“We're starting to realize that our customers are facing spending fatigue in the cybersecurity space,” Arora said during the company's February earnings call. “This is new. Adding incremental point products does not necessarily improve security outcomes. Customers are demanding more for the dollars they allocate to cybersecurity. ”
Arora's comments caused Palo Alto's stock to drop 28% in one day, pushing other securities stocks down as well. The slump lasted.5 Largest Pure Security Software Companies – CrowdStrike Holdings, Palo Alto
,
fortinet
,
Z scaler
,
Cloudflare – Year-to-date average return is -1%. Palo Alto is outperforming, up 1%.
Months later, Arora's message seems less dire and simply delivered awkwardly. In fact, there are bullish benefits for Palo Alto shareholders in the long term.
Arora's intended message was that for too long cybersecurity has been dominated by the “best” software companies, with customers cobbled together security suites from different providers. Today, software products are increasingly integrated. Remember Microsoft?
's
Office 365 or Alphabet
's
Google Workspace. And Arora sees that approach eventually being applied to cybersecurity, with Palo Alto Networks being the clear winner.
Advertisement – SCROLL TO CONTINUE
Another issue from that fateful February call was that Arora said Palo Alto would need a larger share of its IT spending budget over time to accelerate the company's aggressive “platformization” goals. It was a concession to provide existing customers with access to certain features, with the goal of increasing the number of customers. Run.
Remember the Borg? Star Trek A species that has “absorbed” other organisms? Palo Alto wants to become the Borg of cybersecurity. I hope that resistance is in vain.
“If I don't provide integration for my customers, they all have to have the technical ability to integrate five, six, seven, 10, or 20 brands,” Arora told me last week. “If an attack is underway and it’s going through 15 security vendors, whose job is it to take all the data, analyze it with AI, and come back and stop the attack in real time? I think it forces consistency across the stack.”
Advertisement – SCROLL TO CONTINUE
Arora says that a few years ago, no security software company had more than 2% market share. Palo Alto Networks currently has a market share of about 5%, he said, but he hopes to increase it to 20%.
“We want to be the world's first evergreen cybersecurity company,” Arora adds. “Symantec used to be popular, but it's gone. McAfee was there… who's left?” Arora answered his own question, saying that in the firewall space Check Point Software Technologies, Fortinet, and Cisco Systems, as well as CrowdStrike and Zscaler in other key areas. “We strive to be responsive to any new technology transformation or transition, including AI,” he says.
It's not easy. The list of large cybersecurity companies with a long history is small. How many companies have annual sales exceeding $10 billion? Zero. And how many companies have a market capitalization over $100 billion? None. The largest company is Palo Alto, valued at $97 billion. His four other companies alone (CrowdStrike, Fortinet, Zscaler, and Cloudflare) are worth more than $25 billion. Microsoft is worth 11 times more than his five largest cybersecurity companies combined.
There's a reason for that. In cybersecurity, problem sets change over time. We've come a long way from antivirus software and spam filters. With each new generation of threats, new software players emerge. But Arora recognizes that consolidation is on the rise, and believes AI will accelerate that process.
“We don't need to convince people that this is going to be a big thing,” Arora said. “fact
Advertisement – SCROLL TO CONTINUE
Nvidia sold four times more chips in one year than it had ever sold before. This indicates that more AI data centers will be built in the next three years than in the past 15 years. ” According to Arora, the spending on cybersecurity is an outgrowth of his overall IT spending increase.
That's where Arora thinks Palo Alto has an advantage. “Our customers have long trusted us to help them manage access to applications outside of their infrastructure with their employees,” he says. “Secure access, remote access, virtual private networks. Now all of our employees want to use his AI tools.”
Advertisement – SCROLL TO CONTINUE
And, as Arora points out, this raises new questions for data-centric companies: What is the model doing with the data? Should this data be sent outside the company?'' He said companies have no choice but to monitor their employees' use of artificial intelligence. He said there was no choice but to risk serious consequences otherwise.
Last week, Palo Alto announced a new collection of AI security tools. There are products that monitor the safety and risk of growing AI services. To track and control the AI services your employees access. Monitor AI workloads running within your corporate network, whether authorized or not. Acts as an AI firewall, controlling what data can be uploaded to AI models while monitoring security risks related to the results returned by those models.
All the while, Arora says, AI is making hackers smarter. “You can get a model to create a playbook on how to exploit critical vulnerabilities,” he says.
Arora suspects that hackers are collecting data to exploit vulnerabilities in the software. And AI will make the bad guys more effective by hacking the co-pilot. When it comes to issues facing IT departments, AI risk is likely to take precedence over “spend fatigue.”
Write destination Eric J. Savitz (eric.savitz@barrons.com)
