18 minute read

The Year Of The Channel

Palo

By Kyle Alspach

Advertisement

In December, a few months after onShore Security had joined Palo Alto Networks’ managed security services provider program, the Chicago-based MSSP received what founder and CEO Stel Valavanis could only describe as “manna from heaven.”

That month, onShore received the first of three highly valuable customer leads from the cybersecurity titan, all for opportunities involving the vendor’s Prisma Access offering for zero trust network access. OnShore has done far more business with other cybersecurity vendors in the past and never gotten a single lead from them, so being handed three leads in a manner of weeks, Valavanis said, “is unheard of.”

He is now expecting Chicago-based onShore’s revenue with Palo Alto Networks to more than double in 2023 from last year. And he’s got a message for other MSPs and MSSPs: “Don’t assume that big, giant Palo Alto [Networks] is out of your reach.”

In recent years, Palo Alto Networks has moved aggressively to expand its product portfolio beyond its signature next-generation firewall offerings, a move that is now creating major opportunities for a wider range of partners, executives from multiple solution providers that work with the vendor told CRN

For one thing, the cloud- and zero-trust-focused platform now being offered by Palo Alto Networks requires a lot of additional services from the channel to implement, solution providers said. Offering security to customers with distributed workforces “adds a level of complexity that you have to design around,” Valavanis said. “It’s not the same as just putting up a firewall somewhere.”

This expanded Palo Alto Networks portfolio is creating huge opportunities for high-margin growth in managed and professional services, solution providers said. For example, at Cleveland-based Advizex, the IT services powerhouse is expecting revenue from its Palo Alto Networks business to grow by 80 percent to 90 percent this year over last year, CTO Chris Miller said.

And like at onShore, the team at Advizex, No. 104 on the 2022 CRN Solution Provider 500, has seen Palo Alto Networks go the extra mile to team up on prospective deals.

Case in point: After providing some basic cybersecurity services to a large manufacturer in the Midwest, Advizex had been working to land a more extensive deal with the customer. Now, the solution provider is closer to achieving its goal after Palo Alto Networks intervened on its behalf, according to Advizex President C.R. Howdyshell.

“Palo [Alto Networks] said, ‘Hey, we know you guys. Let’s go at this together.’ And they went to the customer with that recommendation,” Howdyshell said. “That doesn’t happen with a lot of other partners.”

Palo Alto Networks executives told CRN that 2023 is all about bringing its work with the channel to the next level as it seeks wider customer adoption of its newer products, which span from cloud and application security to zero trust and secure access service edge (SASE) to extended detection and response (XDR) and automated security operations.

Among other things, this partner push will mean Palo Alto Networks CEO Nikesh Arora will be taking a more visible role in the vendor’s channel efforts. In a recent interview with CRN, Arora said that channel partners may be “surprised” by how much they see of him going forward.

“We’ve taken four and a half years to get to a place where we believe we have a robust product portfolio in the most relevant categories of today,” Arora told CRN in December at the company’s 2022 Ignite conference. That has meant spending 70 percent of his time focusing on the product portfolio, leaving other executives to worry about the go-to-market and channel strategy, he said.

“If I didn’t fix the product portfolio, it wouldn’t matter if I had a good channel strategy or a bad one, so I spent my time [on products],” Arora said, likening himself to a doctor who had to triage the damage. “People didn’t see me in the channel because I was busy fixing the broken elbow and the bleeding arm.”

Now that the portfolio he envisioned is a reality, Arora said his focus over the next three years will shift to spending 70 percent of his time “to make sure we actually take all these products to market and upsell all of our customers into a better security proposition.”

That will include a lot more involvement with initiatives that impact the channel, he told CRN. More than 95 percent of the security vendor’s revenue is generated through its partners. “[This] year is going to be all about go-to-market and the channel,” Arora said, “and they’ll be surprised to find me.”

Focus On Transformation

Formerly the chief business officer at Google and president of prominent investment firm SoftBank Group, Arora landed at Palo Alto Networks as chairman and CEO in June 2018. From the start, Arora recalled having “transformation” on his mind— transformation of the vendor’s product offerings and, over time, of the company itself.

“When I came to Palo Alto Networks, I said, ‘We have two years to transform our product portfolio. Otherwise, we run the risk of being yet another cybersecurity company which [loses relevance],’” Arora told CRN. And so in the years since, “I spent a disproportionate amount of my time focusing on fi xing our product portfolio,” he said.

