Month: May 2014

Posted on

Palo Alto Networks Reports Fiscal Third Quarter 2014 Financial Results and Announces Settlement of Litigation with Juniper Networks

– Fiscal third quarter total revenue grows 49 percent year-over-year to a record $150.7 million– Billings grow 46 percent year-over-year to a record $193.9 million– Product revenue grows 38 percent year-over-year to a record $84.1 million; recurring subscription revenue grows 71 percent year-over-year to a record $32.0 million– Deferred revenue grows 68 percent year-over-year to a record $367.9 million

SANTA CLARA, Calif., May 28, 2014 /PRNewswire/ — Palo Alto Networks, Inc. (NYSE: PANW) today announced financial results for its fiscal third quarter of 2014 ended April 30, 2014.

Total revenue for the fiscal third quarter grew 49 percent year-over-year to a record $150.7 million, compared with $101.3 million in the fiscal third quarter of 2013. GAAP net loss for the fiscal third quarter was $139.1 million, or $1.86 per diluted share, compared with a net loss of $7.3 million, or $0.10 per diluted share, in the fiscal third quarter of 2013.

Palo Alto Networks recorded fiscal third quarter non-GAAP net income of $8.7 million, or $0.11 per diluted share, compared with non-GAAP net income of $5.3 million, or $0.07 per diluted share, in the fiscal third quarter of 2013. A reconciliation between GAAP and non-GAAP information is contained in the tables below.

“We reported record revenue in our third quarter driven by strong customer demand for our next-generation enterprise security platform. We achieved the highest rate of new customer acquisition in our history and now serve more than 17,000 customers globally to address their security needs and prevent increasingly sophisticated and complex cyber attacks from compromising an organization’s critical assets,” said Mark McLaughlin, president and chief executive officer of Palo Alto Networks. “We also announced this afternoon that we have reached a settlement with Juniper Networks of all litigation matters between us; this allows us to further focus our resources and time on our customers and growing our business.”

“Year-over-year revenue growth of 49 percent was driven by our land, expand and retain model, as product, recurring subscription and support revenue all delivered substantial growth,” said Steffan Tomlinson, chief financial officer of Palo Alto Networks. “Additionally, we continue to demonstrate the power of our hybrid SaaS model as gross margin and operating margin improved sequentially, and we generated $28.4 million of free cash flow in the quarter, bringing our fiscal year to date total to $83.2 million.”

Recent Highlights

  • Reached a settlement with Juniper Networks, the terms of which provide that both parties will dismiss all litigation; both parties will license the patents at issue in all outstanding suits to each other for the life of the patents; both parties will also enter into a covenant not to sue each other for patent infringement for eight years; and Palo Alto Networks will pay Juniper Networks a one-time settlement amount of approximately $175 million, consisting of $75 million in cash, approximately $70 million in shares of common stock and a warrant to purchase approximately $30 million of common stock.
  • Positioned in the “Leaders” quadrant of Gartner, Inc.’s April 2014 Magic Quadrant for Enterprise Network Firewalls; this is the third consecutive year in which Palo Alto Networks has been recognized as a leader in the Magic Quadrant for Enterprise Firewall report.1
  • Completed the acquisition of Cyvera Ltd., a privately held cybersecurity company located in Tel Aviv, Israel; with the addition of Cyvera’s unique endpoint protection capabilities to the company’s security platform, Palo Alto Networks can provide protection across the enterprise, extending prevention technology from the network to the endpoint.
  • Strengthened our strategic partnership with VMware by announcing a new reseller agreement and general availability of an integrated offering for automating and accelerating security deployments in the software-defined data center.
  • Announced a global managed security services agreement with NTT Com Security (formerly Integralis) under which NTT Com Security will provide its extensive implementation, integration, and managed security services around the Palo Alto Networks security platform.

