Frankly Speaking - How Palo Alto Networks fails
You can't always buy your way out of problems
Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer or any other entities with which I am affiliated.
A couple of weeks, I did a podcast about organizational security challenges and how AI/ML affects security. If you haven’t checked it out, please do!
LET’S BE FRANK
I’m continuing my trend of talking about public security companies and their potential downfalls. I’ve talked about how Crowdstrike, Okta, and Zscaler might fail. This week, I will discuss Palo Alto Networks, which is the oldest in the group. To be clear, I believe this is an amazing company that has managed to transform itself through acquisitions to stay relevant.
For context and disclaimer, I do not use Palo Alto Networks products, but I do use their services through Unit 42. I don’t manage that relationship, and I do not have a financial position and do not plan to start any in the next 72 hours.
The creation of a more intelligent product
The first Palo Alto Networks product was an enterprise firewall. Unlike a traditional firewall and intrusion detection system, it was capable of operating on the whole network stack rather than block based on simple rules like ports and IPs. The product solved the problem of protecting modern applications whereas other products on the market ran the risk of disruptive network operations.
This was a revolutionary product at the time because it represented the next-generation firewall that was able to provide full visibility into the network layer as well as intelligently protect modern applications. This is a huge market they were able to disrupt because every company needed to have a firewall for compliance and just good security posture.
Stagnation and a rebirth
After the company went public in 2012, it enjoyed a few years of good growth. However, like all great security companies and companies in general, they couldn’t be a one-trick pony. They expanded into other areas like endpoint protection and malware prevention. However, they couldn’t compete with the other endpoint detection and response companies at the time like Crowdstrike and Cylance. They also went into logging. Unfortunately, none of these expansions could fuel strong additional growth.
The good thing is that they had a strong, core business that was highly profitable. Their firewalls were high-margin, physical boxes that they could sell easily in their GTM. However, it was not a subscription business that Wall Street and investors were starting to favor that allowed for more “predictable” revenues. Also, given many companies’ moves to the cloud, the demand for these firewalls was being capped, if not shrinking as there was a much lower need for these physical boxes. This ceiling showed in their financials with their firewall business slowing (and it actually continues to shrink today).
The reality became clear to them: the leadership team at the time had no idea how to keep Palo Alto Networks relevant in the cloud world. The company was unable to innovate and develop new products that could grow its business.
This changed in 2018 when Palo Alto Networks brought in several high-profile tech executives from more modern tech companies like Google and Uber. Specifically, Nikesh Arora became CEO. He had experience at both Google Cloud and Softbank. He realized that Palo Alto Networks had missed the cloud trend, and it didn’t have the capabilities or time to create new innovative products organically. So, he did what he knew best from his Softbank days: he went on a shopping spree.
Buying cloud security companies
Within a couple of months of Nikesh joining, he made several high-profile acquisitions in the cloud security space. He started with Evident.io, then bought Redlock, Demisto, and Twistlock. He also made several more after this, but essentially these acquisitions make up the Prisma cloud security platform at Palo Alto Networks. These acquisitions are the reason that Palo Alto Networks can continue to grow aggressively. At the time, these acquisitions were controversial because he did many of them close to each other, and they were expensive. It felt highly risky.
Although they were a large bet, I believe they worked out for a couple of reasons. First, they only bought the best startup in a category. Second, Palo Alto Networks was cash-rich but innovation-poor. They didn’t have a choice. They were trading their cash for fast innovation, and it would have been more expensive for them to fight with organic innovation because they had completely missed major categories. Finally, they had strong relationships with their existing customers and knew what they wanted, but they didn’t have the products to sell them. Once they found the right startup, it was easy to sell them the product.
Although their legacy business is slowly shrinking, their cloud business is alive and doing well.
The impending downfall
Every great company goes through ups and downs. I believe Palo Alto Networks will stay relevant for a long time, but it’s interesting to speculate how they will fail. They almost lost relevance in the cloud, but thankfully, the influx of a new set of executives was able to solve this problem.
Not all problems can be solved with money, and in fact, having money makes it more likely that a company tries to solve a problem that way than addressing root causes. So, what does this have to do with Palo Alto Networks?
Well… in my opinion, they got lucky with the cloud trend. They heard it from their customers and yet did not take action. As a result, they had to spend money to essentially build a new division of the company. However, others now know their playbook. This means future acquisitions will become more expensive and competitors might make “defensive” acquisitions to keep critical assets out of their hands. It’s also important to note that these acquisitions happened in a low-interest-rate environment where capital was cheap. However, this is definitely not the case, so we see their M&A activity slowing down.
More importantly, they haven’t fixed their fundamental problem, which is the ability to innovate organically. Moreover, they were somewhat lucky that capital solved their previous missed trend because the GTM motion for this new business unit was the same. We saw some holes in their evident.io acquisition that didn’t quite work out for them because it was more of a middle-market play vs. a traditional enterprise play that was more familiar. Luckily, they were able to acquire Redlock to rectify that problem.
They need to continue to build a robust, resilient product to combat the upcoming, next-generation trends in cloud security. Wiz is already starting to chip away through an expensive GTM battle. Similarly, the evolving cloud trend is dangerous for the Palo Alto Networks business as they involve different GTM motions. More specifically, there is a growing trend toward the “security engineer” as I have discussed in previous blog posts. Similarly, there is a larger trend toward a more modern data stack. These emerging trends are very different than Palo Alto Network’s current GTM motion, which is primarily focused on selling to traditional security organizations with a CISO and security analysts.
Honestly, it doesn’t make sense for Palo Alto Networks to pre-emptively address these trends because it would be so fundamentally different from what they do now that it might affect their business in the short term. The reason is that new products with different GTM motions are hard to integrate into a company’s business. They are expensive and risky.
However, Palo Alto Networks isn’t set up for address more developer-focused security trends, so they continue to fight in the broader information security market for shrinking CISO budgets. It becomes more and more expensive to grow market share there as competition mounts, so their growth stagnates as they re-focus on financial engineering to keep Wall Street happy. They continue to profit and start giving dividends. They also occasionally try to do an acquisiton, but it fails and lose the market cap they gain. Like Dell, they try to spin off acquisitions and legacy businesses to become more efficiency. They do all this while hoping that one of the large private equity firms that have taken the likes of Proofpoint, Symanetc, etc. private will come and end their misery. Maybe one of the cloud providers takes an interest and continues to operate them as an independent business that generates cash to fund their other businesses.
Of course, I believe Palo Alto Networks has gone through an extraordinary transformation to stay relevant in a changing market where they had a legacy product. However, they benefitted because they were able to acquire companies that had similar GTM motions. I don’t believe this will continue to be the case. They might figure out through different strategies, but they also might not, leading them to stagnate. Only time will tell!