Palo Alto Networks, Inc. (PANW) Presents at Morgan Stanley Technology, Media and Telecom Broker Conference Call - (Transcript)

Palo Alto Networks, Inc. (NASDAQ:PANW) Morgan Stanley Technology, Media and Telecom Conference March 2, 2021 11:00 AM ET

Company Participants

Nikesh Arora - CEO & Chairman

Conference Call Participants

Keith Weiss - Morgan Stanley

Keith Weiss

Good morning. Welcome to day two of the Morgan Stanley TMT conference, the virtual edition. My name is Keith Weiss. I run the U.S. software equity research group here at Morgan Stanley.

I'm very pleased to have with us this morning from Palo Alto Networks, CEO Nikesh Arora. Nikesh, thank you so much for joining us this morning.

Nikesh Arora

Keith, always a pleasure to chat with you.

Keith Weiss

Outstanding. A brief disclosure before we get started. For important Morgan Stanley research disclosures, please see on our website, www.morganstanley.com/researchdisclosures. A programming note, I have a ton of questions for Nikesh. But if anybody has additional questions, you could type it in, in the webcast. It's going to show up on my screen over here, and we will try to fit those into the conversation as well, if you guys do have questions.

So Nikesh, again, thank you for joining us. I think this is the third time you've been at our TMT conference, if I'm not mistaken.

Question-and-Answer Session

Q - Keith Weiss

And it's always been interesting from a Palo Alto perspective. I would say this year is particularly interesting from a macro and spending environment perspective. In our CIO surveys, even before SolarStorm hit, there was a rising priority of security within our CIOs. The disruption that took place with the COVID crisis, the disruption via the distributed nature of how we're all working really changing the dynamic on security in our surveys.

So the question to you is, one, did you guys see that in your business, a ramping priority for security heading into 2021? How does SolarStorm impact that on a go-forward basis? And what are you guys expecting for the year ahead?

Nikesh Arora

So Keith, look, it's funny, we're lapping the anniversary of the pandemic, I think, this week. And I remember having this conversation last time with you in this conference about, "Hey, Nikesh, what's the impact of the pandemic? Are you seeing a resurgence of spend -- or remote work spend and focus on security given the pandemic?" And we didn't see an impact for the first 3 months because all of us were giving free capabilities, free services. But what it did do -- or has done, if you look at the last 7 to 9 months, the conversations, the architectures around remote work, the sort of long-term impact is all coming through on all the remote work solutions in the market, whether it's us or it's the other players in the space.

So I think SolarWinds is going to have a similar impact. You're going to see that we all give free capabilities. We made sure that our customers were safe. They all looked at -- their first reaction was, "Hey, am I breached? If I'm not breached, would I be protected if this happened?" Now they're starting to say, "Oh my God, if this happens again, will we be protected?"

The conversation has been elevated. The Boards are talking about it. The audit committees are talking about it. So I think what you're going to see is, in the next 6, 9, 12 months, that the impact will be felt in renewed focus or continued focus on cybersecurity. And you'll see that across the industry perhaps with a better growth rate for the industry.

Keith Weiss

Got it. That makes sense. So it takes some time for this to translate from a reaction, from discussions with the Board, from you guys just doing the right thing for your customers, giving out free solutions. So should we be thinking calendar 2Q perhaps is a time frame where you could start to see the spending start to pick up in relation to SolarStorm?

Nikesh Arora

I think you're going to see it more in calendar Q3, Q4 and the rest of the next sort of -- in our case, next year.

Keith Weiss

Okay. Perfect. So you talked about the changing architectures that you're talking to with customers. And I'm assuming that means sort of more of a shift towards Zero Trust architectures, moving more of security control point into the cloud to more of a SASE solution, if you will. And over the past 3 years, Palo Alto Networks has really built out their capabilities for that SASE solution.

Can you walk us through some of the investments that you guys have made to build out that solution? What do you have in the market today? And talk to us a little bit about how customers have -- what is the customer conversation? Are people thinking about deploying this into their own infrastructure?