Conference Call Information
Palo Alto Networks will host a conference call for analysts and investors to discuss its fiscal third quarter of 2014 results and outlook for its fiscal fourth quarter of 2014 today at 4:30 PM Eastern time / 1:30 PM Pacific time. Open to the public, investors may access the call by dialing 1-877-280-4959 or 857-244-7316 and entering the passcode 37864312. A live audio webcast of the conference call along with supplemental financial information will also be accessible from the “Investors” section of the company’s website at investors.paloaltonetworks.com. Following the webcast, an archived version will be available on the website for one year. A telephonic replay of the call will be available two hours after the call and will run for five business days and may be accessed by dialing 1-888-286-8010 or 617-801-6888 and entering the passcode 58471222.

Forward-Looking Statements
This press release contains forward-looking statements that involve risks and uncertainties, including statements regarding the settlement of the company’s litigation with Juniper Networks and continued momentum in the company’s business. There are a significant number of factors that could cause actual results to differ materially from statements made in this press release, including: the need to receive formal dismissal of the litigation by the relevant courts in Delaware and California; Palo Alto Networks’limited operating history; risks associated with Palo Alto Networks’ rapid growth, particularly outside of the U.S.; rapidly evolving technological developments in the market for network security products; and general market, political, economic and business conditions.

Additional risks and uncertainties that could affect Palo Alto Networks’ financial results are included under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” in the company’s quarterly report on Form 10-Q filed with the SEC on February 24, 2014, which is available on the company’s website at investors.paloaltonetworks.com and on the SEC’s website at www.sec.gov. Additional information will also be set forth in other filings that the company makes with the SEC from time to time. All forward-looking statements in this press release are based on information available to the company as of the date hereof, and Palo Alto Networks does not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

Non-GAAP Financial Measures

Palo Alto Networks has provided in this release financial information that has not been prepared in accordance with generally accepted accounting principles in the United States (GAAP). The company uses these non-GAAP financial measures internally in analyzing its financial results and believes that the use of these non-GAAP financial measures is useful to investors as an additional tool to evaluate ongoing operating results and trends and in comparing the company’s financial results with other companies in its industry, many of which present similar non-GAAP financial measures.

Non-GAAP financial measures are not meant to be considered in isolation or as a substitute for comparable GAAP financial measures, and should be read only in conjunction with the company’s consolidated financial statements prepared in accordance with GAAP. A reconciliation of the company’s non-GAAP financial measures to their most directly comparable GAAP measures has been provided in the financial statement tables included in this press release, and investors are encouraged to review the reconciliation.

Non-GAAP net income and diluted net income per share. Palo Alto Networks defines non-GAAP net income as net income (loss) plus share-based compensation expense, tax adjustments related to the valuation allowance on deferred tax assets, expenses related to IP litigation, legal settlement expenses, and acquisition related costs. Palo Alto Networks believes that excluding these items provides management and investors with greater visibility into the underlying performance of the company’s core business operating results, meaning its operating performance excluding these items and, from time to time, other discrete charges that are infrequent in nature, over multiple periods. The company also excludes from non-GAAP net income and non-GAAP diluted net income per share the tax effects, including income tax and payroll tax, associated with these items in order to provide a complete picture of the company’s recurring core business operating results. Without excluding these tax effects, investors would only see the gross effect that excluding these expenses had on the company’s operating results.

Billings. Palo Alto Networks defines billings as total revenue plus the change in deferred revenue, net of acquired deferred revenue, during the period. The company’s management monitors billings because billings drive deferred revenue, which is an important indicator of the health and visibility of the company’s business. The company considers billings to be a useful metric for management and investors, particularly as sales of subscriptions increase and the company experiences strong renewal rates for subscriptions and support and maintenance.

Free Cash Flow. Palo Alto Networks defines free cash flow as cash provided by operating activities less purchases of property, equipment, and other assets.  The company considers free cash flow to be a liquidity measure that provides useful information to management and investors about the amount of cash generated by the business that, after the purchases of property, equipment, and other assets, can be used for strategic opportunities, including investing in our business, making strategic acquisitions, and strengthening the balance sheet.

