Palo Alto Networks on AI-Powered Cybersecurity

As AI continues to drive new trends in cybersecurity, what does the future of this field look like? 🔐

From Six Five Summit: AI Unleashed, hosts Patrick Moorhead and Daniel Newman are joined by Palo Alto Networks Chairman and CEO, Nikesh Arora, for a compelling conversation on the ever-evolving relationship between AI and cybersecurity, covering everything from crucial trends in platform consolidation to the delicate balance of growth and profitability in today's economic climate.

Watch to gain these key insights on modern cybersecurity strategy:

🔹AI's Transformative Power in Cybersecurity: Discover how AI is revolutionizing cybersecurity, moving beyond simple automation to enable faster detection and smarter, more proactive responses to threats.

🔹The Drive for Platform Consolidation: Understand the critical trend of platform consolidation in cybersecurity and how it addresses the inefficiencies and complexities of managing numerous disconnected security tools.

🔹Strategies for Market Leadership: Learn how companies can achieve competitive differentiation in the crowded cybersecurity market, focusing on relentless innovation and strategic focus to stand out.

🔹Navigating Growth and Profitability: Get insights into the challenging act of balancing growth with profitability, especially during times of economic uncertainty, and how leading companies are tackling this dilemma.

‍

Learn more at Palo Alto Networks.

‍

Watch the video below at Six Five Media, and be sure to subscribe to our YouTube channel, so you never miss an episode.

‍

Or listen to the audio here:

Patrick Moorhead: The Six Five is On the Road here in San Francisco. We are in the Palo Alto Network suite. A lot of discussions about what the new threats are, what that means in the age of ai.

‍

Daniel Newman: Yeah, a huge moment. I mean, the world is in a complete rebalancing. We know that there's a lot going on. We know that AI has been a multi-year trend, but we're kind of seeing a convergence of forces and as cybersecurity becomes more and more in the spotlight as data proliferates, as the needs for global economies and nations to pay attention to how we protect the data, protect their citizens.

‍

Patrick Moorhead: Yeah, it does Dan, and as we've seen historically, every single major change, and whether it was client server from mainframe in minis, social, local, mobile, all the way to this new age, there's always the new threat that comes out. And it's not your imagination, everybody out there. It is a much more dangerous place. And whether that is nation states investing in this, whether it's AI, using AI to come in and attack, it's all up for grab to this point. And enterprises need a stable technologies. They need platforms to be able to do it more simply, and I can't imagine a better person to discuss this than Nikesh, welcome to Six Five.

‍

Nikesh Arora: Thank you very much guys. Great to have you at the Palo Alto Temporary Suite.

‍

Patrick Moorhead: Well, by the way, this is the way to do it. 

‍

Daniel Newman: You're buying companies, you're launching platforms, you're expanding product. Just start us off with kind of the big moments for Palo Alto Networks.

‍

Nikesh Arora: Well look, as you guys said, we are at yet another technological inflection point. You talked about data, you talk about AI, and when you look at the last 12 months, the total explosion in the amount of investment that is going towards this idea of deploying AI on an enterprise basis has been amazing. It hasn't happened before in terms of scale and scope and size as the amount of dollars being invested. Now, let's assume a lot of these dollars will be successful in the investment, which means you have to try and paint a picture of the future three to five years. So now what's going to happen in that scenario? You can imagine every company has got some element of data, to your point, data being used, AI being used to make better decisions, faster decisions, AI being used to do a whole bunch of repetitive tasks or even some non-repetitive tasks and innovative tasks. So if you believe that, that means the deployment of technology is going to continue at a very rapid pace. And the more technology you deploy, the more you got to make sure it's deployed in a protected fashion. In that regard, our reason for existence is that we have to make sure that our customers can go on and do what they need to do while they rely on us to secure them. So we have to get ahead of the curve, anticipate these scenarios, devise the platforms needed to secure the future.

‍

Daniel Newman: So acquire, protect, AI, launch expansion to your platform. I mean, what kind of gets you most excited this morning of the what four releases you put out?

