The cybersecurity battleground is shifting, and the stakes have never been higher! ⚠️
Palo Alto Networks Chairman and CEO Nikesh Arora joins hosts Patrick Moorhead and Daniel Newman at RSAC 2025 to explore the industry’s evolution and the critical strategies for navigating the escalating threat landscape. Get their take on the future of cybersecurity and the essential steps organizations should take to stay ahead of the curve.
Key takeaways include:
🔹Escalating Cyber Threats: The cybersecurity landscape is marked by increasingly sophisticated attacks, necessitating a shift towards more proactive and adaptive defense mechanisms.
🔹The Need for Real-Time Security: The industry is moving away from traditional, batch-oriented approaches to embrace real-time threat detection and response capabilities.
🔹Platformization is Essential: A unified, integrated security platform is crucial for simplifying security management and improving overall effectiveness.
🔹Proactive Security Strategies: Organizations must adopt a comprehensive and proactive approach to security to effectively combat modern cyber threats.
Learn more at Palo Alto Networks.
Watch the full video at Six Five Media, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Or listen to the audio here:
Disclaimer: Six Five On The Road is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.
Transcript:
Patrick Moorhead: The Six Five is On The Road here in San Francisco. We are attending the RSA conference. We are in the Palo Alto Networks suite. Daniel, the conference so far has been exactly kind of as you had expected, right? A lot of discussions about what the new threats are, what that means in the age of AI.
Daniel Newman: Yeah, it’s cybersecurity’s biggest week here and it’s a huge moment. I mean the world is in a complete rebalancing. We know that there is a lot going on, we know that AI has been a multi year trend, but we’re kind of seeing a convergence of forces. And as cybersecurity becomes more and more in the spotlight, as data proliferates, as the needs for global economies and nations to pay attention to how we protect the data, protect their citizens, this week really marks an important moment every year, but it becomes more important every year.
Patrick Moorhead: Yeah, it does, Dan. And as we’ve seen historically, every single major change and whether it was client server for mainframe and minis, social, local, mobile, all the way to this new age, there’s always this new, the new threat that comes out. And it’s not your imagination, everybody out there, it is a much more dangerous place. And whether that is nation states investing in this, whether it’s AI using AI to come in and attack, it’s all up for grabs at this point. And enterprises need stable, stable technologies, they need platforms to be able to do it more, more simply. And I can’t imagine a better person to discuss this than Nikesh. Welcome to The Six Five.
Nikesh Arora: Thank you very much guys. Great to have you at the Palo Alto, you know, temporary suite.
Patrick Moorhead: Well this by the way, this is the way to do it. I’m a professional event attender, but this is the way to do an event.
Nikesh Arora: Yeah, we hear there’s an event going on.
Daniel Newman: Yes, I heard the rumor, but this is where you all want to be here. Unfortunately you’re not, but you at least get to be here with us at the moment. Nikesh, big morning. I mean look, we’re here, we wake up, we’re getting the feeds blowing up. You’re buying companies, you’re launching platforms, you’re expanding. Just start us off with kind of the big moments of the big week for Palo Alto Networks.
Nikesh Arora: Well look, as you guys said, we are at yet another technological inflection point. You talked about data, you talk about AI and when you look at the last 12 months, the total explosion in the amount of investment that is going towards this idea of deploying AI on an enterprise basis, has been amazing. It hasn’t happened before in terms of scale and scope and size as the amount of dollars being invested. Now, let’s assume a lot of these dollars will be successful in the investment. Which means you have to try to paint a picture of the future. Three to five years from now, what’s going to happen? Right. In that scenario, you can imagine that every company has got some element of data to your point, data being used, AI being used to make better decisions, faster decisions, AI being used to do a whole bunch of repetitive tasks or even some non repetitive tasks and innovative tasks. So if you believe that, that means, you know the deployment of technology is going to continue at a very rapid pace. And the more technology you deploy, the more you gotta make sure it’s deployed in a protected fashion. In that regard, our reason for existence is that we have to make sure that our customers can go on and do what they need to do while they rely on us to secure them. So we have to get ahead of the curve, anticipate these scenarios and devise the platforms needed to secure the future.
Daniel Newman: So acquire Protect AI, launch expansion to your, to your platform. I mean, what’s the, what was the, what kind of got you most excited this morning of the, what four releases you put out?
