Palo Alto Networks (PAN) is on a high, with its stock trading at $79/share, and market valuation surpassing $6B. Revenue for 2013 was about $400M, and 2014 annual revenue is likely to surpass $600M. It’s an incredible growth story, along with FireEye. However, when it comes to security, disruption is the norm. The changing security landscape is going impact PAN, just like its doing to F5 Networks (F5). Even F5 leadership recognizes the change, with the CEO John McAdam stating “I’ve never seen so many changes happening in the industry”.
In addition, F5 CTO Karl Triebes spoke recently at a Network World conference saying “Our hardware we do invest in, but nine-tenths of every dollar I spend on engineering goes straight towards software,” and “We have to embrace change. We’re actually working towards supporting commodity hardware in certain scenarios on our road map.” Then the article goes on to describe how SDN, and the cloud are disrupting the marketplace. Sure, SDN and the cloud are disrupting many business models, but in F5’s case, and to a certain degree PAN, there is another the acronym that is causing more disruption than SDN, and that’s CDN.
It’s not SDN and the cloud that F5 Networks should worry about, it’s CDN they should worry about, more specifically the CyberSecurity CDN.
The CyberSecurity CDN is going to be more disruptive to the F5 business model than the PAN business model, since the BigIP is like CDN in a box, that is confined to the limitations of an appliance. The CyberSecurity CDN is also going to impact PAN, but in a different manner. PAN customers won’t need the big boxes like the PA-7xxx as much, but instead the PA-2xxx. PAN has the same limitation of the BipIP when it comes to protecting against DDoS attacks (L3, 4 & 7), and the limitation is scalability. The PA-7xxx maxes out at 120Gbps of attack throughput.
 Palo Alto Networks vs CyberSecurity CDN
Today, a 120Gbps DDoS attack is child’s play, especially with amplification attacks, that can be launched by an attacker for a few hundred dollars. Akamai believes the average DDoS attack will be 1.5Tbps in 2020. I think we’ll start seeing 1Tbps+ attacks next year. Regardless, PAN offers a robust platform that protects against a wide variety of attacks including advanced malware, zero day attacks, and APT’s. PAN is a perfect compliment to the CyberSecurity CDN, because the CDN will cleanse DDoS attack traffic, and hand off purified traffic to PAN, so it can focus more an APTs, DLP, and so on. How PAN responds to the CyberSecurity CDN competition is going to be interesting. For their sake, it better be sooner than later.