This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Palo Alto Networks, Inc.
11/25/2019
Good day, and welcome to the Palo Alto Network's Fiscal First Quarter 2020 Earnings Conference Call. Today's conference is being recorded. At this time, I'd like to turn the conference over to Mr. David Niederman, Vice President, Investor Relations. Please go ahead, sir.
Good afternoon, and thank you for joining us on today's conference call to discuss Palo Alto Network's Fiscal First Quarter 2020 financial results. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.palotonetworks.com. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer, Kathy Bonanno, our Chief Financial Officer, and Lee Klarich, our Chief Product Officer. This afternoon, we issued a press release announcing our results for the fiscal first quarter ended October 31, 2019. If you would like a copy of the release, you can access it online on our website. We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding our financial guidance, and modeling points for the fiscal second quarter, full fiscal year 2020, and our next three years, our competitive position, and the demand and marketing opportunity for our products and subscriptions, benefits and timing of new products and subscription offerings, and trends in certain financial results and operating metrics. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after this call. For a more detailed description of factors that could cause actual results to differ, please refer to our annual report on Form 10-K filed with the SEC on September 9, 2019, and our earnings release posted a few minutes ago on our website and filed with the SEC on Form 8-K. Also, please note that certain financial measures we use on this call are expressed on a non-GAAP basis and have been adjusted to exclude certain charges. For historical periods, we have provided reconciliations of these non-GAAP financial measures to GAAP financial measures in the supplemental financial information that can be found in the Investors section of our website, located at investors.palatinetworks.com. And finally, once we have completed our formal remarks, we will be posting them to our Investor Relations website under the Quarterly Results section. We'd also like to inform you that we will be attending two investor conferences next month. We will participate at the Wells Fargo TMT Summit in Las Vegas on December 3rd and at the Barclays Global Technology Media and Telecommunications Conference on December 11th in San Francisco. And with that, I'll turn the call over to Nikesh.
Thank you, David. Good afternoon. Thank you, everyone, for joining our call. As most of you know, with this quarter, I am lapping my first Q1 at Palo Alto Networks. In my very first call, I talked about my observations in the industry and our goals as a company. About a year ago, we were a great single product company focusing on integration and automation. We have made some early moves towards the aspirations of the cloud, and we're beginning to build products with AI and ML, recognizing the evolving trends in technology. One year later, I couldn't be happier with our achievements. We made significant progress moving into a leading position in cloud security. making great strides in automation using AI and ML across our product portfolio. Our speedboats are working. We are delivering integration. This is bearing fruit in our customers seeing the benefits and betting more and more on Palo Alto Networks. A few months ago, we set out a three-year plan for the company and shared it with you during our analyst day in September. While I intend to share our progress during this quarter, I also want to provide a report card on how I feel we're progressing towards the longer-term goals that we have set out for ourselves. And perhaps, More importantly, I'd like to share where we're feeling more confident and also where we need more work. This is the first quarter we are marking ourselves against the targets that we presented in September. We have published a slide that is available on our investor relations website that you can download to follow along with my comments. We will be targeting our progress against this plan. Let's start with our overall billings targets and how they're tracking. We are delighted to have done better than our guidance. As I'm learning the rhythm of an enterprise business, I understand that enterprises put a lot of effort in driving good year ends, and then they have to kickstart new years. I was advised that sometimes there can be challenges sustaining momentum into a new fiscal year. But our teams have delivered, and we're off to the races. As I spoke with investors after Analyst Day, many asked me, what makes you confident that you can achieve billings of $800-plus million in next-generation security this year? I'm delighted to report that after a great Q4, we have maintained the momentum and have been able to better our plans, delivering next-generation security billings of $117 million, which is 217% year-over-year. So sticking with my scorecard, I have more confidence in our ability to continue to deliver here, to show our growing confidence, or increasing our guidance for next-generation security billings for the full year to $810 million to $820 million. The one area that we did not deliver to our expectation of the quarter is product. which weighed on the growth of the firewall-as-a-platform category and grew only 11% year-over-year. The category, firewall-as-a-platform, grew only 11% year-over-year. In fiscal 2019, we provided incentives to our teams to build our next-generation security business. By Q4, they showed us they could with very strong results. That momentum carried into the start of fiscal 2020 with strong next-generation security pipeline going to Q1. However, even though we have balanced our sales incentives this year, It looks like it's going to take us a little more for that change to take effect. Despite our performance this quarter, we continue to have confidence in our ability to deliver a 23% CAGR over the next three years in the firewall as a platform category, with contributions from all three form factors, hardware, virtual, and as a service. To help our efforts in this area, we have established our third speedboat to coincide with our secure enterprise pillar. This speedboat will be led by Andy Elder, who was recently the chief revenue officer of Riverbed. This gives Amit, our president, three speedboat leaders, along with our regional leaders. With that change, we have chosen not to replace the position of head of sales and run a flatter organization, allowing us to continue to be nimble in our transformation to a multi-product company. Back to our scorecard. Our revenues remain on target. Now let's travel down to our EPS margins and cash flow. I did get to read many of the analysts' reports on this topic, and I want to help you appreciate a point we made at our analyst day. This fiscal year is our year of investment and transformation. We're not looking to cut costs. We're looking to invest. However, we are holding our teams to a plan. Our plan asks us to deliver an EPF of $5 to $5.10 for this year, and we intend to stick to it, without accounting, of course, for the proposed acquisition of Aboretto, which I just announced. Our Q1 adjusted free cash flow margin was light compared to our annual target due to the timing of certain cash flows. However, we remain on track with our annual guidance. So with that, let's now dive into the exciting product announcements we debuted at our Ignite conference in Barcelona earlier this month. Many of our customers are taking integrated bets across our enterprise, cloud, and AI ML products. While a year ago we were just talking about ambition, today