Safety do-over: How Palo Alto Networks sees the reset

Automation usually, and synthetic intelligence particularly, render at present’s cybersecurity stacks ineffective.

Beforehand, stopping 99% of assaults and leaving the 1% for armed human hunters to cope with was, if not ultimate, at the least possible. With AI, that each one goes away as a result of adversaries can scale up phishing and different assaults at unprecedented charges, which overwhelms the power of people. This creates a wider hole between exfiltration occasions, that are shrinking, and imply time to remediation, giving even better benefit to attackers. As such, the one method to battle AI is with AI.

Furthermore, the ever-expanding variety of instruments in a corporation’s safety stack continues to exacerbate the issue. In keeping with Palo Alto Networks Inc., the reply is a whole makeover of the cybersecurity stack the place consolidating a number of instruments right into a single platform and gaining complete entry to the precise knowledge, simplifies safety operations and allows AI to function in actual time.

On this Breaking Evaluation, we collaborate with Zeus Kerravala and share insights from this previous week’s Palo Alto Networks Ignite convention in New York Metropolis. We’ll share what we heard from key executives, together with an intimate analyst roundtable with Chief Govt Nikesh Arora. And we’ll check the premise put forth by Palo that platformization is the reply to your safety challenges.

Tech spending expectations have softened

Our analysis signifies that the data know-how spending panorama stays in flux, pushed by shifting financial situations, coverage uncertainty, and ongoing fallout from authorities tariffs. Latest knowledge from Enterprise Expertise Analysis underscores these dynamics. Within the wake of COVID, annual IT spending expectations exceeded 7%.

Nevertheless, as rates of interest tightened, these forecasts plummeted under 3% earlier than rebounding to three.4% towards the top of 2023. Expectations for 2024 have fluctuated significantly — initially settling at 3.9% after which rising to five.3% in January, solely to average once more in April, primarily based on preliminary ETR knowledge, to roughly the mid-3% vary, pending remaining survey outcomes (see under).

We consider the volatility in international commerce insurance policies and provide chains continues to dampen buying confidence. Increased tariffs imply organizations should move added prices down the worth chain, creating an inflationary cycle that complicates know-how procurement. Sure trade executives have highlighted makes an attempt to mitigate these pressures by diversifying provide sources — but these diversification methods typically require additional diversification of their very own, underscoring the complexity of sustaining steady enter prices.

The query arises: Is cybersecurity funding insulated from this macro volatility? Traditionally, cybersecurity has confirmed extra resilient than different IT segments due to its important function in safeguarding crucial knowledge. With developments equivalent to cloud enlargement, hybrid work and the fast rise of AI, firms are proliferating delicate knowledge throughout a broader floor space, creating new vulnerabilities that require ongoing safety. Whereas we consider that continued innovation and necessity could spare cyber from the worst results of tightening budgets, it’s not solely immune. Even safety spending can come below scrutiny when macro pressures and policy-induced uncertainties persist.

In our view, the following few quarters will show pivotal. As organizations navigate tariff complexities, provide chain realignments, and shifting financial indicators, we anticipate cybersecurity to stay a precedence — however watch fastidiously for extra selective spending patterns that favor instruments delivering clear, quantifiable threat discount. Finally, whereas the broader market adjusts to evolving financial and coverage realities, our knowledge means that safety’s strategic significance retains it close to the highest of IT leaders’ agendas — even when general price range development undergoes additional revisions.

Cyber shares outperform tech general however headwinds stay

A assessment of current cyber inventory efficiency gives a helpful lens into market sentiment round safety investments. Over the previous six months, main cybersecurity names have usually outperformed broader market indices, even within the face of tariff tensions and different macro uncertainties. A basket of cybersecurity equities, represented by the BUG ETF, has overwhelmed the Nasdaq Composite on this timeframe. Inside this group, nonetheless, Palo Alto Networks has underperformed high friends because of issues over aggressive pressures, annual recurring income momentum and investor confidence in Palo’s “platformization” technique.

Some organizations are betting on large-scale, built-in safety platforms to streamline the administration of quite a few cybersecurity instruments, which regularly whole dozens or extra inside a single enterprise. We consider platformization holds promise for decreasing complexity and bettering operational effectivity — significantly for firms looking for to unify menace knowledge throughout endpoints, networks and cloud workloads. On the identical time, this path will not be with out challenges. The migration from a sprawling multivendor atmosphere to a cohesive platform can lengthen gross sales cycles and lift questions on methods to retire incumbent level merchandise.

