Palo Alto Networks, Inc.

Good day, and welcome to the Palo Alto Network's Fiscal Second Quarter 2019 Earnings Conference Call. Today's conference is being recorded. At this time, I'd like to turn the conference over to Jeff True. Please go ahead, sir.

Good afternoon, and thank you for joining us on today's conference call to discuss Palo Alto Network's Fiscal Second Quarter 2019 financial results. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer, Kathy Bonanno, our Chief Financial Officer, and Lee Klarich, our Chief Product Officer. This afternoon, we issued a press release announcing our results for the fiscal second quarter ended January 31st, 2019. If you would like a copy of the release, you can access it online on our website. We would like to remind you that during the course of this conference call, management will make forward-looking statements. including statements regarding our financial guidance and modeling points for the fiscal third quarter and full fiscal year 2019, our competitive position and the demand and market opportunity for our products and subscriptions, benefits and timing of new products and subscription offerings, our ability to drive outsized growth rates, and trends in certain financial results, operating metrics, mixed shift, and seasonality. These forward-looking statements involve a number of risks and uncertainties. some of which are beyond our control and which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our quarterly report on Form 10-Q, filed with the SEC on November 30, 2018, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K. Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website located at investors.paloaltonetworks.com. We would also like to inform you that we will be presenting at the Morgan Stanley Technology, Media, and Telecom Conference in San Francisco on Wednesday, February 27. And finally, once we have completed our formal remarks, we will be posting them to our investor relations website under quarterly results. And with that, I will turn the call over to Nikesh.

