This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk06: Good afternoon, and thank you for joining us for today's conference call to discuss Palo Alto Network's fiscal third quarter 2021 financial results. I'm Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. This call is being broadcast live over the web and can be accessed on the Investors section of our website at investors.paloaltonetworks.com. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer, Deepak Golecha, our Chief Financial Officer, and Lee Klarich, our Chief Product Officer. This afternoon, we issued a press release announcing our results for the fiscal third quarter ended April 30, 2021. If you'd like a copy of the release, you can access it online on our website. We would like to remind you that during the course of this conference call, management will make forward-looking statements, including statements regarding the impact of COVID-19, the SolarWinds attack on our business, our customers, the enterprise and cybersecurity industry in global economic conditions, our belief that cyber attacks will continue to escalate, our expectations regarding a single equity structure, our expectations related to financial guidance, operating metrics, and modeling points for the fiscal fourth quarter and fiscal year 2021, our expectations regarding our business strategy, our competitive position, and the demand and market opportunity for our products and subscriptions, benefits and timing of new products, features, subscription offerings, as well as other financial and operating trends. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today. You should not rely on them as representing our views in the future. and we undertake no obligation to update these statements after this call for a more detailed description of these factors that could cause actual results to differ please refer to our quarterly report on form 10 q filed with the sec on february 23rd 2021 and our earnings release posted a few minutes ago on our website and filed with the sec on form 8k also please note that certain financial measures we use on this call are expressed on a non-gap basis and have been adjusted to exclude certain charges for historical periods we have provided reconciliations of these non-gap financial measures to our gap financial measures in the supplementary financial information that can be found in the investors section of our website located at investors.paloaltonetworks.com and finally once we have completed our formal remarks we'll be posting them to our investor relations website under the quarterly results section We'd also like to inform you that we'll be virtually participating in the JP Morgan 49th Annual Global Technology, Media, and Telecommunications Conference on May 24th and the B of A Securities 2021 Global Technology Conference on June 8th. Please also see the Investors section of our website for additional information about conferences that we may be participating in. And with that, I'd like to turn the call over to Nikesh.
spk11: Thank you, Walter. Good afternoon, and thank you for joining us today for our earnings call. Let me begin with the current cybersecurity landscape. After the December solar storm attack, we saw an acceleration in attacks throughout our third quarter and after the quarter closed. These range from software supply chain attacks like SolarWinds and Codeco to ransomware attacks like Colonial Pipeline. Ransomware especially has been in the spotlight recently, and data from our own Unit 42 shows that the average ransom paid in 2020 tripled from 2019, and in 2021, it's more than doubled again. The highest demand we've seen is $50 million, up from $30 million in 2022, with organized groups with near nation-state discipline perpetrating coordinated attacks. The targets are not only corporations where healthcare and pharma is a focus with the pandemic, but also government organizations and shared infrastructure. The reason for this vulnerability is deep-seated. Organizations run their operations on technology that is decades old, sometimes predating the internet. They continually bolt on new technologies to automate facilities and make them compatible with the modern Internet, but those platforms are inherently insecure. At the same time, cyber defenses are fragmented, making it very challenging to block sophisticated attacks and lengthening mean time to discovery and repair. Lastly, more and more businesses and consumers are coming online without a baseline of protection. In such a scenario, it is imperative that customers focus on securing their most critical assets while also focusing on reducing the fragmentation and leveraging newer technologies like artificial intelligence and machine learning and using those