Thank you ant for this summary!
I also listened to the call and apart from the implications for the cybersecurity space (which you highlighted very well) one thing stood out to me…
Maybe a little introduction first:
Everyone is talking about AI/ML right now - companies like C3.ai suddenly jump by 200% - nobody cares about Nvidia’s revenue slowdown and the new Bing aka chatgpt is in everyones mind. I thought a lot about this coming change and who could potentially profit the most. Right now everybody is jumping on companies which are directly linked to the technology, if it’s a slow growing software provider like C3.ai or a hardware+software provider like Nvidia.
That’s why I wrote a little thread on another platform a few weeks ago about the importance of data as the “food” for AI applications and about the cloud as the “fertile soil” for them to grow. Therefore the companies which benefit the most might not be the most obvious ones, similar to when the Internet was invented and many thought telecommunications companies would benefit the most. But on to the PANW conference call.
What stood out to me:
Of course AI/ML was also a topic on Palo Alto’s conference call. Nikesh highlighted how they use it for years to provide better security outcomes and block threats.
Now to the point, Nikesh talked about one thing all the time:
Data. Data. Data. This word was used 35x on the call. Nikesh repeatedly mentioned the importance of high quality data as the most important part of using AI/ML successfully for enterprise operations. A few excerpts:
“The challenges you all know is that AI has been a data problem and continues to be so. Unlike consumer where we can talk about Sonnets and ChatGPT’s creative capabilities and the revolution that is going to drive in search or advertising, its ability to summarize data and continue to amuse and inform us, the demands from AI and enterprise are far more exacting and so are the returns. An enterprise AI needs to be clean.”
“It has to have comprehensive data. And in security, especially it needs to be real-time. So, not only do you need to have the best data to create great security outcomes you also need to be positioned in line to block threats.”
“We have over 60,000 customers where we can help them use this data. As we conceived with Cortex, we built XDR to ensure we collected the best endpoint data across the industry.”
“Let me make a case why with petabytes of data from trillions of events, billions of sessions, hundreds of millions of URLs, and tens of millions of files flowing through our product across cloud, network, and endpoints daily, we are best positioned to deliver security outcomes using AI machine learning.”
—> What comes through to me is that the crux doesn’t lay in creating a good model but to have the most and highest quality data.
In the Q&A he talked about their emerging XSIAM product (I copied the whole question/answer because I found it very interesting) :
Saket Kalia – Barclays – Analyst
But maybe a strategic question for you. As you think ahead, maybe the next couple of years for XSIAM, how do you think that that will have started to disrupt the SIM market, either from a tech or a pricing perspective? And maybe just to flip that on its head a little bit, is it possible that tools like XSIAM maybe help expand the SIM market?
Nikesh Arora – Chairman and Chief Executive Officer
So, I think, Saket, the SIM market doesn’t have a pricing problem. It has a value problem. I spent a lot of money. I don’t get enough value.
And if you ask some of the customers out there, how do they use the SIM, SIM is used post breach or post event to figure out what happened. A SIM is not doing on-the-fly real-time blocking. So, when SolarWinds happens, Log4j happens, you can go to your SIM and look at where it happened and figure out and trace it back and try and block the hole. What it won’t do for you is stop it mid-flight.
And that’s a paradigm shift as far as security is concerned. The only way you can do that and stop it mid-flight is analyzing data as it’s being created. So, to us, the reason we call XSIAM not SIM is here’s our words. We watch the data in flow.
We watch it coming from the endpoint. We cross-correlate mid-flight with firewall data. We go and triage it. We automate some of the alert, some of the noise away.
And we’re looking at like real incidents between triage already, which are not being put in some large data lake, and then running query language against to see how do I solve the problem. They’re already doing it in the back end. Now, of course, with the availability of new LLMs (Me: large language models like chatgpt) that are out there, which you all I’m sure have been talking about and dealing with in their free time, they do a lot more useful things than write poetry for your wife. They can actually analyze data to tell you what is anomalous and what is off pattern.
And if you can figure that out, then what do you have to do? You have to go ahead and remediate it. How do you remediate it? You got to be a firewall to remediate a network. You’ve got to be an endpoint to remediate the endpoint. You got to be Prisma Cloud, remediate it in the cloud.
So, I think what XSIAM is going to do is going to bring real-time capability in the SOC, or real-time capability in security. It’s early days. Again, I’m going to say – keep repeating, in a repetition to not fall the prayer, don’t get ahead of itself, but this is where we’re heading. And if you can picture chat ChatGPT 10 years from now, picture AI and security 10 years from now.
You will not have humans trying to analyze because it’d be too hard for humans to analyze petabytes of data. Already, the data in an organization is too much for a security analyst to analyze.
I would recommend reading the whole transcript, Nikesh definitely is one of the best CEO’s out there and always interesting to listen to. Link: Palo Alto Networks (PANW) Q2 2023 Earnings Call Transcript | The Motley Fool
This again gives me confidence that companies like Snowflake and Databricks will have high and durable future growth ahead of them. And it makes sense that companies want to build their business directly on Snowflake. And of course others will profit too - this data needs to be stored in the cloud, it needs to be secured, we need it at the edge… and so much more. I’m excited about this future!