Investors are cautioned that there are a number of limitations associated with the use of non-GAAP financial measures as an analytical tool. In particular, many of the adjustments to the company’s GAAP financial measures reflect the exclusion of items that are recurring and will be reflected in the company’s financial results for the foreseeable future, such as share-based compensation.  Share-based compensation is an important part of Palo Alto Networks employees’ compensation and impacts their performance.  In addition, the billings metric reported by the company includes amounts that have not yet been recognized as revenue.  The components that Palo Alto Networks excludes in its calculation of non-GAAP financial measures may differ from the components that its peer companies exclude when they report their non-GAAP results of operations. Palo Alto Networks compensates for these limitations by providing specific information regarding the GAAP amounts excluded from these non-GAAP financial measures. In the future, the company may also exclude non-recurring expenses and other expenses that do not reflect the company’s core business operating results.

ABOUT PALO ALTO NETWORKS
Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats.  Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content.  Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

1 Gartner, “Magic Quadrant for Enterprise Network Firewalls”, Greg Young, Adam Hils, Jeremy D’Hoinne; April 15, 2014.

http://investors.paloaltonetworks.com/phoenix.zhtml?c=251350&p=irol-newsArticle&id=1935206

[Source: Palo Alto Networks]

Posted on

Palo Alto Networks News of the Week – May 23

In a three-part series, CSO Rick Howard highlights the importance of understanding differentcyber adversaries and their motivations. Check out Part 1Part 2 and Part 3.

Healthcare organizations are at risk of being the next “Target” for cyber criminals. We’re encouraging an AVR report with Palo Alto Networks to gain deeper visibility into what’s on your network.

On May 20, Palo Alto Networks Wildfire detected the start of the latest Kuluoz spam campaign.

Customer Spotlight: Animal Logic, one of the world’s most accomplished digital studios, relies on Palo Alto Networks next-generation firewall to more efficiently manage its network security.

Palo Alto Networks responded to the recent Richard Stiennon article in Forbes about Microsoft licensing within embedded systems.

Here are more upcoming events you should know about:

Oppdag hurtig ukjente trusler med utvidet visibilitet og intelligens. [Norwegian]
When: May 27, 2014 from 3:00 PM – 3:30 PM CET
Where: Online

Expose the Underground [Spanish]
When: May 28, 2014 from 8:00 PM – 10:00 PM CST
Where: Ciudad de Mexico, DF

Next Generation Security Technical Workshop
When: May 28, 2014 from 10:00 AM – 1:00 PM GMT
Where: London

Palo Alto Networks: Live Demo
When: May 28, 2014 from 9:00 AM – 10:00 AM PST
Where: Online

Transforming Networks Security with the Software Defined Data Center
When: May 28, 2014 from 1:00 PM – 2:00 PM CET
Where: Online

Ultimate Test Drive Workshop Brisbane
When: May 28, 2014 from 11:00 AM – 3:00 PM GMT+10:00
Where: Brisbane

AFCEA: Spring Intelligence Symposium – Intel
When: May 29, 2014 from 8:00 AM – 6:00 PM EST
Where: Bethesda, MD

Combat APTs with Palo Alto Networks
When: May 29, 2014 from 10:30 AM – 11:30 AM GMT+7:00
Where: Online

Expose the Underground
When: May 29, 2014 from 11:30 AM – 1:30 PM MST
Where: Edmonton, AB

Expose the Underground [Spanish]
When: May 29, 2014 6:30 PM – 9:00 PM CST
Where: Monterrey

Oppdag hurtig ukjente trusler med utvidet visibilitet og intelligens. [Norwegian]
When: May 30, 2014 from 3:00 PM – 3:30 PM CET
Where: Online

Combat APTs with Palo Alto Networks
When: June 3, 2014 10:30 AM – 11:30 AM GMT + 7:00
Where: Online

Discover Unknown Threats with Extended Visibility and Intelligence
When: June 3, 2014 1:00 PM – 2:00 PM CET
Where: Online

Palo Alto Networks: Live Demo
When: June 4, 2014 9:00 AM – 10:00 AM PST
Where: Online

Discover Unknown Threats with Extended Visibility and Intelligence
When: June 5, 2014 1:00 PM – 2:00 PM CET
Where: Online