we see the three platforms emerging in our product strategy. As you know, we have branded our cloud solutions Prisma and our application framework and AI and ML products Cortex. That left our firewall business needing a brand. Today we're announcing Strata, a brand for our firewalls and attached subscriptions. Which leads me to the innovations we're making to secure the enterprise. As some of you might be aware, we announced DLP and SD-WAN for Prisma access at our Ignite event in Barcelona two weeks ago. We will extend SD-WAN capabilities to our next generation firewalls with an attached subscription to be available shortly. and then IoT in 2020. In the span of 18 months, we will take our attached subscriptions from four to seven. These new subscriptions will be simultaneously available in a virtual firewall format. As a quick side note, DNS Security now boasts over 1,000 customers and is our fastest growing attached subscription, having launched just in February of this year. In this category, we continue to garner recognition for our technical leadership, and were named as a leader in the Gartner Magic Quadrant for network firewalls for the eighth consecutive time. We were also recognized as a leader by Forrester in their recent Zero Trust Extended Ecosystem Platform Providers Wave Report. We feel good about the overall growth potential for firewalls in the platform and are excited about the ongoing innovation we have planned in this area. Moving to securing the cloud and access to the cloud, let me first talk about Prisma Access. We're very excited about the recent innovations we have announced, including SD-WAN and DLP services, a new cloud-based management UI, and new SaaS service level agreements. Prisma Access is now the industry's most comprehensive secure access service edge platform. This gives Prisma Access the potential to be a leader in a new market category defined by Gartner called SASE, or Secure Access Service Edge. SASE is a convergence of network and cloud security that recognizes the new demands required to secure cloud and mobile workforces, while also delivering on integration and ease of management. Prisma Access is perfectly suited to be a leader in this emerging category, and we're incredibly excited to bring this enhanced product to our customers. Moving across to Prisma Cloud, one of the questions I often get asked is, are you deploying the String of Pearls strategy? The answer is no. I want to point out we're doing something different. We are integrating into three platforms. Our goal is to make life easier for our customers through integration. A prime example is Prisma Cloud. As soon as we acquired Redlock, we integrated it into the evident functionality in four months. This past week, we have announced the integration of Redlock, Twistlock, and PureSec into one platform. Yes, one platform, Prisma Cloud. Now for our SaaS version, you can only buy one product, which is the integrated product. I'm very proud of our Prisma team who have delivered this effort in the record time of five months since acquisition. And of course, we will continue to work on delivering more cross-product capability over the next year. Prisma Cloud allows organizations to obtain a full and unified view of their cloud security and compliance posture across any type of cloud workload, including containers, serverless, and host environments under a single plane of glass. Prisma Cloud also integrates security into software development workloads, allowing developers the ability to see vulnerability status every time they run a build without having to run a separate tool. I personally believe Prisma Cloud is fast becoming the essential multi-cloud, multi-technology platform now with over 1,000 customers. Keeping to the theme of providing more capability, today we announced our intent to acquire Apparetto. After an extensive market scan and thinking through how we believe micro-segmentation can fundamentally be reinvented, we decided to accelerate our efforts to the proposed acquisition of Apparetto. Apparetto has unique machine identity-based micro-segmentation capabilities that complement the existing cloud native security platform capabilities delivered by Prisma Cloud. We are incredibly excited to welcome the team to PowerAuto Networks. In addition to the acquisition, our team continues to drive hard innovation on the Prisma Cloud platform. Now let's turn to Cortex. I'm also proud of this team. This team has outperformed their billing forecast for the first quarter by almost 20%. We introduced Cortex XDR 2.0 at Ignite. This is an integrated version with both endpoint protection and XDR capabilities. We launched Cortex 1.0 about six months ago. We're the only vendor to take EDR and reinvent it with network data to deliver XDR. It's been gratifying to see several other vendors follow suit and offer their own XDR term product. To continue to stay on the bleeding edge in this category, we're extending Cortex XDR's behavioral analytics capabilities to include data and logs collected from third-party firewalls, enabling detection across multi-vendor environments. We announced the inclusion of checkpoint firewall data at Ignite. We also hope to be able to accept data from Fortinet and Cisco before the year is over. This is probably the only time you'll hear me talk about our competitors in a neutral way. In the first nine months of Cortex XDR, We've enabled organizations to reduce alert volumes by up to 50x and speed investigation time by about 8x, filtering out the noise and allowing analysts to focus on most critical threats. Turning to DEMISTO, which is part of our Cortex brand, a couple of months ago, we enhanced our comprehensive security orchestration automation response platform, DEMISTO, by adding a number of new capabilities. Demisto 5.0 redefines the limits of SOAR customizability, enabling users to visualize incident and indicator flows in a completely tailored manner, improving the clarity and speed of security operations. What's even more exciting is what Lee talked about at our Ignite event, our ability to collect telemetry data on how Demisto is being used. We're starting to get this data, and customers will start to see the benefits, where we can give them more insight on how to get the most of this platform, including which playbooks are the most valuable and which integrations work the best. Finally, we're very pleased to announce a new high-end support offering called Platinum Support for our physical and virtual firewalls and our panorama management system. This is a continuation of our goal to provide the highest level of service to our customers. Platinum Support is an enhanced version of our premium support offering and will feature dedicated teams and best-in-class response times and also several other new features designed to ensure our customers' peace of mind knowing that Powerhouse Network's deep expertise is in their corner whenever they need it. This is just an overview of all that we've introduced at Ignite, and I encourage you to review the archive presentations from that event. As a continued measure of that confidence during the quarter, we repurchased nearly $200 million worth of our shares. To conclude, we had a great first quarter. I feel more confident in our ability to deliver the plan we set out for this year. Our product teams have rolled out exciting innovations and have us on the leading edge in multiple categories, from firewalls to XDR to SOAR to SASE and cloud security. As I contemplate our roadmap for the next 12 months, I become even more excited to see these security categories strengthening, knowing that our products will continue to mature and be deployed by our customers around the world. With that, I'll turn the call over to Kathy.