Nikesh Arora

Yes. On the SASE front, I think, Keith, I got a bit lucky. When I came to Palo Alto Networks, we have a product called GPCS, GlobalProtect Cloud Services. So as you know, we have over 15,000 VPN customers who use our GlobalProtect with our firewalls. And the team had built a cloud-based capability to deploy a firewall from the cloud and replicating firewall functionality. But we didn't have enough people working on it.

What we've done in the last two years is basically 20x that team. We have now a full firewall deployed in the cloud in our Prisma Access product. We have connected it to the SD-WAN, acquisition of CloudGenix. So we have a cloud pane that allows you to manage your SD-WAN and your SASE solution or remote security solution.

We have now made DLP enabled on that from a capability perspective. Most recently, we launched Prisma Access 2.0, which brings in proxy capability. 53% of the attacks on remote servers are non-web apps. So you need non-proxy solutions to protect the non-web app capability, which is what we've always had. We've also been able to protect web apps, but we also brought in proxy for onboarding.

And last but not the least, we've included DEM capability into the product, which means if a customer has an issue, we can tell in what part of their connection that problem happened, whether it's Palo Alto or somebody else. Is your Internet down? Is your data center server not responding? We can actually tell you what's causing the service issue because it's kind of like remote work has become work, there's no remote part of it. That's how we all do it.

So if our stuff doesn't work, we're kind of paralyzed. So you need the degree of quality and capability that you have in your office available in everyone's homes, and that's what we've done with our SASE 2.0 product. This quarter, as I said to some of the investors, that our largest deal -- one of our largest deals was a SASE deal with hundreds of thousands employees being deployed with Prisma SASE 2.0.

Keith Weiss

Got it, got it. And then I think one of the important differentiators versus your competitors in the marketplace, I think there's a...

Nikesh Arora

You can say the name. I won't.

Keith Weiss

All right. So against a Zscaler per se. And one that's been coming up a lot more in conversations is the fact that you guys have the network side of the equation, in addition to the network security side of the equation. So with CloudGenix, you have more of a capability to bring the networking component to the equation.

Does that differentiation resonate with customers? Is that important to them, to have not just the security on top of the network but that CloudGenix network capability?

Nikesh Arora

Well, it does, for sure, because you want -- the less integrations the end customer has to do, the better. Because the more integrations you have to do as a customer, you will end up holding the bag because you've got to figure out which one of your four pieces of your security solutions are not working, and you got to go remediate that with a vendor.

And you know what, there's a bunch of handoffs. We're constantly in a situation where the customers have deployed Vendor A for their SD-WAN stack, us for security and a third vendor for their hybrid cloud. Now when the handovers happen, it's always a food fight, like "It wasn't our product. It wasn't our product." You're going to have to sit down and go make that Internet working begin to happen. So the more you can rely on one partner to be able to provide you a cohesive solution, the better off you are.

Having said that, it's not a single-player market. So there's a bunch of other SD-WAN capability in the market, so we have to work and make sure our integration works not just with obviously what we bought in CloudGenix but the others out there, whether it's VeloCloud or Versa or Silver Peak or Viptela or Meraki. So we make sure that it works cohesively. But more and more, the larger the deployment, the customer wants the ability to be able to do this together in one box or in one solution.

Keith Weiss

Right. And then in terms of what's funding these SASE solutions, on one side of the equation, there's securing the more distributed environments, like you talked about, being able to ensure that everybody working from home has that good, secure Internet connection.

On the other side, one of the things that we've been hearing a lot about is the displacing MPLS costs, right? Companies were using dedicated lines to backhaul traffic into their data center. They're inflexible. They're relatively expensive. Are you guys able to tap into that as a funding source, if you will, that you could actually make a good ROI value proposition with the SASE solution because you're offsetting some of that MPLS cost?