Palo Alto Networks: Live Demo ANZ
When: June 5 2014, 10:00 AM – 11:00 AM GMT + 10:00
Where: Online

[Source: Palo Alto Networks]

Posted on

IT’s Hottest Jobs: Information Security Architect

[Randy Gross]

Job title or job role:

Information Security Architect

Key responsibilities for this individual:

Information security architects plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases

The information security architect is responsible for analyzing information security systems and applications, and recommending and developing security measures to protect information against unauthorized data modification or loss. Access control, intrusion detection, virus protection, certification, audit, incident response, security engineering, development and implementation of security policies and procedures are some of the areas that this individual is engaged in on a regular basis. Typical job responsibilities can include:

  • Designing security models; reviewing and approving security configurations and installation of firewall, VPN, routers, IDS scanning technologies and servers.
  • Overseeing security awareness programs; educating staff on information security policies, procedures and practices.
  • Monitoring industry security updates, technologies and best practices to improve security management.
  • Participating in the development of hardware/software/network security procedures and guidelines that support information security policies.

Top industries or markets needing this position:

Demand for information security architects is high. As cyberattacks grow in frequency and sophistication, many organizations find themselves falling behind in their ability to detect these attacks. Security architects are needed to develop innovative solutions to prevent hackers from stealing critical information or creating havoc on computer networks.

The federal government is expected to greatly increase its use of information security architects to protect the nation’s critical IT systems. In addition, as the healthcare industry expands its use of electronic medical records, ensuring patients’ privacy and protecting personal data are becoming more important. More information security architects will likely be needed to develop the safeguards that will satisfy patients’ concerns. Financial services companies also have a growing need for information security architects.

Preferred job roles or work background desired in this job role:

Candidates for the position of an information security architect should have at least eight to 10 years of experience in the IT field, with a broad range of exposure to all aspects of business planning, systems analysis and application development. Additionally, three to five years of experience specifically devoted to information security is advisable.

A bachelor’s degree (or advanced degree) in information technology, information security, computer science, mathematics or a related field is also the norm for this job.

Many employers will also require or prefer that candidates have advanced security-related industry certifications. Examples include CompTIA Security+, CompTIA Advanced Security Practitioner, Certified Information Systems Security Professional (CISSP), Certified Network Security Professional (CNSP) and Certified Hacking Forensics Investigator (CHFI).

Technology, business and soft skills needed for success in this role

Technology skills for an information security architect should include:

  • Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
  • Technical proficiency in security-related hardware and software, forensics and other security systems and tools.
  • Technical proficiency in broader areas of IT, including networking, servers, desktops and mobile devices.

Desirable business and soft skills should include:

  • Oral and written communication skills with the ability to present and discuss technical information in a way that’s understandable for non-technical audiences.
  • The ability to lead both technical teams and project teams that cross multiple business functions.
  • Problem solving and analytical ability.
  • Strategic thinking and relationship management.

Top challenges of acquiring this talent:

Like many higher-level IT jobs, the role of information security architect is one that currently has more demand than supply. The Bureau of Labor Statistics reports that the employment outlook for security architects is expected to grow about 20 percent through the year 2018 as the need for information security and workers with security skills increases.

Best sources for recruiting individuals into this role:

Because the security architect is responsible for maintaining the security of a company’s computer system, they must think like a hacker would, anticipating the moves and tactics that hackers might use to try and gain unauthorized access to a computer system or network. Some IT experts feel that the best security architects are former hackers, making them very adept at understanding how the hackers will operate.

Best sources for developing internal staff into this role:

Many security architects begin their careers in entry-level positions as IT support specialists. This job provides the training necessary to become familiar with network systems, security and problem solving.

A lower level IT staff member often will demonstrate the aptitude and attitude to be trained and certificated for security-specific jobs. Someone in an entry-level position may operate software to monitor and analyze information, while a more senior-level position could be engaged in investigative work to determine whether a security breach has occurred.

Look for employees who demonstrate good organizational and problem-solving skills. They also need strong problem-solving and analytical skills

Time needed to train and “on-board” an individual into this role:

This is not an entry-level position. Many people venture into the occupation only after working in other IT roles such as computer technician.