Without question, the Santa Clara, Calif.-based company has reinvented itself under Arora’s leadership. In less than five years, it’s shifted from being known predominantly as an on-premises network security vendor into becoming the provider of a full platform for modern cybersecurity. The product lines that have been built out under Arora’s leadership include Prisma SASE and Prisma Access to provide secure remote access to applications; Prisma Cloud for application and cloud security; and Cortex for endpoint security, XDR and machine-learning-powered security operations.

The Palo Alto Networks portfolio today brings together numerous best-of-breed tools to form a “robust endto-end platform that can solve nearly all the issues that we’re seeing in cybersecurity,” said Mark Jones, founder and CEO of Austin, Texas-based BlackLake Security, No. 270 on the 2022 CRN Solution Provider 500. “I’m not saying that they’re the one-stop shop, but they’re very close to it.”

Jones gives much of the credit to the vendor’s leadership team and to Arora in particular: “The guy understands the market. He’s not chasing the ball—he’s well ahead of it.”

Competing players in network security didn’t move as quickly to transition to the cloud and embrace zero trust and didn’t invest in these areas as effectively as did Palo Alto Networks, solution providers said. “Over the years, they keep making the right acquisitions at the right time,” Jones said.

While the company had already begun its cloud transition prior to Arora’s hiring, including through acquisitions such as Evident.io, the pace of technology acquisition picked up after his arrival. Starting with the acquisition of cloud security startup RedLock a few months after he joined, Palo Alto Networks has completed 14 acquisitions under Arora so far, according to the company.

The series of acquisitions has endowed the Prisma and Cortex offerings with the majority of functionality that’s considered essential in today’s pandemic-altered security landscape, solution providers said.

The Palo Alto Networks platform, in other words, is “literally a single pane of glass for 99 percent of what you’d want to do on your network,” said Max Shier, CISO of Denver-based Optiv, No. 25 on the 2022 CRN Solution Provider 500. “That is pretty ground-breaking.”

In addition to choosing its startup acquisition targets wisely, Palo Alto Networks has been skillful at integrating its acquired technology into a cohesive platform, according to Chuck Crawford, senior vice president of solutions architecture at Kansas City, Mo.-based Cyderes.

“It’s one thing that we see a lot of other large companies fail at—the mergers and acquisitions of products into their portfolios tend to stay siloed,” Crawford said. “Palo [Alto Networks] did a really great job of integrating all those solutions in one place.”

Channel More Pivotal Than Ever

In recent months, Palo Alto Networks has unveiled updates to its channel partner program, NextWave, that aim to enable partners to sell more of the portfolio.

“When we look at our data, the partners who are growing the fastest are the ones that have branched out beyond fi rewalls,” said Tom Evans, who was named vice president of worldwide channel sales in December after former channel chief Karl Soderlund took a new role leading Palo Alto Networks’ North America ecosystem organization. “Our answer to [partners] is, ‘If you want to make more money, you want to sell more, you want to grow more, you want to have more opportunities to deliver services—sell the rest of the portfolio,’” Evans said.

The strategy with NextWave is to tailor channel enablement based on each partner’s business model. The program includes five distinct “paths” for partners depending on whether they’re predominantly a solution provider (focused on offering specialized expertise in products and services); an MSSP; a services partner (for consulting, professional or risk liability services); a distributor; or a cloud service provider (focused on marketplace transactions).

According to Larry Fulop, senior vice president of marketing and technology at Phoenix-based MicroAge, the move to “put a unique partner program in for each of us is a great strategy.” Given the vastly different partner types today, “I think that’s the right way to go,” Fulop said.

On the whole, Palo Alto Networks is “becoming much more specific on the solutions themselves and how partners can drive those services,” Evans said. That includes efforts to help partners with building a services practice, based on their partner type, and providing guidance about how partners can bundle together multiple solutions and compete more effectively with single-function point products from other vendors, he said.

“We’re heavily focused on teaching our partners how they can drive those solutions and how our solutions complement each other,” Evans said.

The channel program shift to encourage partners to sell a broader piece of the portfolio dovetails with the platform developments that have made Palo Alto Networks now highly appealing to the growing number of customers who’d prefer to consolidate down to fewer security vendors, according to solution providers.

Many businesses have been struggling with complexity in their security architectures due to an overabundance of tools for cyberdefense, an issue that’s referred to as “tool sprawl.” Consolidating vendors can potentially reduce this complexity while cutting costs as well. Fewer vendors also means fewer skilled security professionals—who are perpetually in short supply—are needed to learn and operate the tools.

