Welcome, everyone. Apologies for the slight delay here. But I would like to welcome you to Investor's Innovation Briefing at Zenith Live. Before we get started, please take a moment to look at our safe harbor statements. Just quickly go over the agenda after this. So we'll start off with some comments from Jay, talking about Zscaler's platform expansion. Following Jay, we'll have Adam, who will double click into our takeoff strategy. After that, we have a special guest, Brian Beyer, who is the Co-Founder and CEO of Red Canary. He will talk about Red Canary's Agentic AI technology. We will break for lunch and reconvene with the demo on the AI Solutions from Phil Tee, who is our EVP, Head of AI innovations.
Following Phil, we'll have Dhawal Sharma talking about Zero Trust Cloud. I know that's an area of interest to many of our investors. There are still some lingering questions around that. We'll have a customer talk about their Zero Trust cloud journey with us. And of course, we'll have Dhawal for the product Q&A session as well, which follows customer Q&A. After the product Q&A, we'll have Mike Rich on stage talk about the go-to-market strategy, key priorities heading into fiscal '26, and then we'll end with executive Q&A.
I know many of you want to get back to CrowdStrike. So we'll try to end it well before 2, targeting 1:50. If we get it done by 1:45, it's a win. So we'll try to get it done. With that, let me welcome Founder and CEO of ZScaler, Jay Chaudhry on to the stage, please.
All right. Thank you. Thank you, Ashwin. All right. A lot of you had a chance to listen to our keynotes, right? Good. Hopefully, that answered most of the questions. All right. So I'll make a few comments. If you look at our focus area. We are -- you've seen our story evolve. Zero Trust started with ZIA to ZPA to ZDX, then it became Zscaler for users. Now the Zero Trust everywhere has become a big story. Data security is one of the fastest-growing areas for us, a sizable area. It's a natural extension for us. And Agentic Operation. This is the new area. We are evolving and growing. Red Canary acquisition is part of that story for us.
And in addition, we are making sure AI is getting embedded in all areas. The way we do detection today, even an in-line, we do data loss prevention, all that is getting changed. Internally, we're embedding more and more AI to do all those things in a much better and faster fashion. So disrupting our own selves is a good thing. But the key is the proxy architecture built is our biggest advantage. You're the check post, everything comes to you. You can swap a technique A with technique B, but that's the biggest barrier to entry for us.
This slide, hopefully, you saw the evolution. This is basically saying as a part of Zero Trust everywhere, any entity to any entity showing you the key destinations on the top and the key entities that are trying to reach on the bottom. This rounds out the story, okay? It will be very hard for someone to come from behind and say, I can do all this. A lot of people who try to say, "Gee, we do what Zscaler does at the 1/3 of the cost," are trying to catch up on the user functionality. Workloads have their own nuance. There's a common thing as exchange, but identities of workloads, requirements, segmentation, north-south, east-west has things are built and evolved. And IoT/OT has become a good story, not for just communication now with Airgap integration. The Zero Trust device segmentation is making it very, very strong. And the latest area I covered is the AI agents, their communication, LLM models.
So we are very excited. The story is becoming very, very clear. And to make it happen, we had to evolve our exchange, right? As the core foundation has been solid. We started with -- when we said internet access, the exchange had to figure out all the policy checks, all the detection needs to be done for private access. It had a different set of functionality and checking involved. B2B collaboration, you heard it is a massive opportunity. Every customer wants to connect with every customer. Maybe it's a user side of it, but site-to-site side of it. We got customers taken in medicine or with hospitals that connect into thousands of other sites, site-to-site connection. Think of the third-party supplier risk. This kind of stuff takes care of it in a very, very clean Zero Trust fashion. And for AI, the LLM proxies and supporting MCP exchange kind of stuff you heard is giving us a wonderful foundation you heard, right? So if I show a little differently, our Zero Trust Everywhere is evolving, users, workloads, IoT/OT. On the AI agent side, there's a lot of work going in this area. You're going to see more and more functionality come in this area and then some of the customer engagements as well. So that's new.
You heard about data protection, data security evolving, the biggest new focus area besides the SaaS and endpoint and data center and cloud is LLM and AI applications. Lots of data sitting out there that need to be protected. Bad actors being able to reach those models, it creates a problem. So it's extension for us. And we talked about really expanding from Zero Trust to Agentic Operations. So if you think about for the last 15-plus years, we have had one North Star, be it the switchboard, the policy engine, the exchange for anything to anything. That story has evolved, it has grown, it's beautiful.
And now being able to take all the important data we create out of that and being able to create value out of that is what you heard us really evolving. The story started about 18 months ago. About a year ago, we acquired Avalor as being the data fabric for us, which is very good. Most companies we see out there don't really have anything like data fabric. They're trying to do this stuff. They put together some little stuff here and there, Hadoop-based stuff, and we had done that stuff, too.
Once we saw Avalor, we said, move over this homegrown stuff. It's the real product, real technology that's helping us. And combining that with Red Canary is giving us a big, big advantage. I don't need to go through this slide, you saw that the message here is really building a number of agentic technologies, call it, agentic task agents that can do particular task, perceiving, reasoning, action being taken. It's getting very exciting, and they're all coming together. The one area where you can take advantage of all of that far better is the security operations area. You heard about Red Canary. So it's -- I'm not sure I need to go through it again, but I will highlight the fact that our own data, our own security research expertise combined with data fabric and now with Red canary that's bringing agentic AI technology and their expertise is giving us a signal acceleration to get the market.
I covered a little bit during my keynote that we're not moving away from technology and becoming an MDR company. MDR is important expertise for us to understand and have. But having this technology and expertise combined with data fabric gives us a great position to really succeed there. And I won't cover it. When Brian is here, Brian can make comments about some of the great technology he and his team has built. This actually is impressive. Okay? So with that, maybe, Adam, you can make some comments.
All right. I guess, I can. Thank you, Jay. Okay. All right. Thank you, everybody. So I know many of you saw the presentation from this morning. Some I think on the live stream will have not. So we'll do a little bit of some recaps and looking forward to conversations also with everyone. So I'm going to spend a little bit of time on the AI-powered SOC and sort of the strategy here. I think the biggest aha for me when I joined Zscaler about 8 months ago was I didn't fully have an appreciation for the kinds of signals and data that Zscaler actually generated. And I've been in cyber for 25-plus years, but I hadn't really seen it. And I think part of that surprise was that sometimes Zscaler doesn't do a good job of sharing that information, right? And so we have these interesting vantage points because so much of the traffic is authenticated. So we have identities. We understand we're doing decryption. We're seeing all parts of people's networks, on-prem, in cloud, endpoints. And so those vantage points really actually built up a tremendous amount of information that we can see as a company. And the question is, so what do you do with it? Of course, there's the protections, right? So these are some of those elements. And I broke them up into 3 categories because I think they are different.
There are detections that are something bad is happening right now. There's an incident, you need to investigate it. And a lot of what Zscaler does in line is a detection. Sometimes it's a prevention. It's a flat out, "Hey, we're blocking something bad." That's still an important signal. Other times, what you're getting is a signal that there's something potentially malicious, you need to investigate this or you should look into it more. And then there's the whole rest of it, which is just the broader context, which when you have it, when you know about a device or the posture or what user is working on that device. When you do need to investigate an incident, that data is super helpful. So that's what we've been trying to spend time to do is figure out how do we bring that together and make it very usable for our customers.
And I framed this up, broke it out a little bit differently in the keynote, but I've been working on this kind of slide and this view probably for the last 5 or 6 months to try to think about how do I want to talk about and want a customer to understand and all of you to understand how Zscaler's vision is expanding, right? Because you could see and understand that first piece, that's what everyone knows Zscaler for, in line, in the path of traffic. For the most part, it's real time, but it's meant to cover all users, applications, all data. Very well known for that. And as you see and know, continued tremendous investment in that area. These other 2 parts of a comprehensive security strategy, though, are what we're calling out and focusing more on, right?
So the second part, which is what do you do before the bad event happens. This is sort of the proactive side of security. You have to understand continuously what's my posture, what's my risk, what's my exposure, my vulnerabilities. Also, you get a sense of how am I doing, but there's no specific incident you're responding to there, but you have to continually cranking that wheel to try to get as good as you can. And there's a whole bunch of prioritization that needs to happen there because there are more signals than you can actually deal with. So which risk or which exposure is more important to deal with than the other, that's what that middle one plays out as.