Thank you, Nikesh. Before I start, I'd like to note that except for revenue and billing figures, all financial figures are non-GAAP and growth rates are compared to the prior year periods unless stated otherwise. As Nikesh indicated, we had a good start to our fiscal year, and are tracking well against the targets we had outlined during our analyst day in September. In the first quarter, we continued to add new customers at a healthy clip and sustained momentum in our next-gen security products. Let's look at some key customer wins. We signed an eight-figure deal with a leading casino company spanning each of our three pillars. This engagement was positioned with their entire IT leadership team from the director level all the way to the CIO as a comprehensive outcome-based security transformation project. The large retail customer we highlighted last quarter expanded their Palo Alto Networks footprint this quarter with a seven-figure Cortex deal. This customer purchased Cortex XDR and Data Lake, setting them up for comprehensive data analysis going forward. We beat Check Point and replaced Cisco to win a substantial deal with a major European toy manufacturer who purchased next-gen firewalls, Prisma Access, and traps. This customer has selected Palo Alto Networks as their strategic security partner, and in the coming years, we expect them to replace their current firewalls with next-generation firewalls from Palo Alto Networks. Their current VPN solution will be replaced by Prisma Access, and endpoint protection will be covered by traps. These wins are excellent examples of our success in articulating our vision of security and being able to demonstrate our value proposition to customers. And I'm pleased to report that wins such as these helped us deliver another strong quarter financially. In Q1, total revenue grew 18% to $771.9 million. Looking at growth by geography, the Americas grew 18%, AMEA grew 16%, and APAC grew 21%. Q1 product revenue of $231.2 million declined 4% compared to the prior year. Q1 SaaS-based subscription revenue of $318.6 million increased 38%. Support revenue of $222.1 million increased 21%. In total, subscription and support revenue of $540.7 million increased 30% and accounted for a 70% share of total revenue. Turning to billings, Q1 total billings of $897.4 million net of acquired deferred revenue increased 18%. The dollar-weighted contract duration for new subscription and support billings in the quarter remained at approximately three years, but declined by approximately three months year over year. Total deferred revenue at the end of Q1 was $3 billion, an increase of 26%. In addition to new customer acquisition, we continue to increase our wallet share with existing customers. Our top 25 customers, all of which made a purchase this quarter, spent a minimum of $41.7 million in lifetime value through the end of fiscal Q1 2020, a 24% increase over the $33.6 million in the comparable prior year period. Q1 gross margin was 76.6%, which was down 10 basis points compared to last year. Q1 operating margin was 15.8%, a decline of 500 basis points year over year, and includes a headwind of approximately $7 million of net expense associated with our recent acquisitions. We ended the first quarter with 7,382 employees. On a gap basis for the first quarter, net loss increased by 56% to $59.6 million, or 62 cents per basic and diluted share. Non-GAAP net income for the first quarter declined 9% to $104.8 million, or $1.05 per diluted share. Our non-GAAP effective tax rate for Q1 was 22%. Turning to cash flow and balance sheet items, we finished October with cash, cash equivalents, and investments of $3.3 billion. During the first quarter, we repurchased over 947,000 shares of common stock at an average price of approximately $209 per share, leaving a remaining repurchase authorization of approximately $800 million. Q1 cash flow from operations of $225.2 million decreased by 11% year-over-year. Free cash flow was $178 million, down 18% at a margin of 23.1%. Adjusting for cash charges associated with our headquarters in Santa Clara, free cash flow in the quarter was $202.7 million, representing a margin of 26.3%. Capital expenditures in the quarter were $47.2 million, of which $22.7 million was associated with our headquarters in Santa Clara. DSO was 63 days, an increase of five days from the prior year period. Turning now to guidance and modeling points. For fiscal Q220, we expect revenue to be in the range of $838 to $848 million, an increase of 18 to 19% year-over-year. We expect billings to be in the range of $985 million to $1 billion, an increase of 16 to 17% year-over-year. We expect Q220 non-GAAP EPS to be in the range of $1.11 to $1.13, which incorporates approximately $3 million of net expense or 2 cents per share related to the proposed acquisition of Apparetto using approximately 100 to 102 million shares. For the full year fiscal 2020, we expect revenue to be in the range of $3.44 to $3.48 billion, representing year-over-year growth of 19 to 20%. We are increasing our prior billings guidance by $10 million to $4.105 to $4.165 billion, representing growth of 18 to 19% year-over-year. As Nikesh said earlier, we are also increasing prior guidance for next-gen security billings by $10 million to be in the range of $810 to $820 million, representing year-over-year growth of 79% to 82%. We expect fiscal 20 non-GAAP EPS to be in the range of $4.90 to $5, which incorporates approximately $13 million of net expenses or $0.10 per share related to the proposed acquisition of Apparetto, using approximately 102 to 104 million shares. Finally, turning to free cash flow, for the full year, we continue to expect an adjusted free cash flow margin of approximately 30%. This excludes approximately $20 million in net expenses and acquisition transaction costs attributable to the proposed acquisition of Apparetto. Including these net expenses, we would expect adjusted free cash flow margin of approximately 29%. As a reminder, the adjustments to free cash flow include capex associated with the completion of our headquarters in Santa Clara. You can review these adjustments to free cash flow in our Supplemental Financial Information document which is posted on our investor relations website. Before I conclude, I'd like to provide some additional modeling points. We expect our Q2 and fiscal 20 non-GAAP effective tax rate to remain at 22%. CapEx in Q2 will be approximately $50 million, with approximately $25 million related to our headquarters in Santa Clara. For the full year, We continue to expect CapEx to be approximately $170 to $180 million, with approximately $50 million related to our headquarters. With that, I'd like to open the call for questions. Operator, please poll for questions.
