PCCSE guide - Prisma Certified Cloud Security Engineer Updated: 2023

2022 Gartner Market Guide for Operational Technology Security

Gartner Insights into Operational Technology Security

Palo Alto Networks is recognized as a Representative Vendor in the August 2022 "Gartner® Market Guide for Operational Technology Security" report. This is a powerful step forward in building a Zero Trust OT security solution.

Read this guide to understand how the status of an emerging OT security market aligns with your future plans. In addition, since Gartner has published over 100 Market Guide Research notes, IT and strategic leaders can gain a broad view of many industrial OT markets, including mature and smaller, in an easy-to-read format.

According to Gartner, Security and Risk Management (SRM) leaders, responsible for the technology, information and risk to OT systems, should anchor security efforts to operational resilience in the face of mounting risks by adopting an integrated security strategy beyond legacy OT. Include all CPS (e.g., OT, internet of things [IoT], industrial internet of things [IIoT] and medical internet of things [MIoT]) and IT in a joint governance model.

Gartner, Market Guide for Operational Technology Security, Katell Thielemann, Wam Voster, Barika Pace, Ruggero Contu, 4 August 2022 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Download now!

Brief Review Of Palo Alto Networks' Q1 FY-2024 Earnings Report

Heading into its Q1 FY-2024 report, Palo Alto Networks (NASDAQ:PANW) was projected to deliver revenues and normalized EPS of $1.84B and $1.16, respectively.

While Palo Alto Networks beat consensus street estimates on both top and bottom lines [revenue: $1.88B (up +20% y/y), normalized EPS: $1.38], the stock is down nearly -6% to $240 per share at the of writing.

Despite facing challenging macroeconomic conditions, Palo Alto Networks' business remained incredibly resilient in Q1, with total revenues growing +20% y/y to $1.88B powered by Next-Gen Security ARR rising +53% year-over-year to $3.2B.

During the quarter, Palo Alto Networks' business mix continued shifting towards higher margin, recurring software revenues, which now make up 83% of total sales. And, as a result of this shift, PANW's margin profile, free cash flow generation, and EPS improved further in Q1.

According to Nikesh Arora [PANW's CEO], the demand for cybersecurity solutions is stronger than ever and Palo Alto Networks' platform approach is winning big time:

An unprecedented level of attacks is fueling strong demand in the cybersecurity market. We continue to execute on platformization as customers recognize the benefits we can provide in simplifying security architectures and driving better security outcomes.

In light of reporting a strong quarter, Palo Alto Networks' management reiterated full-year [FY2024] revenue guidance of $8.15-8.20B and raised profitability [Operating margin & EPS] guidance. However, Mr. Market seems to be upset about a somewhat weaker-than-expected billings number for Q1 [$2.02B vs guided range of $2.05-2.08B] and FY-2024 [new guide: $10.7-10.8B vs. previous guide: $10.9-11.0B].

While the billings number is an important measure of future revenue growth, I believe RPO [remaining performance obligations] is a far better metric to gauge future sales, and PANW absolutely delivered on this figure, with RPO growing to $10.8B (up 26% y/y) in Q1. Furthermore, I think the volatility we are seeing in Palo Alto Networks' billing is down to temporary rate-induced weakness as explained very well by PANW's management on the earnings call:

In Q1, the cost of money remained a constant discussion and customers' significant focus on this subject is becoming the new normal. The way it manifests itself in our business is that there's always a payment in duration discussions in final negotiations. Given our strong balance sheet, we can use a mix of strategies to navigate the environment. This includes annual billing plans, financing through PANFS, and partner financing. Whilst this does not impact our business demand or the impact to annual revenue or annual metrics, it does create variability on total billings more than before depending on financing used or the duration of contracts.

I'm not concerned about the demand for cyber security, for this quarter and upcoming quarters, though my concern about our ability to execute, the billings variability is a pure consequence of the payment conversation that we're having with our customers and this is validated by the fact that we continue to see strong RPO and low churn suggesting this is a cosmetic impact to our business.