And then the last part, which is really the newest for us is, so when the bad thing is happening right this second, how do you react to that? What do you do? And having spent the last 4 years in the SIM and SOC space as the CEO of Exabeam, spent a lot of time in this area, right? And so here, it's all about how quickly can you detect something? Can you understand the scope and context, the blast radius? Is this an incident impacting one user or all of my users, right, or in a particular area or on certain kinds of devices to know and understand all that and then be able to quickly automate the investigation and the response to that incident. So these are sort of the 3 pieces as I am laying them out. And that's what sort of come together for Zscaler. We've got that first-party signal and data on the left-hand side of this picture.
The right-hand side is what Jay mentioned. This is the acquisition of Avalor to give us the foundation of a place to send all of this data and make sense of it is the point of that data fabric, both first-party signals from Zscaler and the third-party signals from 150 different connectors of data that we can pull in, that creates context. It creates relationships between data and information around entities. And an entity could be a user, could be a device, it could be a workload, it could be an API, but you want to have all the different relationships and understand that because when you then go build security capabilities, you want that context in there for when you build out exposure management and threat management capabilities.
The piece in the middle, too, which I didn't talk about on the big stage, which is very important, is this is bidirectional. So the first-party data, Zscaler has got to send data over, but very importantly, that signals and context we have a current risk score for an asset or for a user because we are in line in the path of traffic, we can use those signals in our dynamic policies. So sending back those signals back to Zero Trust to say, "Hey, based on what I know right now, this is the risk level for that user, you should use that in your policy constructs." That's something very powerful that we can do because we have both sides of this picture.
Jay shared this slide before, but I'll just briefly state it because it shows some of the product names under it. On the left-hand side, continuous threat exposure management, we do have products and capabilities here. This is where Avalor's unified vulnerability management sits. We've had an external attack surface management product, so customers can understand their external attack surface. And then recently, in February, we released our asset exposure management. And it's still early, but got tremendous response from customers because it's really meant to be a continuously updated golden record of your assets, right? And those assets, again, can be broader than just a device and a user. Those are really the entities and the relationships between those. So that system is great for just understanding context. It's really valuable for feeding into the threat management side. And I described in the threat management, we had some pieces. We generate some interesting signals with our in-line, our deception capability. It's actually -- I mean, it's a high fidelity detection because when someone trips up and goes to a deception decoy, there's no good reason for them to be there. So it's a high fidelity signal that some behavior is happening that you need to look into, right? So we have that capability.
We have our breach predictor and our ITDIR, so focused on identity threats. But we haven't really brought a lot of that together. Tomorrow, in our SecOps keynote, we're going to talk more about how at Zscaler level, we can bring that together. And this also is the area where we believe the investment through the acquisition of Red Canary is going to help us accelerate in this right-hand side, this threat management side. So we kind of tie it all together, the 3 big pieces just to close and wrap up my part here, a little bit rapid fire. But you can think of 3 big pillars at a company level, Zero Trust everywhere, data security everywhere and Agentic Operations. And there are natural relationships between them. They're not all one product. They don't need to be one product, but they all generate context and signals. They all get leveraged and can be consumed and they feed back into those products to make data security and Zero Trust Everywhere much better.
All right. So with that, I'm going to hand it over to my new best friend, Brian Beyer.
It's a dangerous position to be in your new best friend spot plus your guest speaker right before lunch. So I wanted to start with a picture that I most commonly talk to our customers about and that they use to describe what Red Canary does. And it is this flow where we start with a tremendous amount of security data on the left. We're taking in trillions of telemetry records. This is petabytes of security data per day, hundreds of millions of security alerts. We're identifying potential threats. Other products are identifying potential threats. And then we're performing over 1 million investigations for our customers every single quarter. And then of those 1 million investigations we perform, at the very end of it, you end up with about 15,000 true threats. And so this is the journey the typical SOC today is going through, except they're getting stuck with the tremendous amount of data, all the investigations they have to perform, and they can't actually identify the signal from the noise. And so in order to understand how we do that and how do we do that with quality, with efficiency, Red Canary uses this flywheel.
So Red Canary is this system that brings together our platform, which is purpose-built for security operations, a specific set of processes for how to conduct these investigations and then a tremendous amount of expertise throughout various functions of the SOC. Whether that's threat intelligence to understand what adversaries are and how they operate, threat research to understand which new vulnerabilities they may create. The actual investigation of these threats, the response, the communication of how you contain and eradicate threats like this, all through this process that is this flywheel where we bring in tremendous amounts of data, we find potential threats, and then we get to this key step where we are applying prior learnings and data. We're looking to see, have we ever seen this investigation before. If we have, if we've seen something like this, the Red Canary platform automatically reconducts the past investigation. And then we're able to communicate to a security team, we've identified this threat, we've already contained or responded or we're giving you the information you need to respond. That flywheel then results in more data coming through the system. It's only when we see something new and novel and interesting that we have to go and put an actual person or an agent to conduct the investigation itself.
And so it's only a fraction of the time that we have to do that investigation. And so what's very unique about the Red Canary process is that at every step of this process, we are producing tremendous amounts of labeled data. And that labeled data is the key that goes into training agentic AI agents, LLMs that are purpose-built for inside the SOC, also that those agents can do these responsibilities for us. And so if you compare and contrast that and look at those agents, what you'll typically find is the typical agent in the SOC is this autonomous agent. You tell the agent, "Hey, you're an expert SOC analyst, go investigate this threat for me." It's like telling a genius level like Genius IQ level toddler, you're now an expert SOC agent, go figure this out. Every once in a while, it amazes you, and it wows you and you read a blog post about it, and it's amazing. But most of the time, it's highly inconsistent. The quality is highly variable, and it tends to lead to very frustrating security experiences. On the other hand, Red Canary's agents are imbued with all of this training data and the specific SOC procedures and all of the expertise we have in Red Canary, everything we talked about on the previous slides. Over a decade's worth of this training data, all gets imbued into these agents. So when we have an agent that is instructed to perform an investigation, we're saying, here are the exact specific procedures of how a great SOC analyst would investigate this. And here's the exact procedure of how a great incident responder would investigate this. And here is a decade's worth of training data. And also, here is what thousands of great investigations even look like.
And so when all of that is combined together into these agents, you get highly consistent, very high-quality, predictable and proven results inside the SOC. And so that's what Red Canary is bringing together through our service to customers and now will be as part of the Zscaler product portfolio.
So with that, Ashwin, I'll turn it back over to you.
All right. We're still waiting for the acquisition to close. So just be mindful of that. We'll take a break now. Lunch is served outside. We'll meet at 12:30, in 29 minutes. So see you back here.
[Break]
All right. Welcome back. Hopefully, everybody got a chance to grab some lunch. We were planning to do an AI demo initially, but I just learned that Phil Tee still start doing customer demonstration. So I thought it's a better thing to do. Why don't we continue engaging with customers while we continue on with our show. So it's my pleasure to invite Dhawal Sharma, EVP, Products & Product Strategy, to the stage to talk about Zero Trust branch and cloud.
Thank you, Ashwin. Good morning. Good afternoon. So yes, we talked about how we are now extending Zero Trust Everywhere with 2 new frontiers that we have been tackling in recent time. Zero Trust in the branch, which also implies campuses, factories and hospitals and all the physical sites and Zero Trust in the cloud. So Zero Trust Branch, basically, we have brought 2 technologies: One, organically what we have built at Zero-Trust SD-WAN, which eliminates the need for East-West firewalls and SD-WAN devices in the branches by securing all the external communication, anything that leaves the branch or coming from outside in by embedding our Zero Trust architecture with ZPA and building all the advanced routing functionalities in the same appliance.
And the acquisition of Airgap, which secures all the internal communication that happens within your environment. So the concept of this Zero Trust Branch or cafe-like branch is something we have been talking to our customers for a while, seeing strong validation from analyst firms like Gartner talking about Zero Trust Branch or Zero Trust Networking on the same lines. So what we have been doing in the last 1 year and working really hard is for our customers to have one single unified appliance that can scale from a small branch to a large site or a campus. So going anywhere from 200 megs of egress throughput to 5 gigs of throughput. And instead of deploying 2 separate appliances like they did in the past, they basically get a single gateway appliance for their WAN and LAN and can build more identity context-driven policies for nonhuman devices like assets and infrastructure within their environment as well. So a lot of customers who started Zero Trust SD-WAN are now able to bring ESA segmentation or agentless micro segmentation within their environments with this technology.
Cloud is something on which we have been working on for a while. We have had thousands of customers, as I mentioned, securing their egress to the cloud. Cloud environments are also very dynamic. We have now done petabyte scale deployments for customers' cloud workloads. We started with a big focus on public cloud, like going across multi-region, multi-cloud, what's running inside customer environments, securing all the traffic flows and then a lot of our customers are on their cloud migration journeys, still have data center footprints or retiring data centers and our multi-cloud where some application is in public cloud X and then the data stores in other public cloud, we are able to secure all those paths in some of the innovation we have been building.
So Internet offload becomes the first use case with many large organizations, especially financial organizations who are running multiple virtual infrastructure in public cloud, backhauling their traffic over expensive circuits and then doing security in data center. We can dismantle that entire infrastructure with our cloud workload protection offering. And also the friction to deploy cloud solutions goes away with this architecture. So a lot of our customers are actually building virtual firewall-free enterprise with our technology stack.
The second use case, which we started deploying in a lot of these customers now is doing segmentation or securing workload-to-workload communication within their boundaries, whether they are within the public cloud, like going from like a VPC X to VPC Y, multi-region, multi-cloud, but also hybrid environments like data center to cloud. Customers could have any form of underlay such as private interconnects or express route, we can secure all those channels.
To simplify how our customers adopt this technology because this needed some form of Zscaler VMs to be deployed in their environment. we basically -- that will take like a few hours of planning and deploying this infrastructure. What we have now introduced is a Zscaler cloud gateway. Think about a Zscaler VPC equivalent running across the public cloud, multi-region, multi-availability zone. Customers can just achieve next level of automation by pointing their traffic to us, no need to deploy any virtual infrastructure. So customers can literally deploy this in minutes and do not need to wait for hours or go through architecture reviews for deploying this architecture. This is fascinating.
We have a lot of customers who are asking for this. This became generally available as of last week. I want to invite a customer, Yoni Kaplansky, who is here in the room with us. He's VP of Cyber Architecture, Engineering and Operations at FICO. Last year, CISO at FICO, Ben, was on stage with me talking about this solution. Since then, they have adopted this across the board. So bringing Yoni to answer questions for you.
Good afternoon. Yoni Kaplansky, I'm with FICO for the last 8 years. I'm running all the architecture, engineering and operation. We started our journey with Zscaler in 2018. We're starting with ZIA that was mainly my first project in FICO, which was a really great success. And in 2021, we started our ZPA, Zero Trust project. No one really believed that we can do a full Zero Trust in 3 months, but we did it. With the help from Zscaler with the right planning, we were able to completely cut VPN communication to the organization in 3 months. In 2023, we started to look at cloud connectors. I do believe we were one of the first customers with the Zscaler cloud connectors. Our approach was after -- with our Zero Trust project, after we took care of human-to-machine connectivity, we wanted to take care of machine-to-machine connectivity with the cloud connectors. We probably around 45% to 50% implemented right now. We have a very large AWS environment, and we're doing gradually cut over, moving account after account to that. But we see the benefit of it immediately.
Some of our pain points with that was we had too many egress proxies. We wanted to standardize everything to ZIA. We had limitation of what's called peering, allowing VPC to VPC peering in AWS. We solved that with cloud connectors. And we also had additional costs that were occurred in AWS, which we were able to control with using Zscaler cloud connectors. We're probably going to finish the project in the next between 6 to 9 months, and then will be fully deployed. We do use ZIA and ZPA with the cloud connectors, which allow us to really secure our AWS environment to the level that we didn't see that any other technology can provide us. That's kind of the intro. I will be more than happy to answer any questions that you have.
Thank you, Yoni. If anyone has questions, we'll -- all right, let's start with Saket and then go to Roger.
Excellent. Thanks, Yoni for presenting, really helpful. I want to dig into the cloud connector piece of your implementation more directly. What were you using before for cloud security? And there are so many choices out there for cloud security, whether it's a Wizz or a Palo or CrowdStrike, right? Like maybe some vendors that you work with already. What kind of tipped you over to kind of consolidating yet another piece with Zscaler in a market where there are other alternatives.
So we were using basically AWS security before. We are using Wizz as our kind of CNAPP solution. But from a network security perspective, we were just using the basic AWS, which had its own limitation. When we started the journey in 2023, we were so -- I'm not saying that we were satisfied, but we were just so invested in the technology from the Zscaler with the way that we work with them, with their customer support, with their account management team, with the overall company that when we decided to go to the machine-to-machine Zero Trust, we didn't look anywhere else. It was clear to us that we will continue with Zscaler because they have the leading technology. So we just went with them.
So how would you clarify the position [indiscernible]
Cloud security. You can think of it. Your question actually talked about 3 buckets. One is workload-to-workload, machine-to-machine communication. The only way that's done today is some of the firewall technology. It could be AWS firewall, Palo Alto or other firewalls. It's kind of network security set. So typically, a rules, ACL IP addresses who can talk to, Okay? That's one piece.
What we did with Zscaler is that communication piece. It's being done with firewalls from either firewall companies or hyperscaler has some of the basic firewall functionality. That's what we're taking out. Our mission is there should be no firewalls in the cloud. Think of this way, you know ZIA for users, ZPA for users. Think of ZIA for workloads and ZPA for workloads. Same thing. That's what we do.
The second part was why not CrowdStrike. CrowdStrike provides one of these Gartner acronyms. You put an agent on the workload machine, just like our endpoint, it's looking for good or bad stuff on it. That's one area. Gartner used to call it what -- yes, CWPP, okay? That's second. We don't compete in that space.
There's a third bucket. It's posture management. It used to be called CSPM, CI, whatever, and now it's CNAPP. It is API calls. Nothing to do with what we do here. So 3 buckets, our bucket is very clear to be in line. One of the hardest thing to do is to get in line. So there's not much competition in that space. Either you do firewalls or use Zscaler Zero Trust.
And one of the things that were our pain point and we sold it is that usually, in many organizations, the IT department is not managing the AWS accounts. It's whoever business unit or account owner is managing it. He can change the firewall. It can do whatever you want. When we use the cloud connector, the policy is managing it. So we're basically enforcing a higher level policy that account owner cannot change. He can still do whatever you want in his own bubble but he cannot influence the overall picture, he cannot risk the overall company, and that's what the Cloud Connector allowed us to do.
We'll take from Roger and then Taz.
Roger Boyd with UBS. Another question on Cloud Connector. I think you mentioned about 50% deployed. Can you just talk about kind of what that looks like? What's remaining kind of has that implementation gone as expected? And then some of the new announcements today, it sounded like Zero Trust gateway potentially streamline some of that deployment. Does that give you confidence to kind of hitting the time line you talked about?
Yes. So we took it a very slow approach because, first of all, we're introducing a change. And every time that you're introducing a change into a company you need to do it slowly and gradually. So everyone will be happy. We'll move the cheese for a lot of the people. We want them to be happy before that.
Second, we wanted to move gradually from really lower environment into kind of our QA and production environment. And this is how we basically build our implementation plan.
So the third is that we wanted to create our own automation and our own assurance that we are deploying it right because all you need is one incident of something is not working, and it will be shut down for a long time. So those are kind of the approach that we took to do it. We are in the level that we showed the entire organization that we can deploy it. We showed that we can automate it. We showed it that it cannot impact the actual business and we showed that we can create savings to the organization. So I feel very comfortable that we will continue as going and we will meet our time lines.
This is Taz Koujalgi from ROTH Capital. I have a question on your Cloud Connector usage. If you speak to a firewall vendor, right, their pitch is that you have a single pane of glass for managing your cloud security and your on-prem security. So you can use firewalls in the cloud, firewalls on-prem for your data center and then you can manage it from your Panorama, whatever console you have. How do you solve for that given that, I guess, Zscaler is cloud only, are you guys cloud only or you guys have an on-prem presence also? So that's part one. I have another -- a second part of the question.