Nikesh Arora

100%. So what's happened is -- the reason you've seen this continued upsurge in remote network security-related spending or re-architecture of branches for large retail footprints, what you're noticing is that the tack where a lot of money was being spent in dedicated T1 lines or MPLS-based solutions, the CIO can go make a pitch to the CEO or to the CFO saying, "Look, I can save us money. At the same time, I can put us in a lower total cost of ownership scenario and get us better security." Now it's very rarely a CIO walks up to the CFO and says, "I like to save you money." Usually, IT is -- security is seen as a cost. So when you walk in and say, "I can save you money and put us in a better place," the guy says, "Go at it."

Keith Weiss

Right, right. Definitely helps, that positive ROI. Excellent. So I want to take a step back and frame the conversation a little bit in terms of how I have investor conversations and then dig into it. There's -- in my view, there's 3 things that investors have to garner confidence in when they're buying Palo Alto Networks: one is the durability of the network security business; two is your ability to ramp up these new technologies, what you call ClaiSec, is the category for them now; and three, what does the sort of free cash flow margin look on the back side of it.

So starting with network security, and this is kind of where we're going down with SASE. I think one of the important things that investors have to wrap their head around is they're asking the question like, "Are firewalls going away?" And I think what they have in their head is the idea of a firewall appliance on the edge of a corporate network versus the capability of firewalling, right, the ability to apply that policy and control and security to all your network traffic.

And what I would reply with is that it's not going away. It's moving, right? It's transforming in terms of how you're deploying it. More of it is being deployed in cloud-based environments. More of it is being deployed in the cloud. But that core appliance on the edge of your network is not going anywhere. It's just part of a fabric, a firewalling fabric.

As you make that pitch to -- I'm making the pitch to the investors. You're making it to the customers, right? As you make that pitch to the customers, can you talk to us about how does that actually work in reality? How do people sort of extend their firewalling capability into your cloud, into virtual capabilities? Is it all at once? Are people ripping and replacing? Or is this something more evolutionary and gradual as they sort of evolve their security architectures?

Nikesh Arora

Well, first of all, Keith, you've gotten really good in making the pitch and distinguishing between investors and customers. The customers aren't as skeptical as our investors are often because the customers live in the guts of the technology. They live with the sort of the variety of the solutions that they have. Look, what is beginning to happen -- and I've said this, hats off to Ken Xie for being able to sell more hardware into the industry. Because what we're noticing from our vantage point is that, on one hand, you have this whole cloud transformation going on. Look around, our friends at Google, Amazon, Microsoft, Oracle, IBM, Alibaba are all selling more and more cloud capability, and that's going to come from somewhere. It's going to come from less data centers in the future. It's not eliminating data centers, but it's less data centers.

Now if you go to a typical large customer, they've got a lot of technology investment in their data centers. They've got stuff running. When they start making that move to the cloud, they've got to protect that traffic that goes in and out of the cloud back into the data center. They need to make sure the same firewall policies that are protecting them in the data center are protecting them in the cloud.

So first thing we see is an instantiation where a customer puts their foot into the cloud saying, "Hey, we've got your firewalls. What do I do with all my traffic I'm sending to Azure, GCP, AWS?" So we'll just stick a virtual firewall in front of it to make sure that you can run the same policy framework that you run in your data center with it. So that's kind of one scenario.

Another scenario is a customer says, "Cyber Monday, Black Friday, we need more capacity spun up in our data centers for a week or 2 weeks. You have to go buy more boxes." Like don't do that. Just buy virtual firewalls, spin up the extra capacity. You can't go wrong with it. So that's a situation where you sort of creep into more software solutions from a hardware box because you're dealing with burst capacity, you're dealing with the cloud.

Then when the customer starts thinking about their remote architecture, you sit there and say, "Look at your total cost of ownership." Now imagine a customer with 2,000 stores. If the idea was to go replace a hardware firewall in every store, it's kind of like painting the Golden Gate Bridge. You start today, and 3 years later, you're done with 2,000 stores. You got to go back and do a firewall upgrade in every one of those stores. It's the most ridiculous concept if you're going to believe that we're going to stop cyber hackers or bad actors by doing a software upgrade which requires a roll of truck to protect that piece of hardware. You got to go down the software path. So I think intellectually, logically, security-wise, it makes 100% sense, but people don't like it on the P&L.