As I began my remarks, Q1 was the first quarter of us delivering on the three-year plan we presented in August. We're driving profitable growth, investing in innovation, next-generation security, and the industry's largest dedicated security go-to-market organization, at the same time, leveraging the scale of Palo Alto Networks. Demand for cyber security is strong given the backdrop of attacks, the ever increasing focus and scrutiny around cyber risk, execution continues to be paramount given the macro conditions and we will continue to adapt and respond to changes in the environment.

We will manage for long-term growth, operating margin, and free cash flow, and ensure we continue to transform the business and build revenue predictably. You will also see this through RPO and most importantly our current RPO. Our long-term forecast thesis remains intact whilst we expect short-term variability in billings, we don't expect this to have a meaningful impact on our ability to deliver our three-year targets.

- Nikesh Arora, CEO

As I see it, Mr. Market is overreacting to this updated billings guide from Palo Alto Networks. The company is clearly firing on all cylinders as evidenced by better-than-expected revenue & EPS performance, and robust growth in RPO.

As of the end of Q1, Palo Alto Networks' cash and short-term investments stood at $3.9B, which is ample cover for its upcoming convertible debt payment of $1.95B. Furthermore, PANW has generated adj. free cash flows of $2.96B over the last twelve months and looks set to generate $3-3.1B in adj. FCF during FY-2024 based on management's adj. FCF guide of 37-38%.

In my view, Palo Alto Networks is a fantastic cash cow. While management still plans to spend $1B per year on M&A (as shared on the earnings call), we can continue to expect opportunistic share buybacks from the company. Instead of taking a half-glass-empty view based on a weaker-than-expected billings guide for FY-2024, I prefer looking at strong-than-expected revenue, EPS, and RPO growth at Palo Alto Networks. Yes, the Q1 report wasn't perfect, but it surely doesn't deserve such a negative reaction. Let us now evaluate Palo Alto Networks' long-term risk/reward using TQI's Valuation Model.

PANW's Fair Value And Expected Returns

Assuming an exit multiple of 25x P/FCF, Palo Alto Networks stock could rise from $240 to $532 at a CAGR rate of 17.25% by 2028-29. With PANW's expected CAGR returns exceeding my investment hurdle rate of 15% (and comfortably beating long-term S&P 500 (SPY) returns of 8-10% per year), I like the risk/reward on Palo Alto Networks' stock at current levels.

Concluding Thoughts: Is Palo Alto Networks A Buy, Sell, Or Hold After Q1'FY-24 Report?

In accurate months, Palo Alto Networks' stock has shown strong technical momentum; however, PANW stock is down ~6% in the after-hours session as of writing. If this sell-off sticks, PANW will lose the 50-DMA support level, and there's a good chance that the technical gap in the low $200s gets filled in the near-to-medium term.

Furthermore, weekly RSI and MACD indicators are showing negative divergence, which means a much deeper pullback is possible. In the event of a hard landing in the economy, I can see a broad market decline. And in such a scenario, we could get a far better buying opportunity for Palo Alto Networks in the next year or so.

That said, Palo Alto Networks is a high-quality cybersecurity company that's growing at a healthy clip whilst generating tons of cash. Frankly, I would rather buy a great company at a reasonable price than a reasonable company at a great price. And Palo Alto Networks fits very well in the former category.

Overall, I am satisfied with Palo Alto Networks' Q1 FY-24 performance despite the (interest) rate-induced billing weakness. On the back of this post-ER dip, the long-term risk/reward for PANW stock is quite attractive. Hence, I am going to start a new long position in PANW, with the idea of building up the position slowly via staggered accumulation over a 6-12 month period.

Key Takeaway: I rate Palo Alto Networks a "Buy" in the $240s, with a preference for slow, staggered accumulation.

Thanks for reading, and happy investing. Please share your thoughts, concerns, and/or questions in the comments section below.

November 13, 2023, 08:00 AM EST

With the second generation of the AI-driven security operations platform, Palo Alto Networks has improved visibility and added support for custom machine learning models, an executive tells CRN.