So we are on-prem and cloud. We are using Palo Alto for on-prem firewalls. But the thing that was easiest for us is that we came with our requirement for cloud security and cybersecurity is the owner of that system. Networking doing the on-prem. So it was never kind of who's doing what and do we really need that one pane of glass for that.
The other way to look at it is that with the cloud connector, you apply the policy, and that's it. You're not changing the policy. It's not constantly changing on a daily basis like you're changing firewall rules. So really seeing both of them together and having that perspective was not really an important point for us because the Cloud Connector allowing you to apply that policy and you're not changing that policy unless there is a business reason for that, and then you're going through the regular process of approving it.
In the data center, how we manage firewalls, IP addresses, ACLs. There's a lot of pain. In the world of cloud, the pain becomes exponential. In the data center, you're barely changing applications, how often do you write or add application in the data center at a snail's pace. How fast do you build workloads, ephemeral workloads and all in the cloud, much rapid pace, trying to do the same kind of ACLs and IP address in the cloud for workloads to have the same single console to do both is a nightmare, okay? It makes no sense, okay? But that's the story they have to tell because what else can they tell.
The similar story gets told for the branch. Hey, Zscaler is pitching this branch thing? Why do you have a single console for data center for every branch. And the question is being, so how many rules do you have in your firewall in the data center, 15,000. Do you have a second product to manage the rules of Palo Alto or Check Point. There's companies, I'm sure you heard of, AlgoSec and there are 3 or 4 companies out there. That's all the businesses.
So how many -- do you want the same kind of rule set here, same policy in the branch? What are you trying to secure in the branch? How many servers do you have? 0. What's the branch to secure? Nothing. How many roles should you have? Hardly any. So this is a silly notion. They try to -- a branch should be like home, most of the time, larger branches may need some rules.
But think of a typical enterprise will say I have 400 branches. Then you say must be small, medium, large, like T-shirt sizes. They all agree. Then you say, typical distribution is 80% are small, 15% are medium, 5% are large, there may be plants of factories, right? 5% of 400 million, so a big number, 20 plus, okay? Then you say, these small branches. Why do you have a firewall? When you don't have a firewall right at home, they're no different than home. None of that stuff is needed. It's just a legacy people trying to perpetuate.
Just a second part of that question. So you mentioned you had ZIA, ZPA, you're also adopting Cloud Connector. Now can you compare, I guess, the scale of all those products? Like when you look at, I don't know, the number of users of spend, how does ZIA compare to ZPA versus Cloud Connector? Are they all equal or ZIA is still the biggest piece of your spend versus the other 2?
Overall, it's kind of equal. FICO is around 4,000 employees. And from -- if you look at the total spend, it's kind of divided equally between the 3 of them. Now we're not just using those technologies. We're using also the endpoint DLP. We're using also the CASB. So we're really investing in the overall technology stack from Zscaler, which is allowing us to really meet our security maturity that we need with that.
Thank you, Yoni. Thank you so much for your time. We'll move on to the product Q&A. So I'll invite Jay, Adam and the Dhawal on to stage, please. We'll start with Ittai and Yun.
Ittai from Oppenheimer. Great day, by the way, super interesting announcements. I really appreciate it. I guess my question is around velocity, meaning for years, you've tried to have a story against why an SD-WAN box is not needed and it took you a while and you got an SD-WAN box and you're displacing -- you're now with Adams...
We have no SD-WANs. You may call it Zero Trust. That's only done so that marketing start to show up Zscaler.
Okay. So I guess what Adam is working on -- you're not going to call that SIEM, okay? You're going to call that something differently. That's fair enough. Zero Trust for SIEM, maybe. But the point I'm trying to make is that it took you years until you finally today got to a point where enterprises are at that level where, as Yoni said, we don't need firewalls in the branches. So -- and only like in the last couple of quarters, finally you started talking about the number of customers that are actually doing this.
So if I take that evangelism process that how should I think about the vision of Red Canary and Avalor and the data that you clearly have a proprietary a unique vantage point around data that others don't. How do I think about the time line? And how much evangelism you're going to have to do to get that going?
So it's a good point. You need evangelism, then you're disrupting things totally new way of doing it, okay? I mean Zscaler, no firewalls, switchboard, it's very different. ZPA has been totally different. Zero Trust branch has a lot of evangelism, but our customer is getting it. In the security operations area, we're actually -- from end user point of view, it'll be a lot easier and simpler.
Now they don't need to build this big data lake and all that kind of stuff. But I see far less evangelism needed in the security operations area. Because we are not trying to say don't do this, do this. The problem they're solving is similar. At the end of the day, we're going to make it simpler. But here's how you think about it.
When Palo Alto went from Check Point, that was not a big change. It is simple. In our case, Zero Trust was totally taken on firewalls. They're like Tesla going against all these incumbents, and that was the different fight. This is customers are already tired of security operations solution. We are inbound demand, lots and lots of customers want us to get there. So it's going to take some time.
So we knew a combination of some acquisitions or internal stuff is going to get us there. But you should think about when a company moves in a new space, you must have some core competencies, Otherwise, you shouldn't get there. So we saw 2 core competencies we had or maybe call it 3. One, all the data logs $500 trillion a day. Security research, we've got 200-plus researchers, security research, serious research and then a very large and eager and happy customer base.
We needed the Avalor piece to do a better way of a data fabric without going to this big data lake all the time. That was the first piece of architectural stuff. And now Red Canary bringing applications out of Agentic technology to us. So it's exciting. I expect it to be far less evangelistic here.
All right. This is Yun from Loop Capital. So thanks for doing this today. So basically, as you guys are getting into data security and Agentic AI security or what not. Identities are becoming more important. Obviously, you have some foundational technology behind that through the ZIA and whatnot. How much do you need to get into the identity security layer for you to be more effective in data security and Agentic AI security? Or do you plan on continuing to partner with those people in those spaces?
I'll start and Dhawal or Adam can go deeper. We have been asked many times to get into adjacent spaces. I've been asked so many times, why don't you buy an EDR vendor? Why don't you buy an identity vendor. We stayed away from it. We have clear ideas where to go to. We integrate with identity vendors.
Now there's next level of adaptive stuff we can do that Dhawal can explain to add more value on top of it. We are working with Microsoft on the agent identity. Microsoft is a natural company to do that and working with them to leverage it is a good thing. So core identity, we want to work with someone, but we have value to add on top.
So look, we are a consumer of identity. If the identities are well defined for users, right, we consume it. What Jay talked about is identities are still very static. What we are able to do as a switchboard or a policy engine is collect a lot of telemetry around risk associated with identities and the risk signals. So we compute things like risk score, but have a lot of raw risk signals like people connecting to guest Wi-Fi or people impossible location popping up hundreds of these attributes.
So all of these become context to the identity and we build rich policies around it. And we also are building APIs for our customers to take that from us and integrate everywhere in their environment. But when you think about nonhuman identities like workload identities or identity of OT systems, we are, again, integrating with wide variety of vendors who generate tags and labels, but this is an area where, by virtue of how we get deployed, for example, in branch as a gateway appliance and we are profiling and understanding these devices are, which become identifiers for them.
We integrate with APIs of all the cloud providers and learn their identities. We talked about our micro segmentation service, which basically builds the process level identity map. So yes, we have more context on identity to enrich customers' existing identity systems because identity is a core pillar of Zero Trust. We are making it richer and richer. And we do have capabilities around ITDR, identity threat detection response, that plugs into the broader security operations use cases as well.
Just maybe a quick add to both of those. I think the again, consumer of identities, not necessarily the creator of those identities and for very specific use cases. And you'll see a little bit more of this potentially tomorrow if you're here as well. But on the -- in the security operations world, identities are super important. And identities are also defined very differently across elements of your organization. What looks like A Geller is also Adam Geller, is also Adam G or A Geller/local and having a data fabric, one of the things we're using is to normalize that as well because you need -- that's about understanding context. Those are not different behaviors or different people. So we want to understand that as one thing. So that's another area where identity will be very important for us.
But we build on top of identity and deliver real value.
All right. Let's go to Adam from Raymond James.
Adam Tindle, Raymond James. Jay, I want to continue the conversation on Red Canary and the push into the SoC, as we think about that, most MDR and SoC plays have started with the endpoint and moved into SIEM and then pushed into the SoC, whether that's CrowdStrike buying Humio, Palo Alto moving to EXIM and then having this path into the SoC. You're coming at it from a different angle from the network and then data and then into the SoC. And I just wonder if you could describe maybe the pros and cons to eventually moving into SIEM and endpoint. It sounds like you're not very interested in that, but if you could flesh out that discussion.
And the second piece of the question would be how to manage the potential channel conflict as you move into this, right? By starting with endpoint, SIEM and getting into SoC, I think it got channel a little bit more comfortable with that move, you're going straight into this. And you obviously have a very channel-friendly strategy. So I wonder if you could touch on that as well.
All right. So first of all, where do you start? The easiest thing for an EDR vendor to start is from EDR telemetry. That's all they have. And EDR tells you something are compromised or not. That's all it tells you. But if you can really understand that, and you have communication channel, you understand a lot more. Before a machine gets compromised, often reconnaissance takes place. We see all of the reconnaissance, so it's just that it so happened a few couple of vendors started from EDR side of it. But traditional SIEM/SoC never started from EDR side.
That's where EDR calling it MDR and XDR, all these are nothing was useful, okay? They kept on creating more and more acronyms hoping that one acronym will be more useful than others. Eventually, also what's happening is I mean old SIEMs made 100 sources of data, 150. Really 4 or 5 sources matter in today's world, who cares about the logs from your router and switch and firewalls in the data center something.
Most of the world is moving to the cloud. Our communication logs, extremely important, ADR logs, very important, identity logs, very important and some of the cloud workload logs, very important. That's really the big universe. So anyone to do it right, we'll need to get all those things. And we normally have communication logs with our endpoint agents. We've got tons of telemetry about the endpoint as well.
Even though we aren't a dentary provider, all authentication and failed authentication attempts go through us. We have all those signals as well. So it was the right thing for us to start the right way to say these are core sources. We'll get some of the data sources. But 80% of the stuff you need is already sitting with Zscaler. That's what kind of gets me excited.
In terms of competitive position, it's not a competitive position at all. We got Red Canary for the technology they built, they kind of surprised us with the technology they had and the expertise and the way they were able to run this operation with amazing gross margins. I just couldn't understand how the margin could be so good. Well, then we understood it's a technology, it's a use of technology.
So bringing the technology together very complementary. Competing with others, we are going to remain a technology company. Having MDR expertise in some of the customer base is good for learning. If you don't have any experience in that space, I would say that you can't be a good provider of a solution.
We have a small professional services team, but we don't compete with our partners on professional services. But we embed sometimes our professional services with the partners to get them trained on it. Similarly, it's a massive world out there. We remain a technology company, drive technology. So our partners can use our SecOp technology to do managed services out there.
We'll take the last question for this session from Junaid. We have one more Q&A session after this, so we'll come back to Q&A.
Junaid Siddiqui at Truist Securities. Jay, data security has been and continues to be a tremendous growth vector for your Zscaler. One of the things you've talked about in the past is that you've got the best vantage point in terms of delivering data security, sitting in line, being able to inspect all traffic going into all kinds of applications. Could you just talk about some of the newer modules under your data pillar that address the out-of-band and data at rest and how the traction has been in those specific modules? And just overall, how do you envision that whole data security landscape shaping out as there are a lot of vendors that are trying to address the same pain point?
I'll start, then Adam, you can go deeper into it. Our strategy is to make sure we secure your data no matter where it is because they want one policy. When all traffic is going through us when it goes to Internet and knowing that all data leads to the Internet, we are in the best position to really provide holistic data security for us. But we had pieces to take care of that we completed in the past few years. Maybe, Adam, you can go deeper into it.
Sure. Yes. So if you think about the different channels, right, and its functionality, you need to be able to discover. So you have to be in the right spot to discover data. In-line is a little different because in-line is very much you're seeing it. So you need to be able to quickly classify and make a decision, but data security goes much more broadly than that. So there's all about the discovery. So that's what you're doing when data is at rest, and that started off in -- think of it as in the SaaS world, in collaboration applications and got very interesting with public cloud storage buckets, unstructured data and then structured data elements that are running in cloud and running on-prem.
So all of those kind of play into having a consistent way to discover, classify and then sometimes we classify and then something else enforces because there's another technology that we're working with like a Microsoft, right? When we're in the path, it's much easier for us to use our own classification. But sometimes we classify it and then that's leveraged by another enforcement point because we're not in the path of that kind of flow, right? So all of those pieces play out.
And the endpoint actually over the last several years has become more and more important. It's a great -- it's an important landing point. You see data before it's being transported and moved around. So endpoint DLP was a little bit, I think, not as high of a priority or thought several years ago, and the team listened to some very solid feedback from customers and said, if you're going to help me get on a modern data protection journey, this is a foundational element of a DLP solution in the classic sense, and you need to be able to do it. You need to be living there. You can't just live at the data sources. You have to be on the endpoint too. So that's where that got added in.
And when you think about data security posture management, that's just -- it's another lens of looking at this where you're taking those different ways you look at data. And it's also looking at the configurations of the systems that support data, not just the actual data itself that's sitting underneath it. So I think that's -- it's an interesting angle. It's why we're representing in that space as well.
All right. Thank you so much. Now I'd like to invite Mike Rich, our CRO and President of Global Sales, on to the platform, please.
All right. How many people were here last year? Pretty much a little over half the room. Good to see everybody again. Mike Rich, I'm President, Global Sales, CRO. I joined the company really November of '23 and laid out a strategy of what we want to do kind of the go-to-market -- been very consistent, the go-to-market vision. Number one, it was about transitioning to more of account-centric. So Zscaler had been really in the transactional mode, which was very good for that time in its growth. But we saw the need to really get deep with customers and make sure we could build out long-term strategic plans with them to consume on the platform and work -- meet them kind of where they are.
Also an amplifier from the GSIs. GSIs are so important, especially with the top of the pyramid customers, which is a big chunk of where our revenue comes from, the GSIs can help on that strategic journey, right? So we've built out strong GSI partnerships in the last 18 months. And then increased focus on specific verticals. So the vertical sales, we'll talk more about that, but it's all about getting better relationships at the C level.
And when you're speaking in the industry language and helping them compete in their industry, they want to have conversations with you, you become more strategic. So this is just some examples of how we've grown and how this strategy has helped us. And if you just look at the number of customers spending over $5 million with us, that's grown and the customers that are spending over $1 million, that's grown. So validated. We're going to continue to double down on the strategy, and I'm very pleased with where we're at with it.
And then on the GSI side, that's helped us get stronger pipeline, more strategic relationships and ultimately drive more revenue. So that 40% increase year-over-year is great. I think we can continue on that path. And then, again, adding that $5 million in bookings is fantastic. That just -- it was a much smaller scale before.
So we talked a little bit about the verticals. We've got health care, state and local and federal today. And that team has grown significantly. So that's validated that strategy. Like I said before, when you get in deep on the vertical side, industry-specific solutions, executives want to have conversations with you. And that helps us drive better business, more strategic relationships and longer-term plans with the customer. So this just kind of validates how that's worked for us. Very happy with what we're doing in health care. And you've probably -- let's see, we had Advent Healthcare CISO in here earlier. Is he still here? That's great. He's gone. Yes. Fantastic relationships there. So we're going to see that expand, and we're going to move beyond that, too. So even in -- if you look at financial services, huge, huge area for us. The plan is to be organically from bottoms up, hire more people dedicated to that region, get territories that are specific to that -- those industries. And once you get enough density, you add the first-line managers. Once you get enough density on first-line managers, you add second-line managers. So it's that bottoms-up approach versus tops down to make sure we're taking full advantage of the resources, and we don't have people flying over each other. And that's the least disruptive way to do it to take advantage of the growth.
And then this is what's most exciting to me. So we're still a people business. We've got great technology. You got to have great technology, but you also have to have great people that can help strategically align with your customers. So we've got a strong leadership team. I'll show that a little bit later across all geographies. The GSI and national strategic partnerships, again, those have been validated. We've hired people that know how to sell and work with them. It's a bit of a give-and-take relationship when you're building out motions with GSIs. And they've got to see a way to build out there and grow their business. They've got aggressive numbers that they have to fulfill. So we have to be conscious of that and make sure it's bidirectional.
And then again, the platform, more realization, value realization for customers and partners. When you have a larger platform with more products versus just ZIA and ZPA, ZDX, now we've got all these other solutions that you talked about with Zero Trust everywhere and all the different users that we can actually go in and help secure and protect, it just provides more solutions that we can go sell. So you have to have that flexibility in the platform. And the other thing that's exciting about that is it helps us get into some of these accounts where we were kind of boxed out before. Now we have solutions that go beyond just ZIA and ZPA that we can sell in to get the new logos.
This is just a quick snapshot of the team. You've probably seen or met some of these people. I know Ross was at the analyst event last night. So some of you may have met Ross, he runs AMS for us. Ross, I worked with Ross for years at ServiceNow, very strong leader. Pete has been here for 7, 8-plus years. A lot of experience. He's fantastic. He's running the federal, state and local and health care business. Brian Marvin runs EMEA for us, strong background, enterprise sales, gets how to work with GSIs and partners and do strategic deals. And then Andreas Hartl, great background, Microsoft for a long time, knows how to run that -- the APJ business is a very complex business, a lot of different countries, a lot of geographies to handle. He's been fantastic. And then Anthony Torsiello, who's running our channel business globally. I worked with Anthony for years actually at ServiceNow as well. He built out large programs with GSIs and VARs at ServiceNow.
Did anybody go to the breakout, the partner breakout? No. Okay. Jay, I know you went. They enjoyed your red canary discussion. Thank you.
So focus areas for '26 and beyond. So increasing enterprise penetration. We've got a lot of customers in enterprise, but we're still very underpenetrated, right? Even in the customers that we've sold to, but the net new logo portion of it, there is a lot to go after there. It's fertile hunting grounds. We've only got -- the penetration there is low, 20%, 30% range, right? So a lot to go do.
Growing new product categories. You've heard a lot about the new products today. I wasn't here for the whole thing, but I know you've heard -- you've seen Adam's presentation, which was fantastic today. It's great to have a robust platform that you can go sell. Customers appreciate that, and it gives us options. We've got a lot of work to do to get penetrated where we should be in these accounts. And we're utilizing our specialty sales, take-off. You've heard the term take-off teams, specialty sales, we kind of use those together to focus on going after these solutions.
We've got our core teams that are going to partner with the specialty teams to help accelerate these motions. Zero Trust everywhere and then also Agentic operations. These are massive underdeployed areas. And the cost takeout piece goes across all these motions. So that just helps us validate when we're trying to do larger deals with customers we're building out plans where they can actually fund the deal over time with cost takeout. And we've always had this as a benefit as Zscaler, what we've really done in the last year has become very prescriptive. Very prescriptive with how customers do it. So we're helping them along the way, build out kind of doing their homework for them. So that's been good. And then, of course, the channel coverage we talked about.
So just a quick snapshot when we talk about the new logo opportunities, we've got lots of new logos to go after. So we've got 4,000 current customers, right? And there's another 16,000 to go after, right? And even in those 4,000 that we have, only -- they're underpenetrated. So you've got existing customers that are underpenetrated and then you've got the new logos. And what we're doing to help facilitate going after them is making sure we have territories set up the right way. I take territory planning very, very seriously to make sure in by geo, we've got the right people in the right territory focused on the right accounts, right?
And then in the G2Ks, the reason you see 1,700 as a number up there, we've got 700 today. 1,700 is really what we can go after because you have to look at -- we can't really sell to Chinese companies and Russian-based companies. But 1,700 is who we're going after. And we've got territories that are focused on just those accounts as well. And even in the G2Ks that we do have, again, the potential is $5 million plus in the vast majority of those, and most of them are under $1 million today. So we've got a lot. We can go do a lot more selling. We can do it. It's fertile hunting ground for those accounts that are even customers already.
So focused execution for new product growth. You heard Zero Trust Everywhere. It's fantastic, customers love it. It's a great motion for us. We have dedicated sales plays to go after that. Data Security Everywhere, that part of the portfolio has become more and more robust, and you're seeing a lot of deals we're doing, takeout deals we're doing there. They do not like the incumbents, the legacy providers. They're looking for us to actually come in and help them drive that story, which is fantastic.
And then Agentic operations. This combined business for us is $1 billion ARR, and it could be a heck of a lot more. Our target is to get to $390 million by the end of next year on this Zero Trust Everywhere. That's where they have 3 or more of our products that qualifies as Zero Trust. So lots of potential and the strategy is working.
Again, we talked about the channel leverage and going after the G2Ks really help you with the top of the pyramid accounts, which are typically G2Ks. There's also the government accounts there that are very large. They help you in the government accounts, and they help you with the multinationals, right? Some of those are private and they're not G2Ks, but regardless, they help you accelerate the big deals, which is fantastic. And that motion is going well.
Cloud marketplace, this is the hyperscalers. This motion is still fairly new to us, but we've become much more strategic, thanks to Punit's work. Thank you, Punit, and team. We've got a great motion going there. And that I expect to see a lot of growth to come out of that. Just again, that's where we're leveraging them to help us sell and go to market, right, AWS, Google, Azure.
Increased investments in the strategic regional partners. That's -- traditionally, we've had sort of a transactional relationship with them, but what we've doubled down with them on, that's why I asked if anybody went to the channel breakout. We're rewarding them for building out dedicated practices, right? This is where they're actually going to help deliver value. They're going to help with the implementations. They're going to help with the strategy and make sure what we sold them together gets deployed and that we have a strong strategic road map built out with them. I call it the 3-legged stool. You got the customer, the Zscaler, direct sales and the partner, the 3 of us working together very closely versus being just transactional.
And then part of this is getting all your resources focused at the top of the pyramid, building out on the bottom of the pyramid because we have a lot of customers down below, but it only represents 5%, 6%, kind of make sure that we've got partners that can drive that business for us so we can use our valuable resources to sell upmarket and that motion is going really, really well. So you're going to see more and more of that as well.
You've heard Jay talk about the cost takeout program, super important. This is just some examples. You guys have probably heard a lot about it, but customers do appreciate that we're being more prescriptive. They -- it's hard to give up products. People love to hug their hardware. But we've got a plan to help them phase these things out, and it's going over quite well. It's just a more prescriptive approach and we're super focused on it. This is just an example of a customer that has 20,000-plus users and the potential savings, right? This is just on average.
And then Z-Flex. We've talked a little bit about that. You've heard a little bit about it. Customers have asked for a more flexible way. And when you have a platform of consuming the platform and when you have a platform with multi-products, there's no way to predict ahead of time exactly how much of which product do I need to go use, right? So this is a great way to help get them to commit to more spend and adopt the platform at their speed and do it in a very easy consume method. They love it, too, because it's predictable budget, right? So there's one thing a CIO hates is when they have unbudgeted event, they don't like that. And they don't like to be nickel and dime. So we're just providing an easy way to consume the platform. It also gives a white glove treatment. So we're being selective on who we offer this to. It's not just everybody. It's really our top most strategic customers. That's the important part to look at.
And this is a case study. This is A customer. I won't say exactly who it is, but this was the benefit. Once we were able to offer Z-Flex, this is the value that came out of it. And so it's adoption, greater adoption across the platform and of course, the uptick in spend would have been hard to get this value if we didn't have this offering.
Okay? So that's it. Did I do a good time for you? Was that okay?
Yes, perfect. I know a lot of people will have [indiscernible] questions on those. So Adam and [indiscernible] kindly advice you stay back. So meanwhile Adam and [indiscernible] along with Jay as well. Please, Jay. So first question, Gray Powell and then Andy.
So Gray Powell, BTIG. So yes, just a question on Zero Trust branch. It seems like customer interest there has picked up a lot just in the last few months. Your messaging seems a lot more aggressive today than maybe 6 months ago. So I'm just kind of curious, what's driving the interest or the uptick that you're seeing today, like what's different? And then on average, if a customer adopts Zero Trust branch, and I know there's probably a wide range here, but just like how much does it impact the contract value? How much does it go up? Just even if you can talk like ballpark or generic terms, it would be really helpful.
I'll start at the highest level. Yes, we have been evangelizing Zero Trust branch, the better way of doing it. So there's a lot better understanding of it. Our customers understand the value. So there's tons of interest out there. I mean the interest far exceeded my personal expectations, right? I know all these -- all of you analysts look for numbers, okay? I mean it varies a lot, okay? Some customers are starting with saying, I got 200 branches. I'm going to start with 20 branches first or 30 branches or someone that will go with all of them. So it varies quite a bit. But we see a significant opportunity, simplification cost reduction as well.
Yes. So the first on the messaging part, right, what's really clicking with customers is they see Zero Trust for users working, deployed everywhere. What they also appreciate is that we are not building 3 different Zero Trust solutions. The policy framework and how we have built Zero Trust architecture is when customers do use it to app segmentation with us, the same segmentation framework extends for cloud as well as the branch. And when we make acquisitions like Airgap, which is now part of the Unified Appliance, as I explained, basically the same framework extends. So you basically have Zero Trust Everywhere with the same policy framework.
What is also resonating, by the way, is for a very long time, you look at Gartners of the world, they were talking about SSE, SASE only for users. We have seen them started calling it Zero Trust networking, Zero Trust SASE or Zero Trust SSE. So we are seeing they also take picking this up and advising their clients. And as Jay mentioned, right, a lot of our existing customers are coming to us and saying, I want to start by doing this Zero Trust in my factories first. They will do for about a dozen or 2 dozen factories and then expand it more and more. A lot of our customers have SD-WAN contracts, which are getting up in 2 years. But the new branches, for example, for a banking customer, they are moving back to Zero Trust and not doing SD-WAN anymore. Over a period of time, it will, of course, replace all of that.
All right. Let's go to Andy Nowinski and then come to Keith Bachman.
Andy Nowinski, Wells Fargo. So there are a lot of vendors that talk about SASE and Zero Trust. And I guess -- but it seems like every vendor has a different architecture. And when I think of Zscaler, I think of that one-to-one relationship where you're connecting either one user or one device or one workload to one user and device and workload. But that's very different from how a lot of the other firewall vendors think of SASE and Zero Trust. And so I guess now that you're selling Zero Trust Everywhere, do you think customers actually understand the architectural differences between Zscaler and the other alternatives? Because I would think it would be harder to sell them on Zero Trust Everywhere if they don't even understand the architectural differences, but maybe your cost takeout program would differentiate that as well.
Right. I'll start. This is my favorite topic. I talk to Gartner all day long about it. SASE has nothing to do with Zero Trust. Somehow the words get confused. Zero Trust means Zero Trust. Now you can kind of talk around and say, I can make Zero Trust by putting firewalls around because if I put lots of firewalls, so each entity is its own little excel, then it's Zero Trust, not practical. So SASE is a catchall, so more vendors could participate in it, okay? So SASE says SD-WAN, SSE and everything. How many networking vendors are there? They're looking for something to grab on to say, I am part of this thing. So SASE means nothing, SASE means everything. It allows every vendor to take some of the reports and say, look, I am SASE too, I'm SASE too. Our customers ask for Zero Trust more. Our investors, our analysts ask more for SASE because they get briefed by vendors all day long, okay? But customers often, when they talk to us, they really bind to Zero Trust. That's really what we're trying to do. As you said, Zero Trust is about not trusting people being on the network. It's a one-to-one connection.
So look, you saw a bunch of customers at the conference. They all understand they love it. Now it used to be that only early adopters love Zscaler. Now it has gone fairly mainstream. There are probably a small part of late adopters we still need to work on, okay? That's part of the journey. So when customers see Zero Trust and they see tangible cost savings, we win the deals.
So one thing to add to what Jay said, right, where we are -- how we are practically going with the customers on adopting Zero Trust Everywhere is actually work with Mike's team and the technical resources there like architects and SEs to do very detailed workshops with customers to figure out how their networks and their security is built, how is point A talking to point B and what do they use for network security. So we basically come up with the underlying architecture for them to go on a road map with us, customers who already deployed with ZIA, ZPA, they go to the next frontier like branch or cloud. Those who are starting from scratch, they start with users and then start working on deploying. So there's a very detailed technical architecture, plus that ties into the cost takeout on what we can replace over a period of time. So it's a full run book that we are executing.
If I may give you my futuristic statement, okay? 4 years ago, you guys are asking ZIA is good, but who is going to buy ZPA, how many ZDX, right? I would say every user of a customer, they need ZIA, ZPA, ZDX, all 3 because it made natural sense, and we are seeing the world by and large there. In fact, most of the new deals we sell, they start with Zscaler for users, all 3 things together. A lot of upgrades we do are upgrading from ZIA to ZPA or ZDX combination of that stuff. Our customers enjoy and see the benefit of Zscaler for users. I do believe that almost all of our customers, it's a matter of time, will embrace Zscaler, our Zero Trust branch and Zero Trust Cloud. It's a natural journey.
It's Keith Bachman from Bank of Montreal. I actually had 2 questions. The first for you is one -- you raised a question that certainly comes up in our discussions with investors. You identified Zscaler's 4,000 enterprise customers, and there's a total TAM of much larger than that. But what are those customers using? Because we as investors think everybody has the necessary architecture to provide some form of protection, therefore, to win those incremental logos, you have to have a displacement. But is that -- help us understand why you think you gain those new logos? Are they using [ anecdote architecture ]? How do you win those new logos? And then I have a follow-up for Jay, please.
So you kind of saw on the cost takeout slide, all the different things that we end up replacing.
The real question, are you replacing? Or are there actually greenfields in there, too?
There's a little bit of greenfield, right? But it's -- you are, over time, supplementing and you are replacing over time, they are retiring spend on different firewall and VPM products. So I would say 80% of it is you're replacing and 20% is you're just adding new capabilities that just didn't think about or have before.
But maybe expand upon it a little bit. Somebody -- everyone has something, okay? The big part we replaced early on was proxies, Blue Coat of the world, but that is a much smaller market. So we didn't just replace the Blue Coat proxy. We replace the whole outbound DMZ, so to speak.
For ZPA, most people think, oh, it's VPN replacement. VPN is only a piece of it. We replace the entire inbound stuff. And some people may have firewalls, some have all the stuff. But as Mike said, somebody have something or the other. But if they want to do Zero Trust, that's not in place in most places out there.
Yes. Just to add to that, they're solving the problem right now. They're solving it inefficiently, and they're recognizing where their gap is. And so they can choose to solve it by either trying to continue to tune what they have or some of these who look and realize the approach is ripe for a different way to look at the problem. And then it becomes a broader discussion, and that's where I think we have the most opportunity when those conversations come up.
And it's sort of a natural transition to my second question is it feels like the -- messaging has changed quite a bit from Zscaler appropriately. So you're now trying to win the heart of the SOC is the way I see it. And you're coming up at it, as Adam and others have said, through a different architecture. And it sort of begs the question, what are you missing to keep winning share of that SOC dollar?
And the way I think about it is data is critical. You guys have a lot of untapped data that here before you really haven't leveraged as much as perhaps you could. You were clear that in line and data, you guys have it, you got it, you're great at that, but maybe the broader capabilities of data when you're correlating all these different threat information, NVR is a part of it, but it's not everything. And so the broader question is, what else do you need? It lends itself to a SIEM, which has sort of been implied. But how do you -- what do you think you're missing to win that greater share of those existing accounts and to leverage the data set that you already have a lot of visibility to?
So I think the -- as far as what's needed or missing, like the approach to running security operations, I think, is -- there's a structure for it, right? And data is certainly an element of it. You don't have to create all that data yourself. Certainly, when you do, you have a strong foundation. But as I mentioned, the Avalor acquisition was independent of Zscaler. So there are 150 connectors had nothing to do with Zscaler before they joined, right, and joined up with us. So all of those signals in context, that's a recognition that customers' environments are and will continue to be heterogeneous for a really long time. So we have no belief that it's going to be all Zscaler only. It's just not the way the world works, right? And it's also not the way security operations works. So having that data come in, I think, is extremely important for us.