Thank you. If you'd like to ask a question, please signal by pressing star 1 on your telephone keypad. If you're using a speakerphone, please make sure your mute function is turned off to allow us to not reach our equipment. We ask that you please limit yourself to one question and one follow-up. Again, press star 1 to ask a question. And we'll take our first question today from Keith Weiss with Morgan Stanley.
Excellent. Thank you guys for taking the question. Nikesh, I was hoping to drill down a little bit more into the firewall of the platform side of the equation, where it seems you guys were a little bit disappointed. It sounds like the incentive that you guys had in place last year just sort of pushed more of the new business activity or more of the pipeline building onto the next-gen cloud stuff and left you guys a little bit short on pipeline heading into the FY20. One, am I thinking about that correctly in terms of kind of where you guys came up a little bit short? And two... How do you guys think, like, when you're looking at sort of assessing the problem, how do you vet out what comes from sort of that kind of execution issue versus what might be more of a macro or competitive issue?
Thanks, Keith, for your question. You are thinking about it, right? As you know, many of our next-generation security products are very early in their life cycle, so... Literally, there's stuff like Tesla we acquired in July. There's stuff like, you know, Devisto. All these things haven't even left for one year. So we put a lot of effort towards getting our core team to both learn, understand, build pipeline, and sell. And in that process, we set up some good incentives for them to focus on next-generation security because, you know, pretty much the entire conversation for my first year here was I love the fact that you're a great firewall company. How are you guys going to keep transforming as the firewall market transitions? And we set out, our team and me, we set out to prove to ourselves that not only can we build products in addition to firewalls, but we can make this a multi-product company. So part of that is Lee's team did a great job in getting the products in place and doing some of the integration work I talked about. And it was the go-to-market team's turn to make sure they can prove that they can sell this stuff. And we're very excited that approximately 40% of our core salespeople sold Cortex This past quarter, approximately 25% of them sold Prisma. So we are tracking to the targets we set ourselves in terms of getting our core engaged. But because of the incentives, people made their decisions that they could make more money selling Cortex and Prisma in Q4 than selling firewalls. As a consequence, we saw a huge pipeline build and a lot of deals done in Q4. The momentum carried to Q1. We recognize this coming into the year. We right-sized the incentives, but it takes a little bit longer for the pipeline to get back into place. I don't think there's a systemic issue. I don't think it's a market share issue. I just think it's taking the eye off the ball, and we've already put stuff into place, and we wouldn't be saying we feel confident of delivering 23% long-term if we didn't believe that we could actually get the team to balance their focus both on Cortex Prisma as well as the firewalls.
Excellent. Thank you, guys.
Next, we'll hear from Sterling Audi with JP Morgan.
Yeah, thanks. Hi. Maybe just following on that last question, can you help us understand? I think the EPS guidance for the year includes the acquisition. You know, the revenue guidance is unchanged. So just so we get a sense of what looks like lowering the organic revenue, for the year, maybe the order of magnitude, how much acquisition revenue are you kind of baking into, you know, the reiterated full year revenue number?
Yeah, look, we acquired this company called Apporetto. We're in the process of acquiring it. This is slightly earlier in the technology lifecycle of cloud security. This is a bet we're making in terms of how micro-segmentation will need to be done in the future. And with that bet, it's going to take us a while to integrate this into our Prisma Cloud offering, so we're not anticipating much revenue uplift this year. So we're holding revenue flat from – as in flat as in in line with guidance without expecting any revenue impact this fiscal year from Apparetto, but we obviously have to pay the cost of the company.
Okay. And then one follow-up on Prisma specifically. You talked on the other side, I think, at length through the prepared remarks, I think last quarter you talked about maybe some early Prisma wins. Can you give us just maybe a little bit more color on the traction that you saw in the quarter, especially on the competitive dynamics with Prisma?
Look, both on Prisma Cloud and Prisma Access, and I'm sure you all remember Nir's emotional explanation analyst there on Prisma Access, which is the product that competes in the secure access space. We're very excited. We continue to see traction. We continue to see large seven-figure deals in that space. It's a space where we're seeing the market is going. There is a cloud transformation happening. As you start transforming your applications to the cloud, you start thinking about how to transform your network and start creating more high bandwidth secure access to all of your users and your branches. We see the market moving there. We see our product getting stronger and more mature. As we said, we announced the capability of SD-WAN and DLP in the product, which makes it a comprehensive solution in the market. So we're seeing the traction. Those deals take the same time as firewall deals take to close because customers have to go through a strategic transformation of their network. So they're not as quick as Prisma Cloud deals on the other side. As I said, we've, I think in record time, gone past 1,000 pure cloud security customers across Redlock, Evident, Twistlock, PureSec, which in our minds is one of the fastest ramps in terms of our ability to get 1,000 customers to deploy our cloud security products. And this is when we were selling them individually, and we just last week integrated all of them into one SKU, so we believe that gives us more traction. So we're very excited about the traction we're seeing in the Prisma product.