Just over a year after its release, Palo Alto Networks’ AI-driven security operations offering, XSIAM, is on track to be its fastest-growing product to date. Now, the cybersecurity giant is looking to keep up the momentum with the unveiling of the second generation of XSIAM (extended security intelligence and automation management).

With XSIAM 2.0, Palo Alto Networks is not delivering a major overhaul because it doesn’t need to, given the success of the product since its debut in October 2022, according to Gonen Fink, senior vice president of Cortex products. But the company does have a number of major improvements that partners and customers should benefit from, including around the user experience and support for custom machine learning (ML) models.

“We did not rewrite the product,” Fink said in an interview with CRN. “It was working very well, but we put in additional visibility to [show] what it’s doing for you.”

[Related: Cisco-Splunk Will Face Huge Challenge Vs. Palo Alto Networks: Analysis]

The updates come as Palo Alto Networks reports strong traction around displacing existing providers of SIEM (security information and event management) technologies, and with Cisco planning to acquire SIEM stalwart Splunk for $28 billion.

Since the launch of XSIAM, the “autonomous SOC” (Security Operations Center) platform had more than doubled Palo Alto Networks’ goal for its first year — surpassing $200 million in bookings — in just three quarters, the company said in August.

“We really feel we hit a very, very important problem with a very strong technology that combines AI and automation to really shift the way security operations are done,” Fink said.

XSIAM leverages Palo Alto Networks’ deep expertise in AI and machine learning for security — as well as its massive trove of cybersecurity data — which put together are unmatched by other vendors, said Shailesh Rao, president of Palo Alto Networks’ Cortex business, in a recent interview. The results are dramatically improved outcomes for cybersecurity and a compelling replacement for SIEM, he said.

“We have seen customers transition from their existing SIEM over to XSIAM,” Rao said. “We’re starting to see that already.”

And while the initial target customers for XSIAM are large organizations with mature SOC and data science teams, the product does have the potential to meet the needs of a wider range of customers over time, according to Fink. This includes midmarket companies, where service providers might utilize XSIAM to develop customized solutions for the customers, he said.

What follows are the key updates to know about with Palo Alto Networks’ launch of XSIAM 2.0.

XSIAM Command Center

From the start with XSIAM, one of the things customers have appreciated is how the product improves their understanding of what’s actually going on in the SOC environment, Fink said.

“Traditional tools in the SOC were very complicated — you had multiple monitors and screens,” he said. “And the reality is that none of them actually provide you a comprehensive view of what the system is doing.”

With the debut of XSIAM 2.0, Palo Alto Networks is introducing further improvements to this visibility for partners and customers through the launch of the new XSIAM Command Center.

The Command Center provides a single view of all activities within an organization’s SOC — from the data ingestion and analytics to rule creation and alert detection, according to Fink.

XSIAM Command Center also shows how detections are being grouped into incidents, as well as the automated response and remediation that is taking place to address those incidents, he said.

“This is becoming the one screen that you’re using to understand what’s going on in your environment,” Fink said.

MITRE ATT&CK Coverage Dashboard

Another enhancement to visibility that’s arriving as part of XSIAM 2.0 is the new MITRE ATT&CK Coverage Dashboard, Palo Alto Networks said.

MITRE ATT&CK has become the standard framework used to describe the stages of typical cyberattacks, as well as many of the common tactics and techniques utilized by threat actors. The framework is used widely within the cybersecurity industry, since it allows vendors to show how their products can be used to address specific stages or techniques of an attack.

“Today, customers are measuring their protection against that,” Fink said. “You need to actually know how well you’re protected, based on the different data sources that you’re ingesting.”

From its inception, XSIAM has already come with numerous out-of-the-box detections, so that customers don’t have to write their own rules, he noted. From there, the offering uses machine learning to adapt to the evolving techniques of adversaries, Fink said.

With the new MITRE ATT&CK Coverage Dashboard in XSIAM 2.0, Palo Alto Networks is providing visibility around how well a customer is covered against each of the different elements of the framework, he said.

“That’s very powerful,” Fink said. In addition to showing how real-world protections are aligning to the ATT&CK framework, the new dashboard also helps customers to “for the first time understand what is in XSIAM,” he said.