Nikesh Arora: Yes. Well, look, I think part of what’s important is the risk companies have. And I say companies in the broader sense. The risk you have is that you say, wow, I won the last round and you start to rest on your laurels and you realize the moment you do that, the world moves on, the next technology wave comes up and then suddenly you have four new competitors to contend with. So in our world, the more we do better, the more paranoid we are. And from that context, I think what I’m most excited about is A: making sure that we get this AI thing right. And we learned from our Prisma cloud experience. We built a cloud platform, we could have done two things better. This time we’re saying we’re not taking any prisoners, we’re going to do this even better. So we’re maintaining what I call the brain buy and build strategy. It’s not a buy strategy, it’s not a build only strategy, it’s a buy and build strategy. And if you look at it, this morning we announced the acquisition of Protect AI. And if you look at the challenges in AI, right, it’s not just the, you talked about a little bit of the bad actors using AI to get in faster, but the challenge of deploying AI is you’ve got to worry about the data. Now you’ve got to worry about the supply chain risk of AI. You have to worry about protecting AI in runtime. And for the first time, you gotta watch out what it does right, because in the past you wrote an application, you knew the application was gonna behave rationally. Now you have a risk that this AI thinker will build a mind of his own and do something. So you gotta watch out what is doing as well.
So there’s a whole new series of security challenges. And if customers want to deploy this right, you gotta give them something that is simple and stitched end to end so they don’t have to go bandy together with 10 different solutions, stitch it together and hope to get it right. So from that perspective, I’m really excited that we’re taking a very, very assertive and aggressive view and strategy on building the, what we call the AI runtime security platform. So we’re announcing Prisma Airs as our platform. I think on the other side, if you go back to, you know, the constant innovation and I’d say transformation of cybersecurity which has been going on there, we’re noticing finally our customers are beginning to understand the value of security data. If you look around and walk around RSA, you’ll see there’s a whole bunch of companies which are sprung up which want to tell you how to optimize your data, use it better, make it more real time. But I mean, I’m sure there’s going to be debate as to what are the most important words at RSA this year. And I’ll tell you, the two are. I’m sure you could hear a lot about AI, whether it’s agentic or regular. I think the hidden word is going to be real time, right? Because security has been sort of somewhat non real time. There’s real time. When I know a bad thing, I can stop it, but everything else happens non real time. The problem is the bad actors are going to get to more and more real time with this deployment of AI. So we’ve got to get as close to real time as we can. And in that context, I think databases are important. And that’s why you see some of our other releases which point to the fact that we have to get more real time. We have to leverage the data much faster, we have to stitch things much faster.
Patrick Moorhead: Nikesh, you talked a little bit in general about where this goes the next three to five years and there are certain milestones. You know, there’s real time and there’s, for lack of a better term batch, non real time. Okay, I know it’s not “batch”, but.
Nikesh Arora: It should come up in different ways.
.
Patrick Moorhead: Exactly. Well, I did talk about mainframes.
Nikesh Arora: That’s right, yes.
Patrick Moorhead: There we go.
Nikesh Arora: Look. I learned how to code an ICL 1904.
Patrick Moorhead: I did COBOL. So there we go. And punch.
Nikesh Arora: I wasn’t born yet. This is supposed to be a progressive forward thinking.
Patrick Moorhead: Exactly right.
Nikesh Arora: Let’s make sure.
Patrick Moorhead: I’m going to get there. I’m going to get there. So talk a little bit in general. What is the three to five year- I don’t want to call it a roadmap, but your customers have to be thinking, how do I get there?
Nikesh Arora: Yeah, but I think, look, it’s what’s fascinating if you think about cybersecurity as an industry. How old do you think we are?
Patrick Moorhead: I mean, I think it goes back to the punch card days of.
Nikesh Arora: No, not really. See, the cybersecurity wasn’t a thing when you were in a closed loop environment with punch cards and mainframe.
Patrick Moorhead: Steal those tapes.
Nikesh Arora: Yeah, exactly. It was a kind of sneaker net. Right. You could do that. But the point is, it’s really when we started to see mass connectivity, the moment we started doing apps. And every company is rushing out to build an app that their consumers can access. And the moment that happens, you start to open the doors to your data center, your infrastructure to effectively every customer of yours. When that begins to happen, the attack surface explodes. So believe it or not, we’re about a 20 to 25 year old industry. It’s one of the youngest industries in technology, barring AI. Right. So if you think about it that way, it has to go through stages of, for lack of a better term, we say “platformization”. Right. Because today the solution is there are 40 solutions in a company and the CIOs and CISOs are busy stitching security solutions together, which is not their day job. That’s kind of like what needs to be done so that they can do their day job security is 5%, 8% of spend in technology in a company and it’s going to take twice the effort. That makes no sense. So I think the way we’re going to see it is you’re going to continue to see, I’d say you people call it consolidation. I call it “platformization” because I think there’s a deep technical need to connect it. And until we get that deep connectivity, until we get multiple things working together and the customer says, great, I can deploy, you know, 1, 2, 3 platforms and I’m done. I mean, think about it. I mean, how many, how many CRM systems do companies have? More than one?