Got it. Thank you.
Next, we'll hear from Fatima Bulani with UBS.
Good afternoon. Thank you for taking the questions. I had one for Nikesh and one for Kathy. Nikesh, for you, just hearkening back to the analyst day, we did talk about contract structuring as a mechanism to allow you to introduce new functionality into the install base. So I'm wondering, With regard to the expansion in the unattached portfolio and even the attached portfolio of subscriptions, I was wondering if you could share some of the details of what has changed or what is different as you start this new fiscal year around some of the newer expanded capabilities in Prisma Cloud and certainly this new acquisition as well as on the DNS and SD-WAN attached side. And then I'll have a follow-up for Cathy, please.
Okay, great. Thank you for the question, Fatima. I think as we discussed at the analyst day, we said that we don't want to have to sell every module of Prisma Cloud to our customers individually. And we want to create a structure where they can actually buy once and use our products on a consumption basis. And effectively, this integrated platform we have started rolling out last week, Prisma Cloud, where you have one SKU where all Redlock, Twistlock, PureSec functionality is available. If you bought Redlock, SAS version, you will be able to use container security without coming and signing a new deal. You'll just use up some of your credits that you bought. If you bought Twistlock functionality, you'll be able to do the same thing with Redlock or PureSec. So we have simplified our contracts and our ability to consume in this release of our product last week. We are in the process of rolling it out to all of our Twistlock and Redlock customers. It should be accomplished in the next few weeks, I hope. and those customers then will have the ability to consume the product without actually having to come and buy those individual products from us, which takes away a lot of the friction in the process. In terms of SD-WAN and DLP, they will be available integrated and part of Prisma Access, so you will not have to go buy different products and integrate them. This will come integrated out of the software box if there's some such thing, and you'll be able to use it with a single cloud pane.
Fair enough. That makes a ton of sense. Kathy, for you, I was wondering if you could give us an update on just some of the tariff escalation that's happening and that's sort of how that's impacting or financially impacting your supply chain and how we should think about those costs rolling through the model. I know historically you quantified some of the negative financial impact on EPS, but I'm wondering if there's any sort of update there given some of the whipsawing on the trade war and... tariffs-related escalations we've seen. Thanks a lot.
Sure. Thanks for the question. We do manufacture our products in the U.S. However, there are certain components, as we've talked about in the past, that we source from China. That's the only place where we're able to purchase these components. And we've seen that list of products expand as the as the tariff situation has expanded in the U.S. as it relates to China products. So we have felt the impact of that, and we've been talking for a while about the impact to EPS. However, just at the start of this new fiscal quarter, fiscal Q2, we did increase pricing on our firewalls. And that increase in pricing is intended to offset the tariff impact. So that's why you don't see us outlining a specific financial impact this quarter.
That's super clear. Thank you so much, Kathy.
We'll now hear from Phil Winslow with Wells Fargo.
Hey, thanks for answering my question. I just want to focus in on the next-gen firewall platform space. You know, Kathy and Nikesh, both of you all talked about the opportunity just to refresh the older models that you all sold in the past. I'm wondering if you're biased and updated sort of what you're seeing right now and thinking for this year relative to past years in terms of the contribution from just refreshing your base. And then just one quick follow-up to that.
Yeah, sure. We've been talking about refresh activity in a couple of different ways. One, in terms of what we see with our customers refreshing competitive boxes. And of course, that's been a motion that we've been competitively trying to address since the start of the company. And as you know, there's rarely a company that we go into that doesn't already have firewalls. And so it's always been a competitive displacement go-to-market approach for us. When we talk about our own internal refresh cycle, we continue to see our customers refreshing. However, in terms of driver of growth, we've pointed out that in terms of just pure magnitude of customers, our new customer acquisition as well as our customer expansion opportunity is a much bigger driver of our overall growth. and much less so refresh of our own boxes that we've sold to customers previously.
Got it. Great. And then just a follow-up for Nikesh on the platform side of Cortex. Obviously, you talked about the AI-based continuous operations platform, I think is what you called it at the analyst day. What's the feedback been from customers in terms of developing their own apps, their own functionality on top of this, as well as third parties? Any sort of update there would be great.
Yeah, as I mentioned in my prepared remarks, this team outperformed their numbers by approximately 20%. So they were seeing tremendous amounts of traction both on the XDR side and the DEMISTO side. DEMISTO is performing way ahead of our acquisition plan. We haven't opened up the capability for customers to write their own applications on our platforms just yet. We have some apps in the old version of the application framework. But right now we focus more on providing integration out of the box with third-party vendors so customers don't have to try and take that and normalize the data, which has been a bit of a shift in our strategy. But we're seeing huge traction. I think it's fair to say that one of the times when Lee announced the ingestion of Check Point Firewall data into our product was when he got a standing ovation. You know, it's hard to get a standing ovation from a bunch of engineers at a conference. So they must have liked that. And we are going to do the same thing with Cisco and Fortinet firewall data. So that way when a customer is trying to look at alerts across firewall and endpoint data, we can ingest any firewall data as well as match it up with our endpoint. So we're seeing traction in Cortex across both product categories, but we have not opened up the ability for people to write their own apps just yet.
Great. Thanks, Ash.
