Interview: Palo Alto Networks' founder and CTO, Nir Zuk

Palo Alto Networks' CTO and founder, Nir Zuk, wants to see disruption in the network security market.

Palo Alto founder and CTO, Nir Zuk, is a network security luminary who certainly doesn’t pull any punches when it comes to boxing his company’s rivals – after all, he has worked for most of them, and didn't enjoy the experience.

Following a stint in the Israeli Defense Force’s Electronic Intelligence arm working on packet filter technology, he worked for Check Point before quitting to found Onesecure. Onesecure was unique in that it looked at security from an intrusion-detection and prevention perspective. Onesecure was then acquired by Netscreen, which in turn was acquired by Juniper Networks.

It’s safe to say Zuk’s credentials in the network security market are solid, and he has successfully led his new company, Palo Alto Networks, to 40 per cent year-on-year growth and a successful IPO in 2012, on the back of its unique next generation firewall (NGFW) technologies.

Whereas most of its rivals have a blacklist/whitelist approach to firewalls - which sees programs such as Facebook, Salesforce and DropBox blocked (or allowed carte blanche, risks and all), Palo Alto’s systems can actually parse apps, in real time, like an email, and determine risks, as well as blocking/allowing certain feature sets. For example, instead of blocking employee access to Facebook outright, you could just monitor and block certain features such as chat – a far more flexible arrangement for IT manager, and general staff.

Zuk took the time to discuss with ARN his outlook on the company’s rivals, its new acquisitions and plans for 2014 onwards.

Allan Swann (AS): How is Palo Alto approaching its Channel sales program in Australia?

Nir Zuk (NZ): All over the world our philosophy has been to work with select partners who are looking for quality, not quantity. We have a great relationship with all our Australian distributors, and are 100 per cent channel, 100 per cent indirect. Our sales people are there to help the channel, and we run all our business through that.

AS: How has the company been growing over the past year?

NZ: We’re growing at about 40 per cent per year, about as fast as everyone else in the market combined. We have much better technology. Because if you look at the traditional firewall vendors in the market, they all have the same products, the same features, they only compete on price. Our partners can now compete on features, which means they can make better margins.

We offer a newer product, with newer capabilities, which requires more support from the channel in terms of professional services, such as integration.

It helps our partners drive revenues around services, not just around margins on products. Combine that with the fact that we’re not over distributed, and we work really hard to ensure our partners are protected. We want to take good care of them. It’s a disruptive technology, it’s a big new market, and it’s a big opportunity for partners.

AS: So what makes you think your rivals are struggling to keep up?

NZ: To do what Palo Alto networks do you have to start afresh. From scratch. A bunch of our competitors are really just putting lipstick on a pig. If that worked, then these other vendors would've been growing like us. Juniper is shrinking by 20% year over year, Check Point is more or less flat.

They are all trying to take existing products and retrofitting them, and that doesn't work. You cannot take a product that was simply designed to block things, and suddenly get it to allow things dynamically. There is a huge difference between the two, it isn't just a switch you flick.

AS: If you are moving so far ahead, is there a concern that one of your larger rivals may come in and attempt to acquire you?

NZ: As a publicly traded company, we are, by definition, up for sale. But there is no appetite for that from us. We want to stay independent of these big vendors. Some of us have had experiences with Juniper, some of us had experiences with other big vendors – it wasn't fun. We think we have a lot to do on the product side. I still think there is a lot to be done on the sales and marketing side. It will be better if we stay independent.

AS: Tell us about Palo Alto’s first ever acquisition, security start up Morta?

NZ: It was mostly a technology and talent acquisition. Morta has come up with some very unique techniques and algorithms for tracking bad guys. They have some very sharp people working for them, and we wanted them to work for us and bring their technology. We've said many times in the past we are looking for these kinds of acquisitions. We aren't about acquiring for revenue boosts.

AS: So this wasn't a response to FireEye’s acquisition of Mandiant?

NZ: Unlike FireEye we aren't about acquiring for professional services. We believe our partners need to provide professional services to our customers. We are 100 per cent channel and don’t want to compete against that.

We think of Mandiant as the ‘ghost busters’ of the security industry. If you wake up in the morning and find that your intellectual property or your customer information has ended up in another country – you pick up your phone, call your local ‘ghost busters’ and they do a post mortem. They show up, start billing you $500 an hour, for six months, looking for how it happened.

At Palo Alto, we think that if your source code has ended up in China, then you’re already kinda of screwed. You might want to stop this before it happens. We think this is the kind of problem that needs to be done with technology, not with more people. It’s just not scalable.

AS: What are some of the emerging technologies you’re picking for 2014?

NZ: There will be more focus on how security is deployed in a virtual datacentre. Part of it will be virtual firewalls, which we will sell better in 2014. But I think that will just be a small piece of the puzzle. The bigger focus will be the move of security to the virtual datacentre, and its integration with SDN.

Another area of focus in 2014 will be the integration with the end point. There are risks you can detect on the desktop much better and there are things at the endpoint you can detect much better. There needs to be much better integration between the two. All of these involve service provision by our partners.

AS: What are some of the longer term goals for the company?

NZ: Network security remains a huge market, its currently an $US11 billion market and it will soon be $US15-16 billion in a few years. Our market share today is less than 10 per cent. So there’s a lot of time for us to grow in that market, and we’re keeping our focus here.

Our goal is to continue to grow much faster than the market. Faster than our competitors. Juniper and Cisco talk a lot – we don’t, and we’re growing 40 per cent year over year.

AS: Can you maintain it?

NZ: I hope so. But the goal is to grow faster than the market and our competitors, and that is a goal we can make. We've been doing it for a long time and we can keep doing it, and we want to keep doing it.

Allan Swann is a Senior Editor at IDG Communications Australia. Follow Allan on Twitter @allanswann, and at Google+.