Patrick Moorhead: 1.2.
Nikesh Arora: 1.2. Right. That’s not a bad place to be. Right. How many HR systems do you have typically?
Patrick Moorhead: Yeah, one, but let’s not talk about ERP generally.
Nikesh Arora: That’s going to go away later.
Daniel Newman: Way more applications than you even know.
Nikesh Arora: That’s right, yeah. So we need to see that happen in the next three to five years. We need to see the stuff come together. I think the thing that will bring them together is data because you can’t replace every sensor, every edge, sort of parameter, or security point product in a short period of time. Because if you think about it, there’s possibly a trillion dollars or more of security, I call it planned. Right. People have spent more than a trillion dollars on buying security products in the last 10 years. If you’re going to say that all that needs to go to an upheaval, it’s not going to happen overnight. But can we get it done in three to five years? Hopefully at twice the effectiveness and half the price? Yeah.
Daniel Newman: Yeah. We had a great conversation with Nir recently. So he joined the show and now you’ve joined the show and you know, he was really–
Nikesh Arora: Did he say what I’m saying or am I, am I in line with our.
Patrick Moorhead: In the same constellation?
Nikesh Arora: That’s important.
Daniel Newman: I’ll let you know if you miss by a lot. All right, but.
Nikesh Arora: Or your listeners will.
Daniel Newman: Yeah, they will definitely let us know.
Nikesh Arora: All right.
Daniel Newman: But you know, he was very focused on kind of everything moving out to Cloud, out to AI. You know, he very much was kind of like Endpoint Security. No, I mean, you know, and he’s very, he has a very enthusiastic founder mentality.
Nikesh Arora: Nir has never had a doubt.
Daniel Newman: Yes. Really believes. But, but it was, it was very aligned to what we’re seeing. What I’m seeing you’re doing in terms of how you’re the “platformization” and in this game, you know, you must have.
Nikesh Arora: Worked in the same place.
Daniel Newman: Yes, right, absolutely. In this game.
Nikesh Arora: Right.
Daniel Newman: It’s all about not just what you’re doing now, what you announced today, but it’s all about setting yourself up that in 12 or 24 months because let’s face it, two, three years ago, most people, you may have, but most people didn’t see how quickly Generative was going to happen. They didn’t see Agentic coming on. We certainly didn’t see $325 billion of Capex being spent for Something that, by the way, we’re only consuming a fraction of so far. This all happens. Your job, right, is to figure out how you stay ahead of this?
Nikesh Arora: Yes.
Daniel Newman: So very curious, kind of, you know, the “platformization”. But like, what is the sort of strategy that you see that’s going to enable PALO to not only be the world’s largest security player.
Nikesh Arora: Yes.
Daniel Newman: You know, but to remain relevant and to actually stay ahead and be critical as this trend proliferates.
Nikesh Arora: That’s a great question. I think that’s a very good question and I don’t think there’s a perfect answer. And that’s why you see us, look, we know at a macro level what our customers want. They want better security, they want a better price, they don’t wanna spend too much time stitching it together and they want great outcomes. Now, as we go through this journey with our customers, and you saw us pivot about two years ago almost now where we said, listen guys, let’s focus on a longer term strategy with our customers which brings this consolidation and “platformization” together. So now we have our network security platform, I call it, and our sort of, you know, incident response cloud cortex platform. And what we’ve discovered, that conversation becomes very, very interesting and real, very, very quickly with our customers. They want that now to stay nimble, to stay the largest cybersecurity company. Our job is to keep our ear to the ground very closely with our customers because they’re actually driving the demand of what needs to happen, what their needs are. At the same time, we have to keep an eye on technology and at some point in time we might disagree with our customers point of view, like, you know, give me a faster chariot. No, that’s not the answer. You’re going to have to use the car. So at some point in time we do get into those debates, but it’s a combination of working with their customers, delivering the solutions they want, keeping an eye on technology and at the same time having humility. It’s a strange word to use in the context of cybersecurity. The reason I say that is that look what we did this morning, we’ve been attacking, no pun intended, a certain track towards solving the AI security problem. And we keep our eye on the market. We saw Protect Plus solving a different part of the same problem and say, listen, it’s going to take us six months to be able to replicate what they do and they’ll be further ahead than us. Why don’t we bring it together? So I had a wonderful conversation with Ian, who’s the CEO of Protect. And he’s a smart guy. He got it. He’s like, yeah, I get it. I said, you want to play in the big league? The way to play in the big league and solve this problem for all of our customers to put it together. And lo and behold, you know, fruitful discussions and we followed our playbook in terms of how we do these things. We sit down together, have a joint vision as to what needs to happen, put some product people together and know what they’re doing, see how this is going to come together. And here we are now. Doesn’t mean this is the end of the journey because I still think there’s a lot of stuff that still needs to be figured out. How do you secure agents? As soon as I see one, I’ll let you know.
