Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Seven Questions for Palo Alto Networks Founder and CTO Nir Zuk

On Friday, Palo Alto Networks debuted for trading on the New York Stock Exchange. Having priced the previous evening at $42 a share, the shares finished their first day of trading at $53.13, amounting to a rise of 26.5 percent. The company raised $260 million.

Combined as it was with the Web travel concern Kayak, which debuted the same day and whose shares rose similarly, it was a good day for tech IPOs. Add to the pile last month’s debut of ServiceNow, and this fall’s pending bow by Workday, and it’s hard not to conclude that the tech IPO market is getting its mojo back after the botched Facebook offering in May.

Unless you follow the business of firewalls — the computer gear that is designed to keep good data flowing on corporate networks and keep bad data out — you may have missed the rise of Palo Alto Networks. I was certainly curious, and so on Friday, AllThingsD arranged to have a conversation with founder and CTO Nir Zuk at the New York Stock Exchange. Zuk started Palo Alto Networks during a stint as Entrepreneur in Residence at Greylock Partners. Before that, he was CTO at NetScreen Technologies, which was acquired by Juniper Networks; before that, he was a principal engineer at Check Point Software.

My first question was a basic one:

AllThingsD: Nir, Palo Alto isn’t the first company to make firewalls, obviously. What makes yours so special that you think you can disrupt the entrenched players?

Zuk: There are a lot of firewall and security companies out there, many new ones, that are changing the way security is done. I think the industry has been sleeping a bit, despite the efforts of hackers, who never do. Traditional firewalls have two issues. First, they haven’t changed much over time, so a whole industry was created to build products that sit behind the firewall, and to help firewalls do their job better: Things like intrusion-detection devices and proxies and so on. So I think the first thing we did was change that. We have one device that handles all of security. I think the bigger issue that we are addressing is that most of the network security devices were created at a time when the Internet was just Web-browsing and email. And now there are hundreds of new things. There was no SharePoint, and no Dropbox and no Twitter. So the old architectures can’t provide any protection for the new things, other than to just block them. If you’re an enterprise that believes the Internet is just Web and email, then the old devices may be right for you, but if you’re an enterprise that believes you can get additional value from these new applications, they need tools to secure these applications. And that is what we’re about.

Let’s use the example of Dropbox, since I use that from time to time. What do you do to make that secure for a company to use?

IT departments know how to secure email. They scan incoming email for malware and botnets and viruses and so on. And they make sure you don’t get executables via email, and they make sure that you don’t send out things that shouldn’t be sent out. We allow enterprises to secure Dropbox in the same way. They can scan the incoming Dropbox files for viruses and for spyware and whatnot, and also scan on the way out, making sure you don’t put on Dropbox anything that you’re not supposed to. Our firewalls know inherently how Dropbox works, and where the files are and how to scan them. And we also set permissions by user. Some people are allowed to share things on Dropbox that others aren’t. The marketing department can share Photoshop files, but there’s no reason for salespeople to do it, so why let them do it?

So how wide is the umbrella? There’s always a new batch of applications to catch up to. How do you stay ahead of that curve?

We have a team in California that is looking at all these new applications. They add support for them, and then push that support to all our customers.

It sounds to me like you constantly have to evolve it, so it necessarily has to be an on-premise device mixed with a software-as-a-service approach. Is that right?

The updates are provided as part of the basic service for the box. Of course, we have to build the device with a special architecture in order to allow us to send the updates without the need for a major upgrade every time we add support for another application. Enterprises don’t like to update their boxes every week. And then there are other services we provide, like threat prevention. We send updates to the device, teaching it to be on the lookout for new malware and exploits. We have a service to filter new kinds of content. We have a service to figure out the security posture of devices as part of the global remote access solution.

Tell me about customers, and what you’re hearing from them? Are there new threats they’re dealing with?

Every week we see new kinds of threats. Sometimes we see a whole new family of threats. Recently, we’re seeing more targeted attacks. We’ve seen two changes. The first is that targeted attacks aren’t as widespread anymore. And a lot of the traditional security companies build their business and collection infrastructure, which gathers bad things in order to analyze them, based on the assumption that all the bad things they see are widespread. The second thing we’re seeing is that attackers don’t go directly after data centers. What they do is try to take over end-user machines, and from there jump to the data center. To fight these two things, we came out with a service called WildFire, which allows enterprises to send up to the cloud all kinds of files that are coming into the organization. You can send it to our cloud for analysis, and then within a few minutes you get an answer. If it is bad, we generate a signature and send it to all our customers.

So if someone sends me a bad PDF, which I get sometimes, I can send it up to you, you can analyze it, and if it’s bad, you’ll share that intelligence with your other customers?

We don’t analyze all file types. We’re adding more all the time. We don’t block it until you receive it. But if it is bad, we notify your IT department, telling them that this user just received a bad file, and you should go clean up their machine before it makes it to the data center.

How did you start Palo Alto?

We started in 2005. I realized what we talked about earlier. There hadn’t been much innovation in security. I saw a bunch of incumbent vendors who weren’t updating their products, and then a bunch of smaller vendors trying to plug all the holes the larger vendors were ignoring. I thought there was room for a new large vendor to come in and shake things up. It wasn’t clear what form that disruption was going to be. So Asheem Chandna of Greylock and Jim Goetz of Sequoia sent me on the road to start talking to companies. I started hearing weird things. Security people complained about how all they did all day long was chase after people using new applications. And when I talked to CIOs, what I heard were complaints about security people running around blocking all these new useful applications. And then I saw where we were going to disrupt. When you start a company, you want to be disruptive by inventing something completely new, or you go disrupt a large, established market. Large companies tend to resist innovation, because they have to protect their established lines of business using the old technologies that are already making money. This is true of any space, not just security. If you can go into a large market and disrupt it, you will be successful. So today we’re sitting here at the New York Stock Exchange.

(Image courtesy of Greylock Partners)


Latest Video

View all videos »

Search »

Another gadget you don’t really need. Will not work once you get it home. New model out in 4 weeks. Battery life is too short to be of any use.

— From the fact sheet for a fake product entitled Useless Plasticbox 1.2 (an actual empty plastic box) placed in L.A.-area Best Buy stores by an artist called Plastic Jesus