the other way around. They understand that rapid change of threat. They understand that they can't really keep up. They understand the budget issues and all. So those are the folks who are strategically saying, enough. We need to come up with a better way to do this. And they're the ones challenging their teams then who may have been doing it a certain way for 10 years or 15 years to say, we need a better way. Well, that's very helpful for us. And we try to get as many of those conversations as we can because if we can tie into what they're thinking, then we just have a better chance to getting at that because then, they go back to their staff and say, what about these Palo Alto guys, right? And it just takes that one comment to go get the AVR done, and then we're off to the races. So we're seeing it really at both sides.

Unknown Executive

And we just have time for one more question.

Mark D. McLaughlin

Okay. And then we're going to be here. Nobody's going anywhere afterwards, so we're happy to answer any other questions upfront. How about we'll just go -- it's hard to see -- right there, since you're standing right there. Thanks.

Shebly Seyrafi - FBN Securities, Inc., Research Division

So I think Check Point would disagree -- this is Shebly Seyrafi, by the way, FBN -- with the degradation on the performance of 90% or so, primary gig going to 4, which is less than your 5 gig for the PA-50/50, what are your thoughts about even taking away that argument in improving the performance per box eventually? And separately, for Steffan, you talked -- targeting and hitting your target operating model in 3 years, what if your growth is still very high, say, 30% to 40%? Other companies would defer hitting that target of let's say, 22% to 25% operating model -- operating margin that is, further still, if the growth is robust. So what are your thoughts about potentially hitting the margin target later than 3 years if the growth is still very strong?

Steffan C. Tomlinson

So let me talk on the performance one and I also failed to mention that we brought 5 or 6 of our SCs with us today, which are, I think, outside, but these folks are all from different competitors, some from Check Point, some from Cisco, but I would encourage you, they're outside at the different areas here to talk and few are going talk technical on like what's happening on the ground, it's just another source of information for you. But specifically on the performance, I'm positive that Check Point would disagree with what we said; that wouldn't shock me. But I think there's 2 things to think about on that. The first is, is that the reality of just the testing, whether it's ours, theirs, their spec sheet, NSS, anybody, that's just what happens, right? There's no -- there's just kind of no way around that. And the second thing is you would have to disagree if you were done with that, which is either that's not right or that doesn't matter, we got bigger and bigger boxes. I always try to think about these things about where people are coming from on them, right? If we're right, and I think we are, that you -- the more these blades or functionality you add, you get to decrease the degradation, which technically, I think, we can prove, and you can go check it out yourself and you're them, then you must talk about performance. You have to do that, right? You have to say, I've got the bigger box, the bigger box, the bigger box because it's the threat change and the new functionality has to be introduced and it's kludged on with another engine, your performance will degrade every time the traffic passes through another engine. So you must have a bigger box and then a bigger box and a bigger box because that's what's going to happen at the end. Here's how customers think about it. Customers don't say, I'm looking for a 120-gig box. Customers say, I'm looking for security, and I need 4 gigs. Remember, I said security performance. My performance requirements as an enterprise in order to run my enterprise are 4 gigs of protected output or 5 or 10 or pick your number, that's how they think about it. When they say that, then your backward plan off of that to you say, if I want to get 5 gigs out the end of what I think their protection is, well, how do I do that? With Palo Alto, you buy a 5-gig box. If you're Cisco, I'm not going to pick on Check Point or Juniper, it doesn't really matter. To get that 5 gigs, you've got to say, I need to start 40, 100, depending on who you're talking to, because of the degradation. This is why those guys are super duper focused on speaking about performance all the time of the bigger boxes because it's a necessity in order to actually get the output that we're talking about at the end of the day. So you're going to hear more of that, not less of that. And then I think related in that question was us and what we'll be doing on the performance side. It really depends on where we're sitting in the network. So we don't have to do more from a performance standpoint to deliver what customers are asking us to deliver today. We are getting more inbound requests from customers saying, gee, we'd like to see bigger boxes -- a small set of customers saying, we've got user cases in the data centers or something, where I'd like to see even higher performances, not because the performance degrades, that's just our throughput requirements in that massive data center we have, so we want to see the 100-gig next gen firewall doing everything that it does. Again, not because of it degrades, but it would be great if we got a 100-gig box. So those are things we take seriously. And as Lee said, you would imagine in our family of appliances, all the way from the small to the large, that we would keep adding inside of there as customers tell us what those needs and requirements would be.

Unknown Executive

On a target model question, we have a flexible approach. But our current viewpoint is given our growth characteristics, given our nice gross margin, we feel like we can achieve the target model in 3 years. At the next Analyst Day that we hold, we'll take stock of where we are but our current viewpoint is, we're about 3 years away from achieving it. Hypothetically, if our growth rates were dramatically different than they are or where we think they're going to be, of course, I think we'll take a flexible and nimble approach to the target model. But as we sit here right now, we feel like it's achievable in about 3 years and we feel good with that.

Mark D. McLaughlin

So I think that's all we have time for. Again, the whole executive team is here. We'll stay around for as long as you guys like. We really, really appreciate you taking the time and your interest in Palo Alto. Thanks a lot for coming.

Copyright policy: All transcripts on this site are the copyright of Seeking Alpha. However, we view them as an important resource for bloggers and journalists, and are excited to contribute to the democratization of financial information on the Internet. (Until now investors have had to pay thousands of dollars in subscription fees for transcripts.) So our reproduction policy is as follows: You may quote up to 400 words of any transcript on the condition that you attribute the transcript to Seeking Alpha and either link to the original transcript or to www.SeekingAlpha.com. All other use is prohibited.

THE INFORMATION CONTAINED HERE IS A TEXTUAL REPRESENTATION OF THE APPLICABLE COMPANY'S CONFERENCE CALL, CONFERENCE PRESENTATION OR OTHER AUDIO PRESENTATION, AND WHILE EFFORTS ARE MADE TO PROVIDE AN ACCURATE TRANSCRIPTION, THERE MAY BE MATERIAL ERRORS, OMISSIONS, OR INACCURACIES IN THE REPORTING OF THE SUBSTANCE OF THE AUDIO PRESENTATIONS. IN NO WAY DOES SEEKING ALPHA ASSUME ANY RESPONSIBILITY FOR ANY INVESTMENT OR OTHER DECISIONS MADE BASED UPON THE INFORMATION PROVIDED ON THIS WEB SITE OR IN ANY TRANSCRIPT. USERS ARE ADVISED TO REVIEW THE APPLICABLE COMPANY'S AUDIO PRESENTATION ITSELF AND THE APPLICABLE COMPANY'S SEC FILINGS BEFORE MAKING ANY INVESTMENT OR OTHER DECISIONS.

If you have any additional questions about our online transcripts, please contact us at: transcripts@seekingalpha.com. Thank you!

Source: Palo Alto Networks' CEO Hosts Analyst Day (Transcript)
This Transcript
All Transcripts