“The fact that XSIAM comes with built-in detection and machine learning models — thousands of AI-based detections for the various aspects of the MITRE framework — it’s part of what customers buy this for,” Fink said. But now with the new ATT&CK Coverage Dashboard, “customers are actually seeing them,” he said.

Bring Your Own ML

XSIAM 2.0 also introduces the new capability to “Bring Your Own ML” to the platform, Palo Alto Networks announced.

That means that partners and customers are now longer required to replicate their data into another data lake in order to utilize their own custom ML models, the company said.

Bring Your Own ML is primarily aimed at large customers that have unique needs as well as data science capabilities, Fink said. Additionally, third-party service providers can now use XSIAM to deliver specialized tools or services to their clients — particularly in areas that aren’t directly covered by XSIAM, such as fraud detection for instance, he said.

Other Updates

XSIAM 2.0 includes a number of additional improvements, as well, such as a new in-product assistant that provides easier access to product help and documentation.

The new release also delivers enhanced protection and detection through the introduction of several modules — including for early detection of macOS ransomware, Kubernetes and master boot record threats, according to the company.

Other updates include NDR (network detection and response) coverage, “advanced” local analysis for macOS and Linux, a simplified text search system and additional attack surface management policies.

Availability

XSIAM 2.0 is generally available now for partners and customers, according to Palo Alto Networks.

Ultimately, Fink noted that XSIAM’s AI-driven approach is not intended to replace human intervention or expertise, but instead to automatically resolve the vast majority of incidents and enable analysts to focus on the most-critical threats.

“Cyber analysts and cyber experts can actually focus on and quickly respond to those things that require human intervention,” he said. “The results have been simply amazing.”

Stocks: Real-time U.S. stock quotes reflect trades reported through Nasdaq only; comprehensive quotes and volume reflect trading in all markets and are delayed at least 15 minutes. International stock quotes are delayed as per exchange requirements. Fundamental company data and analyst estimates provided by FactSet. Copyright 2019© FactSet Research Systems Inc. All rights reserved. Source: FactSet

Indexes: Index quotes may be real-time or delayed as per exchange requirements; refer to time stamps for information on any delays. Source: FactSet

Markets Diary: Data on U.S. Overview page represent trading in all U.S. markets and updates until 8 p.m. See Closing Diaries table for 4 p.m. closing data. Sources: FactSet, Dow Jones

Stock Movers: Gainers, decliners and most actives market activity tables are a combination of NYSE, Nasdaq, NYSE American and NYSE Arca listings. Sources: FactSet, Dow Jones

ETF Movers: Includes ETFs & ETNs with volume of at least 50,000. Sources: FactSet, Dow Jones

Bonds: Bond quotes are updated in real-time. Sources: FactSet, Tullett Prebon

Currencies: Currency quotes are updated in real-time. Sources: FactSet, Tullett Prebon

Commodities & Futures: Futures prices are delayed at least 10 minutes as per exchange requirements. Change value during the period between open outcry settle and the commencement of the next day's trading is calculated as the difference between the last trade and the prior day's settle. Change value during other periods is calculated as the difference between the last trade and the most accurate settle. Source: FactSet

Data are provided 'as is' for informational purposes only and are not intended for trading purposes. FactSet (a) does not make any express or implied warranties of any kind regarding the data, including, without limitation, any warranty of merchantability or fitness for a particular purpose or use; and (b) shall not be liable for any errors, incompleteness, interruption or delay, action taken in reliance on any data, or for any damages resulting therefrom. Data may be intentionally delayed pursuant to supplier requirements.

Mutual Funds & ETFs: All of the mutual fund and ETF information contained in this display, with the exception of the current price and price history, was supplied by Lipper, A Refinitiv Company, subject to the following: Copyright 2019© Refinitiv. All rights reserved. Any copying, republication or redistribution of Lipper content, including by caching, framing or similar means, is expressly prohibited without the prior written consent of Lipper. Lipper shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Cryptocurrencies: Cryptocurrency quotes are updated in real-time. Sources: CoinDesk (Bitcoin), Kraken (all other cryptocurrencies)

Calendars and Economy: 'Actual' numbers are added to the table after economic reports are released. Source: Kantar Media

Embarcadero Media file photo

Palo Alto police are looking for two men who reportedly tried to rob another man who was walking on a trail at Byxbee Park on Monday evening.