approaches. With that backdrop, let's focus on our results. Overall, we saw continued strong demand environment and our own continued execution drove Q3 Billings revenue and EPS ahead of guidance. We saw Billings growth accelerate to 27% in Q3 ahead of our 24% revenue growth forecast with growing radical revenue contribution. I want to highlight one dynamic regarding our Billings to help you better understand the drivers. During COVID, some customers are asking for annual billing plans to meet their needs. We noted to you that we saw success with larger, more strategic transactions in Q3. Along with these deals, we saw an uptick in annual billings plans. Normalizing for this, our billings would have grown greater than 28%, nearly two points higher than we reported, which is the highest billing growth we've seen in the third quarter since Q3 of fiscal year 2018. Last year, we saw a billings plan have an approximate one point impact. Along with billings, we also saw 38% growth in our remaining performance obligations. This metric is growing faster than both revenue and deferred revenue and will be a source of consistent revenue growth in the future. Within the strong performance, we also saw 71% growth in ARR, or analyzed recurring revenue, from our next generation security offerings, where we finished our third quarter at $970 million, up from $840 million in Q2. These ARR, billing, and RPO trends drove 24% a year of growth in our reported revenue. It's worth noting, given your attention to NGS ARR that in the very first week and the first day of Q4, we transacted one of our largest next-generation security deals in the history of Palo Alto Networks with a Fortune 30 manufacturer, which brought in 7 million in NGS ARR. So we're already at 980 million on the first day of this quarter. With the acceleration and incremental NGS ARR in Q3 and trends we see in the business, we continue to have confidence in our Q4 target of 1.15 billion in ending NGS ARR. As part of this strong Q3 performance, we saw notable momentum in large transactions, with 901 customers having spent $1 million of power to networks in the last four quarters. This cohort of customers was up 29% year-over-year, growing ahead of our overall revenue and billing scope. This growth in active millionaire customers has accelerated in recent quarters. As part of this large deal performance, our business is benefiting from growing adoption of multiple Palo Alto network security platforms across Strata, Prisma and Cordrix. In Q3, 70% of our global 2000 customers had purchased products from more than one of these platforms and 41% have purchased all three platforms. This is up from 58% and 25% two years ago. Turning to our product areas. Earlier this year, we started the dialogue around network security and cloud and AI and shared additional financial metrics to give you more transparency. Having these two product areas under the common umbrella of our world-class R&D and go-to-market organization is key to our strategy of being the largest cybersecurity company in the world. Starting with the network security side of our business, we are the leader in this business. Our strategy of selling customers the leading firewall platform delivered through a hardware, software, or as a service form factor underpins our success in this market. This has resulted in a business that is 28% larger than our next peer on a revenue basis in Q3. Also, if you look at leading indicators that include deferred revenue and RPO, our scale comes through even further, where we are 40 to 50% larger. On these leading balance sheet metrics, we're going faster than our next peer. Three years ago, when I joined Pilot Networks, we were a hardware-based firewall company. We had a vision of a hybrid world where the enterprise and data centers would remain predominantly hardware oriented, with growing adoption of software form factors like our VM series firewalls. Meanwhile, in the remote access and remote office world, this opportunity has been transformed by cloud adoption and work-promote trends to fuel secure access service edge, or SASE adoption. The reception to our strategy of delivering a firewall in multiple form factors has enabled the accelerating firewall of the platform growth rates we just showed you. Within our firewalls of platform buildings, we're seeing a distinct mix shift towards software. This software mix, which includes our VMs and SASE business, now makes up 40% of firewalls of platform, up 21 percentage points from a year ago. We saw seven-figure transactions for our software firewall capability, including VM&C and cities with the U.S. government agency, a Fortune 30 manufacturer, and a diversified financial services company. While we've seen the significant transition and form