What makes ZS special

ajm101: I don’t think Zscaler is nearly as revolutionary as people here think it is. I’ve been in software R&D for about as long as iptables has been around. I would be happy to be convinced otherwise, but nothing anyone has written about it here has done so yet. It might be the single riskiest stock I’ve ever heard of.

Perhaps you could explain why you don’t find the technology revolutionary. Also, how would you explain how have they signed up 400+ of the Forbes Global 2000 as customers, and 100+ of the Forbes 500? Maybe also explain why Crowdstrike recently chose to partner with them.

That’s why I think Zscaler is special – the companies they’ve attracted. I’m no techie, so I don’t lean on any expertise of my own…but perhaps you shouldn’t either? You may be great, but sometimes expertise can mislead us. Just because we don’t have a taste for something doesn’t mean it won’t be wildly successful. Zscaler’s customers need not call Zscaler “revolutionary” – they have voted for ZS with their dollars, and they trust them for the security of their giant businesses.

No offense, but I’m betting on the technical expertise of Crowdstrike and 400 other enterprises over yours. But I would be happy to be convinced otherwise. What say you?

Bear

The real issue is, as Kingran states, why isn’t Zscaler special, and why has no one copied or even tried imitate what they do?

What Zscaler does is not create virtual single tenant machines in the cloud. Such virtual machines have dramatic limitations such as dynamic load balancing that they lack. E.g. see https://ir.zscaler.com/static-files/bcbf2456-f86a-43e9-adf2-… - slide 4 on the Technology Differentiation section.

Note: the warning on the right is from Palo Alto’s Prisma. To accommodate this spike what Palo Alto’s Prisma Access needs is to manually deploy greater bandwidth limitations and then for each virtual machine (and remember they are single tenant, not multi-tenant) re-connect and re-direct and perhaps with downtown get them all both (1) reset up for this event ahead of time (instead of just automatically a non-event) and (2) then re-set all these virtual machines (just the ones impacted - which you need to determine ahead of time) back again…

This is just one example amongst many. And it is not just ease of operation, materially increased user experience, and materially lower costs, but also dramatically superior security. If your interested, all that information is public.

If you are so concerned about us, why not actually learn what Prisma Access is with Palo Alto vs. what Zscaler is with its proxies that “break” 365. One has to wonder, if Zscaler is recommended by 365 above all else (iBoss also gets that nod) why can’t Palo Alto just do the same and get Microsoft’s endorsement for 365?

Again, I have no idea if it turns into a great investment. So far, despite the crash, I’m up more than 50% for the year on Zscaler. But I guess your not, are you. Were you up multiples on Arista or Nvidia or SHOP or Alteryx or Okta or whatever silly things we discuss here in real time?

Everyone of those companies (except Nvidia, which is the big player in its field) succeeded despite your absolute disclaimers of nothing to see here there is little in terms of technological competitive advantage period.

Btw/ yeah, although does not always happen, sold Arista at its top in early 2018, and same with Nvidia. There does come a time to sell and yeah, it can be spotted in REAL TIME.

But hey, I have now asked you for specifics, and received none. Then I get back information, without sources that nothing Zscaler does is special, and thus I give you the above as an example. Further, and I’m not going to write an essay here as I could, I’ve already been through this with others to great value and satisfaction, there is absolutely no one in the world doing what Zscaler does at the enterprise level.

You find me someone, and give us specifics why, and then we have a discussion. If you want to continue to give disclaimers and demean then go away please.

Tinker

There is one question I’ve always had about Zscaler’s business model. When they sign up a Global 2000 customer, sure, it’s a huge win. They only need so many of those to keep growing massively. But how do they get more money out of current customers each year?

It’s easy to see how AYX or TWLO does this. AYX sells more seats, TWLO code can get used by customers in more and more places, and then when it’s there, they get paid each time Twilio’s customers’ customers use that functionality.