Thank you, Jeff, and thank you, everyone, for joining us this afternoon for our fiscal second quarter 2019 results. I'll go briefly through our financials. give you a progress update on our three focus areas of securing the enterprise, securing the cloud, and securing through our application framework. And finally, I'll provide a little more color on the Domisto acquisition. Starting with the financials, I'm pleased to report that the team has delivered another outstanding quarter. Fiscal Q2 revenues of $711 million represents year-over-year growth of 30%. and non-GAAP earnings per share increased by 44% to $1.51. We had a number of big wins this quarter, but there are a few I'd like to highlight. We continue to see success around the world in our next-generation firewall business. People are getting more security conscious and want to deploy our firewall with the attached subscription. To note during the quarter, we did a large deal with a data center in Europe and one of Europe's most prestigious car manufacturers, and had a significant expansion of our hardware footprint in one of the largest online gaming companies in the world, as well as in one of the largest retailers in the world. We're beginning to see fruits of our speedboat strategy. With our increased focus on global protect cloud services, we've had a few spectacular wins, one to secure 25,000 mobile users at a global financial services company, and another to secure 80,000 mobile users for one of France's largest state-owned public services. We also won a very large VM series deal with several subsidiaries of one of the largest broadcasting companies in the United States. And we won a deal to secure 47,000 endpoints at one of the largest university healthcare systems in the United States as well. Expanding more on our three strategy focus areas, first, let me talk about securing the enterprise. Over the last 11 plus years, we transformed the network security market with our next generation firewalls. We use the firewall as a platform to deliver tightly integrated security services. We've had great success with our attached subscriptions, the most successful ones having attached rates of about 90%. Earlier this month, we announced the release of PanOS version 9.0, which added over 60 new features, including the policy optimizer, which helps teams replace legacy rules with intuitive policies that provide better security and are easier to manage. I'm excited about our new DNS security subscription. This is our first new attached subscription since 2011. The subscription utilizes machine learning and predictive analytics to proactively block malicious domains and stop attacks in progress. The only service with this level of capability to be integrated with the firewall. This continues our practice of reducing the number of disparate point products and making security better, easier, and more effective. We're working hard on future subscriptions in our software releases, providing our customers more integration for their cybersecurity solutions in the enterprise. We believe the next-generation firewall will continue to serve as a platform for security services in the enterprise. We also have expanded our hardware family. Our new PA7000 series features throughput capabilities at two times the nearest competitor and will be especially useful to customers with large data centers and high volumes of encrypted traffic. Additionally, we announced the availability of our K2 series, As we discussed in the last quarter's conference call, the service provider market has become a lot more interesting to us with the adoption of IoT and the advent of 5G, where security will be a primary concern. A new K2 series addresses this market, simplifying operations by offering unprecedented visibility, automation, and consistent protection. And finally, we continue our investments in advanced endpoint protection. With TRAPS 6.0, which we announced earlier today, endpoint security just got a lot better. The new behavior threat prevention engine allows Traps to prevent attacks based on their behavior. Traps 6.0 also introduces container security protections and rich data collection for XDR, which I will talk more about later. We're proud to serve close to 4,000 Traps customers, almost half of whom manage Traps from the cloud. Turn to our second focus area, the cloud. We continue to be laser focused on delivering technology that enables our customers in their cloud journey by delivering the broadest set of security capabilities across all clouds and cloud configurations. As of the second quarter, approximately 8,000 customers are using our cloud offerings. The speedboat we created around cloud and the acquisition of RedLock last quarter is already showing positive results. We have exceeded the original forecast for our RedLock business by more than 50%. This is a great example of the power of combining a best-in-class product to follow up a network's execution and distribution. Additionally, our inline cloud security VM series was recently expanded to include support for the Oracle Cloud and initial trials of the Alibaba Cloud. We improved performance of the product by up to 2.5 times and added many new and enhanced capabilities for operating in both public and private cloud environments. We're very pleased with our continued progress with VM series and success we're seeing with customers. The third focus area of our strategy is harnessing the power of advanced AI and machine learning. We started this strategy with the announcement of Application Framework 18 months ago and are proud to announce Application Framework 2.0, which is now called Cortex. We believe this is how security will be managed in the future. Cortex is a significant evolution of the Application Framework. It is the industry's only open and integrated AI-based continuous security platform. Cortex has been deployed in the public cloud, allowing us to leverage its features and scale in rapidly deployed AI. We're also announcing the first application available for Cortex called Cortex XDR. Built to empower SOC analysts, Cortex XDR enables teams to stop sophisticated attacks and adapt their defenses to prevent future threats. Cortex XDR goes far beyond traditional EDR that only works on endpoint data. It breaks down the silos created by legacy technologies to offer the first-ever detection, investigation, and response product that natively integrates network, endpoint, and cloud data. It reduces the signal-to-noise ratio that has been plaguing security analysts. It accurately uncovers threats using machine learning, simplifies investigations automation, and stops attacks before damage is done through trite integration with existing enforcement points. Codex XCR is being launched in conjunction with TRAPS 6.0, our new endpoint product that I mentioned before. Now TRAPS is enhanced for even better endpoint protection using its behavioral threat protection engine. It stops advanced threats in real time by stitching together a chain of events to spot malicious activity. When combined with Cortex XDR, customers can use TRAPS to extend their prevention capabilities to include detection and response across the entire digital infrastructure from a single agent. The more powerful TRAPS product acts as the ultimate data collection sensor for Cortex as well, collecting the most comprehensive data in the industry. We're confident in the uniqueness of our approach, so to make sure our customers can take full advantage of Cortex XDR, We have decided today to include endpoint protection free of charge when they purchase Cortex XDR. Yes, we're declaring our newly developed advanced TravSix product as free if purchased with Cortex XDR. We believe that for true comprehensive investigation of advanced attacks, the data is critical. Customers can now deploy one single endpoint agent that prevents, detects, and responds to attacks across an entire digital infrastructure. And to help us roll out Cortex-XDR, we're also announcing partnerships with five managed security service partners, partners who will deliver 24 by 7 threat monitoring, detection, and response services to our customers. We are excited about these partnerships with Pricewaterhouse, Critical Start, Ontuit, BDO, and TrustWave. They will provide important service to our customers and demonstrate industry confidence in our Cortex platform. These are all exciting changes, and I cannot thank our product team enough for stepping up to the challenge of integration and speed in solving our customers' problems. Lastly, I would like to provide more color on Domisto. Last week, we announced the proposed acquisition of Domisto. Domisto is the leader in the evolving space called SOAR. We believe that Domisto's multi-vendor orchestration capabilities and unique analytics and playbooks will help our customers further automate significant parts of their security operations and allow them to turn their attention to solving unique and complex threats. Domisto, already a partner of Cortex, now will integrate even more tightly into our plans for AI and ML on Cortex. Divisto has an ambitious plan for 2019, with billing projections of approximately $50 to $55 million. To facilitate and support achievement of this plan, we would have Divisto operate as a separate speedboat under the leadership of Slavic Markovic, their CEO, leveraging the broader power network distribution engine At the same time, Slavic will work closely with Lee Clarich and me to accelerate the next step for customer solutions. As I mentioned in the call we had last week, with the addition of Divisto, we now have made a couple of acquisitions over the last six months. While we continue to evaluate companies, my primary focus is on making sure these acquisitions are successful, and we are delighted with both customer reaction and our initial results. In closing, as we approach RSA next week, we know there will be a robust debate about whether the endpoint of the firewall is the center of security. In our mind, this debate is looking at security through two narrow lens. We believe the future of security is about data. It's about data, it's about machine learning from the data, and orchestrating and automating responses. And for customers who are struggling to manage too many disconnected security point products, we believe that our platform approach to security with high levels of integration, analytics, and automation is the answer for the future of security. We believe Cortex is the future. And with that, I'll turn the call over to Kathy.