factors, one driver of growth and value in our business are attached subscriptions and support have grown at a steady rate over the last several quarters on a revenue basis. We expect the software mix to continue to increase in the medium term, although along with this, we expect to continue to see attached subscriptions as a key growth driver. We're showing you for the first time here, the NETSEC analyzed recurring revenue, which was 2.66 billion the end of Q3 and grew 25%. As a reminder, This does not include our hardware business, which continues to be significant. This recurring revenue business is a key driver to strong cash generation, which we have guided to 42% for NETSEC and FY21. We believe this high degree of recurring revenue and strong cash flow generated by NETSEC is something that should be more clear now, given this incremental disclosure over the last two quarters. Now turning to innovation and focusing first on Prisma SaaS. Back at the beginning of the pandemic, we saw customers look to significantly expand remote access capability while not compromising security or user experience. We've met that demand with free remote access trials and broad proof of concepts, enabling customers to see that value in Prisma Access, as well as supporting the network transformation as they move to the cloud. We're seeing these efforts, as well as momentum generated from the 2.0 launch, driving strong initial purchases and footprint expansions. This quarter, we saw a number of large Prisma Access transactions, including a global technology company, a large manufacturer, and a Fortune 10 healthcare company, all eight figures or greater. Additionally, over 25% of our Prisma Access new customers in Q3 were net due to Palo Alto Networks. Lastly, we're seeing early traction in our service provider partners for Prisma Access, including Comcast, Verizon, and Orange Business Services. These relationships are part of broader initiatives with service providers that we see as a significant growth opportunity. Just yesterday, we announced a significant release in network security focused around a comprehensive approach to zero trust. This is timed well with last week's executive order out of the White House that defines zero trust in a way that is very consistent with the Palo Alto network strategy. There has been a lot of noise in the industry around zero trust network access, but solutions continue to be fragmented around either remote users. Access control or enterprise Apps our approach covers all users and devices all locations all Apps and the Internet applying consistent consistent access control and security. Our new panel s 10.1 release brings cloud based identity controls integrated CASB and enhancements to our URL and DNS security services. Power Network's position across appliance, software, and SaaS is unique, and these new innovations are applicable to all our customers across all form factors. This is one of the most significant innovation releases for our next-generation firewall franchise and gives us confidence in continued net-tech growth as we look forward. Now moving on to cloud and AI. On the Prisma Cloud front, we continue to build on our early leadership position in cloud security posture management, cloud workload protection capability, and marketplace delivered virtual firewalls, where we are the largest player across this opportunity set. Our strategy is to stay ahead of customer demand as they adopt cloud-native security services across hyperscalers. We believe we have staked out a leadership position in cloud-native security with this business. We've achieved over $250 million in ARR across Prisma Cloud in our marketplace VMs and CN series. Fueling this growth is 39% growth in total customers and 38% growth in global 2000 customers across Prisma Cloud. Our unique consumption model in Prisma Cloud based on credits enables customers to use any of our modules across their cloud-deployed workloads, including using multiple capabilities for workload. We're seeing strong growth in credit consumption with over 100% growth year-over-year in Q3. Despite our strong position with Prisma Cloud targeting an early opportunity, we see the next big challenge in security at the developer level, or shift left security. We recently addressed this with our acquisition of BridgeCrew, completed in Q3. Traditionally, security issues in code pose a challenge for the CISO organization. And we're seeing leading companies drive a collaborative approach between the CISO organization and the development organization to address this. shift left integrates security into the devops process to catch these issues up front where they're easy and quick to fix it's a win for developers and a win for security bridge q has an open