Next, we'll hear from Carl Kirsted with Deutsche Bank.
Thank you. Maybe I'll direct both to Nikesh. So, Nikesh, the product revenue disappointment is coming relatively soon after a series of sales leadership changes at Palo Alto over the last six, nine months, and I'm just wondering if you believe that those changes might have contributed to the product performance, and in that spirit, Do you mind just repeating your rationale for not replacing the head of sales? So the first part of the question is on the sales leadership, and then I'll ask my second. Thank you.
Sure. I think we're taking two random points and trying to draw a straight line. I personally don't think there's any correlation between the changes and our challenge on the product this quarter. If there was a challenge, we would have felt it across the board, across every category, not just – not just our firewalls. So the fact that our teams have gone out and met the billing targets for Q4 and Q1, and we've had a mixed shift in terms of what we've been able to sell, validates at least the theory we're putting out or the facts we're putting out around the fact the incentives contributed to it as opposed to leadership changes. On the leadership change front, we have very strong leaders in our regions. We promoted Rick Congdon, who's been around for many years at Palo Alto Networks. He's doing a phenomenal job. and Q4 to run our Americas business. We have Christian Henschel in Europe, who we've talked about in past earnings calls, as well as we've promoted Simon Green to one of our JPEG business who ran Asia Pacific for us. So between those three, we feel we have strong leadership in the regions, and both our Prisma and Cortex leaders are doing really well, given the performance we've seen in NGS. And we felt that we were not, we don't have a laser-focused leader on the firewall as a platform category, so we were able to hire Andy Elder, who's an amazing sales leader from Riverbed, who's going to run that part of our business in terms of focusing and making sure that as we deploy new products like Prisma Access or virtual firewalls or going from four to seven subscriptions, that there's the same go-to-market focus that we've had on Prisma and Cortex. And with that sort of C-by-C matrix, we feel, you know, Ahmed needs to stay engaged in that transformation with these teams and putting another layer between him and these six people would be detrimental to our ability to go and execute. So we've decided not to replace the head of sales position.
Got it. Okay, that's helpful. And then, again, in the spirit of just trying to unpack what might be going on, this too might be drawing an incorrect conclusion, but is it possible, Nikesh, that you guys saw an accelerated hardware-to-software form factor shift that might have caught you a little bit by surprise and contributed to that product number, but it would obviously show up in super strong VM series billings numbers?
I wish that was the case, that we've been caught unawares. I really like to be surprised by phenomenal growth in any product category. Unfortunately, it's just the fact that our teams had only so many dollars they could sell in Q4, and they sold a lot of them, but they sold them in the category which was going to make them a lot of money, which is a good thing. You want your sales teams to be motivated by the incentives, otherwise your incentives are not working. but we've fixed the focus to make sure they are focused on both categories. So we think it's nothing systemic. We think it happened in this quarter. And to be honest, if you look at the numbers, another $20 million of deals would have gotten us a number which would have made all of you happy and made us happy. But that's kind of the quantum of the change on an $897 million worth of billings. So $20 million showed up in more Next generation security then showed up in product, which is why we're all getting unhappy about this. But hopefully we can fix that in upcoming quarters and we can deliver the long-term guidance for 22%. Got it.
I'm sure you will.
Thank you very much, Nikesh.
Thank you.
Jonathan Ho with William Blair has our next question.
Hi, good afternoon. I just wanted to start out with maybe the Apparetto acquisition, and could you maybe give us a little bit of a sense of what this adds to your overall solution set, as well as the role that micro-segmentation plays in the cloud?
Sure. As you said in the past, there are tons and tons of people selling the transition to the public cloud across the various large cloud providers around the world, whether it's You know, Alibaba, Cloud Sales, Oracle, Amazon, or GCP, or Azure, they're all trying to convince us to move to the cloud. We personally at Palo Alto have moved to the cloud for that reason, because we think that's the right outcome in the long term. But we don't believe that a lot of the cloud security products exist to be able to deliver the amount and quality and capability of cybersecurity that exists into this enterprise world. And as you make that transition, as we start putting more and more mission-critical applications onto the cloud, it is going to be important to reinvent the way cybersecurity is delivered, made for the cloud, by the cloud. What was the third part of that? Never mind. My American history is weaker than it should be. But anyway, so as we go down that path, we believe only 50% of the cloud security products have been invented so far. And instead of sit down and try and build them all ourselves, we have acquired Redlock and Evident in the first instance to secure workloads. The market moved swiftly to containers. We acquired Twistlock. The market was heading to serverless. We acquired PureSec. We are also in the process of building our own modules in addition to those, which we will obviously as part of our product roadmap. And we looked at the world of micro-segmentation and said, the way micro-segmentation is deployed today in the data center is not the way it needs to be deployed in the cloud, because micro-segmentation relies on IP addressing in the data center, which is very good for the enterprise, but not really how the cloud operates. And Pareto has a really good way. They've been working at it for the last two and a half, three years, perfecting an approach which they have deployed in two or three very large customers at scale. We looked at it and said, look, this would be a phenomenal set of capabilities to have in our cloud security platform. We talked to the company. We really liked them. We looked at the whole market and said, this is the way we want to do this in the future. As a consequence, We acquired them, and this will become part of our Prisma Cloud platform. So we don't intend this to be a separate SKU. We expect it to be part of integrated capability as part of our Prisma Cloud platform, and we hope the underlying capability they bring will allow us to create more features in the future using their backbone.