But Zscaler…when it is purchased, isn’t it purchased for the whole organization? (Hence the longer sales cycles and huge contracts) If so, how do they upsell current customers?

Bear

Great question Bear, you might get an answer from investor relations. But here are some speculations:

Maybe some companies try them out with one free-standing division to see how they like it
Or only start with US offices and add in foreign later,
Or some start with the whole enterprise but add in acquired divisions in the future
Or the enterprise is growing and adding divisions and gets Zscaler to include them in the pie
Or the enterprise is simply growing, and handling larger volumes of data for Zscaler to handle
Or all of the above and more.

Best,

Saul

I think all of the above may be possible, but as I said, it’s just speculation.

Bear, it is a little misleading. As an example an Alteryx landing is often 1 or a handful of seats. Thus the room for expansion is massive.

Zscaler, last I did back of the napkin (and of course this not a cohort analysis just annual basis) gets more than $55k per customer. For the global 2000 it is in the $2-4K six figure numbers. The CFO discussed this and gave stats how they have materially grown this number every year and he feels much room to grow it further.

Palo Alto, on the other hand (who had few customers in 2012 when they went public and of course could not possibly keep a competitive advantage over Cisco and the many FW vendors out there) was making ~$30 to $40k per customer and only grew that number by 12% compounded through 2016.

Zscaler increases seat numbers, adds multiple features like sand boxing, sells ZPA, and has two new products in beta testing now. It is more difficult but their NRR despite the much larger lands is 118.

It is an issue though as they sell top down. One of their new products however may be sold in a bottom up method. Their zB2B product.

Tinker

Hi Paul,

Good question. They keyword: Platform

And really that word should be our target for most investments. We don’t want a company selling one product. We want an ecosystem that allows upsells. Just look at the product list on the zscaler website. Or better yet, look at page 53 of the analyst day presentation here:

https://ir.zscaler.com/static-files/bcbf2456-f86a-43e9-adf2-…

Land and expand baby! This is why estc is interesting. The platform it offers. Any company that relies solely on selling an APM product will lose out to platform companies like estc and ddog offering APM amongst several other products.

Incidentally, slide 37 on discusses their office 365 deployment compared with NGFW.

Alteryx is so dominant in an incredibly booming field, but it took them 20 years to get here. It’s incredibly disruptive despite being really expensive. If anyone could create a similar product and significantly undercut them, they could be disrupted, as it’s a single product to overturn that helps you run your company. A lot easier to do that than rip-out a whole platform that’s mission critical to the day-to-day running of your company. Right now, there’s noone in sight anywhere near AYX. No reason not to hold or buy more AYX now, as if a disruptor comes, I don’t see any reason why we wouldn’t notice in plenty of time.

Bear is right that Zscaler’s business model doesn’t allow for some of the great expansion opportunities like we see with other companies discuss. Like Tinker says the NRR is 118%. That’s neither sleepy nor exciting like some of the other companies we see that have nearly double those expansions like TWLO, DDOG, ESTC, AYX, SMAR, to name a few.

Higher expansion rates are of course desirable. Older customers add to growth rates before adding in newer customers, making overall high growth easier to achieve. On the other hand if you start with each customer starting already at or near maximum spend rates, each new customer adds incrementally higher new revenue from the start, also making higher growth rates easier to obtain.

Besides the impact on higher achievable growth rates, the real purpose of Net Expansion is to achieve greater long term contract value out of each and every one of your customers. Trying to get them ever closer to what their maximum spend the company may be capable of extracting. Thus I’m not sure entirely if it matters if you start out near max or achieve it slower over a period of time. As long as you mine all that you can.

It’s one of the reasons why lately I’ve been fond of companies with a developer or optionality-based foundation. Companies like ESTC, MDB, or TWLO. Where really usage increase doesn’t rely just on increasing seats, though that’s a great business model too, but expanding usage or spinning up another instance on a host or using a platform more unlocks more value which in turn leads to spinning up another instance to achieve more of the same.