source product check off This product delivers significant value developers through a free download post the acquisition close on the release of $2 check off, we saw bridge crew downloads accelerate. Which was also seeing strong momentum and it's paid customers, including a six figure customer in Q3 we're only in the very early stages of cross selling between bridge crew software and Prisma cloud. Within our Cortex product area, we continue to focus on delivering significant volumes of innovation to XTR, XSOAR, and our recently acquired Xpans product. In Q3, we delivered a new release of XTR, which expands endpoint query capability and improves visibility into network activity. With XSOAR, we significantly expanded our marketplace partner integrations to increase the set of automation and security playbooks that customers can deploy. We're seeing this result in steady Cortex customer additions to XTR and XSOAR customers, We have over 2,400 customers starting from essentially scratch two years ago. Our focus on innovation has been validated by the market as well. We were particularly proud of this validation for Cortex-X DR in Q3, where we garnered the best overall result in round three testing for MITRE. Also in the recently released Forrester Wave covering endpoint security software as a service market, we were named a leader. Cortex-X source surpassed 100 partner contributed content packs and now has over 650 content packs in the marketplace. Our expanse offering was featured in Tim Junior's keynote this week at RSA, where our research uncovered that one-third of leading organizations' attack surface is susceptible to exposure that are the main avenue for ransomware. No other leading security company has the degree of visibility to identify and prevent today's most pernicious attack vector. Within Cortex, we are starting to see an uptick in large customer signings, such as a seven-figure transaction with a financial services firm, which included STR Pro and XSort. Lastly, during Q3, we formed the new Unit 42 under the leadership of Wendy Whitmore, who comes to Palo Alto Networks after building successful security services businesses. Our new team is a combination of two of the most capable teams in cybersecurity. The CRIPSIS team is laser-focused on the mission of conducting world-class data breach investigations, while the Unit 42 team has focused on rapidly building threat intelligence into Palo Alto Networks products. This new Unit 42 has completed over 1,300 engagements in calendar year 2020, bringing to bear the power of 140 consultants. In response to SolarWinds and ransomware attacks, Microsoft-related breaches and other attacks, we've mobilized our consultants in rapid response engagements, which help customers through these difficult times. As we look forward, we're focused on using services to become an even more strategic partner to our customers. As I reviewed with you here and should be evident in our Q3 results, we're seeing broad strength in our business across geographies and product areas. We see strength in our pipeline and continued demand tailwinds that remain strong, leading us to raise our FY21 guidance. I also want to update you on our plans we discussed in Q2 around exploring an equity structure for ClaySec. We continue to focus on providing transparency for each part of our business. You'll notice the error for NETSEC, which we highlighted this quarter. We believe this has helped investors gain better insight into our overall financial profile and especially understanding both sides of the business with the different growth and free cash flow characteristics. We have finished all the work required to file any form of equity on ClaySec. However, given the state of the market and offering extensive conversation with shareholders, we have decided at this point it's best to continue with a single equity structure and an integrated P&L and postpone any decision to list place like equity. Lastly, we're excited to welcome Aparna Bawa, Chief Operating Officer of Zoom to Palo Alto Network's Board of Directors. She brings deep operational, financial, and legal expertise, having served in diverse roles at rapidly growing tech companies such as Zoom, Magento, and Nimble. Her addition comes after the February appointment of Dr. Helene Gale to our board. We continue to have a strong commitment to diversity at Palo Alto Networks, including at the most senior levels of governance in our company. With that, I will turn the call over to Deepak Galecha, our CFO. We're excited to have Deepak step into the CFO role and enable a smooth transition within our organization. He brings world-class experience. We're already seeing him bring someone's experience to bear in driving improvements. Over to you, Deepak.
