Fatima Boolani: Good afternoon, and thank you for taking my questions. Either for Nikesh or Dipak, some of your pipeline commentary is what I wanted to unpack. As you think about the composition of NGS ARR for the remainder of the year and bearing in mind some of your product pillars are, you know, I’m not going to say maturity, but certainly they are more penetrated than others, so I wanted to get a sense of how you’re thinking about contribution by pillars? Your ARR expectations for the year and to the extent, anything there has changed and I recognize that you love all your product pillars equally, but any distinguishable –
Nikesh Arora: It’s very kind of you to remember prior answers, but I’ll try to give – I tried to give a preview of that in our prepared remarks where I said we continue to see steady execution and hardware endpoint and cloud, so they’re following expected trajectory. We see the pipeline and I said the excitement and upside is coming out of SASE and XSIAM. And we see that there are large SASE network transformation deals out there, which these things have anywhere from six months to 12-month closing cycles. So we would have to know what’s in the pipe for the rest of the year. Do you have some sense of comfort? We also said we grew that business 60% in the first quarter on SASE. We already – we cannot gush enough about XSIAM as you know so far, so the billion-dollar pipeline, we’re hoping will close in that six to nine months.
Interestingly, XSIAM pipeline closes faster than SASE pipeline deals, because SASE is often very competitive. There are POCs involved. There are future comparisons between us and one or two other companies. In the case of XSIAM, you’re really competing with the incumbent.
Fatima Boolani: Helpful. Thank you.
Walter Pritchard: Great, thank you, Fatima. Next question is from Joel Fishbein at Truist, followed by Joe Gallo at Jefferies. Joel, go ahead with your question.
Joel Fishbein: Thanks for – thanks for taking the question. This is for Nikesh and Lee. Nikesh, you called out the recent ransomware attacks and also the SEC new requirements. I’m curious, number one, is there – is that helping to drive business and what products essentially would that be driving Palo Alto and why you’re sort of in a unique position to sort of address some of these issues?
Nikesh Arora: Yes, so that’s interesting, Joel. Let me connect that to something we announced yesterday. So first of all, I said, the activity is at an all-time high. Every day you read about ransomware attacks, now the SEC regulations are actually not kicked in yet. I think they kick in December. But you’re seeing some companies go out there and start to do sort of self-report in anticipation because they’re all petrified, of course, when you get attacked. So I think you’re going to see more and more disclosure and we’ve be trying to parse, is it more activity or more disclosure? That’s a good question. I think it’s more activity. We’ve seen more and more activity. Our team does a research. We’ve had the maximum number of inbounds to our Incident Response Team in the last month than we had before.
So clearly, anecdotally also, it’s sort of come true that this is what’s happening. Now, typically, the anatomy of an attack for us from our vantage point is that when we get engaged in incident response, typically, we go and we deploy a production sort of suite, where we go in and put XDR everywhere and we’ll go run a bunch of analytics to make sure we understand what happened and where there is sort of the – that access may be still be resident in a customer’s infrastructure. Now, typically when you do that and we leave, they don’t want us to leave with our stuff, they want us to be one step back in case the guys come back. So from that perspective, you know. The incident becomes a need unfortunately because of these act, but it because the lead for us and that creates a whole bunch of product conversation around whether we’re going to deploy endpoints, whether we need to upgrade their firewalls or whether they need to go down a cybersecurity transformation.
I’ll tell you nine times out of 10, every one of those customers ends up in the cyber security transformation because they discover that they have a lot of stuff that they should have upgraded or changed in that process. So that’s kind of what happens. Those are the products, which typically end-up those customers.
Lee Klarich: Maybe I’ll just add one point, Nikesh described the multi-extortion ransomware attacks being on the rise, 37% increase, the key to that is, a lot of companies sort of become used to, call it, normal encryption-only ransomware attacks. So they invested in backups so that when that happens, they backup from a green backup and they’re back and operational. These multi-extortion attacks actually steal data and then extort the target, and so this can’t simply be dealt with backups and this is driving a need for a better and greater investment in prevention of the attacks and not just the recovery cycle. So that connects the sophistication to the investment needed as well.
Joel Fishbein: Thank you.
Walter Pritchard: Great. Next question from Joe Gallo at Jefferies, followed by Gray Powell of BTIG. Joe, go ahead.
Joe Gallo: Hi, guys, thanks for the question. You’ve made several acquisitions further bolstering Cloud, congrats on that 12th module. Nikesh, when do you think the platform message truly cement itself in that market as it currently feels like the Wild West and then has the pricing environment stabilized there at all?