Keith Weiss

All right. Got it.

Nikesh Arora

Was that impassioned enough? What was that like?

Keith Weiss

Yes. No, that was good. That was good.

Nikesh Arora

I think I'm going to be doing this for a long time because when I came to Palo Alto Networks, I was told firewalls are dead.

Keith Weiss

That was a...

Nikesh Arora

The old rumors of my demise are overstated.

Keith Weiss

No, no. So now when you guys are talking about the business, you bring this all into Firewall as a Platform, right, is the way that you're talking about it. In the most recent quarter, I think the number is about 21% growth in that Firewall as a Platform. So that includes -- you're selling the appliances. You're selling Prisma Access within there, GlobalProtect and the virtual firewalls, are all part of that next generation. And as we're thinking about the -- what drives growth for that business, we talked about sort of the virtual firewalls. Is there still the potential for share gain, right, just core share gain in terms of the firewall appliances?

Palo Alto Networks, like on our numbers, 20% share in terms of our CIO surveys. That roughly matches with IDC numbers. Cisco still has more share. Juniper is still out in the marketplace, has a pretty small share. But is that -- Check Point still has a decent share. Like is that up for grabs? Are people still moving firewalls?

Nikesh Arora

10 years ago, Keith, I used to work at Google, and we just talked about share of web search and then how much share Google's going to have in mobile search. I think that's a foregone conclusion. And I think when technology shifts happen, share gains change from, let's call them, legacy vendors to people who have adopted the new form factors.

When you go from hardware to software, we're 1 of 2 players or 2.5 players in SASE. There are 7 players in firewalls and hardware. Where is that share going to go from those 7 players? It's going to go to 2.5 people. The question is, "Do I end up at 20%?" Hopefully, I end up with lot more than 20%, and that's going to be better. When people go from hardware to software -- we just sold our largest deployment of container firewalls to protect a 5G network. We're the only one in the industry with a container firewall.

So when form factors change, you have to be ahead of technology to be able to capture more share gains. So -- yes, so we've grown 21%. Most of the growth comes from software. I'll tell you what, we're driving software growth. It's not just happening by happenstance. We're trying to get people to buy software because, A, it's a lower cost of ownership for them; B, it's better security for them; and C, it's much more profitable for us in the long term.

So from all perspectives, it makes sense to accelerate the transformation from hardware to software. And I think what people should look at this quarter, we showed we're able to do that, sustaining our gross margins and keeping cash flow margin in the 38% to 41% range, right?

Keith Weiss

Right. Got it. Last question on network security because we got a lot to cover and not so much time. Subscription attach, right? I think since you've been there, you've expanded the portfolio of potential attach subscriptions from 4 to 8. You talked about exceeding 5,000 customers with the DNS subscription attach. Can you give us a sense of penetration, of where we are today in terms of firewall attach within that base of 70,000-some-odd customers. Where is it today? Where can it go? And is that something investors should be thinking about as a durable driver of this Firewall as a Platform billings growth?

Nikesh Arora

Yes. So when I came, we had four subscriptions that we attached to our firewalls. We had threat prevention, URL filtering, WildFire and GlobalProtect. And the lowest attach was 50% in that space, and it has a very low churn because we see that renewals would happen within that space.

In the last 2.5 years, we've created 4 more subscriptions, IoT, DLP, SD-WAN and DNS; and DNS being the most sort of long-standing one in the last 2 years. In the last 2 years, we've got 5,000 customers. And that 20% attach rate can get to a -- nicely, a 10-figure number, if I did that right. Yes. Right?

So it's not a bad gig if you can get firewall subscriptions that attach over time. And we showed a slide in our earnings presentation showing that the proportion of hardware has gone from 39% to 29% of our total network security firewall spend. And I think the continued sale -- attachment of more software capability to subscription on our firewalls is going to drive that hardware number smaller, which is better, is more repeatable, more recurring revenue. So basically, we take our firewall business and make that more of an ARR business.

