

Discover more from Cybersecurity Investors Anonymous
$PANW and $FTNT: Follow up - What's driving firewall growth?
I received a question from a reader of yesterday’s post asking where all these new firewalls are being deployed- in traditional datacenters or in the cloud? It’s a great question, and I wanted to provide an answer for others who might be interested.
There are the standard deployments in traditional datacenters and in the cloud that are kind of always going on at a steady rate. Aside from that, many companies went through network re-architecture over the pandemic to accommodate work-from-home requirements, and that drove a lot of firewall growth over the lock-down period. This was obviously only a temporary growth driver for PANW and FTNT, so how are they still growing their firewall businesses?
A bigger, more sustainable driver of growth has been all of the network segmentation that’s being driven by “Zero Trust.” Zero Trust is a concept born out of Google that represents a paradigm shift in the way a network should be architected in order to promote optimal security. I’ll circle back to this in a minute.
To illustrate this shift, imagine a medieval kingdom surrounded by a perimeter wall, with all the individuals makings of a kingdom inside- a castle for the king, a blacksmith, food storage, an alehouse- you get the idea. The wall surrounding the kingdom represents a firewall. The individual makings of the kingdom all represent applications that exist inside a company’s network, a.k.a inside the perimeter. The perimeter wall around the castle has a gate with a few guys who decide who gets to go in and out. Firewalls are a bit like that too, with rules about what traffic to allow or disallow.
Now, unlike medieval kingdoms, a company’s network often has more than one gate, which you can probably imagine makes it more difficult to keep track of who is going in and out. For many companies, one such gate was the SolarWinds ($SWI) software. Unfortunately, in late 2020, it was discovered that SolarWinds’ network management platform, Orion, had been hacked, and that a large number of enterprise companies and government agencies were affected. Orion had access to pretty much everything on a customer’s network. It was bad.
I bring this up because everything in cybersecurity gets done faster after big hacks- they’re a catalyst for change and for making big dollar cybersecurity purchases.
The SolarWinds hack acted as one such catalyst. After the hack, many cybersecurity vendors saw an opportunity to take hold of the “Zero Trust” concept, turn it into a marketing buzzword, and start selling the heck out of it. No matter what the vendor was doing before, they were now able to help customers with Zero Trust in some form or another. The SolarWinds hack also accelerated the adoption of the Zero Trust concept across the traditional networking and security groups within the enterprise customer base simply because many of them used SolarWinds or something similar and needed to reconsider their own architecture to prevent a recurring hack of the same nature.
So what does this have to do with medieval kingdoms, and more importantly, firewall growth for PANW and FTNT?
Well, before customers started adopting the zero trust framework, their networks resembled the kingdom as I described it before- a perimeter wall surrounding all the individual makings of a kingdom, with a gate to get in or out. The trouble is, some rogue who shouldn’t be inside the perimeter wall inevitably figures out a way to get in, and once they’re in, they can move freely throughout the kingdom- stealing from the blacksmith, hassling the castle guards, terrorizing the women at the alehouse.
If we examine a customer’s network that has been re-architected using the zero trust framework, the kingdom might look different. It would still have the individual makings of a kingdom surrounded by a large perimeter wall, but now it also has an individual wall around the castle, and one around the alehouse and food stores, and another around the blacksmith. If a rogue who shouldn’t be inside the walls gets in, he’s suddenly met with several other walls he must find a way through before he can actually steal, hassle, or terrorize.
This concept of protecting smaller pieces inside the kingdom represents Zero Trust, which is kind of what it sounds like- don’t trust anyone or anything unless they prove who they are and why they need access… you may have gotten inside the big perimeter wall around the kingdom, but why do you need to see the blacksmith?
In my example, Zero Trust is achieved using what is called network segmentation, and the individual walls represent firewalls. If a customer really wants to do network segmentation with a purpose-built solution, they might use a Software Defined Networking (SDN) solution like VMware’s NSX or Cisco’s ACI**, but they are very expensive and come with a lot of implementation challenges… they’re not always practical. Instead, many customers segment their networks by putting a firewall in front of each application, or in front of smaller groups of applications.
This is a big reason why PANW and FTNT have been able to grow their firewall businesses so handily- this ongoing re-architecting of the network to achieve better security. A customer decides to segment their network and suddenly, they need five firewalls instead of one.
It’s hard to say how long this network re-architecture and subsequent firewall growth will last. I’ll admit it’s gone on longer than I thought possible. In the meantime, PANW and FTNT investors can enjoy the growth that comes from these trends.
**Note: I do not cover VMW or CSCO and can’t speak to the quality of these solutions.