Furthermore, there’s an inherent stress in claiming to be each “best-of-breed in all places” and a single-platform supplier. Our knowledge means that nobody vendor can excel in each sub-discipline of safety — particularly when new domains equivalent to zero belief community entry or ZTNA, safe entry service edge SASE, or utility programming interface safety emerge quickly. In our opinion, enterprises usually tend to undertake a hybrid strategy, embracing platform consolidation the place it is smart whereas augmenting with specialised options that deal with evolving threats and plug holes higher then broad platforms.

However, many executives inside high safety corporations, emphasised by Palo Alto Networks at Ignite NYC, are declaring a brand new period during which cybersecurity turns into an “AI play” moderately than a group of siloed instruments. As safety threats evolve, the considering goes, these distributors with strong AI-driven capabilities to correlate large knowledge units will achieve a decisive benefit. We consider this shift is underway however could take years to mature absolutely.

Within the close to time period, we see cybersecurity investments persevering with at a gradual tempo, with main suppliers that may reveal clear AI-driven outcomes standing out. Although best-of-breed innovation exhibits no signal of disappearing solely, platform leaders that ship significant integration and automation are well-positioned to seize share and drive recurring income.

As at all times, macro elements equivalent to tariffs, international coverage shifts and general IT spending sentiment will affect the sector’s trajectory. Nevertheless, primarily based on our analysis, cybersecurity stays among the many extra resilient areas of enterprise tech funding, buoyed by an ongoing wave of rising threats and a rising urge for food for AI-fueled defenses.

A crowded cyber enviornment: blessing or curse?

Regardless of vocal vendor advertising round consolidation, the cybersecurity panorama stays exceedingly crowded, with new entrants often rising to deal with specialised threats. For example this level, we regularly cite the chart proven under from ETR’s quarterly Expertise Spending Intentions Survey (TSIS) survey, which comprises preliminary knowledge from greater than 1,600 respondents. It highlights how organizations are allocating safety budgets throughout varied distributors and underscores simply what number of choices exist for enterprises at present.

Understanding the chart

• Vertical axis (Internet Rating): This metric represents spending momentum. It’s the web share of shoppers rising their spend on a given platform when netting out these decreasing it. Notice that that is an account-based measure, not a income determine.
• Horizontal axis (Overlap): Displays the diploma of vendor penetration among the many surveyed accounts throughout the sector, serving to to point out how broadly every platform is adopted throughout the respondent base.
• Filtering: Solely distributors with at the least 100 respondents (N ≥ 100) seem, so the information deliberately focuses on bigger or extra broadly adopted gamers and below represents how crowded the market actually is.
• Preliminary knowledge: Ultimate numbers could shift as ETR completes its survey and reaches roughly 1,800 whole responses. Nevertheless, the early directional indicators are price noting.

Key observations

1. Microsoft’s dominance: Microsoft Corp. sits on the far upper-right nook, displaying a virtually ubiquitous respondent base — eclipsing different distributors by way of account penetration. Microsoft’s footprint isn’t any shock, however seeing the numbers laid out underscores simply how pervasively Microsoft options stay embedded in enterprise safety portfolios.
2. General crowd of rivals: A single look on the slide reveals how saturated this market is, with quite a few gamers clustered across the web rating and overlap axes. In our view, the extraordinary competitors displays rising safety necessities and the demand for specialised capabilities.
3. Standouts above 40%: A web rating of 40% or increased is taken into account “extremely elevated.” Solely a handful of distributors obtain this benchmark, together with Microsoft, Wiz Inc. and some others close to the road equivalent to Zscaler Inc. and Netskope Inc. Some distributors hovering within the mid-30s additionally present sturdy momentum and are notable.
4. Altering fortunes for CrowdStrike: Traditionally, CrowdStrike Holdings Inc. constantly exceeded the 40% web rating mark. Following the incident in mid-July of final 12 months, nonetheless, it dipped under 20% however has rebounded as the corporate has labored with consumers to make them complete. The information implies that many shoppers paused or delayed extra CrowdStrike investments, conserving spending on their CrowdStrike platforms flat till they might negotiate their greatest phrases. Nonetheless, the corporate seems to be recovering within the eyes of the market, and we consider its renewed development may speed up if it maintains sturdy execution.
5. Google and Palo Alto tight within the pack: Google LLC and Palo Alto seem shut collectively within the chart, indicating comparable ranges of account penetration and spending momentum. Google was added to this sector after its acquisition of Mandiant. Its Wiz acquisition will additional bolster its place in our view. Although Palo Alto stays sturdy, its web rating place locations it a notch under sure leaders. We consider additional execution on platform methods — and deeper leverage of AI — may assist it regain a extra pronounced lead.
6. Cisco’s giant footprint: Cisco Methods Inc., like Microsoft, instructions a major put in base, reflecting its broad enterprise presence. Our knowledge means that this place could also be translating into continued safety spend, though the extent of overlap with different platforms can also be notable, as many enterprises mix Cisco safety with level options from rising suppliers.