But I think what's also important to know is -- so then the next question is, "Wait a minute. If hardware goes away, what are you attaching to?" Well, our subscriptions work in every form factor. They work in virtual firewalls. They work in Prisma SASE. In fact, our IoT subscription also works on Cortex. Our DLP subscription works on Prisma Cloud and Cortex and firewalls.

So what we're also trying to do is trying to make sure that our subscriptions are -- we actually have started to call them security services internally, but we're trying to make sure that the security services team is attaching that to all capabilities we have in the company so they're not stuck only on hardware firewalls. So today, you can do DLP across the entire portfolio. You can do IoT across multiple products. So our teams are -- and SD-WAN, obviously, you can do with SASE.

So our teams are looking carefully to make sure that you don't get trapped in the hardware attach game because that will be the next conversation. "Okay, we get it, you're transforming from hardware to software. But is subscription going to be stuck in hardware land?" Well, they're not because they're attached to everything else as well.

Keith Weiss

Got it. It makes a ton of sense. I want to shift gears to the ClaiSec segment. Cloud and AI solutions wrapped up into this segment now represents about 20% of the overall base. So when we talk about the core solutions in here, there's Prisma Cloud that came from cloud security posture management that you acquired with RedLock. There's a container security with Twistlock. Cortex has a lot of functionality in it right now. You just acquired Bridgecrew for some additional DevSecOps.

What are the core growth drivers today? What's the solutions that will drive sort of moving the needle today? What are you most excited about over the next 2 to 3 years in terms of this ability to ramp up and become kind of the core driver for the overall ClaiSec business?

Nikesh Arora

So let's talk about the two parts of it, right? There's cloud security and there's Cortex. In cloud security, what's happened is we saw large numbers from our cloud provider friends, AWS, GCP, Azure. What's happening is slowly and steadily, customers are moving their applications into production in the cloud. They've been in development for a while. They're moving now to production.

Across the cloud, they need similar security capabilities. When you go to the cloud, Google takes care of the security of GCP and AWS takes care -- or Amazon takes care of AWS and Azure, Microsoft. But when you put your applications in the cloud, you're responsible. Morgan Stanley uses cloud security to predict what trading applications to put on AWS. Now that application that's put up there needs to be checked when it's being developed. It needs to be checked when it's sent into production. It needs to be checked whilst it's in production, right? So that security requires you to check while people are developing, which is what is DevSecOps, which is why we bought Bridgecrew.

Let's make sure we test it while it's being developed. Because, typically, what happens today is the CIO will sit and say, "Okay. Thank you for submitting your app. By the way, your app has problems. Go back and fix it." And then I'll go, "What's the problem?" So I'd say, "Well, don't tell me later. Tell me now."

So Bridgecrew allows you to embed security, right, when you're developing it. You take it to production, you take a run time. That's where Twistlock and RedLock kick in; RedLock looking at the infrastructure, Twistlock looking at applications. Twistlock puts an agent. Then, over time, Aporeto and our container firewalls allow you to create firewalling capability within your apps with segmentation. And then you can obviously put DLP against it.

So what's happening right now is we're seeing expansion as people move into the cloud with CWPP and CSPM or Twistlock and RedLock -- the artists formerly known as Twistlock and RedLock. That's kind of driving the growth. And over time, as the sophistication increases of our customers and they start putting -- relying more and more on production applications, you'll see micro segmentation take off. We're also seeing tremendous demand for IAM or identity management because people give lots of provisions -- lots of privileges in the cloud for their developers. They're trying to get -- to restrict them because that's another threat vector. So slowly and steadily, the platform approach of cloud securities work.

On the Cortex side, we're continuing to see traction on XDR, where it's kind of interesting to watch some of the competitors start to buy data injection companies because they believe that now it's not just endpoint data that's important, but firewall data is important, too, which is how we've built Cortex XDR. So we see strength there. We see -- continue to see strength in XSOAR, which is our workflow automation capabilities. I think over time, we're going to see the modernization of the SOC happen where people rely more and more on data and more and more on analytics, which is what XDR is trying to do.