Thank you, Nikesh. Before I start, I'd like to note that except for revenue and billing figures, all financial figures are non-GAAP and growth rates are compared to the prior year periods unless stated otherwise. All current and prior period financials discussed are reflected under ASC 606 as we adopted the new standard as of August 1st, 2018. In the second quarter, we once again added new customers at a rapid pace while also driving robust expansion business. Our top 25 customers, all of which made a purchase in Q2, spent a minimum of $35.6 million in lifetime value, a 39% increase compared to the same period last year. In the second quarter, total revenue grew 30%, to $711.2 million. By geography, Q2 revenue grew 27% in the Americas, 38% in EMEA, 35% in APAC. Q2 product revenue of $271.6 million grew 33% compared to the prior year. Q2 SAS-based subscription revenue of $249.7 million increased 36 percent. Support revenue of $189.9 million increased 21 percent. In total, subscription and support revenue of $439.6 million increased 29 percent and accounted for 62 percent of total revenue. Our non-attached offerings continue to show strong momentum And we exited the second quarter with run rate billings of approximately $383 million, growing approximately 60% year over year. Q2 total billings of $852.5 million increased 27% year over year. The dollar-weighted contract duration for new subscription and support billings in the quarter was approximately three years. For the first half of fiscal 2019, billings of $1.6 billion increased 27% year-over-year. Product billings were $514.9 million, up 33%, and accounted for 32% of total billings. Subscription billings were $646.7 million, up 30%. Support billings were $449.4 million, up 17%. Total deferred revenue at the end of Q2 was $2.5 billion, an increase of 32%. Q2 growth margin was 76.3%, an increase of 30 basis points compared to last year. Q2 operating expenses were $367.5 million, or 51.7% of revenue, which represents a 220 basis point improvement year over year. Operating margin was 24.6%, an increase of 250 basis points. We ended the second quarter with 5,856 employees. Non-GAAP net income for the second quarter grew 49% to $147 million, or $1.51 per diluted share. Our non-GAAP effective tax rate for Q2 was 22%. On a gap basis for the second quarter, net loss declined by 90% to $2.6 million, or 3 cents per basic and diluted share. Turning to cash flows and balance sheet items, we finished January with cash, cash equivalents and investments of $3.6 billion. During the quarter, we completed our $1 billion share repurchase program, which was effective through December 31, 2018. We repurchased approximately 1.9 million shares of common stock at an average price of approximately $178 per share. On February 22nd, our board of directors approved a new $1 billion share repurchase program. The new repurchase authorization will expire on December 31st, 2020. Turning to cash flow, Q2 cash flow from operations of $275.4 million increased 13%. Free cash flow for the quarter was $251.9 million. This figure was impacted by approximately $15 million of imputed interest expense associated with redemption of the 2019 convertible debt. Adjusting for this and other cash charges, free cash flow in the quarter was $271.4 million of 21% at a margin of 38.2%. Capital expenditures during the quarter were $23.5 million. DSO was 50 days, a decline of nine days from the prior year period. Turning now to guidance and modeling points. For fiscal Q3 2019, we expect revenue to be in the range of $697 to $707 million an increase of 23% to 25% year over year. We expect non-GAAP EPS to be in the range of $1.23 to $1.25, which includes expenses related to the proposed DEMISTO acquisition using approximately 99 to 101 million shares. Before I conclude, I'd like to provide some additional modeling points. Our Q3 non-GAAP EPS guidance includes a net increase in M&A expense of approximately $5 million, or 4 cents per share, attributable to the proposed DEMISTO acquisition. In the first 12 months following the acquisition, we expect DEMISTO billings of approximately $50 to $55 million. Our EPS guidance also includes an expected one cent impact due to U.S. tariffs on Chinese origin goods. We expect our non-GAAP effective tax rate to remain at 22%. CapEx will be approximately $20 to $25 million. To help you model billings for the remainder of the year, we are comfortable with current consensus for the second half of the year. And for fiscal 2019, including acquisition-related operating expenses, we expect an adjusted free cash flow margin of approximately 36%. This fiscal 2019 number is adjusted for one-time items consisting of the previously communicated $97 million related to the settlement of 2019 convertible debt and between $35 to $40 million of cash flow associated with our new headquarters in Santa Clara. With that, I'd like to open the call for questions. Operator, please poll for questions.

Yes, ma'am. If you would like to ask a question, please signal by pressing star 1 on your telephone keypad. If you are using a speakerphone, please make sure your mute function is turned off to allow your signal to reach our equipment. Again, press star 1 to ask a question. We'll pause just for a moment to allow everyone an opportunity to signal for questions. Okay, our first question comes from Walter Prichard, Citi.

Hi, could you give us an update on service providers? It sounds like you're still pretty excited about that opportunity. I don't know if you're willing to express a percentage of revenue or whatnot, but curious of an update on that and then how the product-related follow-up.