The current customer appetite for tool consolidation is one reason why Palo Alto Networks is coming to rely more heavily on partners, Arora said.

“Our customers are realizing they need to get rid of the point products that they have in the infrastructure. They need to go toward a more consolidated solution outcome. And that solution outcome requires a transformation at each customer’s end,” he said.

Customers can’t find the security talent to do this on their own, however, Arora said. And Palo Alto Networks doesn’t have the resources to “transform every customer” either. For that work, “I need to rely on a partner. And the partner is the channel,” he said. “I need all of their support to make that transformation happen.”

All in all, “the channel is becoming more relevant in the new world of cybersecurity,” Arora said.

Helping customers to consolidate on Palo Alto Networks has been a regular occurrence lately at CDW, according to Stephanie Hagopian, vice president of cybersecurity solutions at the Lincolnshire, Ill.-based solution provider giant, No. 4 on the 2022 CRN Solution Provider 500. She cited a number of recent cases where customers added an assortment of Prisma and Cortex products when their firewall contracts came up for renewal.

Those included a customer in the gaming and entertainment industry that recently tripled the size of its contract for Palo Alto Networks offerings at renewal time. Likewise, a customer in the utilities industry recently “bought everything under the Palo [Alto Networks] umbrella” at renewal time for its firewalls, she said. In all of these instances, the teams at CDW and Palo Alto Networks were working side-by-side to showcase the value of using more of the platform, Hagopian said.

As weaker economic conditions take hold, the demand for cost-saving consolidation is only likely to accelerate, according to Jones of BlackLake Security, which recently helped an oil and gas industry customer replace multiple tools by consolidating on the Palo Alto Networks platform.

“We’re placing our bets on Palo Alto Networks as a company,” Jones said. “Because of the acquisitions they’ve made that have been so clutch, I think they are going to reap the benefits now in this environment.”

Meanwhile, intensifying cyberthreats, requirements by cyber insurance providers and increasing regulations are a few of the factors that could keep spending on cybersecurity more resilient than other areas of the economy.

For Palo Alto Networks’ fi scal fi rst quarter of 2023, which ended Oct. 31, 2022, revenue and profit beat analyst forecasts, and the company raised its financial guidance, all despite the weakening economy. Those results—including year-over-year revenue growth of 25 percent to reach $1.56 billion—led to gains in its stock price, even as other top security vendors saw their stock price sink after falling short of Wall Street expectations amid macroeconomic challenges.

Among publicly traded stand-alone cybersecurity vendors, Palo Alto Networks boasted the highest market capitalization as of this writing, at $47.96 billion.

The ‘New Perimeter’

While the company doesn’t disclose revenue by product segment, its zero trust and SASE offerings appear to be gaining the most traction with partners and customers among the newer solution set. Channel chief Evans said that right now, “SASE is definitely the No. 1 thing partners are talking to me about [for their] expansion.”

Indeed, for ePlus Technology, No. 30 on the 2022 CRN Solution Provider 500, Prisma Access and Prisma SASE are seeing the strongest customer adoption so far among the newer Palo Alto Networks products, said Lee Waskevich, vice president of security at the Herndon, Va.-based solution provider. That’s in part because implementing these solutions is a natural step for many customers that use the vendor’s next-generation firewalls but now want to provide secure remote access to distributed workforces, leveraging zero trust principles rather than VPNs and firewalls, he said.

Prisma Access includes security capabilities such as zero trust network access in place of a VPN, and cloud access security broker to protect their use of SaaS apps. Prisma SASE provides a combined security and networking offering through the addition of SD-WAN. Palo Alto Networks is considered a “single-vendor” SASE provider thanks to delivering all of the core capabilities that are needed for deploying a SASE architecture, according to research firm Gartner.

“SASE naturally lends itself to being that intermediary layer, the same way that the next-gen firewalls from before were at that perimeter,” Waskevich said. “SASE becomes that new perimeter, that new layer, where you can connect from anywhere [and get] secure access to your applications, whether they’re on-prem or in the cloud.”

The Prisma SASE platform is also tailored to meet the needs of MSPs, offering multiple capabilities specially designed for them, according to Palo Alto Networks. The company’s interest in working with MSPs—even smaller companies like onShore Security, which employs 25—is only likely to grow, according to onShore’s Valavanis.