Because of the critical nature of the information security architect, several years of experience in advanced security tasks is highly recommended. This experience may be gained by prepping an internal candidate for a senior security position; or recruiting an experienced security architect from another organization.

Candidates for the position of an information security architect should have at least eight to 10 years of experience in the IT field, with a broad range of exposure to all aspects of business planning, systems analysis and application development. Additionally, three to five years of experience specifically devoted to information security is advisable.

Competitive salary and benefits required to hire this individual:

The average pay for an information security architect is $106,974 per year, according to PayScale, a provider of data and insights around salary and career topics. Total pay for this position (salary and benefits) ranges from $82,714 to $157,556. Factors such as geographic location, known technologies, certifications and practical field experience can affect the salary level.

Best ways to measure success of the individual in this role:

The Information Security and Control Association has developed high-level guidance for information security governance and evaluation of security performance. They propose six areas that organizations should focus on when measuring the performance of security personnel and programs:

  1. The strategic alignment of information security in support of business objectives.
  2. Executing appropriate measures to mitigate risks and reduce potential impacts on information resources to an acceptable level.
  3. Integration of all relevant assurance functions to maximize the effectiveness and efficiency of security activities.
  4. Optimizing security investments in support of business objectives to achieve the best return on security investments.
  5. Using information security knowledge and infrastructure efficiently and effectively.
  6. Monitoring and reporting on information security processes to ensure that objectives are achieved.

About the author: Randy Gross is the Chief Information Officer for CompTIA, the ICT Industry Trade Association.

Posted on

The Latest Kuluoz Spam Campaign Kicks Off

At 06:47 PST on May 20 Palo Alto Networks WildFire detected the start of the latest Kuluoz spam campaign. The total number of e-mails detected quickly rose to over 30,000 per hour around noon PST and had not begun to slow down as of 1:30PM PST.

 

Kuluoz is a descendant of the Asprox malware and spreads by sending copies of itself as an e-mail attachment. As the malware infects more systems, the systems begin sending more e-mails which leads to more infections. Kuluoz makes money for its owner by installing other malware, such as crimeware or fake antivirus programs.

Kuluoz e-mails often trick the reader into thinking they are delivery notifications (such as UPS or Fedex), or notices from airlines or payment processors. In this case the e-mails claim to contain a document about a court case.

Subject: Hearing of your case in Court
From: Notice of Appearance

Pretrial Notice,
Please, download the copy of the court notice attached herewith to read the details.
Note: The case may be heard by the judge in your absence if you do not come.

Truly yours,
Clerk to the Court.
Olivia Smith

Each e-mail carries one of the following attachments:

  • Court_Notice_May-20_Date_IN-FN_2014.exe
  • Court_Notice_May-20_Date_EN-RM_2014.exe
  • DC_Court_Notice_ER_NSER[4 Random Numbers].zip

These attachments are different versions of the malware that has been packed to evade antivirus engines. Twelve of the 53 scanners on virustotal.com now detect the first variant of the malware, but only three detect the latest version.

To determine where the highest number of infected nodes are, we mapped the sending IP address for each of the attach e-mails to their rough geographic location. While there are infected systems around the world, the largest concentration is in North America, particularly the United Stats and Canada.


Geographic Distribution of Koluoz Spam Nodes in North America

Thus far we’ve detected the following command and control servers in use.

  • 192.69.192. 178:443
  • 59.106.185. 11:443
  • 173.203.113. 94:443
  • 69.60.8. 88:8080
  • 205.186.156. 218:8080

The network traffic generated by each Trojan uses the HTTP protocol, and despite its use of port 443, is not encrypted with SSL.

As with most fast-spreading malware, antivirus engines will typically begin detecting the files a day or two after the spread has begun. While we haven’t seen any indication that the spam volume has begun to slow down, we do expect the campaign to wind down in the next 24 hours, but a new campaign will probably be close behind. WildFire users can rest assured that they’ll be protected from whatever Kuluoz has in-store next.

[Source: Palo Alto Networks]

English
English
Exit mobile version