Hi, Walter. Thanks for your question. Look, as I mentioned when we launched K2 and we talked about it in the last quarter, we believe the 5G opportunity is a unique opportunity. And the whole focus on IoT, or you have been talking to a whole bunch of telcos and service providers out there, and there's a twinkle in their eye when we start talking about the B2B use case for 5G, where they would not have cared as much if, well, I shouldn't say that for them, but they were not as focused on individual consumers and the ability to hack their phones or provide security. But as it comes to B2B use cases, providing security, bandwidth at the edge, they are very concerned of making sure that their B2B customers have a secure tunnel going from all the way from their devices or their cars or whatever they choose to implement or healthcare devices or rigs back to their cloud. And we believe our firewall is uniquely positioned to solve that problem for them in the K2 firewall space. So we're very happy with a lot of conversations we're having. We're beginning to start seeing requests for integrating that in some sort of testing with them. So all I can say is, you know, early days, but we're happy with the direction the conversations are taking.

And maybe for Kathy, on the endpoint side, I guess that's been a market where you haven't really had a complete solution arguably until now. Should we think about CNA pretty significant ramp in that revenue here as you go into the second half of your fiscal year, giving you a complete product, you have some of those new relationships and so forth, or is that maybe too ambitious and we should think about that as more of a fiscal 2020 driver?

Well, look, we're very excited about the new TRAP 6.0 and, of course, Cortex XDR, which will leverage TRAP 6.0. We think that it's going to be a very compelling solution for our customers, and so we obviously have a lot of confidence in our ability to drive acceptance of that product in the marketplace. In terms of what's going to drive our overall revenue performance, you know, I'm really not going to start to get into those kinds of details, but we're very excited about TRAPP 6.0 and think that it offers us great potential for the future.

Okay, thank you.

If you find that your question has been answered, you may remove yourself from the queue by pressing star 2. Our next question comes from Carl Kersted, Deutsche Bank.

Thank you. Maybe one for Nikesh, one for Kathy. Nikesh, the product revenue growth acceleration to 33%, I think, was super impressive. I'm wondering if you could just comment on where you saw strength, either by appliance family or vertical, perhaps. Maybe just give a little color on if there was any particular driver of that. And then, Kathy, the question for you is really on the The margin outperformance, I don't think anybody was modeling a 250 basis point margin improvement. I'm assuming that something occurred on the sales and marketing line. Maybe you could offer some color as to whether any expenses were deferred out of 2Q into 3Q or if there was anything else unusual. Thank you.

Hey, Carl. Thanks for your question. Look, I think I have to say that there's no specific driver but a general level of activity we're seeing out of the marketplace. as we've talked about this in the past that every time something happens in the market where a customer gets breached or somebody gets breached there is a heightened sense of awareness and security and all i can tell you is that the conversations are getting more and more up leveled in terms of preparedness of organizations for security and we are seeing more and more security consciousness from a vertical perspective we've always done better where people care more about security you know Fed has been strong for us, financial services have been strong for us, but we're seeing that peter down into other verticals. I just say that this is generally strength across the board, and that's probably what has driven the revenue in the product front this quarter.

Yeah, and I'll just address the margin comments by saying they're very related. You know, the strong product mix that we saw in the quarter obviously drives higher revenue yields, So that obviously is helping our margins. But in addition, we have been driving leverage in the business. And in Q2, we saw operating expense as a percentage of revenue declined by 220 basis points, as I mentioned in my remarks. And you're right that sales and marketing is driving that number and the leverage that we're seeing. And we've seen that for the last several quarters, good leverage in terms of sales and marketing expense overall.

Got it. Okay, thank you both.

Thank you.

Our next question comes from Fatima Boulani, UBS.

Good afternoon. Thank you for taking the questions, one for Nikesh and one for Kathy. Nikesh, one of the things that you've talked about and have been focusing on is packaging your cloud solutions in a better way and also taking steps to ensure the entire portfolio, which has expanded quite dramatically over the last couple of years, making sure the entire portfolio is sort of better integrated. So I wanted to understand sort of the mile markers and progress you've made on that front and to what extent that has been influencing deal sizes, deal trends, and especially that customer lifetime value metric that continues to grow apace. And then a follow-up for Kathy, if I may.