With offerings like Prisma Access and Prisma SASE, Palo Alto Networks knows “they need some kind of service provider— not just a VAR,” he said.

“They need to be able to add on the services along the way.”

Prisma Cloud, meanwhile, provides offerings for securing applications and the cloud or hybrid cloud infrastructure that runs them. And that platform has huge potential for the channel as well, including for serving customers that operate hybrid infrastructure, solution providers said.

The cloud-native application protection platform offers capabilities such as protection for cloud workloads, container security, monitoring for misconfigurations and, most recently, security for code and the software supply chain.

“Palo Alto [Networks] made a tremendous investment in advance of cloud workloads coming into play—and in particular, the integration between hybrid environments,” said Rocco Galletto, a partner and national cybersecurity leader at Toronto-based BDO Canada. For customers with both on-premises and cloud environments, “they do a fantastic job” in providing security capabilities across environments, Galletto said.

In addition, the introduction of code and software supply chain security now enables Prisma Cloud to secure every part of an application and its associated development process—or from “code to cloud,” as Palo Alto Networks has termed it. That’s a growing priority for many organizations in the wake of critical open-source vulnerabilities such as Log4Shell and software supply chain attacks such as 2020’s SolarWinds breach.

Crucially, this type of platform balances the development team’s needs—to fit code security into their workflows—with the security team’s need for visibility into the process, said Katie Norton, a senior research analyst at IDC. Through that approach, “you’re striking that balance that’s needed to bring those two disciplines together effectively.”

Data-Driven Security

Rounding out its newer portfolio is the Cortex line of products, which includes EDR and its more recent successor, XDR.

Nir Zuk, who founded Palo Alto Networks in 2005 and remains its CTO, coined the term XDR in 2018. XDR is seen as a major step forward in thwarting cyberattacks because it brings together data from numerous security tools, devices and environments for improved threat analysis and prioritization. Attackers typically move between systems and environments, Zuk observed—and so data needs to be correlated across all of them, which is what XDR seeks to do.

While many competing vendors have latched on to XDR in recent years, Palo Alto Networks not only pioneered the concept but also remains a top provider, thanks in part to having such a broad range of its own tools that can feed data into the analytics engine, solution providers said.

The more data you have, the better your decisionmaking can be around responding to threats, and Palo Alto Networks excels at doing this with its XDR approach, according to Logicalis US’ Brad Davenport. “They were really hot out of the gate in bringing that capability to market, and that has been a huge differentiator for them,” said Davenport, vice president of technical architecture for cybersecurity, networking and collaboration at the Bloomfield Hills, Mich.-based company, No. 66 on the 2022 CRN Solution Provider 500.

Palo Alto Networks also specializes in automating the Security Operations Center with its Cortex platform. Among the vendor’s most discussed new offerings is Cortex XSIAM (extended security intelligence and automation management), which the company has touted as an “autonomous SOC” platform. Generally available as of October, Cortex XSIAM aims to rapidly detect and respond to a greater number of threats than was previously possible.

At Chicago-based Ahead, security operations tools such as SIEM have never been a focus in the past. But the Cortex autonomous SOC platform is “a very interesting play,” said Dustin Grimmeissen, senior director of technical specialists at Ahead, No. 32 on the 2022 CRN Solution Provider 500.

With the platform, Palo Alto Networks is “challenging the status quo on the traditional SIEM-SOC service using more realtime data feeds, more automation, more machine-learning-type analytics—to make decisions quicker and to automate some of the response,” Grimmeissen said.

Taken together, Palo Alto Networks is now offering a platform that can replace practically all of the major security tools, solution providers said, with just a few exceptions such as identity security.

According to Arora, the once-popular conclusion by some in the security industry that “nobody wants a consolidated platform” was premature. “There has never been one offered,” he said. “So how would you know?” In today’s security environment, “I think the market is ripe for a platform because the older [approaches] haven’t worked,” Arora said. “And if you crack that code, I think the sky’s the limit.”

His goal is to double revenue within the next three to four years, which he acknowledged would require more than 20 percent growth throughout that time frame. That’s a rate that would be no small feat to maintain as the company grows in size. Revenue for its most recently completed fiscal year, which ended July 31, 2022, was $5.5 billion, up 29 percent from the prior year.

Arora made it clear that he intends to rely on the channel for driving this ambitious growth. But in reality, there’s no other way to do it, he noted: Serving customers today is no longer just about selling them physical firewalls, which the customer could potentially set up itself. “You can’t do that on SASE. You need implementation capability,” he said. “That’s where the channel has been great in the last four or five years—transforming themselves to build that capability.”