Optionality works in a similar manner. You get more seats on a core product reaching near maximum then other products are introduced and the cycle repeats on seats for those products. ZB2B and products like that may be Zscaler’s road to have some optionality input and lead to better NRR in the future.

Darth

But Zscaler…when it is purchased, isn’t it purchased for the whole organization? (Hence the longer sales cycles and huge contracts) If so, how do they upsell current customers?

Good question Bear.

In addition to what Saul mentions, most customers have ZIA (ZS Internet access), ZPA (Private Access) is somewhat newer, so there are still plenty of customers who purchased only ZIA, but ZPA is still gaining traction and management has mentioned it is growing at triple digits.

Matt

Zscaler is a very fun company to talk about. So is Pure and so is/was Talend. The difference is that Zscaler is truly dominant and disruptive in what it does. There is no one else who does it, and no, not so easy to just copy them.

This said, there is fierce adherence to the FWs and then NFGWs. Been that way for at least two decades of not more.

To date Zscaler has done spectacular. Fear exists due to conservative guidance and language that should produce fear “elongated sales cycle”.

To the extent it is due to competitive pressure, that is pure FUD. To the extent it involves industry obstinance that may be a real issue or may just be a concern in the end. Really crossing the chasm I guess.

Tinker

To the extent it is due to competitive pressure, that is pure FUD. To the extent it involves industry obstinance that may be a real issue or may just be a concern in the end. Really crossing the chasm I guess.

Tinker,

I work for a very large and diverse world wide telecommunications company.

We have in excess of 250,000 employees and we all make above average wages. To slow production is both expensive and dangerous.

(I can give you an example of the dangers if you like.)

Regularly we get software updates that render our software useless. Without this software we are blind to our operations and must literally drive from site to site to protect the network. It is even worse the the Network Reliability centers.

Because we are still using Cisco VPN software, proxy servers and Access Control lists to protect the network a simple Firefox update can shut down our organization nationwide for over half a day. This happens a few time a month. We then stop and figure out a work around and get back to work. Since we are a small bit player, less than 5000 people, the lost labor cost is likely less than a couple million each time.

The first time we lose all e911, military circuits and first responder communications in a couple of states, I am pretty sure the obstinance will go away.

Note! I am not talking about a security breach. Just the continuous failures of the system due the current method of security.

Cheers
Qazulight (Long ZS, too long maybe, might add a bit and a lot to CRWD)

Qazu,

With your anecdote your company’s productivity, much less its cost structure and its security posture, would very materially benefit from
Zscaler. No question about it.

I just express the one issue I see and that is since Zscaler’s NRR is 118 it needs to get more of its growth from new customer adds each year.
More and more each year.

However, the Global 2000 produce so much revenue per new customer that increased focus there, including international, can easily mitigate this issue.

And to repeat, (1) Palo Alto was a minnow in 2010 and 2012 and yet (given the lecture we were given we were not to invest in Palo Alto because their technological lead would be trounced, and (2) there is literally no one in the world that does what Zscaler does in the enterprise market.

(1) proved (as so often it is) that mere disrupters cannot be long term investments for is ignorant small fry, and (2) yeah, literally, if your a large organization like your employer with the pain point you describe there is only one - No other real option - with a product that can fix the pain you described.

Kingran can write all the platitudes he wants but if he were to actually dig into the details all he could continue to do is spout platitudes because that is the absolute truth, whatever that is worth investment wise.

Tinker

“Perhaps you could explain why you don’t find the technology revolutionary. Also, how would you explain how have they signed up 400+ of the Forbes Global 2000 as customers, and 100+ of the Forbes 500? Maybe also explain why Crowdstrike recently chose to partner with them.”

Zscaler tells your device to sent it’s network traffic over their network. They “decode” encrypted traffic by installing their own client certificates on a device, decrypt it (since they have the private certificates), inspect the traffic, and then forward the request onto the destination. This is an TLS/SSL termination proxy, it predates Zscaler, and it is not unique to them. Then they look at the URL being requested, the ip address, the content of what is exchanged. That is fairly basic netsec and infosec capability, and predates them and is not unique to them. This is basically it. They force all requests through their network and look for suspicious patterns in it.