Daniel Newman: Exactly.
Patrick Moorhead: Yeah, there’s a lot of challenges that go into that. I mean, primarily there are themes that are in all of tech and one of them is this best of breed point solution. And then there’s platforms, there’s suites, there’s end to end. I think you answered it without specifically answering this question, but I think what I heard was that the way you balance this between where you would put R and D. You listen to your customers. Sometimes customers don’t know exactly what they want as a product, but you understand their outcomes and then you build to the outcomes. Are there any other things that go through this quote unquote best of breed versus platform that you have to make?
Nikesh Arora: I think the biggest change we’re going to see in the next three to five years is the shrinkage of the best of breed. And I say shrinkage because I’m not saying elimination because there’s a lot of best of breed out there that might have made sense three, four, five years ago. I think it’s commoditized, I think it’s normalized. I think it sticks one way, half a dozen the other. Is my ADR better than yours? There’s four or five of them. They’re pretty good. So the question is, do I really need to specialize and take one and then spend my life stitching it together or do I take one as part of an integrated platform? So I think you will see as you know, best to breed makes sense in the first 24 to 48 month cycle. Does that best to breed eventually lead to a platform? If it does, great. If it doesn’t, it’s time to go and be part of a platform. So you see that kind of begin to happen. I think the industry is still operating in the best of breed mode. So you see tons of companies getting funded. I think a lot of them will not see a positive outcome or not think that that’s not a light at the end of the tunnel. So the situation. So I think you’re going to see that shrinkage happen because you’re going to see a lot more platforms evolve. I think that’s a long game. That’s a long game because customers cannot, cannot feasibly put this stuff together. I think as I said earlier, the key sort of Eureka moment is data. Right. Can you collect that data, analyze it? And I think one of the things we announced is we have what I call Cortex XI for incident response which we saw phenomenal success in. It has been way past my expectations, near as the company’s expectations and we’re just turning on what we call Cortex for peacetime because we discovered when we collect so many terabytes of data for our customers. I get all the data for peacetime too. Yes. While I only focused on incident response and wartime. So I think that’s sort of giving us this idea that we can actually consolidate a whole bunch of best of breed capabilities into the peacetime capabilities of our platform.
Daniel Newman: Your future I don’t think is so much point players. I mean look, there’s always disruptors, startups, some of them become your Protect AIs and you acquire them, which is great. That’s a great place for innovation to be developed and those small, nimble, fast.
Nikesh Arora: Oh by the way, we love the venture industry funding innovation across the board. So all ideas are explored. We don’t have the resources to do that ourselves. So thank you.
Daniel Newman: Absolutely. On the other side of it, of course, the big cloud players, you know, if I’m trying to envision where competition actually comes from because you’ve been so successful, you’ve grown so quickly, you’ve become such a dominant player in the space. It’s actually it seems and if Nir was correct about it all really being in the cloud and everything happening, the multi cloud is that the. It is the. It’s the Googles and they’re your partners too. But like is that where competition comes from in the future? Is it going to be that platform? Because security has always set off in this little island but increasingly it is all. It’s data, it’s security, it’s AI, its application, it really all comes together. So where does that come from?