Thank you. And then just as a follow-up, can you talk a little bit about maybe what you're seeing in terms of your customers from a budgeting activity standpoint for 2020 specific to Prisma Cloud? And what types of trends are you seeing around that? Thank you.
Look, I haven't been in this industry very long, but I am told by my colleagues and the way we watch this, it's very rare to start a cybersecurity company or a product and start closing seven-figure deals in short order. And it's fair to say we're seeing a healthy amount of seven-figure deals in Prisma Cloud. which tells us that there is a need out there for this product. There's a product market fit. And it kind of makes sense if you think about, you know, average customers are spending tens of millions of dollars in their cloud transition moving to the public cloud providers. And I've said this in the past. If we can get 2% to 5% of that spend for cloud security, we'll be in a good place. And I think we're tracking to that. As we go to customers and we see them, they're spending, you know, $30 million, $50 million a year, in the public cloud, we're tracking to the 2% to 5% numbers for those customers. And there's a possibility that that goes up a little bit because there's a whole bunch of capabilities that doesn't exist yet. But we've not run into budget constraints in our customers who are moving to the cloud and saying, well, I'm moving to the cloud, but I don't have the money to do cloud security.
Thank you. We'll now hear from Saquette Callier with Barclays.
Hey, guys. Thanks for taking the questions here. First, maybe for you, Nikesh, just to go back to an earlier question on SD-WAN. You know, I think we understand the integration of that into Prisma Access, but can you just talk about your thoughts on SD-WAN as part of the firewall appliance and whether that's something you feel is driving some customer purchase decisions right now?
It seems to have become a consideration in the purchase decision, but let's remember there's over 40 SD-WAN providers out there in the world, and customers also choose whether they want a separate SD-WAN with more capability or an integrated SD-WAN in the firewall. But given that it has become a consideration, we've announced SD-WAN as part of Prisma Access, and you can logically expect us to be able to deliver that across every form factor in the near future.
Got it.
That's helpful.
Yeah, absolutely. That was where I was going. Maybe for you, Kathy, just as a quick follow-up, can you just talk about the gross margins and the recurring revenue part of the business? You know, so much of that is that nice higher margin attached subscription and maintenance. But, of course, there's a nice growing piece from NextGen as well. You know, as the latter grows, can you just talk about how that affects the gross margin profile, if at all?
Yeah, sure. The growth margin range that we've provided in the past that we expect to operate within is 75% to 78% growth margins, and we've continued to operate within that range for many, many quarters now. The services margin in particular, which you'll see in our financials, has been at the higher end of that range, as you rightly point out. And it's, in fact, actually come down a little bit over the last couple of years, and that's as a result of us building out the next-gen security products, many of them which have hosting and data management costs. And those costs are higher than the typical software-type margins that you've seen on our attached subscriptions in the past. So a slightly different profile, but still operating overall service margins at the high end of that range.
Got it. Thank you.
Yep.
Walter Pritchard with Citi has our next question.
Hi. Question for Nikesh and then one for Kathy. So on Prisma Cloud, you talked about integrating those products probably faster than most were expecting. I'm wondering how you're thinking about integrating the back-end management of the Prisma Cloud products as well as other products into Panorama Cloud. What the timeline looks for that, and are there some customers that are waiting for that unified management to make bigger commitments to those products?
Well, what we've noticed is that people want integration of the SD-WAN capability or the DLP capability into the Prisma access pane so it can be an integrated solution as they go deploy this in their branches and as they deploy it for remote users. We're not seeing a lot of ask, and we don't believe that's the right thing, to merge our cloud security pane into our firewall panes. Our cloud security pane is self-standing independent pane, which we believe is more relevant to DevSecOps and the CIO teams than it is to the network security team. So, which is what we said. We just announced the integrated or started deploying the integrated platform across RedLock, ChrisLock, PureSec, Evident, last week, and we believe that's going to become the mainstay of the cloud security front end. And Ali, do you want to add something?
Yeah, so just maybe continuing on where Nikesh left off. So for Prisma Cloud, we do have a single unified UI for all different Prisma Cloud offerings. So for customers that are securing their applications in the cloud, they would go to one UI for that. Within Prisma Access, as we deliver additional integrated services, we have an ability to do that within Panorama to be able to, we call plugins that can expand Panorama to include the additional capabilities as they come out. So again, customer can go to one unified UI to see all those different pieces in one place.
Great. Thanks, Lee. And then, Kathy, on the acquisition, I guess just looking up on LinkedIn, looks like the company, Alpharetto, had about 65 employees. I guess as we think about you know, smaller kind of tuck-in M&A like this, I guess maybe some of us would have expected, given you add a couple hundred employees kind of organically every quarter, you could kind of do this under your organic hiring plans. How should we think about that going into the future? Do we need to worry about kind of margins coming down with tuck-ins?
Well, we've talked about the impact, which is pretty modest impact, two cents on the earnings per share for the quarter. And You know, we are investing in order to ensure that we can integrate these products and make sure that we are successful in our go-to-market efforts. And so there is real expense associated with those. So the framework that we've given you is an organic framework. And when we do M&A, we'll point out any incremental financial impact to that.
Okay. Thank you.
Our next question will come from Gur Talpaz with CIFL.
Hi, guys. This is actually Chris Spiros on for Gur. For Nikesh, you noted earlier that Domisto is performing ahead of plan. Can you talk about the dynamics behind what's driving this outperformance?
Yeah, look, I think the whole automation use case is resonating with our customers. where they are building data lakes, they're looking at their SIMs, but they're realizing they're getting a huge barrage of alerts as they deploy more and more cybersecurity solutions into either the enterprise and the cloud. And Nemisto is turning out to be the versatile automation tool with the number of integrations it has with all security vendors out there. So we're seeing traction. Our core team is able to explain it, sell it across the board. As I mentioned, approximately 30-plus percent of our core sales team is selling Cortex, which includes Nemisto also. So it's really the expanded go-to-market, the expanded capabilities that the new Demisto product has is really driving that and, of course, the good product market fit out there.
Great. That's awesome. And one for Kathy, if I may. With more large PRISMA deals starting to close, can you walk us through the relative economics of a PRISMA deal versus a traditional appliance deal?
Yeah, you know... Prisma Access and the functionality that it provides is typically slightly higher, somewhat higher price than a typical firewall sale that we would see, of course, depending upon the firewall and the number of attached subscriptions. Over time, over a five-year period, which is a typical life cycle of a firewall, we would expect to see more revenue from a Prisma Access deal.
Great.
Thank you, guys. Our next question will come from Patrick Colville with Eric Research.
Thank you for taking my question. Kathy, you mentioned earlier on the call that DSOs had risen five days year on year. I mean, is the product issue anything related to the change in DSOs? I mean, are those things correlated or are they, you know, separate?
No, no, there's really no correlation there.
Okay, understood. And then can I just switch over to SD-WAN? Because that's an area that we're getting a lot of incoming on, both from investors and from CISOs. So you've mentioned that Paolo is going to release appliances with SD-WAN functionality built in. So if I understand correctly, right now the devices don't have SD-WAN, but that's in the roadmap. Is that correct?
Yes, that's correct.
And, I mean, can you give us a rough timeline for that in, you know, or at this early stage?
Yeah, so a couple weeks ago at our EMEA Ignite conference, we announced SD-WAN, and we plan to deliver SD-WAN across all three form factors, so hardware, virtual, and Prisma access around the mid-December timeframe, so next month.
Great. Thank you for answering the questions.
Our next question will come from Brian Essex with Goldman Sachs.
Great. Good afternoon. Thank you for taking the question. You know, maybe a couple for Nikesh. I guess one would be, you know, as you target products for the developer environment, to what extent are your customers already integrated, you know, development with security? And is that an evolution that still has to come?
I'm going to let Lee answer that question since he's been sitting here with not a whole lot. Sorry, can you repeat the question? Oh, you were listening.
I was. I understood.
It says, how many of the customers have integrated security into DevOps?
Oh, look, in the cloud, there's a whole movement towards called shift left, which is really focused on integrating the security process and functionality and posture into as close to the point of development as possible so that by the time an application is running in production in the cloud, all of the security is already there and was developed as part of the application. This was something that Twistlock and container security was very focused on. It's a very common practice within container development to have the shift left mentality. And as we look to this going forward, we see it becoming a bigger part of cloud security practice.
Got it. That's helpful. And maybe just to follow up, jump ball on this one, whoever wants to kind of grab it, but you've done quite a bit of M&A over the past couple years. What percentage of your sales force would you say is fully ramped on selling the entire suite, or is there still some progress that needs to happen there in terms of getting everyone kind of up to speed and fully productive?
Yeah, as I mentioned earlier, approximately 39% of our core sales team is selling Cortex, our Cortex suite of products, and approximately 25% is selling our Prisma suite of products. Of course, there is a lot of room for us to go from 40% to more and more of our sales team being able to sell these products. But having said that, many of these products have been in play only for about six months now. We have a few thousand people out there in the field, and it takes a while to get them all comfortable up to speed being able to sell it. Not only that, we have lots of partners out there, and part of our efforts are not just to motivate and train our team, but also make sure our partners fully understand our capabilities and are able to sell. So, yes, we can make more progress, but, again, very excited about the progress we've made so far with the new product categories.
Got it. Very helpful. Thank you very much.
Our final question will come from Michael Turitz with Raymond James.
Hey, guys. Thanks. I'll squeeze two in quickly. One, Nikesh, in Prisma Access, are you seeing primarily disease scaler, or is it a wider field, including people like maybe Fortinet with carriers, Netscope, iBoss, et cetera? And then, Kathy, how fast do you expect that you can get the product growth back to the kind of levels that we were expecting it to trend at?
So in terms of your first part of the question, Prisma Access, what we're seeing out there, you know, Prisma Access is part of a network transformation decision that the customer makes. And depending on how their current network operates and what they want to make it look like going to the cloud, there can be hardware-based solutions or software-based solutions. And depending on, you know, whether it's a smaller footprint of larger data centers versus a larger footprint of smaller branches or remote users, the architectures can vary. So you can solve this problem with different architects and different products. But from our stand, I can tell you that our software-based solution, a software-based approach, and our security-first approach is resonating with them because as it goes to cloud, security is getting distributed, and they want to make sure that as they start accessing mission-critical applications straight in the cloud or back to the data centers, that security is a priority. So we're seeing traction in that space. I'm sure there are many other vendors out there who have different solutions which are adapted to their product portfolio.
And in terms of product growth, we don't guide product specifically, but you can tell from the guidance that we've given both for Q2 and for the full year looking at Typical trends that we've seen in the past in terms of product as a percent of the total, you can, I'm sure, back into what we're expecting for product pretty closely.
Thanks, guys.
So before I close, I want to thank everybody again for joining us today, and I wish you and your families a very safe and happy Thanksgiving. And we look forward to seeing many of you in the coming weeks at some of our investor conferences. I also want to thank our customers, our partners, and employees around the world Have a wonderful evening.
Thank you for your participation. You may now disconnect.