Without a doubt, partners are “getting more solution-oriented and services-oriented. And it’s our job to make sure we have ample resources [to be] partnering with them to make sure that our strategy is amplified,” he said. “Because now our products lend themselves to more transformational [projects] with our customers, which do require a significant services capability with our partner ecosystem.”

Ultimately, Palo Alto Networks now has a platform for enabling transformation across the three biggest areas of cybersecurity today—cloud, zero trust and security operations, according to Arora.

“Our product portfolio is in place. The customers are trying to solve those three big problems,” he said. “I think the real opportunity for 2023 is to really start transforming our go-to-market capabilities to deliver that transformation to our customers.”

And more than ever before at Palo Alto Networks, he said, “the partner ecosystem is the key catalyst, enabler and amplifier of our ability to deliver those solutions.”

What is your strategy for Palo Alto Networks in 2023?

We’ve taken four and a half years to get to a place where we believe we have a robust product portfolio in the most relevant categories of today.Whether it’s cloud transformation with Prisma Cloud, whether it’s network transformation with our zero trust capability across hardware, software, SASE [secure access service edge]. Or it is the beginning of the SOC [Security Operations Center] transformation strategy—to take people to more real-time protection, from what I think is reactive protection. So our product portfolio is in place. The customers are trying to solve those three big problems. I think the real opportunity for 2023 is to really start transforming our go-to-market capabilities to deliver that transformation to our customers. And I’d say the last three or four years, I’ve spent 70 percent of my time on product to get our portfolio working with [Chief Product Officer] Lee [Klarich]. And the next three years I’m going to spend 70 percent of my time with [President] BJ Jenkins to make sure we actually take all these products to market and upsell all of our customers into a better security proposition.

What’s your long-term vision for the channel?

The channel is becoming more relevant in the new world of cybersecurity. The reason is our customers are realizing they need to get rid of the point products that they have in the infrastructure. They need to go toward a more consolidated solution outcome. And that solution outcome requires a transformation at each customer’s end. But customers don’t have the resources. We’ve heard about the cybersecurity [talent] shortage. So they rely on somebody else. I don’t have the resources to go transform every customer. I have resources to build great products. But to create that transformation capability, I need to rely on a partner. And the partner is the channel. And the channel—[whether it’s] the system integrators, the traditional channel partners, the [service providers] as well as [cloud service providers]—I need all of their support to make that transformation happen. … They’re more important because it’s no longer selling a box that the customer needs to implement. In the past, we sold boxes. The boxes were taken by the channel and delivered to the customer. The customers typically had some of their own engineers or channel support to do the deployment. You can’t do that on SASE—you need implementation capability. You can’t do that on [managed detection and response]. You need managed services capability. That’s where the channel has been great in the last four or five years—transforming themselves to build that capability.

Since joining Palo Alto Networks, how involved would you say you’ve been with channel-related issues? How would you respond to those who suggest you haven’t been very visible in the channel?

When you are a triage doctor and somebody rushes in and they have a bleeding arm and a broken bone—you focus all your attention on the bleeding arm and the broken bone. You don’t pay attention to the eczema they have on their leg or other issues that are not as urgent. When I came to Palo Alto Networks, I said, ‘We have two years to transform our product portfolio. Otherwise, we run the risk of being yet another cybersecurity company which [loses relevance].’ I spent a disproportionate amount of my time focusing on fixing our product portfolio. Think about it—we built SASE, we built Prisma Cloud, we built Cortex. I had to learn the product industry to be able to make those decisions and buy those things … I let BJ Jenkins, [Chief Business Officer] Amit Singh, [President of North America Sales] Rick Congdon, [Senior Vice President of Ecosystems] Don Jones worry about go-to-market and channel. Because if I didn’t fix the product portfolio, it wouldn’t matter if I had a good channel strategy or a bad one. So I spent my time there. People didn’t see me in the channel because I was busy fixing the broken elbow and the bleeding arm. Now, as I said, the next year is going to be all about go-to-market and the channel, and they’ll be surprised to find me. But once you have the best product portfolio, then you can go spend your life trying to sell it to all the customers out there. If I’d focused on channel and we didn’t have the products we have today, we’d be having a different conversation. You’d be asking me how I am going to compete on firewalls with Check Point and Fortinet and Cisco. 

This article is from: