Artificial Intelligence has been transforming our world for a few years. Cybersecurity is one of the most impacted sectors, as it created new vulnerability verticals & boosted the efficiency of older ones.
Companies are working on improving their systems, and the ones who propose the best overall security for AI datacenters will unlock a massive market.
Cybersecurity, Datacenters and AI.
We talked about datacenters and firewalls in the Arista Networks IT write-up. We’ll go deeper today, but I will take the basics for granted - datacenters, how they work, the different equipment, their interactions, etc.
Firewalls are the network’s gatekeepers. They allow or block traffic within the network. They exist as hardware, software to be installed on servers, or as SaaS managed by a third party. In each case, their role is the same: to defend networks and applications by controlling malicious traffic.
Cyberattacks are more frequent but also more effective since AI upgrades - easier to set up, more versatile and faster. AI also created new verticals, as its usage requires new architectures, methodologies, and software.
For example, training AI models requires data, which hackers can now modify to bias the model towards their objective - this is called data poisoning. This isn’t new per se, as AI was called Machine Learning a few years ago & already relied on models trained on data, but these attacks’ efficiency or surface was limited a decade ago. Today, every major company is working on AI models. That being said, data poisoning remains a very complex attack and isn’t common, but this example highlights cybersecurity’s needs and challenges changes over the last three years or so.
Existing attacks are more effective, and new ones are being developed to capitalize on emerging technologies. Companies need protection against these.
Luckily, AI is not only enhancing attacks, it also enhances defenses.
Cybersecurity is applied at many levels: within the network, from internet, on servers, computers, clusters, applications, web pages, etc. Any physical or logical aspect of an IT infrastructure requires security; hackers can target anything - including employees. This is why cybersecurity is an enormous sector with so many players: some focusing on detection, others on protection, a few on restoration - as sometimes cyberattacks succeed and companies need to mitigate damages.
Here’s an overview of the sector, just the tip of the iceberg.
Some companies are present in more than one vertical, like Palo Alto which is today’s subject; the actual leader in the network security space with its NGFW platform, expanding to new verticals including clouds, AI, softwares, and more.
Palo Alto.
I won’t go over the company’s detailed portfolio, as we are talking about hundreds of very technical and different software or features, but I will go over its structure, what they do, why they are the leader in their field, and why they could become the leader in new ones.
The company originally focused on firewalling systems - network security, with classic packet-filtering configurations for inbound/outbound traffic. In plain terms, they sell software that can be configured to accept or refuse traffic.
Networks can be compared to human groups: everyone can talk to everyone & share information. Firewalls are set up in between, listening to everything & deciding, based on their configuration, if that specific information can be shared between two pieces of equipment - or persons in our example, or not.
Firewalls are positioned everywhere within a network. The most important ones face the internet and protect the internal network from external threats, just like the lock on your door protects you from the street, where you don’t trust actors. But you also have locks within your house. Not that you don’t trust your kids - maybe you don’t, but sometimes, things need to remain private. This is the same within a network, and firewalls are here to control the data flow.
This is Palo Alto’s core business: firewalling systems. But their focus since founded in 2005 was to disrupt them, to create new methods to secure infrastructures within a unified and automated platform. This vision led them to become leader in the sector, as they built their services around what has now become a necessity, taking market share from legacy security providers like Cisco, Check Point, or Fortinet.
Palo Alto’s strength was starting by building an interconnected, efficient cybersecurity ecosystem.
Firewalls and Next-Gen Firewalls.
NGFWs are what set Palo Alto apart. A classic firewall will allow/block packets based on configuration. NGFWs go a step further: they use data analysis to inspect traffic, identify patterns, run threat intelligence and behavioral analysis to detect potential attacks automatically - before they happen.
Classic firewalls were enough for traditional infrastructures, when most traffic was local within a private network that engineers largely controlled. Things changed as cloud infrastructures developed & took over around 2010. In a cloud setup, traffic moves between cloud providers, equipment, and datacenters that a company’s engineers may not control - exponentially increasing the attack surface.
To compare again: if you go to the store, buy your own food and cook at home, the only risk of a bad meal is buying bad products - or your skills, which you can double check yourself. But if you order meals from a chef and want the same quality control, you’d need to check all the chef’s partners, ingredient suppliers, tools, the transport system, etc…
So cybersecurity providers started using Artificial Intelligence - then called Machine Learning. Instead of relying solely on configurations, they relied on the machine’s understanding of traffic and cybersecurity guidelines. Instead of telling your firewall, “if this happens, do this”, the machines started looking out for strange behavior and reporting it automatically.
Palo Alto did that first and this methodological shift allowed them to capture market share from providers sticking with classic configurations. They then expanded to more verticals, migrating cybersecurity from static human configurations to automatic prevention systems. This triggered large demand in a sector becoming more complex due to cloud systems, IoT, and other evolutions.
Platformization.
Palo Alto divided its services into three platforms: Strata, Prisma, and Cortex - each focused on a cybersecurity specialty but part of a complex interconnected ecosystem.
Strata: the core business - network security, upgraded over the years with NGFW capabilities. It remains the heart of the business & the biggest source of revenue.
Prisma: a code-to-cloud service for cloud environments and AI applications, addressing challenges like multicloud complexity, advanced AI threats, secured access, etc… Part of Palo Alto’s expansion beyond networking cybersecurity.