Sure, Fatima. Thanks for your question. Look, I think I'm very excited that in eight months we've been able to create real focus around the three areas I highlighted, the enterprise side and, you know, expanding your question a little bit more. On the enterprise side, as I said in our prepared remarks, that I think this company had done a phenomenal job in building a firewall and putting subscriptions on top of firewalls. Basically, once you put a firewall in a customer's infrastructure, which is a hard decision because you're introducing a another piece in your infrastructure, which is now delivered to you by a cybersecurity vendor. It's incumbent upon us to provide more and more solutions to the customer, which can be triggered off the firewall. And I think the product team really rallied in the last eight months, and we built our first non-attached, sorry, after 2011 in our DNS security service. And the team is really charged about building more capability through our firewalls. We have 60,000 customers for firewalls. So, you know, the ability to take that to our customers and say, look, you don't need another appliance in your infrastructure. You don't need another solution. It all works off of Palo Alto Network's pain, management pain, and we can give you more and more capability from the firewalls you deploy. And that's kind of, for me, it's very exciting. So that's a point of integration and a mild marker, like you called it, for integration for us on the enterprise side. On the cloud side, we're slowly and steadily working towards better integration. We're excited about our RedLock progress. We're excited about our GPCS progress. As I highlighted, these are big wins for us, and the team is getting more and more excited. We're deploying more people across the regions to make sure we have the capability and the ability to go compete with the people out there offering these solutions. You can expect us to provide more proof points around integration in further quarters. We don't have anything announced on the cloud side yet. And I think, you know, we just announced Cortex this morning. I think the marketing team has done a phenomenal job. The product team has done a phenomenal job in deploying application framework 2.0. And I was asked last quarter what would be the proof point of us being able to show true integration across multiple data points. And Cortex XDR is that. It is the only service. in industry, which will blend endpoint cloud and network data as a point of integration. So we believe we are making tremendous progress towards our aspiration to provide more integrated services, and you can expect us to do more and more of that.

That's super helpful. And Kathy, maybe a question for you on the gross margin, certainly a little bit better than we were looking for. Just wanted to understand how you've been navigating some of the supply chain constraints as a consequence of the tariffs. And how much longer should we expect that headwind to persist? And at the same time, as the cloud solutions build out and you prior greater scale, how should we think about impacting, how should we think about those investments impacting gross margins as well? And that's it for me. Thank you.

Yep, sure. So in terms of our gross margin improvement during the quarter, yeah, we've said that with the new products that we introduced now almost two years ago, we've made a concerted effort to ensure that we're able to improve the margins on those products over time, and we've definitely been able to do that, and so we've seen some improvement in the product gross margins over time. We also have seen, you know, some improvement in terms of just memory pricing, which we talked about. Memory pricing seems to be stabilizing now. We do still have some issues in terms of more commoditized parts being more expensive than they have been in the past. But overall, we've indicated an impact of one to two cents in this quarter due to the tariffs. So it's kind of a mixed bag. We're seeing some improvements, and we also have some negative influences. Overall, we did see an increase of about 30 basis points year over year, which obviously we're very pleased about given the current environment. In terms of cloud investments and where we see that going, obviously you've also seen some declines in our services margins as we have been investing in those businesses. We think that there's a lot of potential for us to build really big, nicely sized businesses in the cloud, and there's a great opportunity for us. So we're definitely investing in those areas in order to ensure that we can capture the market opportunity.

Very clear. Thank you so much.

Our next question comes from John DeFucci.

Thank you. My first question is actually for Lee. So Lee, I think you mentioned, or it might have been Nikesh in the last call, that the new Telco class appliance you're coming out with, I assume that's the PH7000. I guess if you could just let us know if that's right. Or is that replacing other products? And I guess if it is that new one, should we expect further launches to address this market, a market you really haven't been in very much in the past?

Yeah, good question. So let me just start by clarifying. The PA7000 series, and specifically the new modules that were introduced and launched as part of the 9.0 release earlier this month, That is the basis for the K2 series, but the K2 series is a optimized hardware platform targeted for service providers, and specifically the mobile networks, as we see those transitioning from 4G to 5G. And then with 5G, the advent of much broader IoT, and in particular high-value and sensitive IoT devices coming onto those that need security. So they're related, but they are different offerings. Relative to service provider overall, we have been in this space, in this market, selling to service providers. We have seen success across different parts of the portfolio. The K2 series, though, is the first time we've designed and built a product specifically for that market to really go capture the specialized opportunities that exist there.

And we're still waiting on the K2 series. Is that correct?

No, the K2 series is now available as of earlier this month.

Okay, perfect. Thank you. And, Kathy, just a clarification. The results are strong across the board, all revenue categories, but especially in the product area. So I just want to make sure we understand it correctly. I mean, is all of attached subscription something I think both you and Nikesh talked about in your prepared remarks? Is all of that in the subscription line or is there any of that in the license line due to ASC 606 and the way on-premise subscription is treated under that standard?

Yeah, a portion of the VM series which we talked about when we talked at the beginning of Q1 regarding ASC 606, a portion of our VM series is recognized upfront in that category.

Okay, and so it's in that line item on the income statement and the license line?

That's correct.

Okay, was there any shift, like is there a continuing shift to more subscription or more on what would be, you know, that kind of revenue, on-premise subscription where you'd have more on the license line?

No, I mean, in terms of what's driving the growth there, that's really not a driver of the growth. not a significant driver of the growth in any respect. It's obviously we've made the adjustment both in this year's recognition of VM series and last year's recognition of VM series. And while we're seeing growth there, obviously it's not as big a portion of our business as the rest of our product revenues are. And so the real impact is what we're seeing in terms of the rest of the product category.

Perfect. Thank you very much. It's very clear.

Yep. Just a reminder, if you would like to ask a question, please press star 1. Our next question comes from Jared Talpas, Stifle.

Thanks for taking my question and congrats on the results. A few product-centered questions here. One, how should we think about the efforts around XDR and Cortex in conjunction with your vision for DEMISTO and the app framework? And ultimately speaking, how intertwined are these initiatives?

Let me give you an overview and then perhaps we can jump in with the real answers.

Look, for us, Cortex is a big deal. We spend a lot of time in making sure we get the underlying platform right. I think by deploying it on the public cloud and using the features that you come where you can handle massive amounts of data and being able to leverage the native AI tools and that is very useful. I think XDR is very critical. I think XDR is a service which there's a whole bunch of startups out there trying to provide that kind of service. I think it's different when we deploy that service where you can leverage the data you collect from firewalls and from traps and from our cloud security sensors. Actually, there are many customers who have deployed all three from us, so we have the opportunity to go to them and say, look, here we have them. Here's a real tool that can help you in your SOC deal with a whole bunch of stuff that was not available in the past. I think DEMISTO was something that, and I think you and I haven't talked about this, and we couldn't talk much about it because I wasn't going to talk to you about it until we figured out what we wanted, but I think when we went out to our customers, the customer's big challenge is I've got so many cybersecurity solutions, I'm getting three to ten times more alerts than I was getting three to five years ago, and I'm going to have to hire more and more analysts to figure out how to solve the alerts. you know, this cannot be a punitive damage. The more secure I want to feel, the more products I need to deploy, the more people I have to hire to solve the alerts that you guys send me. So we realize that there is a crescendo where people are saying I need more help solving these alerts than going out and generating them. I think Demisto fits squarely in that sole spot in the industry, no pun intended. And I think part of the opportunity we have is to be able to take that and leverage that across the entire application framework where we can leverage that across data from not just Palo Alto Networks, but other vendors, and Domisto has already mastered that art.

Yeah, and just to piggyback on top of what Nikesh said, I think one of the ways to think about this is we do want to actually encourage customers to have more alerts. Like more data is always a good thing, but only if for the majority of that we can automatically deal with that, and that is where Domisto will fit in is that automated playbooks and analytics to deal with sort of the large volume of alerts coming in. And then XDR provides that ability to stitch together data from different sources, really understand it, and proactively present it to the SOC analyst for the more sophisticated attacks where you actually need an analyst to spend some time understanding it, investigating it, and initiating a response. And so they do work very sort of hand-in-hand. in terms of how a SOC analyst would think of the capabilities.

That's actually really helpful. And then, Nikesh, you talked about a strong customer response for Domisto, but I want to know if you've had a chance to talk with any integrated vendors yet, and if you've gotten any response yet from those that have worked directly with Domisto in the past and how they sort of view the integration and acquisition going forward.

We have had an opportunity, and I think it's fair to understand that You know, the biggest role in this process belongs to the customer because Domisto is deployed in a customer's infrastructure with their explicit permission to be able to access the data from the customer and remediate back into their infrastructure. And they've built the product on the back of open connectors that are available from every vendor out there. So there's no proprietary connectivity that Domisto leverages that is going to change by the acquisition, and that's where your question is headed. In addition, the investor will also have access to a lot of PowerAltar data, which is just impossible for us to deploy anywhere else but in Cortex.

That's helpful. Thank you.

Our next question comes from Gabriella Borges, Golden SAC.

Good afternoon. Thank you. Nikesh, I was hoping you could expand a little bit on the monetization opportunities around XDR. We've talked about monetization with the application framework more broadly, maybe just specifically on XDR, and the decision to include traps within the broader bundle. Just to put some takes on how you thought about that. Thank you.

Sure. Thank you. Look, again, I'm going to give you a little overview, and Lee will jump in, hopefully.

From an XDR perspective, I think, you know, our thesis going into it was the thesis of integration. And this is something the company had already been working on for a while with the acquisitions of sector like cyber that we need to figure out how to take all this data and provide it consistently in one way as opposed to deploying more and more tools against the infrastructure. So XDR for us is very, very important because it is actually the first critical application from our end which integrates data from all the three sensors that I mentioned. So it's very important. as we get into the SOC business. And also, part of the observation we've had is that as more and more sophisticated tools get developed, it becomes impossible for customers to train their SOC analysts across multiple tools. So if you notice, I mentioned this, but I think I want to highlight it, that we've actually partnered with five partners who are going to help us manage this as it gets deployed in the SOC, because we believe the true leverage is from being able to fully utilize the product across all the data that we've collected or we will be collecting for XDR. In terms of the traps decision, I think if you look at the endpoint industry, and I stared at it hard over the last eight months, there's a lot of vendors. And there's a lot of vendors who used to do a certain set of features. There's new vendors who do a certain set of new features. And we sat and thought about how we could make sure that traps over time becomes the ubiquitous endpoint agent in the market. And we realized that endpoint protection in its most advanced form, should become table stakes. Every customer should have it. But the endpoint agent has, in my mind, at least two major features. One is to provide protection at the endpoint, but as importantly is to provide data to be able to go back into a cloud database, if you will, which allows them both to leverage it across other security solutions, but also be able to send behavioral threat data back to the endpoint. So we thought bundling traps in XDR would be the right outcome. And because we want ubiquity on traps, we want to make sure that's available free to our customers so they can deploy it. And as you probably know, customers have multiple endpoint agents running in their infrastructure. They're not required to replace anything. This is just a free product that they can deploy, which allows us to leverage XDR more effectively for that customer. Lee thinks he's coached me well, and he's giving me a thumbs up, which means he doesn't mind.

The follow-up is for Lee. I think he might know the answer to this. When you look at your customer base on next-gen firewall, do you have a sense for to what extent your customers have standardized on Palo Alto deployments for the firewall versus maybe are still dual sourcing or have multiple firewall vendors? Can some of the new policy rules and the features that you have in 9.0 help with that standardization effort?

Yeah, great question. You know, the high-level answer is obviously going to be it depends. It depends on a number of things, such as how large the customer is, when they initially became a customer of Palo Alto Networks, and where they are in that journey. You know, we see certainly a lot of our customers, they often will initially purchase for a particular project deploy, gain success out of that, and then use that success to leverage across other parts of their infrastructure over time. Obviously, we try to accelerate that in capabilities like the Policy Optimizer actually allow us to help accelerate that by moving them more quickly into the kind of security policies we think and they think are better, both from a security perspective as well as an ease of operation perspective. The second aspect of that is the more they are able to see the value and consume the value of additional subscription services on top of that, whether that's the threat prevention subscription, wildfire, PAN-DB Euro filtering, Global Protect, or now with 9.0, the DNS security service, the more value they see out of using us as their primary firewall in their infrastructure, which also then often drives broader consumption and usage. And so it is a journey, but But what we see both in terms of utilization as well as footprint does continue to expand.

Thank you. Thank you.

Our next question comes from Sterling Otte, JP Morgan.

Hi, Sterling. I'm curious how you guys think about the need for product growth moving forward within the overall growth of total revenue. You started as a razor and razor blade model. Now you have a substantial amount of non-attached subscription. So how fast does product have to grow moving forward for you to deliver on your growth goals?

That's a good question. I think, look, we'd like more and more customers to deploy our firewalls. So from that perspective, yes, we'd like to see product growth, but we want to see both depth and breadth, and that's why we're embarked on a rejuvenation of our subscription services because we believe that the firewall can offer multiple subscriptions to our customers. And we found good success and uptake every time we've deployed a new subscription, and we just want to increase the intensity of those subscriptions because today there are still many point products that are being deployed in the infrastructure. So we see the firewall not just as, as I said, like as a, as an inline firewall that protects you, but we also see it as a platform to be able to deploy more and more services where the customers don't need to deploy more things. So for our growth plan, it's important for us to get both depth and breadth on the product side.

Makes sense. And then one follow-up. On Domisto, you gave us a sense of the aspirations on the billings front, but how does the contract structure look and how do we think about the billings flowing into revenues?

Kathy, did you want to not answer that?

Well, DEMISTO operates with a ratable model for the most part, and so we would expect a ratable revenue model with the DEMISTO acquisition. Does that answer your question, Sterling?

Well, sort of. So, in other words, we should expect the revenue contribution initially to be small, but for it to layer in. So, you know, in that four-quarter look, the second half should be substantially bigger than the first half, or is that the wrong way to look at it?

Well, I think you're on the right track, that revenue does lag in terms of – revenue does lag bookings in a ratable revenue model. So you've got that correct.

Okay, thank you.

Our next question comes from Keith Wise, Morgan Stanley.

Hamza Farawalla Hi, this is Hamza Farawalla, in for Keith Weiss. Just a couple of quick questions from my end. Looking at the fiscal Q3 guidance, and it implies a slight sequential downtick in revenue versus Q2, which is unlike what we've seen in the past. So, to what extent is that a caution related to the macro environment, whether it be tariffs or spillover effects from the federal government shutdown? or just typical conservatism in your forward guidance?

Yeah, look, I wouldn't read any sort of macro comment into our guidance. We're guiding a very respectable 23 to 25% year-over-year revenue growth range on a pretty tough compare last year. So we feel very comfortable with where we are in terms of our guidance.

Got it. And just a follow-up question on the free cash flow margin. You mentioned a 36% free cash flow margin roughly for the full year. Does that include the one-time payments, or does that exclude that?

So the 36% full-year free cash flow margin that we guided to includes the adjustments. That's an adjusted free cash flow margin.

Okay.

Okay. Thank you.

Yep.

Our next question comes from Shaw Eyal.

Thank you. Good afternoon, guys. Congrats on the strong results on Outlook. Nikesh or Cathy, I think this quarter has shown the strongest level of growth in EMEA, I think at around 38% year-over-year. What's driving this ongoing improvement? Is that the work you've been doing with the biggest distributors? Is it demand trends? Help us understand. Thank you.

Well, I think generally speaking that as Palo Alto Networks as a company has grown and we've expanded globally, we've spent a lot more time making sure we have robust teams in every country in Europe. We have very strong leadership there. I think it's just, in my mind, it's really getting out there in front of customers and presenting our solutions and penetrating the market. So it's just good execution on the part of our EMEA team. And all I can say is from prior experience, a U.S.-based company is very focused in the U.S. where it starts over time and starts expanding globally. And we have a lot more room, we think, in our international markets. And we're going to be continuing to focus on execution, not just in the U.S., but in EMEA, as we've shown, and various parts of Asia Pacific and Latin America.

That's fair enough. And as a follow-up, if I may, linearity trends, if I'm looking at the past few quarters, seem to be slightly improving. not as back and loaded as prior ones. Just looking for some color, if possible, on that specific point. Thank you for that.

Yeah, our linearity is, in terms of when our bookings come in, has remained fairly consistent over time. We do see... You know, depending on the quarter, for example, in the quarter just ended, December obviously is year-end months, and so we see different linearity in that quarter than we do in other quarters, but that's been very consistent over time.

Got it.

Thank you. Yeah, I wouldn't really call out anything particularly new or different there.

Okay. Thank you for that.

Our next question comes from Philip Winslow, Wells Fargo.

Hey, thanks guys for taking my question. On the site with the launch this morning, it said you had 60,000 enterprise customers. I just look at that versus the end of the year, it's up about 6,000, which is actually ahead of where you were through the first half of fiscal 18. Obviously, you can add net new customers at a very healthy pace. When you start to think about forward guidance, even just medium-term planning, How are you thinking about prioritization of go-to-market between upsell of obviously what is a growing product portfolio in an existing install base versus continuing to land new customers?

Well, I think part of the challenge you're given to the sales team is you've got to be able to walk and chew gum at the same time. So we're going to have to do a bit of both. I think to be able to sustain the growth aspirations we have, we have to go out and expand in our existing base. We also have to be able to land new customers because We have a lot of new products that we're trying to deploy, which will be deployed both in our existing customers and your customers, who may be more receptive to our new products, which we are deploying in the cloud space and the Cortex space. So we really are trying to focus on both ends. The opportunity to go to existing customers and sell them new existing product, new product, of course, is great because they already have experienced our products, have deployed them, and have the training and the experience the experience on the products, but we're challenging our teams to try and do a bit of both.

Got it. And then just to follow up on that in terms of just obviously the healthy and the new customer ads, any changes that you're seeing in those deals in terms of just win rates versus the competition, your pricing in those deals, et cetera, just any sort of color on that would be great.

Our win rates haven't changed substantially over the last 12 months or last eight months at least since I've been here. I think it's been pretty consistent across the board. We are seeing better traction, obviously, in some of our newer products, which we haven't seen in the past, hence the growth rate sustaining over 60%, as Cathy mentioned. So we are seeing traction there. We are seeing our teams beginning to form around it. So we have high expectations from the teams in that area. But generally across from a landscape perspective, one of you highlighted the success we're seeing more in EMEA, so clearly that's more of a penetration strategy. So I think it's just Just steady execution across all fronts and wherever we feel that we need to go step in and create more effort, we do by constantly inspecting our processes.

Cool. All right. Thanks, guys.

Thank you.

Okay, our last question comes from Ken Talanian, Evercore.

Guys, thanks for taking the question. Are you seeing most customers make enterprise-wide purchases of Global Protect Cloud? Are most of the deals thus far more representative of a land and expand opportunity?

Look, there are customers who already have policy network firewalls deployed, and they're used to our Panorama management pane, so they understand how to set up policies, how to make it work, and then Global Protect Cloud just becomes an extension of their security posture. But we've also seen, as I highlighted, the two wins we've had. We've also seen situations where we walked in and a customer has deployed Google Cloud Service because they believe it's a more secure product than the other product, which is competitive, which I cannot name. I forget.

Okay. And last question. Have you made or do you plan to make any changes this year to Salesforce compensation or the compensation terms?

Look, we're constantly adapting our Salesforce's compensation to make sure it meets the objectives we set for ourselves. And we also take feedback based on where our expectations were different from what has transpired in the market. But there's nothing substantive that we have changed or we plan to change during the course of our year because so far it seems to be working.

I would agree. Thank you.

Well, if there are no more questions, I just want to thank all of you for attending our call. I also want to give a big shout-out to the team at the company. They've done a phenomenal job. So thank you very much, and I look forward to meeting with many of you in the upcoming weeks and some of you at the morning teleconference. Thank you.

Thank you, ladies and gentlemen. This concludes today's teleconference. You may now disconnect.