Not sure why you think Crowdstrike deal is positive. ZS sells CRWD’s endpoint and built an integration to it. Seems like a pretty sweet deal for CRWD. If ZS had the capability to build it on their own, they would have captured more revenue.

Maybe I shouldn’t rely on my expertise, but I went against board consensus on NTNX, NVDA, and PVTL when that wasn’t popular. ZS is a fine company, I just think they are not as great as people here think they are and I don’t want to pay 20x rev for them.

I am asking for anyone y specify someone who does what Zscaler does or in some alternative manner creates the same customer benefits.

Palo Alto certainly does not. iBoss is similar but cannot properly cover most enterprise cases.

Anything done on the internet has already been done. It is standardized tech that everything runs on. Okta, SHOP, Amazon, Palo Alto, TEAM, CRM, Alteryx, CROWD, ZM, no one is doing some huge new invention and yet they are doing it and in a manner that no one can seem to competitively catch up with or hurt.

It is not about technological magic. It is about the platform. It is about innovator’s dilemma.

So that is the thing, if it is nothing then who else offers a product to fix these pain points Zscaler fixes?

I’ve scoured the world and there is absolutely no one. There is also absolutely no one trying. I mean Cisco could and Palo Alto could but they won’t. It utterly destroys their business models.

iBoss is similar but can’t equate to Zscaler, years behind. There are a few others around the world and they fare no better than iBoss.

Like I said, industry obstinance May slow down the business but there is nothing else out there that fixes these enterprise pain points, and those large enough to build something to compete with what does won’t as it completely destroys their business model.

Why is Palo Alto offering single tenant virtual NGFWs that replace ZERO security appliances and fixed none of the NGFW pain points?

Perhaps because what does destroys their business model.

But that is the question. What else is there? There is the status quo augmented by bolt on virtual machines and maintaining the status quo by this extra functionality or there is getting rid of the status quo.

Either the former will be good enough or it won’t be.

Tinker

If anyone can answer tinkers questions could change a lot of people’s perception of ZS.

So far what I’ve heard is proxy servers are old tech. So why aren’t there many others doing the same thing ZS is? Is $400 million growing at 50% a year not business worth going after?

Been reading a lot more into ZS over the past few weeks since it started dropping. Also had a chance to speak to some industry experts (get to that later).

AJM - integration with CRWD just makes it easier for companies to handle their security. Just like they have SIEM integration. It’s providing or allowing the whole package. Like how shopify has a whole ecosystem of apps, like how slack allows seamless connections with numerous other software. It’s all about filling out an attractive platform and make everything easy.

About the technology. At its core, yes it’s a basic proxy that filters all traffic through them, looks for suspicious activity, and then forwards it on. At its basic core that is exactly it, and the technology is not new. But building the platform, the company, from the ground-up built for the crowd. Sure, now that it has been designed, it would be fairly simple (still requiring lots of $$$ and expertise, but doable) to replicate. Much like it would be simple to replicate shopify, twlo, facebook (okay this one actually has a network effect moat). These companies have done the hard work creating the vision, you just need to copy it.

It’s doable. But first-mover advantage that these companies have, including ZS, is significant.

The risk to ZS is:

1. Poor management who fails to see new upstarts/competitors, ensuring they’re not overtaken
2. Complete disruption, a new paradigm much like what they’re doing to palo alto.
3. Migration to the cloud for some reason slows significantly.

Palo alto has the innovators dilemma. It would cost them too much. They can’t change! Well, they can and should but it would destory their stock price. Or maybe they just milk their dieing cow as much as possible. I don’t know what’s better for them to do.

In regards to 1), which is what you’re asking 12x - there are competitors. iboss is one. The industry expert I talked to mentioned a german company he was extremely bullish on and thought was the only company that fully secures office 365 - www.secuscaler.com

Familiar looking name, huh? Check out their website - another purpose built company, cloud based security company. Also trying to be a platform with very similar offerings as ZS.

You know what all these companies have in common? They compare themselves to zscaler. Even palo alto does. Zscaler is the dominant leader and the market is theirs to lose.

An interesting whitepaper on the secuscaler website compares the leading firewall cloud security companies. It’s a great easy to read introduction to the area if you want some light reading. Otherwise simply scroll down to the company comparisons. Read palo alto, zscaler and secuscaler. Then look at the recommendations. Bearing in mind this is secuscaler’s website. They recommend secuscaler for SMEs because of cost, but for enterprise there is nothing like zscaler for “full SSL interception…optimum collaboration with office 365…price/performance is better than all the appliance-based firewall systems”

The startups are going after ZS’ business, but from what I’ve seen they’re targeting the market bottom-up. Zscaler’s strategy is going for the top (fortune 2000), which is high touch, complex sales, and then descending, scaling, down the market using sales partners, less complex sales processes. But for the time being, the billion dollar enterprises are either going to change their security paradigm to use zscaler, or remain with the incumbents. Yes, that’s speculation, but I am very very certain they won’t have a non-public, sub 1 billion mkt cap company be in charge of their security. So that leaves just ZS.

I’m rather bullish on zs. Cloud security is a mega-trend and I’m backing this industry leader with amazing gross margins. Good to be aware of the competitors though. Good discussion. Allows us to be nimble in the event that management does slip-up and allow a competitor to gain ground.

VCs don’t necessarily know more than us. Give a monkey a billion dollars to invest seed money randomly in a million startups, you’re bound to land a unicorn. No offence intended CMFMonkey - probably better than I could do.

I spent about an hour going through the ZS site last night. One thing that struck me is that the company is not very good at explaining what it does. Perhaps those deeply steeped in the technology will get it. But I think to the uninitiated, their explanations don’t do enough to describe - in simple English - how the solution works. I hope the new head of marketing can work on this type of thing. It will help get the message out.

Gordon

BenDubya: And really that word should be our target for most investments. We don’t want a company selling one product. We want an ecosystem that allows upsells. Just look at the product list on the zscaler website. Or better yet, look at page 53 of the analyst day presentation here:

https://ir.zscaler.com/static-files/bcbf2456-f86a-43e9-adf2-…

BenDubya - thank you! That helps explain the 118% or so. I think my point holds, though, that they won’t have quite the multiplier of an AYX or TWLO. It also makes sense that more up-front costs would lead to longer sales cycles.

ajm101: Not sure why you think Crowdstrike deal is positive. ZS sells CRWD’s endpoint and built an integration to it. Seems like a pretty sweet deal for CRWD. If ZS had the capability to build it on their own, they would have captured more revenue.

Maybe I shouldn’t rely on my expertise, but I went against board consensus on NTNX, NVDA, and PVTL when that wasn’t popular. ZS is a fine company, I just think they are not as great as people here think they are and I don’t want to pay 20x rev for them.

ajm101, I didn’t understand the technical stuff so I just clipped the part of your message I can understand. You mentioned Crowdstrike but not the 400+ Global 2000 Zscaler customers. Why am I harping on that? I think Tinker has a good way of looking at this:

1. People want this type of solution
2. No one but ZS really has it to offer. Maybe they will, but so far, crickets.

If you see it differently, please weigh in.

Thanks to everyone who’s responded!

Bear

So far what I’ve heard is proxy servers are old tech. So why aren’t there many others doing the same thing ZS is? Is $400 million growing at 50% a year not business worth going after?

Tinker already gave the answer: "It is not about technological magic. It is about the platform. It is about innovator’s dilemma."

The Innovator’s Dilemma

Clayton Christensen demonstrates how successful, outstanding companies can do everything “right” and yet still lose their market leadership – or even fail – as new, unexpected competitors rise and take over the market. There are two key parts to this dilemma.