The incident took place between 9 p.m. and 10 p.m. at the Baylands park, near 2375 Embarcadero Road. Police said the man had parked his vehicle on East Bayshore Road on Oct. 30 and walked to the trail, where he encountered two men walking toward him.

According to a news release from the Palo Alto Police Department, one of the men walked behind him and began to pat him down, ostensibly to see if he had a wallet, a phone or any other valuables. The man, who is in his 30s, only had his car keys.

As the two men were searching him, they saw another person with a light walk toward them. They threw the man down on the ground and ran further into Byxbee Park, according to the police. The man ran back to his car, drove home and called the police.

He described the two men who tried to rob him as Black male adults in dark clothing. One was about 5 feet 8 inches tall and was wearing a black sweater or sweatshirt with a skull logo; the other had a beard, according to the news release.

Palo Alto Networks has just confirmed one more major piece of security startup M&A out of Israel: It has acquired Talon Cyber Security, a specialist in building enterprise browsers for securing distributed workforces sources. Source say the deal is valued at $625 million.

This is PA’s second Israeli security acquisition within a week: Last Tuesday, Palo Alto Networks announced that it was scooping up cloud data specialist Dig Security, for a price that sources close to the deal tell TechCrunch was around $400 million. As with Dig, Talon will be integrated with Palo Alto’s Prisma cloud security division.

We first reported that the two deals were in the works in September, after hearing for weeks beforehand that it was about to make some big acquisitions to beef up its security bench.

Talon — co-founded by Ofer Ben-Noon and Ohad Bobrov — had raised around $143 million, with its investors including Team8 (a specialist cyber investor in Israel), Entrée Capital, Evolution Equity, LightSpeed and Cyverse Capital. Sources tell us Talon was approached proactively and was not in the market to be acquired.

Today’s acquisition, along with last week’s for Dig, are significant developments in the Israeli technology ecosystem, where right now it is anything but business as usual.

The current war between Israel and Gaza — which kicked off after terrorists from the latter territory busted through the wall separating the two, killed some 1,400 civilians and took hundreds more back to Gaza as hostages — has, unsurprisingly, had a strong chilling effect on the region’s technology industry, which has in many ways come to a standstill in the last month.

As we have reported previously, tech accounts for 18% of Israel’s GDP, and some 14% of all people in the country work directly for the tech industry (with many others indirectly). A number of those civilians have either been called up for duty, or are involved in volunteer efforts, effectively putting a lot of their regular working lives on hold.

At the same time, the conflict and instability is having a big knock-on effect for investors, partners and would-be customers that want to do business in the region, something that is impacting both Israeli and Palestinian companies. (That’s not to mention the interruptions in supply chains and logistics, as well as even more basic needs.)

Some investors are even looking to step up by creating emergency impact funds specifically to fund startups that have had to pause their activities due to the situation.

Others claim the moment remains ripe for cyber in Israel from an investing standpoint.

“We are still seeing a lot of activity. The need for cybersecurity hasn’t decreased given what is happening. Actually, it’s the other way around. With the advancement of new systems and geopolitical changes, there are even more needs for cybersecurity,” said Lior Simon, a general partner at Cyberstarts, a specialist cyber investor in the region. “Funding and investments are continuing to be made, and we are getting pinged by several investors asking what is happening and what is coming out to market.”

Aside from this, there is also the image of public perception outside of the region : As shown by the recent blow-up around Web Summit and the departure of the founder from executive roles after comments he made about the situation, and a backlash against that, some of the most public efforts of energy that we are seeing coming out of the Israeli tech ecosystem right now are focused on that conflict and how that’s being represented. M&A does not feel like a top of mind concern in that regard.