Cortex: an AI-driven Security Operations (SecOps) platform, built to unify data and optimize Security Operations Centers’ with better detection, response, and automation. It focuses on any kind of endpoint - network, cloud, identity, and leverages AI to reduce manual effort and improve threat-hunting efficiency.
Strata provides classic, AI-enhanced network security; Prisma focuses on cloud and AI application security from development to production; Cortex integrates both with AI-enhanced models that aggregate Palo Alto’s ecosystem data to detect, anticipate, and resolve threats.
In brief: Palo Alto offers a centralized, AI-enhanced and interconnected ecosystem for companies engaged in the AI revolution. Most competitors are also working on such ecosystems but Palo Alto has been focusing on this since its early days, while others are pivoting from legacy services.
This is true for its traditional competitors, but Palo Alto also faces newer challengers; CrowdStrike, ZScaler, or Microsoft Defender, companies focused on AI applications, complex cloud systems, and other verticals Palo Alto has expanded into.
Palo Alto’s advantage lies in its versatility with NGFW at its core, a necessity for large companies. That makes it easier to sell their core business first, then propose Prisma and Cortex as expansions to optimize security on a single platform.
This is what they call platformization, and companies have reacted positively since Palo Alto management doubled down on this strategy in early 2024.
Palo Alto understood early that cybersecurity’s future was in a centralised platform. This is what they focused on building, succesfully.
Services & Products Demand.
Palo Alto’s business model relies on subscriptions, fairly standard in the industry after years of selling hardware and licenses. They still sell hardware, but less than before.
The company’s key metrics are ARR - Annual Recurring Revenues and RPOs. Both rely on the same base, contract dollar value, but differ in timeframe: Annual Recurring Revenues lists yearly contract value, while Remaining Performance Obligations represent the total contract value regardless of duration.
As detailed in recent quarterly reviews, the data is bullish for Palo Alto. RPO growth is accelerating while ARR growth is decelerating.
RPO growth is accelerating while ARR growth is decelerating. This means clients are deepening their relationship with Palo Alto, signing longer contracts (average length ~3 years). Since the contract value isn’t all recognized in the current year, ARR lags behind, but ARR will plateau & likely reaccelerate if the RPO trend continues.
This is supported by rising demand for Palo Alto’s Next-Gen Security services - Prisma and Cortex, highlighting the success of platformization.
In short: demand for Palo Alto’s products is strong and growing, their vision aligns with market needs, and their platformized service receives strong demand.
Switching Costs.
We already discussed switching costs in Arista’s investment thesis, Palo Alto shares this characteristic. Switching providers for these services is rare as it’s extremely long and expensive.
When a company’s security is built around one provider, moving to another requires retraining engineers, acquiring new licenses, hardware and subscription, planning a complex migration, and more. This can take years and cost millions depending on the infrastructure’s size. Palo Alto’s platformization increases these costs further as they now secure not only networks but the entire AI ecosystem.
For a company to go through such migration, the new provider would need to offer a massive security improvement - not just 2% better performance. While costs vary on the company’s size, Palo Alto primarily serves large corporations with over 80% of the Fortune 100 using their products for their cybersecurity.
RPOs confirm that most companies are tightening their relationship with Palo Alto, and it’s hard to see this trend reversing in the next five years due to high switching costs and Palo Alto’s current trajectory in term of expansion and innovation.
Financials.
Palo Alto is the cliché of a growth-oriented tech company:
Healthy revenues & growth with a clear inflection point when platformization became the focus - initially doubted by the market.
Gross margins north of 70% as they mostly sell subscriptions and software. Hardware still exists but represents less of the mix which also gives clients flexibility in choosing server configurations and vendors, rather than depending on Palo Alto hardwares’ specs - this is standard in the industry though, not Palo Alto-specific.
Combined with rising pre-tax margins from two drivers: a focus on profitability as the company matures, and growing share of higher-margin products from platformization and AI-focused services. Management is guiding for higher margins next years.
Lastly, strong tock-based compensations - classic for tech. Shares outstanding grew 17% in five years, while revenues climbed 170% - acceptable. Now that Palo Alto is profitable with growing margins, it would be great to see dilution slow.
On the balance sheet, Palo Alto has ~$2.5B net cash, comfortable, especially after ~$3.3B in acquisitions over the last five years, aimed at expanding cybersecurity verticals.
The latest deals include Protect AI ($700M) & the announced acquisition of CyberArk in July for $25B - a 20% premium. A much larger deal that fits Palo Alto’s strategy, increasing switching costs and strengthening their platform with a new vertical.
Conclusion.
Palo Alto is one of the leaders in Next-Generation Firewalls and AI cybersecurity, with an optimized, AI-enhanced, interconnected ecosystem to secure networks and AI infrastructures - a rapidly growing sector with rapidly evolving needs.
Palo Alto is a leader in its core business - network security, competing with Fortinet on affordability and with Cisco or Check Point gobally, who both lag in innovation. In new verticals like AI and cloud security, Palo Alto is gaining traction due to platformization, but faces strong competition from CrowdStrike and ZScaler - players who move fast and specialize but lack Palo Alto’s depth.
Palo Alto’s advantage lies in serving large companies that need both network security and cloud/AI security. For them, platformization makes sense, subscriptions fit their needs, adoption is accelerating, and RPOs show growing long-term commitments.
Overall, the data points toward increasing dominance, reinforced by high switching costs, a strong product ecosystem, and consistent demand trends.
Palo Alto is a strengthening leader.