1- Value to innovation is an S-curve: Improving a product takes time and many iterations. The first of these iterations provide minimal value to the customer but in time the base is created and the value increases exponentially. Once the base is created then each iteration is drastically better than the last. At some point the most valuable improvements are complete and the value per iteration is minimal again. So in the middle is the most value, at the beginning and end the value is minimal.

2- Incumbent sized deals: The incumbent has the luxury of a huge customer set but high expectations of yearly sales. New entry next generation products find niches away from the incumbent customer set to build the new product. The new entry companies do not require the yearly sales of the incumbent and thus have more time to focus and innovate on this smaller venture.

https://en.wikipedia.org/wiki/The_Innovator%27s_Dilemma

Talking about “Incumbent sized deals,”

I’m not sure who made the point, Clayton Christensen or Geoffrey Moore in Living on the Fault Line, that the salesforce gets huge commissions from selling large “incumbent sized deals” but would earn much less by selling the smaller innovative deals. This bias, while profitable for the sales reps, handicaps the incumbent from trying to compete with innovation. In real life Lockheed’s Skunk Works is an example of how an incumbent can free (isolate?) small teams to make them innovative. In every business there are many older experts that say of new ideas “it can’t be done.” We had a few of them here lately.

I too come from a technology background and more them once my technical knowhow has led to poor investing decisions, Mac vs. PC and 68x00 vs. x86 are two examples.

Denny Schlesinger

"ajm101, I didn’t understand the technical stuff so I just clipped the part of your message I can understand. You mentioned Crowdstrike but not the 400+ Global 2000 Zscaler customers. Why am I harping on that? I think Tinker has a good way of looking at this:

1) People want this type of solution
2) No one but ZS really has it to offer. Maybe they will, but so far, crickets.

If you see it differently, please weigh in."

If you don’t understand the technical stuff, or it’s not interesting, I don’t think there’s a lot of common ground for us to continue the conversation. If you invest in cutting edge tech, it’s not a virtue to not understand it. I value HeartMD’s opinion on LVAD trends, as they are on the front lines and knows more than me. I work with ElasticSearch every week, but I value CMF_Muji’s opinion on it even more because it sounds like an integrated part of the product they work on rather than a tool they use. I am intellectually humble outside of core competencies and have no pride wrapped up in my investments.

I’m replying, so obviously I see it differently. First, you should introspect why you think “400+ Global 2000” is meaningful. Do you track the Global 2000 penetration metric on any of your other investments? Is it something you care about outside of Zscaler? Are you tracking ZS to any forecasts on that metric? I didn’t say Zscaler is a scam, I said they are a fine company. I expect them to have a lot of customers. They offer a good service for a particular use case. There is no world in which their product replaces firewalls, “next gen” or otherwise, and as far as I can tell it offers just about no proactive endpoint protection. It seems like a decent product for enforcing and analyzing network traffic to mobile and remote/traveling assets accessing 3rd party resources. That’s a growth market. Otherwise my points stand. It’s not a new kind of product, and I don’t see a big moat against future entrants right now. Given those, I think the “incumbent/disruptor” dynamic is overstated and there is risk to their valuation.

To turn it around maybe you or a more technical ZS investor can tell me why I can’t just have Qualys or some other sort of mobile endpoint protection and have people VPN into my office LAN and get equivalent security. Yes, you can have malware that uses TLS to disguise beacon communication, and maybe ZS would prevent that? But what if I inject that communication in otherwise non-malicious steganographic channels? Like use the least significant bits in a Google Image search result to embed a message, or do the same in an advertisement targeted towards an individual in a company with an ad service? What if the payload is encrypted? Netsec is hard. A combination of PANW and CRWD would be equally effective and not require me to give 3rd party access to cleartext traffic.