‍

Nikesh Arora: Yes. Well, look, I think part of what's important is the risk companies have, and I say companies, the broader sense, the risk you have is that you say, wow, I won the last round. And you start to rest on your laurels and you realize, well, the moment you do that, the world moves on. The next technology wave comes up, and then suddenly you have four new competitors to contend with. So in our world, the more we do better, the more paranoid we are. And from that context, I think what I'm most excited about is a, making sure that we get this AI thing and we learn from our Prisma cloud experience. We build a cloud platform, we get it done. Two things better. This time we're saying we're not taking any priers, we're going to do this even better. So we're maintaining what I call the buy and build strategy. It's not a buy strategy, it's not a build only strategy, it's a buy and build strategy. If you look at it this morning we announced the acquisition of protect AI. If you look at the challenges in AI, it's not just the, you talked about a little bit of the bad actors using AI to get in faster, but the challenge of deploying AI is you've got to worry about the data. 

‍

Now, you've got to worry about the supply chain risk of AI. You've got to worry about protecting AI in runtime. And for the first time, you've got to watch out what it does because in the past you wrote an application, you knew the application was going to behave rationally. Now you have a risk that this AI thing could build a mind of its own and do something. So you got to watch out what it's doing as well. So there's a whole new series of security challenges, and if customers want to deploy this, right, you've got to give them something that is simple and stitched end to end so they don't have to go band it together, 10 different solutions, stitch it together and hope they get it right. So from that perspective, I'm really excited that we're taking a very, very assertive and aggressive view and strategy on building what we call the AI runtime security platform. So we were announcing Prisma errors that platform. I think on the other side, if you go back to the constant innovation and I'd say transformation of cybersecurity, which has been going on there, we're noticing finally our customers are begin to understand the value of security data. We look around and you'll see there's a whole bunch of companies which has sprung up, which want to tell you how to optimize your data, use it better, make it more real time.

‍

But I mean, I'm sure there's going to be debate as to what are the most important words, and I'll tell you the two are, I'm sure you could hear a lot about AI, whether it's agentic or regular, but I think the hidden word is going to be real time because security has been sort of somewhat non real time. There's real time when I know a bad thing, I can stop it, but everything else happens non real time. The problem is the bad actors are going to get to more and more real time with this deployment of AI. So we've got to get as close to real time as we can In that context. I think Databricks is important and that's why you see some of our other releases, which point to the fact that we have to get more real time, we have to leverage the data much faster. We have to stitch things much faster. 

‍

Patrick Moorhead: Dr. Nikesh, you talked a little bit in generally about where this goes the next three to five years and there are certain milestones, there's real time, and there's, for lack of a better term, batch non-real time. Okay. I know it's not batch, but-

Nikesh Arora: Words I haven’t heard in a long time.

‍

Patrick Moorhead: Exactly, exactly. Well, I did talk about mainframes.

‍

Nikesh Arora: That's right. There we go. Look, I learned how to code ICL 1904 go. You know what that is?

‍

Patrick Moorhead: I did cobol. So

‍

Nikesh Arora: There we go

‍

Patrick Moorhead : And punch card. 

‍

Daniel NewmanI wasn't born yet. Point that out.

‍

Nikesh Arora: This is supposed to be a progressive forward thinking. 

‍

Patrick Moorhead: Exactly right. 

‍

Nikesh Arora: Let's make sure we stay. 

‍

Patrick Moorhead: I’m going to get there. I'm going to get there. So talk a little bit in general, but how do you get, what is the three to five year, I don't want to call it a roadmap, but your customers have to be thinking, how do I get there?

‍

Nikesh Arora: Yeah, but I think, look, it's fascinating. If you think about cybersecurity as an industry, how old do you think we are?

‍

Patrick Moorhead: I mean, I think it goes back to the punch card days of

‍

Nikesh Arora: Security. No, not really. See, the cybersecurity wasn't a thing when you were in a closed loop environment with punch cards and mainframes,

‍

Patrick Moorhead: Terminals steal those tapes.

‍

Nikesh Arora: Yeah, exactly. It was kind of sneaker net, right? You could do that. But the point is, it's really when we started to see mass connectivity. The moment we started doing apps and every company's rushing out to build an app that their consumers can access, and the moment that happens, you start to open the doors to your data center, your infrastructure, to effectively every customer of yours. When that begins to happen, the attack surface is exploded. So believe it or not, we're about a 20 to 25-year-old industry. It's one of the youngest industries in technology barring AI. So if you think about it that way, it has to go through stages of, for lack of a better term, we'll say platformization, right? Today the solution is there are 40 solutions in a company, and the CIOs and CSOs are busy stitching security solutions together. That's right. Which is not their day job. That's like that needs to be done so they can do their day job security is 5%, 8% of spend in technology in a company, and it's going to take twice the effort. That makes no sense. So I think the way we're going to see it is you're going to continue to see, I'd say people call it consolidation, people call it, I call it platformization because I think there's a deep technical need to connect it. And until we get that deep connectivity, until we get multiple things working together, and the customer says, great, I can deploy 1, 2, 3 platforms and I'm done. I mean, think about it. How many CRM systems do companies have more than one? 1.2. 1.2, right? That's not a bad place to be, right? How many HR systems do you have? Yeah, typically one. But let's not talk

‍

Patrick Moorhead: About ERP. Generally

‍

Daniel Newman: You have that's going to go away later applications than you even know.

‍

Nikesh Arora: That's right.

‍

Daniel Newman: Yeah.

‍

Nikesh Arora: So we need to see that happen in the next three to five years. We need to see stuff come together. I think that the thing that'll bring 'em together is data. You can't go replace every sensor, every edge sort of parameter of security point product in a short period of time. Because if you think about it, there's possibly a trillion dollars or more of security, I call it plant, right? People have spend more than a trillion dollars in my security product last 10 years. If you're going to say that all that needs to go to an upheaval, it's not going to have overnight. But can we get it done in three to five years, hopefully at twice the effectiveness and half the price? Yeah.

‍

Daniel Newman: We had a great conversation with NIR recently. So he joined the show and now you've joined the show and he was really.

‍

Nikesh Arora: Did he say what I'm saying or am I in line within-

‍

Patrick Moorhead: The same constellation? 

‍

Nikesh Arora: Fantastic. That's important.

‍

Daniel Newman: I'll let you know if you miss by a lot.

‍

Nikesh Arora: Alright, thank you. Or your listeners will.

‍

Daniel Newman: Yeah, well they will definitely let us know, but he was very focused on everything moving out to cloud, out to AI. He very much was kind of like endpoint security. No, I mean, and he very has a very enthusiastic founder mentality,

‍

Nikesh Arora: Has never had a doubt.

‍

Daniel Newman: Yes. Really believes, but it was very aligned to what we're seeing, what I'm seeing you're doing in terms of how the platformization and in this game,

‍

Nikesh Arora: It must have worked in the same place.

‍

Daniel Newman:

Absolutely. In this game, it's all about not just what you're doing now, what you announced today, but it's all about setting yourself up that in 12 or 24 months, because let's face it, two, three years ago, most people, you may have, but most people didn't see how quickly generative was going to happen. They didn't see  agentic coming on. We certainly didn't see 325 billion of CapEx being spent for something that, by the way, we're only consuming a fraction of so far.

This all happens. Your job is to figure out how do you stay ahead of this. So very curious, the platformization, but what is the sort of strategy that you see that's going to enable Palo to not only be the world's largest security player, but to remain relevant and to actually stay ahead and be critical as this trend proliferates?

‍

Nikesh Arora: That's a great question. I think that's a very good question and I don't think there's a perfect answer. And that's why you see us look, we know at a macro level what our customers want. They want better security, they want a better price. They don't want to spend too much time stitching it together and they want great outcomes. Now as we go through this journey with our customers, and you saw us pivot about two years ago almost now, where we said, listen guys, let's focus on a longer term strategy with customers, which brings this consolidation and platformization together. So now we have our network security platform, I call it, and our incident response cloud cortex platform. And what we've discovered that conversation becomes very, very interesting and real, very, very quickly with our customers is they want that now to stay nimble, to stay the largest cybersecurity company.

‍

Our job is to keep our ear to the ground very closely with our customers because they're actually driving the demand of what needs to happen, what their needs are. At the same time, we have to keep an eye on technology and at some point in time we might disagree with our customer's point of view, like give me a faster chariot. No, that's not the answer. You're going to have to use the car. So at some point in time we do get into those debates, but it's a combination of working with your customers, delivering the solutions they want, keeping an eye on technology and at the same time having humility. It's a strange word to use in context of cybersecurity. The reason I say that is that look what this morning we've been attacking, no pun intended, a certain track towards solving the AI security problem and we keep our eye on the market.

‍

We saw protect was solving a different part of the same problem and say, listen, it's going to take us six months to be able to replicate what they do and they'll be further ahead than us. Why don't we bring it together? So I had a wonderful conversation with Ian, who's a CE of Protect. He's a smart guy. He got it. He's like, yeah, I get it. I said, you want to play in the big league, the way to play in the big league and solves this problem for all of our customers to put it together. And lo and behold, fruitful discussions and we followed our playbook in terms of how we do these things. We sit down together, have a joint vision as to what needs to happen, put some product people together who know what they're doing, see how this is going to come together and here we are now. It doesn't mean this is the end of the journey because I still think there's a lot of stuff that still needs to be figured out. How do you secure agents? As soon as I see one, I'll let you know.

‍

Patrick Moorhead: Exactly. Yeah, and there's a lot of challenges that go into that. I mean primarily there are themes that are in all of tech, and one of them is this best of breed point solution, and then there's platforms, there's suites, there's end. I think you answered it without specifically answering this question, but I think what I heard was that the way you balance this between where you would put R&D is you listen to your customers. Sometimes customers don't know exactly what they want as a product, but you understand their outcomes and then you build to the outcomes. Are there any other things that go through this best of breed versus platform that you have to make?

‍

Nikesh Arora: I think the biggest change we're going to see in the next three to five years is the shrinkage of best of breed. And I say shrinkage because I'm not saying elimination because there's a lot of best to breed out there that might've made sense 3, 4, 5 years ago. I think it's commoditized that it's normalized. I think it's six one way half a dozen. The is my EDR better than yours? There's four or five of them are, they're pretty good. So the question is do I really need to go specialize and take one and then spend my life stitching it together or do I take one as part of an integrated platform? So I think you will see as best to read makes sense in the first 24 to 48 month cycle. Does that best of breed? Eventually lead to a platform? If it does, great. If it doesn't, it's time to go be part of a platform. So you see that kind of begin to happen. I think the industry is still operating in the best of breed mode. You see tons of companies getting funded. I think a lot of them will not see a positive outcome. Not that that's not a light at the end of the tunnel situation.

‍

 So I think you're going to see that shrinkage happen because you're going to see a lot more platforms evolve. I think that's a long game. That's a long game because customers cannot feasibly put this stuff together. And I think as I said earlier, the key sort of eureka moment is data. Can you collect that data, analyze it, and I think one of the only things we announced is we have what I call Cortex X line for incident response, which is saw phenomenal success in it has been way past my expectations nears of the company's expectations, and we're just turning on what we call cortex for peace time. We discovered we collect so many terabytes of data for our customers. I got all the data for peace time too. Why am I only focused on incident response and wartime? So I think that's sort of giving us this idea that we can actually consolidate a whole bunch of best of beat capabilities into the peacetime capabilities of our platform.

‍

Daniel Newman: Your future, I don't think is so much point players. I mean look, there's always disruptor startups. Some of them become your protect ais and you acquire them, which is great. That's a great outcome place for innovation to be developed. And those small, nimble,

‍

Nikesh Arora: By the way, we love the venture industry funding innovation across the board. So all ideas are explored. We don't have the resource to do that ourselves. So thank you. 

