Governance & Risk Management
,
Network Firewalls, Network Access Control
,
Security Operations
Palo Alto, CrowdStrike, Zscaler Eye Firewall, SIEM Replacement, Incident Recovery
Three of the world’s largest pure-play cybersecurity vendors recently reported earnings, grappling with SIEM and firewall displacement opportunities along with rebounding from a massive outage.
See Also: How to Take the Complexity Out of Cybersecurity
Palo Alto Networks continues to reap the benefits of buying IBM’s QRadar SaaS business to drive sales of its XSIAM SIEM replacement technology, while Zscaler is for the first time positioning its zero trust platform as a firewall replacement for large enterprises and U.S. government agencies. CrowdStrike, meanwhile, retained customers following its July 19 outage but experience delayed closings and fewer new deals.
Here’s a look at how Palo Alto Networks, CrowdStrike and Zscaler fared in their most recent quarter:
SIEM Replacement Sizzles as QRadar Customers Flock to XSIAM
Palo Alto Networks plans to capture a substantial share of the SIEM market, with the Silicon Valley-based platform security titan onboarding more than 550 IBM SaaS customers and establishing a pipeline worth more than $1 billion, said CEO Nikesh Arora. He said Palo Alto Networks will ride its $500 million buy of IBM’s QRadar SaaS business to become a top-three SIEM player globally within a few years.
“There’s a new breed of SIEM players that is fast coming in to replace these legacy SIEMs,” Arora told investors during the company’s Nov. 20 earnings call. “I think we’re going to go through a SIEM replacement cycle like what we went through the endpoint replacement cycle from Symantec and McAfee to the XDR vendors. I think it is a moment of SIEM now for the next five years.”
Arora highlighted the disruptive potential of Palo Alto Networks’ XSIAM product to replace legacy SIEM systems, saying that integrating SIEM and XDR together will drive cost savings, improve security posture and accelerate response times. Deals involving XSIAM showcase its ability to consolidate tools, lower operational costs, and reduce detection and remediation times from four days to four hours, Arora said.
Large-scale platform deals, such as a $50 million transaction with a major technology firm, included the replacement of multiple SIEMs from rivals and the addition of Palo Alto Networks’ SD-WAN offering to a bundle that already included XSIAM and XDR, Arora said. By combining data from both SIEM and XDR, Arora said Palo Alto customers can achieve faster, more accurate responses to cybersecurity threats (see: Nikesh Arora on Why Palo Alto Networks Is Buying IBM QRadar).
More than half of Palo Alto Networks’ XSIAM pipeline is outside the United States due in part to the IBM QRadar customer base spanning multiple continents, Arora said. By leveraging IBM’s migration services and integration expertise, Palo Alto aims to ensure a seamless transition for customers. The partnership with IBM includes joint meetings, collaborative planning and shared execution responsibilities, he said.
Palo Alto Networks’ stock is up 3.1% to $405.18 per share since announcing earnings. The company is now worth $132.94 billion.
CrowdStrike Keeps Customers After Outage, But New ARR Suffers
CrowdStrike demonstrated resilience in the wake of its massive July 19 outage, recording a dollar-based net retention rate of 115% and a gross retention rate of 97% in its first quarter since the incident, said CFO Burt Podbere. The faulty July 19 software update led to longer sales cycles and lower net new ARR for CrowdStrike, but customer commitment packages drove higher upsell rates and customer retention.
Sales cycles within enterprise accounts lengthened by 15% year-over-year due to increased scrutiny and approval layers for both new businesses and renewals, taking a $25 million bite out of net new ARR. The company also incurred $33.9 million in expenses for CrowdStrike’s response and recovery efforts, which includes customer retention initiatives and enhancements to systems to prevent future incidents.
Podbere said customer commitment packages were a key way to mitigate the impact of July’s outage, with customers primarily opting for additional Falcon platform modules or Flex dollars rather than time extensions or professional services. Though the packages boosted customer confidence, Podbere said they led to muted upsell rates and an expected $30 million hit to net new ARR in the current quarter (see: CrowdStrike Debuts Safeguards, Seeks to Blunt Outage Impact).
CrowdStrike balanced incident-related expenses with strategic investments in R&D, sales and marketing, and data center optimization to ensure long-term growth, according to Podbere. CEO George Kurtz said CrowdStrike wants to maintain a competitive edge in cloud security, identity protection and AI-driven tools, with customer confidence translating into higher deal sizes and improved competitive win rates.
“Following the summer’s incident, as a company, we were tested, we responded with speed, care and resolve, and we focused on becoming even better,” Kurtz told investors during the company’s Nov. 26 earnings call.
CrowdStrike’s stock is up 0.9% to $367.66 per share since announcing earnings. The company is now worth $90.57 billion.
Zscaler Sets Sights on Ousting Firewalls as Zero Trust Surges
Legacy firewall and VPN solutions increase complexity and cost without adequately addressing security vulnerabilities, and Zscaler CEO Jay Chaudhry said zero trust offerings simplify architecture, reduce costs and enhance resilience. Chaudhry said Zscaler’s take on zero trust accelerates M&A integration, secures workloads in cloud environments and has driven interest from federal agencies and large enterprises.
Traditional firewalls and VPN enable lateral movement and sophisticated attacks by threat actors, with disjointed point products masquerading as platforms introducing cost and complexity. Chaudhry said Zscaler’s zero trust tools eliminate the need for firewalls and VPNs, simplifying IT infrastructure while boosting security. Some 14 cabinet-level U.S. agencies have adopted Zscaler to boost security posture.
“Attacks often start with exploitation of firewall or VPN architecture,” Chaudhry told investors during an earnings call Monday. “These traditional security solutions enable threat actors to move laterally on the corporate network and compromise the entire organization. To make up for the flawed architecture, legacy security vendors are offering disjointed point products under the pretext of a platform.”
Zscaler historically didn’t position its technology as an alternative to firewalls but has now embraced the displacement opportunity as organizations increasingly recognize the inadequacy of perimeter-based security models. The company’s success in securing cabinet-level U.S. agencies provides a powerful case study to other governments facing similar challenges with legacy infrastructure and nation-state threats (see: Going All-In With AI at Zscaler to Raise the Bar in Cyber).
Global systems integrators are increasingly aligning with Zscaler’s solutions, which Chaudhry said will help the company standardize offerings across large organizations and verticals, particularly in complex, multi-national deployments. By addressing complexity head on, Zscaler positions itself as a partner in simplifying IT infrastructure, a key pain point for many organizations, Chaudhry said.
Zscaler’s stock is up 1.7% to $212.13 per share since announcing earnings. The company is now worth $32.56 billion.