To be clear, this deal for Talon, along with the one for Dig, were very much already in the works before the surprise attack by Hamas. That they managed to close them during the turmoil is notable, but what remains to be seen are how M&A activities, along with funding, and business for startups overall, will develop as the conflict wages on.

The deal, Palo Alto said, will help address the rise of different devices and apps that are being used in organizations, some of which are not provisioned by the organizations themselves.

“The average enterprise uses hundreds of SaaS and web applications, meaning that most work is now done primarily via the browser,” said Lee Klarich, chief product officer for Palo Alto Networks, in a statement. “Talon enables organizations to secure all work activity via an Enterprise Browser, without touching the personal usage of the device or impacting user privacy. Integrating Talon with Prisma SASE will enable Palo Alto Networks to securely connect all users and devices to all applications, including private applications, and apply consistent security no matter who the user is and what device they use for work. Today’s announcement underscores our continued belief in the strength of the Israeli cybersecurity ecosystem and our commitment to our growing team in Israel.”

“While BYOD offers an advantage for productivity, it is also a source of significant security risk,” added Anand Oswal, its SVP and GM. “Talon’s Enterprise Browser empowers security teams with deep visibility and control over all work-related SaaS and web activity on all devices, including personal and unmanaged endpoints. SASE solutions must evolve to secure unmanaged devices with the same consistent security applied to managed devices so that users can securely access business applications using any device from any location. The unique combination of Prisma SASE and Talon will transform how organizations navigate the challenges of today’s modern and connected digital environments.”

Like Dig, Talon is working in a newer area of the wider cybersecurity market, which would make it attractive to Palo Alto as it looks to keep up with the evolving threats in the market.

Talon’s focus on the concept of an enterprise browser — a platform for large organizations to operate all of their apps and services, built from the ground up with security in mind — is still a relatively new concept in the market. As we have previously noted, though, it has already started to catch on big with customers and competitors: Island is another company in the same space.

“They’re creating a new category that has the potential of being bigger than endpoint security altogether,” a source told us in September. “They’re reinventing the operating system.”

Even as a lot of funding and M&A continues to remain largely stagnant in the current market, and Israel in particular is facing some big geopolitical barriers to activity, security continues to be a huge priority for enterprises and smaller businesses.

That is because of the cost of not managing it well. A McKinsey report from last year noted that organizations would have to spend up to $10.5 trillion annually to deal with breaches by 2025, a 300% increase from 2015. So while a lot of companies have clamped down on spending and IT budgets over the last couple years, security is one area where they have returned to spending even when other categories have remained frozen or constrained.

“For end customers, security is still a big business risk, so budgets are back in action and we’re seeing sales picking up in Q3 and Q4,” one investor told us. “Security companies will want to tap into this opportunity aggressively.”

Second, cybersecurity remains a moving target. Malicious hackers are turning to technologies like AI to break into networks, so, as smaller startups come up with new techniques to tackle the problem, they become acquisition targets for larger companies looking to stay ahead of the curve. This is where this Talon acquisition fits in.

Other examples of this include CrowdStrike acquiring security startup Bionic for $350 million, and IBM buying Polar earlier this year for $60 million — a deal IBM made, we understand, partly in response to Palo Alto buying Cider Security in 2022.

There are mega deals in this trend, too, such as Cisco’s plan to buy Splunk for $28 billion.

For security companies, it becomes a question of competitive edge both against malicious hackers and other security companies. “Palo Alto is buying partly in reaction to these deals,” one source said.

Maintaining independence and editorial freedom is essential to our mission of empowering investor success. We provide a platform for our authors to report on investments fairly, accurately, and from the investor’s point of view. We also respect individual opinions––they represent the unvarnished thinking of our people and exacting analysis of our research processes. Our authors can publish views that we may or may not agree with, but they show their work, distinguish facts from opinions, and make sure their analysis is clear and in no way misleading or deceptive.

To further protect the integrity of our editorial content, we keep a strict separation between our sales teams and authors to remove any pressure or influence on our analyses and research.

Read our editorial policy to learn more about our process.