Keith Weiss

Got it, got it. So when you guys presented, it was really -- when Luis came onboard, he started giving us a lot more detail on the underlying business. And you guys gave ARR targets for the year for this ClaiSec part of the equation. I would say the biggest topic of conversation coming out of Q2 earnings was the ramp in ARR necessary to kind of hit your target for the back half of the year.

I think you did about $121 million net in Q2. That included some revenues from Expanse. And guys are looking for the necessity to do over $300 million in the back half of the year. You have a little bit of Expanse in there as well to hit your targets.

Can you talk to us about how you put together that plan? When you put out that ClaiSec ARR target, how did you layer it up? How did you build out the plan, that this is something that's achievable for our organization? Because it is. I mean it's almost 80% growth. It's pretty good growth that you put out there for an initial target.

Nikesh Arora

Well, there's two pieces to it. I think you're talking about NGS because we don't give out ClaiSec on a quarterly basis. What we did give out was NGS on a quarterly basis. So you saw us at $840 million, targeting $1.15 billion this quarter on the NGS ARR, which is a combination of Prisma -- all the network pieces as well as the cloud/AI pieces, which is what we used to present to you guys in the past, which we're now transitioning to ClaiSec but we're maintaining that NGS ARR number out there to make sure there is continuity and you understand how we transition from that to ClaiSec.

Look, we have visibility into our pipeline. We understand what the pipeline for each of our products is. Some products are lumpy. Some products are TCV-based products. Some products are ARR-based products. What I'd like to say is we put out targets -- it will be silly for management to put out targets and try not to achieve them. So we must have visibility into our pipeline for us to be able to put them out there.

Keith Weiss

Got it, got it. And then when we think about the distribution strategy, when you came onboard, you started talking about speedboats. And basically, kind of I thought about it as like this is the Palo Alto version of SWAT teams, right? You really want to sort incentivize, you want put good business process and teach people how to sell the solution. You put a SWAT team together. They go out there, and they teach everyone else what they're doing by showing them. You're changing up the distribution a little bit as we go into next year to align with this new strategy. Can you talk about the change you're making and why?

Nikesh Arora

Yes. Look, it's kind of interesting. When we started off, we built a Prisma speedboat and a Cortex speedboat and a Strata speedboat. And basically, the real motion of these speedboats is bring cross-functional people together. So when somebody is launching a grid -- launching a product from the product side, the marketing people are ready to go with marketing campaigns and the salespeople are ready to go with sales enablement so we can actually hit the ground running. And with -- if you think about it, the last 2.5 years, Palo Alto Networks has produced more products than they have in the 15 years prior.

So there's a different motion needed to make sure people are trained and enabled because they've got to be able to pitch that to their customer. So you got to keep building a motion where you're constantly training your team. And that's what these speedboats are making sure, that the piece parts are together and they weren't going to fall apart. If you sell to a customer, you got to make sure they're deployed. So all those things are being done in speedboats.

And what all of you noticed is that this model is working so -- instead of just having them at high-level categorizations. In SASE, we compete with people in the market. In XDR, we compete with certain people in the market. XSOAR, we compete with certain people in the market. All we've done is adapted the speedboat structure to direct competitors in the market because instead of having a catch-all for three products in 1 speedboat which compete with 3 different companies, we just made it six because we know exactly who the competitors are and how we'll win against them. So it's just streamlining it to adapt to the market, nothing more than that.

Keith Weiss

Got it. So you're aligning with sort of what the competitive set is in the marketplace so you could go at these guys head on?

Nikesh Arora

And it so happens to be able to allow us to align it with NetSec and ClaiSec as well so...

Keith Weiss

Excellent. And then on sort of the -- that alignment, one of the things you guys talked about on the quarterly call was heading down the road towards potentially creating equity structure for ClaiSec versus the broader group. From my perspective, it was awesome because you gave us a lot of detail, gross margin line, operating income line, free cash flow line, for the network security versus ClaiSec. It showed a very profitable network security business, 41% free cash flow margin.