The influence of AI in cybersecurity

What we present under is identical XY graphic however we filtered the information on these accounts closely investing in AI. If the premise is AI firms are those that can reach cyber, we needed to see how “turning on” ML/AI within the ETR knowledge impacted spending profiles.

AI’s rising affect on cyber: The Google-Palo Alto dynamic

If synthetic intelligence is changing into a central focus within the cybersecurity sector, how will it reshape aggressive alignments and gasoline M&A exercise. A contemporary view of ETR’s preliminary knowledge from over 900 survey respondents particularly filtered for organizations making sizable investments in machine studying reveals notable shifts as proven under. When isolating on “AI-centric” accounts, each Google and Palo Alto present improved positions relative to the broader enterprise pattern, with Palo Alto’s web rating rising into the mid-30% vary — a rise from its sub-30% placement within the unfiltered knowledge. As properly, Google’s penetration will increase relative to Palo’s when put next with the earlier chart.

Key observations

1. Elevated positions in AI-heavy accounts
   • Palo Alto’s upward transfer: An emphasis on AI-driven product improvement and cloud safety investments seems to strengthen Palo Alto’s standing with enterprises prioritizing machine studying initiatives.
   • Google’s enlargement: Google separates even additional to the precise on the chart, indicating increased penetration amongst these AI-forward respondents. Google’s rising safety foothold is instantly because of its Mandiant acquisition and ongoing investments in analytics and menace intelligence. Although many criticize the acquisition as a questionable cultural match, we consider it’s a viable technique for Google Cloud to give attention to cyber as a differentiator.
2. Context round Wiz and Prisma Cloud
   Palo Alto’s cloud safety technique confronted severe turbulence when Wiz, a fast-paced, born-in-the-cloud competitor siphoned share from its portfolio, prompting inner restructuring, layoffs and technical rewrites. In our opinion, continued innovation round machine studying may reinforce Palo Alto’s place, significantly because the cloud safety market shifts towards extra built-in, AI-driven approaches. However Wiz with its reputation and Google’s AI experience make a formidable mixture.
3. Google’s safety ambitions
   We consider search-related income pressures and intensifying competitors in cloud infrastructure have prompted Google to hunt development in high-impact enterprise markets. With safety rating as a high board-level precedence, Google’s assets and expertise in AI give it a extra compelling path to construct or purchase next-generation capabilities. Google’s perceived overpayment for a high-potential asset equivalent to Wiz might be offset if these acquisitions speed up the corporate’s push into a large and strategic market.
4. Emergence of AI-native safety
   Because the dialog round best-of-breed versus platform continues, the overall perception is that next-gen safety will hinge much less on product classes like firewalls and extra on AI engines that correlate myriad knowledge streams in actual time. We consider bigger built-in gamers — Microsoft, Cisco, Google — are greatest outfitted to take a position closely in these capabilities. In the meantime, the biggest pure-play safety suppliers equivalent to Palo, CrowdStrike and Zscaler can retain their edge if they’ll demonstrably combine superior AI into their platforms with out sacrificing the specialised capabilities that drew prospects within the first place.
5. Implications for the aggressive panorama
   Traditionally, Google has struggled to change into a dominant enterprise participant. However, if cybersecurity certainly turns into “an AI play,” giant tech suppliers with refined knowledge science and engineering capabilities stand to seize outsized alternative. In our opinion, this intensifies the stress on established safety specialists to double down on AI R&D and probably search strategic partnerships or acquisitions of their very own.