‍

Daniel Newman: Yeah, absolutely. On the other side of it, of course, the big cloud players, if I'm trying to envision where competition actually comes from, because you've been so successful, you've grown so quickly, you've become such a dominant player in this space. It's actually, it seems, and if neera was correct about it all really being in the cloud and everything happening, the multi-cloud is that it is the Googles and they're your partners too, but is that where competition comes from in the future? Is it going to be that the platform, because security has always set off in this little island, but increasingly it is all it's data, it's security, it's AI, it's application, it really all comes together. So where does-

‍

Nikesh Arora: That's a great question, Dan. I think it's a phenomenal question. First of all, they're the 800 pound gorilla. So it is a joke. Where does the 800 pound gorilla sit? Whatever it wants. So I can't say that they're not going to be insecure. Now what we're relying on, and a few factors first, remember, we're still about 8% of the product, business and security. So we're still used to losing 90% of the time. So we're okay, I get from eight to 30, I'll be very happy. So this is a good start back humility. The trend is our friend. Okay, let's stick there. I think the second important part is I worked at one of these companies and invariably as good as you try to be, if you have your own thing, your products always work better with your thing, right? That's the beauty of Palo Alto. We don't have our Palo Alto Cloud, right? We're effectively Switzerland for biases, right? We have no biases. We will try and make it work perfectly well on every cloud instance out there, every data center out there because we don don't deliver those capabilities. So from that perspective, whilst we may be the consolidator, and not the domino is a bad word, but the most loved large security company, I think outside of that, for us, what's important is we need to maintain that independence, that unbiased nature that we can deliver across all these platforms in a consistent way. And that's kind of what we believe allows us to go out there and convince customers that they don't want to get beholden to one stack because it is a multi-cloud world. So should I buy security for every cloud and then spend my time stitching that now instead of the best of breed I used to buy in the past? And the last thing I'll say is that when you have a 90% or 95% of business, it's called AI and cloud and 5% of business security, how much time you spending in the 5%? Hopefully less than 5%.

‍

Patrick Moorhead: Yeah, makes sense.

‍

Nikesh Arora: That's all we do. Every morning we wake up. We don't worry about, are you going to use large database? Are you going to use my LLM? All I spend our time saying, how do we secure it when you use it?

‍

Patrick Moorhead: Yeah. So Nikesh, final question.

‍

Nikesh Arora: Yes, sir.

‍

Patrick Moorhead: Again, thank you for this time. I've talked to a lot of CEOs and you just have turned on tv, CNBC, this economic uncertainty. I'm curious how you're balancing your investments versus the uncertainty.

‍

Nikesh Arora: That's a great question. Look, I think part of you, you're seeing a dichotomy and you kind of just illustrated that by saying there's 350 billion plus of investment going on in AI that doesn't seem to be impacted by any economic uncertainty. In fact, it's an arms race to try and get it done quickly so we can deploy it. So I think on the one hand you're seeing the technology train is running at warp speed and you got to get ahead of it, try and make it happen. On the other side, there is a little bit of uncertainty, I would say right now because of the whole tariff conversations. But guys, we powered through a pandemic. You and I were sitting here at the beginning of the pandemic, we'd be worrying about the same things and look back and say, oh my God, that was one of the best opportunities. Had I known what was going to happen, I would've put my money in the right places. So I think it was the same point. Will we get through it? Of course, we'll get through it, and at some point in time you'll get used to it. Whether the answer is 10%, the answer is 5% or 25%. I don't know. I try and not worry about things I can't control. So from that perspective, I think we're all getting used to the notion that this will find some new level of stability. When that new level of stability will be found, we'll be all worrying about something else. Until then, it's fun to worry about this, but I can't control it. Don't worry about it. Focus on your business and it'll sort of go power through. On the other side,

‍

Daniel Newman: Sage words, what do we go on TV and talk about if there's no chaos? It's funny, someone showed me a chart the other day and it was basically always a reason not to invest. And it just shows the chart up into the right that there's always a reason at every different point. It's the S&P  just running up into the right, up

‍

Nikesh Arora: Into the glass.

‍

Daniel Newman: Nikesh, thank you so much for joining us here on the Six Five. It's been great to have you.

‍

Nikesh Arora: My pleasure. Thank you for having me. Good luck with it.

‍

Daniel Newman: Thank you. And thank you everybody for tuning in. We appreciate you so much. Hit subscribe. Be part of our Six Five community. So many great conversations here for Patrick Moorhead, myself. It's time to say goodbye. We'll see you all later.

‍

Disclaimer: The Six Five Summit is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.

‍