So to that last point, it gives a lot of credibility to the ability to run this business at a really high margin and understand where the investment is going and gives investors a lot of visibility in what's under the hood. I think that goes a long way towards sort of unlocking -- or should go a long way towards unlocking what we've been presenting as a sum-of-the-parts valuation. But it sounds like there's more that you want to do with that equity structure perhaps down the road, a tracking stock.

What's the further benefit? Is there an internal benefit you get? Is there -- if you had a tracking stock, would that be good for retention? Is that good for attracting new engineers? What would be the rationale beyond just visibility for going down that road?

Nikesh Arora

That's a great question, Keith. Look, 6 or 8 months ago when I was telling you guys and everyone, hey, look, we've got two businesses. One is a high cash flow-generating business, sustained gross margins, good operating -- industry best-in-class operating margins, and we're transforming that from hardware to software. "Oh, that sounds great in any case, but the overall gross margin is going down, overall operating margin is going down. You must be -- there must be something else going on here."

So it's fine. Take a look at it. We showed you the 2 P&Ls. We got our auditors to audit them. We've got audited P&Ls on both sides. "Okay, that's interesting. Oh [indiscernible], you were right."

So we got -- now we've got a business called ClaiSec, we got a business called NetSec. I think the left-hand side of the business is 40% bigger than the largest competitor and has as good or better cash flows. You would evaluate it's 40% bigger than any firewall company out there. On the right-hand side, you get -- I'm getting a cloud/AI security growing at 71% organically for free.

So when I look at that, I'm saying okay, when I tried to explain it, nobody believed it. When I put the numbers out there, the stock started to show an improvement. So clearly, there must be some cognitive dissonance going on in the market where they don't want to hear it, they want to see it. So fine, they want to see it's great.

Now with ClaiSec, I don't think we're getting value for the cloud/AI security we're building. I don't think there's a competitor out there who's got the cloud portfolio we do. I don't think there's a competitor out there who's built XDR to compete with Carbon Black, Cylance, CrowdStrike and the gang as quickly as we have.

So look, if you look at where -- what's going on in the markets today, the markets are irrationally valuing growth businesses with ARR on the right-hand side. And if you've seen, even in these past 2 weeks, there have been ridiculous valuations paid for new cybersecurity companies. I've had the privilege of meeting 400 of them so far in my 2.5 years at Palo Alto Networks, and I've met -- every one of them was just starting to raise funding out there.

So that's how the market is going to behave. It's important for us to be able to play with the market in the way the market wants to play. If that requires us to potentially consider tracking stock for ClaiSec, we will. We're not going to -- we have not done anything. We don't plan to pull the trigger until we believe the market will reward it. All we're doing is letting The Street know, look, we're going to file some paperwork to make sure we're ready in case that route is really needed.

To your point about what future benefit it gives, other than making the value transparent, which I'm not personally a huge fan, I'm just doing it for that sake. It allows you to have another equity. It allows you to attract talent. It also allows you to have equity, if the market continues to do irrational valuations, to use as currency to acquire. Because I don't think my shareholders want me to pay billions of dollars at 50x ARR to go buy something and then spend the next 5 years validating the value as part of Palo Alto Networks.

So it's keeping the option open, having optionality to make sure that the value is made transparent to shareholders. And again, the structure allows you to look at other forms. We said equity structure. We didn't particularly say a tracking stock. There is a form which allows you to go spin it out as well, if need be, if the business is able to sustain itself without leaving Palo Alto, which we don't believe, at this point in time, is the case.

Keith Weiss

Got it. Excellent. Unfortunately, that takes us past our allotted 0.5 hour. But Nikesh, thank you so much for joining us. It's been a fascinating conversation, as always. And looking forward to seeing what calendar '21 brings for the Palo Alto Networks story. So thank you very much.

Nikesh Arora

Thank you, Keith. Appreciate your support.

Keith Weiss

Thanks.