We consider the cybersecurity sector is on the cusp of an AI-driven evolution, the place success hinges on constructing strong knowledge pipelines, delivering seamless product integrations, and correlating threats at machine pace. Although these developments open the door for established cloud giants to disrupt the established order, the ultimate winners might be those that can quickly reveal tangible, AI-based menace detection and response outcomes at scale. Finally, {the marketplace} — already crowded — is poised to get much more aggressive as distributors race to embed superior AI options and differentiate on their skill to handle threat in an more and more complicated digital panorama.

We consider the market will stay fluid as organizations weigh one-stop-shop platform methods in opposition to adopting specialised level instruments for focused wants. In our opinion, distributors that reveal constant, excessive web scores might be these that may not solely present best-of-breed improvements but additionally combine seamlessly with current ecosystems. Ongoing developments in AI and automation are poised to form these dynamics additional.

Our analysis means that the cybersecurity sector continues to be experiencing strong funding ranges. Nevertheless, steady market shifts — equivalent to macroeconomic adjustments, tariff uncertainties, and evolving menace vectors — may alter spending patterns. Regardless of these challenges, the information signifies that safety budgets stay among the many most steady in enterprise IT, as organizations race to maintain tempo with an increasing menace panorama and an accelerating wave of digital transformation.

The place Palo Alto sees competitors and why platformization issues

Beneath is a listing of key matters that got here out of Ignite and the an intimate spherical desk with Arora that we’ll assessment on this subsequent part.

Our analysis signifies that Palo Alto continues to face formidable competitors from varied quarters within the cybersecurity market. Distributors spanning legacy community stalwarts, emergent AI-driven safety corporations, and best-of-breed specialists every pose totally different challenges. We consider this aggressive backdrop units the stage for a much bigger debate: can a single, built-in platform really substitute a number of, standalone safety instruments?

1. A number of rivals from all sides

Taking Microsoft out of the ETR knowledge and isolating on a couple of key Palo rivals exhibits a considerably clearer image as proven under.

• Google and cloud safety: Google, bolstered by strategic acquisitions and AI experience, is making safety a high enterprise precedence. In our opinion, if safety turns into an “AI play,” Google’s knowledge science capabilities and deep engineering bench may permit it to carve out significant share — significantly in cloud safety providers.
• CrowdStrike’s specialised edge: CrowdStrike is commonly cited for having a best-of-breed product focus in endpoint safety and prolonged detection and response or XDR. Some practitioners reward its extremely efficient menace detection capabilities, although the corporate is more and more pitching its personal platform story.
• Cisco’s renewed push: Traditionally sturdy in networking, Cisco is re-emphasizing safety as a core pillar. Our knowledge means that Cisco’s giant put in base may easy the trail for extra built-in safety choices, although it stays to be seen how successfully the corporate will unify its varied instruments below a cohesive structure.
• Different safety specialists: Companies equivalent to Zscaler (SASE), Wiz (cloud posture administration) and a number of rising gamers in browser-based safety proceed to broaden quickly. Every occupies a particular area of interest, making the aggressive panorama particularly crowded.

2. Platformization versus best-of-breed

Palo Alto’s technique hinges on the premise {that a} unified safety platform — masking the whole lot from community firewalls to superior cloud safety instruments — will in the end outcompete a patchwork of level options. The argument is that integrating menace intelligence, AI and knowledge ingestion right into a single resolution can scale back prices, curb complexity and yield higher safety outcomes.

Nevertheless, as proven under, survey knowledge from ETR exhibits a majority of organizations plan so as to add, not scale back, the variety of safety distributors of their atmosphere. In our opinion, this displays the unrelenting emergence of recent threats and new instruments, making many consumers hesitant to place all their eggs in a single platform basket. That mentioned, the upside for a totally realized platform strategy might be huge if adoption accelerates, as even a small share shift can translate to billions in incremental spending. Notice: ETR might be updating this survey previous to this 12 months’s RSA Convention.

3. Information ingestion economics and the AI crucial

Certainly one of Palo Alto’s central claims is that consolidating safety knowledge onto a single platform avoids redundant ingestion prices. The group emphasizes that ingesting knowledge a number of occasions — throughout quite a few standalone instruments — turns into prohibitively costly. As a substitute, Palo Alto proposes ingesting knowledge as soon as, making use of AI-based analytics, after which making these insights out there throughout all safety domains. Whereas that is as sturdy argument, as proven within the earlier slide, the market dynamics create friction to the technique.