There are some people here without technical backgrounds try to use rhetorical techniques and grandstanding to make it appear otherwise. It may even work on people that are non-practioners. I do not do this, because I don’t care at all if you listen to me. I’m not short ZS and I’m not long ZS. This is my opinion, take it or leave it. I could be wrong, and have been plenty of times.

and as far as I can tell it offers just about no proactive endpoint protection.

Neither does Palo Alto. Their end point product has, according to expert report, very little adoption.

There is no world in which their product replaces firewalls, “next gen” or otherwise

It has done so for GE and Siemens and multiple other very large organizations. Replaced them, replaced them all.

How does that jive with your comment above? Is there something different with the networks of everyone else?

If you invest in cutting edge tech, it’s not a virtue to not understand it.

We are not investing in cutting edge tech, we are investing in businesses. If you want to invest in cutting edge tech there are many hardware companies out there doing some real cool stuff, but they are not great businesses.

A combination of PANW and CRWD would be equally effective and not require me to give 3rd party access to cleartext traffic.

You do realize that a PANW appliance does not inspect all SSL traffic that may be embedded. You do understand that Zscaler does. You do realize that PANW appliances create multiple targets of vulnerability. You do realize that Zscaler’s security creates no target of vulnerability to attack other than Zscaler’s servers themselves.

You do realize that a PANW appliance to inspect all SSL traffic like Zscaler does requires a bolt on cloud solution. That once you activate it the processing speed dramatically slows data delivery and thus dramatically affects user experience negatively.

I mean, these are basic things about Zscaler vs NGFWs and Palo Alto. I could go on for quite sometime.

One I brought up yesterday is that Zscaler automatically load balances dynamically without the customer even knowing it. You do know that Palo Alto, whether with their appliances or their single-tenant Prisma Access cloud software (that only works on edge cases - and even then has multiple short comings and costs) requires not only manual load balancing if you expect a demand surge, but also the IP and all the other addressing and proxieying Diddley doo has to be re-assigned both to increase the bandwidth and then again when you reset it back to normal bandwidth.

I don’t have to understand the how to look up an IP table to understand these product attributes. To understand cost for value. To understand examples that show tremendous increase in security vs firewalls. To understand user experience.

At the same time, I understand customer obstinance. Yourself, obviously someone who technical expertise, cannot see beyond the status quo technologies to look to new solutions. That is nearly a technical definition of a disruptive technology. It upsets the status quo and those who work in it.

That is an issue Zscaler has to overcome. To date Zscaler has done so many times. Zscaler penetration, as you brought up, is not a small integration. They are averaging more than $200k, $300k, or was it $400k per global 2000 customer. That 20% of the Global 2000 that went with Zscaler as a customer have not started out small.

Zscaler does have a growth/sales problem as Zscaler is more reliant on getting new customers as an aspect of growth than say a company like Alteryx is. But I am tired of saying this. I think we get the by now.

The above, product attributes (and I don’t have to understand the techy tech tech stuff as to how it is done), are true and accurate. It is just that those who work in the industry work with NGFWs and FWs and they assume any new technology that says it can do x, y, z, that the old technology cannot do it is simply a sales pitch.

The reason why Zscaler has been so successful to date is because what they are selling is not just (1) a sales pitch, and (2) they are the only company in the world capable of providing capabilities like this on an enterprise scale.

Does it make for “cutting edge” tech? I don’t know, don’t care, it does make for a platform that no one has been able, or even really tried to replicate. There are also more than 200 patents and 10 years of operating experience behind it.

Is it disruptive from a cost/value perspective? Yes. Is it disruptive from a capability perspective? Yes.

Is Palo Alto, as an example, doing anything close to what Zscaler is doing? No. Is their Prisma Access problem just like Zscaler, as it works in the cloud and all you know? No.

Will Zscaler be a great investment? No one can say, now can we. It is the business case that will tell us that in the end. The capabilities of the product are what they are and Zscaler is of course adding capabilities all the time and improving the core offering all the time.

And yeah, again, it does displace fire walls and NG fire walls. It has for years, and will do more so into the future.

Tinker