Nikesh Arora: That’s a great question, Dan. Look, I think it’s a phenomenal question. First of all, you know they’re the 800 pound gorilla. So it’s a joke like where does the 800 pound gorilla sit? Whatever it wants. So I can’t say that they’re not going to be in security. Now what we’re relying on, on a few factors. First, remember we’re still about 8% of the product business insecurity so we’re still used to losing 90% of the time. So we’re okay. Or I can get from 8 to 30, I’ll be very happy. So this is a good start. The trend is our friend. Okay, let’s stick there. I think the second important part is I worked at one of these companies, you know, and invariably as good as you try to be, if you have your own thing, your products always work better with your thing. Right. That’s the beauty of Palo Alto. We don’t have our Palo Alto cloud. Right. We’re effectively Switzerland for sort of biases. Right? We have no biases. We will try and make it work perfectly well on every cloud instance out there, every data center out there because we don’t deliver those capabilities. So from that perspective, whilst we may be the consolidator and not the dominant is a bad word. But the most beloved large security company I think outside of that for us was what’s important is we need to maintain that independence, that unbiased nature that we can deliver across all these platforms in a consistent way. That’s kind of what we believe allows us to go out there and convince customers that they don’t want to get beholden to one stack because it is a multi cloud world. So should I buy security for every cloud and then spend my time stitching that now instead of the best of breed I used to buy in the past? The last thing I’ll say is that when you have a 90% or 95% of business which is called AI and cloud and 5% business security, how much time are you spending on the 5%? Hopefully less than 5%.
Patrick Moorhead: Yeah, makes sense.
Nikesh Arora: That’s all we do every morning when we wake up, we don’t worry about whether you’re going to use a large database or you’re going to use my LLM. All I spend our time on is saying how do we secure it when you use it. Yeah.
Patrick Moorhead: So Nikesh, final question.
Nikesh Arora: Yes sir.
Patrick Moorhead: Again, thank you for this time. We talked to a lot of CEOs and I mean you just turn on TV, CNBC.
Nikesh Arora: Yes.
Patrick Moorhead: This economic uncertainty. I’m curious how you’re balancing your investments versus the uncertainty.
Nikesh Arora: That’s a great question. Look, I think I think part of you, you’re seeing a dichotomy, and you kind of just illustrated that by saying there’s $350 billion plus of investment going on in AI. That doesn’t seem to be impacted by any economic uncertainty. In fact, it’s sort of. It’s an arms race to try and get it done quickly so we can deploy it. So I think on the one hand, you’re seeing the technology train is running at warped speed, and you got to get ahead of it, try and make it happen. On the other hand, there is a little bit of uncertainty, I would say, right now because of the whole tariff conversation. But, guys, we powered through a pandemic. You and I were sitting here at the beginning of the pandemic, we’d be worrying about the same things and look back and say, oh, my God, that was one of the best opportunities. Had I known what was going to happen, I would have put my money in the right places. So I think it was the same point. Will we get through it? Of course we’ll get through it. And at some point in time, you know, you’ll get used to it. Whether the answer is 10%, the answer is 5% or 25%, I don’t know. I try not to worry about things I can’t control. So from that perspective, I think we’re all getting used to the notion that this will find some new level of stability, and when that new level of stability will be found, we’ll be all worrying about something else. Until then, it’s fun to worry about this, but I can’t control it. Don’t worry about it. Focus on your business and it’ll sort of build power through on the other side.
Daniel Newman: What do we go on TV and talk about if there’s no chaos? Someone showed me a chart the other day, and it was basically always a reason not to invest. And it just shows a chart just up and to the right, that there’s always a reason at every different point. It’s the S and P just running up into the right, up into the left. Nikesh, thank you so much for joining us here on the Six Five. It’s been great to have you.
Nikesh Arora: My pleasure. Thank you for having me. Good luck with it.
Daniel Newman: Thank you. And thank you everybody for tuning in to this episode. We appreciate you so much. Hit subscribe. Be part of our Six Five community. So many great conversations here. But for this show, for Patrick Moorhead and myself, it’s time to say goodbye. We’ll see you all later.
Author Information
Daniel is the CEO of The Futurum Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise.
From the leading edge of AI to global technology policy, Daniel makes the connections between business, people and tech that are required for companies to benefit most from their technology investments. Daniel is a top 5 globally ranked industry analyst and his ideas are regularly cited or shared in television appearances by CNBC, Bloomberg, Wall Street Journal and hundreds of other sites around the world.
A 7x Best-Selling Author including his most recent book “Human/Machine.” Daniel is also a Forbes and MarketWatch (Dow Jones) contributor.
An MBA and Former Graduate Adjunct Faculty, Daniel is an Austin Texas transplant after 40 years in Chicago. His speaking takes him around the world each year as he shares his vision of the role technology will play in our future.