Nonetheless, we see AI because the defining catalyst of future cyber competitors and Palo is an engineering-focused firm with a dedication to R&D and M&A. Attackers are making use of superior machine studying to breach techniques and defenders should do likewise to maintain tempo. Massive, diversified suppliers stand out right here, as they’ll feed huge knowledge units into AI engines to detect superior threats extra rapidly. Nonetheless, the query stays whether or not a single vendor can grasp each facet of safety — endpoint, id, cloud posture and past — on the highest stage of precision.

4. Browser safety and posture administration

Dialog round safe browsers signifies this can be one other wave of innovation to observe. Our analysis means that earlier browser-isolation approaches created poor person experiences. New entrants, nonetheless, like Island, are leveraging AI to detect phishing and different threats in actual time with out disrupting workflow. In the meantime, posture administration has rapidly morphed into a number of classes — cloud posture, id posture, knowledge posture. Many analysts predict that these sub-markets will ultimately consolidate, however how rapidly stays unclear. Practitioners nonetheless see distinct posture instruments as vital for brand spanking new and evolving menace vectors.

5. Quantum threats and long-term disruption

Although quantum computing may someday break at present’s encryption requirements, executives equivalent to Arora level out that present cyber defenses are already challenged by non-quantum threats. In our opinion, quantum is a long-term concern; many safety leaders are as an alternative specializing in near-term points like provide chain dangers, AI-driven hacking and compliance with shifting regulatory landscapes.

The implication is that at present anyway, adversaries don’t want quantum to wreak havoc; they’ll just do wonderful with current instruments.

6. Execution challenges and development targets

Palo Alto is broadly credited for increasing its share in a large safety market. Underneath Arora’s management, the corporate has expanded its share of a $100 billion market from round 1% and is headed towards 10% share. It hopes to proceed rising its proportion of the general pie, citing aspirations for a deep double-digit share share (Arora usually cites 40%) that may make it a “de facto customary.”

Our view is that reaching even 15% would validate Palo’s consolidation technique. Nevertheless this leap would require continued sturdy execution — significantly round AI improvements, seamless integrations amongst its product strains, and an environment friendly go-to-market technique.

Rivals equivalent to CrowdStrike and Zscaler will rely extra on ecosystem approaches and partnerships to have an effect on their very own variations of consolidation/platformization.

Ultimate ideas

We consider Palo Alto’s give attention to platformization and AI-driven integration is daring and well-suited to the corporate’s scale. The strategy guarantees simplicity, knowledge effectivity and decreased latency in menace detection, probably producing materials returns for each prospects and buyers. On the identical time, the momentum behind best-of-breed options stays sturdy. Massive enterprises usually gravitate to specialised instruments — particularly when these instruments reveal superior efficiency in focused domains.

The subsequent few years will check whether or not platformization can attain crucial mass. These suppliers that efficiently unify various safety features, harness superior AI, and execute properly might be poised to grab market share. But high-velocity innovation, steady vendor arrivals and the entrenched habits of safety practitioners imply the market’s evolution stays unpredictable. In our view, it’s this stress between innovation and inertia, between platform advocates and best-of-breed believers, that defines the cybersecurity story at present.

The fact is that each eventualities could be true. Palo, for instance, may double its market share throughout the subsequent 4 to 5 years, which in our view would validate its platform technique. On the identical time, it’s doubtless that extra level options will come to market and do a greater job filling sure gaps than will a single platform.

What do you assume? Can you consolidate your safety stack and scale back the variety of distributors you’re managing? How do you see AI becoming into the way forward for cyber? Is it a “do-over” as we and others have posited? Or will or not it’s an iterative evolution? And in your view, is safety solvable?

As at all times, we recognize the suggestions. Tell us what you assume and thanks for studying.

Picture: cliff1126/Pixabay

Disclaimer: All statements made relating to firms or securities are strictly beliefs, factors of view and opinions held by SiliconANGLE Media, Enterprise Expertise Analysis, different friends on theCUBE and visitor writers. Such statements will not be suggestions by these people to purchase, promote or maintain any safety. The content material introduced doesn’t represent funding recommendation and shouldn’t be used as the premise for any funding choice. You and solely you’re chargeable for your funding selections.

Disclosure: Most of the firms cited in Breaking Evaluation are sponsors of theCUBE and/or purchasers of Wikibon. None of those corporations or different firms have any editorial management over or superior viewing of what’s printed in Breaking Evaluation.