When we think about where that world heads, it depends on what happens in the investigation world. There's a huge part that's about automation of the workflows, right? And that was originally, you could say, started with sort of the SOAR and automation technologies. And now it's how AI-driven is it, how agentic is it, I mean these are phrases to put on it. There's reality behind that. But it's still all about if there are 10 steps for an analyst to go through to quickly detect, investigate and respond to something, how many of those 10 can I automate and intelligently automate before a human being needs to look at it because it's not autonomous, like the human being is not going to disappear from this, but it's inserting them at the right spot and recognizing that the data you need to look at because your environment is changing, you need to be able to keep up with that, right? So I think that's going to be a part for us that will be very important.
Cloud, we know is important. A lot of the cloud teams sit very separately from the SOC teams, right? And try as you might, the SOC person wants to see all of it. And the person who runs the Cloud says, I got that. Don't worry about it, right? So we know we'll have to live in these hybrid worlds probably for a very long time based on the way our customers are structured.
But from a business opportunity point of view, there's real pain. People feel less pain. A firewall is sitting there, let it sit there. Some management overhead is there, but SOC is a daily pain. There's a pain of work, there's a pain of dollars growing. We think the market is ready for disruption. If we can go and have better solution, less operational overhead and less cost of the solution because of better architecture, we think our customers are looking forward to it. We have tremendous credibility with our customers.
Let's go to Andrew, and then we'll take an online question.
Andrew DeGasperi from BNP Paribas. So the one question I had is, this morning, Jay, you joked about the $30 million cost savings side, and you said that maybe sales wasn't charging this customer enough. So I waited for Mike Rich to join the panel because I just want to maybe ask a follow-up in terms of are you happy with your pricing and packaging strategy? How is it evolving now that you're adding all these other capabilities on the agentic side? And I'll just take it from there.
I think we've made great strides, right? Z-Flex is just another point in the journey where you got to make it easy to consume. And I think historically, we've come out with a lot of innovation, and it's gotten complex. The licensing metrics and models have not been super easy to understand. You've seen it. Gartner has talked about it. So we're just making it easier for them to consume the platform, and I'm very happy with where we're at today, and I think we're going to continue to get better.
Yes. We've done three things in this area. One, we developed architectural workshop to identify what needs to be taken out, then last year, we started cost takeout program. That helps quantify. The outcome of that is the slide I showed to you. And then Z-Flex comes on top of that to really make it flexible to minimize friction with procurement and ongoing negotiations. So it's a good story.
See, none of these things happens on magic, right? We learned, we evolved. Architectural works are important for us. Cost takeout program evolved out of a lot of learning over the years. And Z-Flex, we used to do some of these things custom. So let's make a program out of it.
All right. We got one question from online, and then we'll go to Ittai. This is from Brian Essex, JPMorgan. A question for Mike. Are there any common themes across the accounts where you might expect to see better traction with Zero Trust platform? Is there any kind of inflection opportunity here?
I mean the common theme is just complexity. People are looking to reduce cost and have a more simplified environment, and they want happy users. They don't want to get yelled at, right? So when you can simplify and make it less complex and provide a better user experience, those are synergistic and those help drive the sales, especially in the bigger deals.
Ittai from Oppenheimer. A question for you, Mike. When I think about Z-Flex, maybe we should be called Z-Flex, maybe we should call Semi-Flex because it's not fully flexible. Like when I think of some other vendors in the world that have applied a flex-like type of purchasing model, think about Datadog in the way they've done it, think about what CrowdStrike is doing with their very few restrictions at all in the way you first buy the product. From my understanding, Z-Flex, you need to be on a product for a certain while before you can change things in and out. You just said on stage that it's focused on the largest customers. So it's still a little bit. Well, semi-flex, as I mentioned before, on certain type of customers with some flexibility, but not full. I guess, is this just a reflection of a point in time, meaning you and I talk about this a year from now, everybody can access it with complete flexibility one day to the next, I can increase, decrease my consumption of certain products. Why limit this? Is this just maturity? Or there's something behind this?
[ You got to have all these ] systems. You got to have sales ops signed up, you got to have your processes behind lined up. So it's just -- it's a crawl, walk, run. I do expect -- again, we're early stage. It just came out in Q3 that it will mature, and we'll be able to offer it to more -- a broader set of audience when we can make it easier to deploy. So again, early stage, fully expect we're going to have a big part of the population that will move toward it later on, but let's get it really right for these first few customers.
Do you envision this potentially at some point with partners using Flex to be able to go more down market, which I know right here right now, you're clearly trying to go after the big whales for obvious reasons, but something that facilitates much better or faster adoption for our partners to go downstream, down market?
I don't think it will be everywhere, but I think we'll have, again, probably the top 25%, 30% of customers that we'll get to have that option to move towards Z-Flex in the next year, 1.5 years.
Let me ask you, do you think your CFO will love fully Z-Flex, no swing, no time frame attached?
Maybe it will, maybe it won't, but I know that it's a very -- when I talk to customers of Datadog and when I talk to customers of CrowdStrike, it's a point that perhaps they don't necessarily actually do. It's not that every day they increase, decrease their product. But the idea to have the flexibility and the idea that, that type of flexibility enables them to make sure that they don't waste dollars that they truly get to conceptually have the ability to try everything in the portfolio at whatever pace they want. And ultimately, at the end of this, come up with a balanced approach for them, I think it's a selling point.
We like flexibility. The best selling point is the customer has no commitment, no skin in the game other than $10 million, you can spend after 5 years. There'll be any CFO's nightmare. Think of trying to predict numbers and what's going to happen next quarter or next quarter. It's a nightmare. We can give full flexibility for testing the product. But the real sales is you've got skin in the game, we got skin in the game. You can predict some of the stuff, we can predict some of the stuff. So those are the pragmatic philosophy that have gone into what we are doing today. Obviously, we learn and we evolve.
This is a topic we can spend a lot of time on. Let's move on.
This is Joe Vandrick from Scotiabank. So Mike, a lot of good details on the large opportunity ahead for both new logos and increasing customer spend that you called out there. How are you feeling today about sales productivity? And how are you thinking about adding capacity into fiscal 2026?
So sales productivity, productivity per head, I'm very pleased with. It's gone up year-over-year. We expect it to continue to do that. And we're adding capacity based on our model of making sure that we can address the right markets with the right number of people. And we're being very thoughtful about how we're doing it. Because productivity is going up, that's great. And we're also entering the year with more mature ramp sellers. That's a very good sign. So I'm very pleased with that.
Max.
[indiscernible]
I'll take it. Yes, there's a lot of interest in sovereign Zero Trust Cloud, not sovereign SASE, for example. The customers I talk to, okay, they're looking at Zero Trust, okay? So our architecture is designed such that we can do it today, we have the entire technology, all 3 planes sitting in Europe serving Europe. So we meet essentially almost all the technological requirements. Now we still need to do some of the work being operationally able to run out of Europe and the like. And we are making progress in that direction. But we think we are in a very good position to offer sovereign clouds. And sovereign will have different flavors, the EU part of it. When Department of Defense of Australia wants a sovereign cloud, they would rather call it Airgap cloud. We have built the technology that can provide Airgap cloud to different countries as well.
All right. We'll take the last question from online coming from Joshua Tilton, Wolfe Research. I believe this is best for Jay. In the past, the strategy has clearly been show customers how to replace the stack of legacy boxes. I don't believe there are any legacy boxes securing agents. How does go-to-market message need to change to convince customers that Zscaler is the right way to secure AI agents, maybe for Jay and Mike both?
So if you saw the diagram I showed to you, Zscaler is securing users to have right access to right application. Number one use case of AI agents, your agent is able to do same kind of stuff that your people did. I know many call center customers who are using call center agents. There will be other agents like that. That's no different than what we do. We are securing users, similar technology with some of the additions, secures agents as well. Identity of the agent becomes one piece of it. And there's some other things related to if agents are reaching out to LLMs and some of the other apps. We have some enhancement being made, but we are more natural than anybody else to solve this.
All right. That concludes our session. Thank you so much, analysts, investors, everybody who dialed in and everybody who is in the room here as well as our executives. Thank you so much for participating in the event. Thank you.