spk12: Thanks, Sankesh. I'm excited and humbled to be part of this world-class leadership team and look forward to driving total shareholder return. As Nikesh indicated, we had a strong third quarter as we continue to deliver winning innovation while simultaneously adding new customers at pace. This strength gives us confidence to raise guidance for the year. We delivered billings of $1.3 billion, up 27% year over year, with strong growth across the board and ahead of our guidance of 20% to 22% growth. We've continued to see some customers ask for billing plans, many involving larger transactions as we become a more strategic partner to our customers. We've also used our Palo Alto Network's financial services financing capability here. The dollar-weighted contract duration for new subscription and support billings in the quarter were consistent year over year and remained at approximately three years. We added approximately 2,400 new customers in the quarter. Total deferred revenue at the end of Q3 was $4.4 billion, an increase of 30% year-over-year. Remaining performance obligation, or RPO, was $4.9 billion, an increase of 38% year-over-year. We continue to see these metrics as becoming more meaningful as we drive growth from our radical business. Our revenue of $1.07 billion who 24% year over year ahead of our guidance of 21 to 22% growth, driven by our buildings and board business strength and amidst an increase in our radical subscription revenue. We remain focused focused on driving this higher quality revenue with all new product offerings being pure or substantially all subscription in nature. Looking at growth by geography, the Americas grew 24%, EMEA grew 23%, and APAC grew 25%, showing broad executional excellence across the world. Q3 product revenue of $289 million increased 3% compared to prior year. Q3 subscription revenue of $474 million increased 34%. Support revenue of $311 million increased 33%. In total, subscription and support revenue of $785 million increased 33% and accounted for 73% of total revenue. Our Q3 non-GAAP gross margin was 74.6%, which was down 60 basis points compared to last year, driven by product mix, which are less mature. Q3 non-GAAP operating margin was 17%, an increase of 60 basis points year over year. There are several factors driving our operating margins. We have revenue upside, lower travel and event expenses due to COVID, and some shift in spending out of Q3. At the same time, we continue to aggressively invest for growth, largely in the areas of sale capacity and R&D investments. With health conditions improving in geographies of many of our facilities, including our Santa Clara headquarters, we're seeing more employees look to return to the office. We expect this trend will continue to gain steam in Q4, reversing some of the savings we had seen in the last few quarters in our OPEX. Non-GAAP net income for the third quarter increased 22% to $140 million or $1.38 per diluted share. On non-GAAP effective tax rate, the Q3 was 22%. The EPS expansion was driven by revenue growth and operating expense leverage with an undertone of strong investments of growth. On a gap basis for the third quarter, net loss increased to $140 million or $1.50 per basic and diluted share. We ended the third quarter with 9,715 employees, including 39 from the bridge crew at the close of acquisition. Turning to the balance sheet and cash flow statement. We finished April with cash, cash equivalents and investments of $3.8 billion. Q3 cash flow from operations of $278 million increased by 64% year over year. Free cash flow was $251 million, up 200% at a margin of 23.4%. Our DSO was 60 days, a decrease from three days from the prior year period and flat with the second quarter. Our firewall as a platform, or FWAP, had another strong quarter as we continue to grow faster than the market. FWAP billings grew 26% in Q3, and we continue our transition from hardware to software and SaaS form factors, as Nikesh highlighted. Our next generation security, or NGS, continues to expand and now represents 27% of our total billings at $346 million, growing at 70% year over year. In the third quarter, we added $133 million in new NGS ARR, reaching $973 million. The acquisition of Bridge Crew added an immaterial amount to this number, and we remain confident in our plan to achieving $1.15 billion in NGS ARR exiting fiscal year 21.
spk01: Whenever heartburn strikes, get fast relief with Tums. It's time to love food back.
spk12: Turning now to guidance and modeling points. For the fourth quarter of 2021, we expect billings to be in the range of 1.695 to 1.715 billion dollars, an increase of 22 to 23 percent year over year. We expect revenue to be in the range of $1.165 to $1.175 billion, an increase of 23% to 24% year-over-year. We expect non-GAAP EPS to be in the range of $142 to $144, using 101 to 103 million shares. Additionally, I'd like to provide some modeling points. We expect our Q4 non-GAAP effective tax rate to remain at 22%, and our CAPEX in Q4 to be approximately $30 to $35 million. As Nikesh indicated, we're seeing broad drivers across our business in Q3, driven by a foundation of innovation and strong sales execution. Along with trends we see in our pipeline and demand sale winds that remain strong, we're raising our fiscal year 21 guidance. We expect billings to be in the range of $5.28 to $5.3 billion, an increase of 23% year over year. We continue to expect next generation security ARR to be approximately $1.15 billion, an increase of 77% year over year. We expect revenue to be in the range of $4.2 to $4.21 billion, an increase of 23% to 24% year over year. We expect product revenue growth of 1% to 2% year over year. We expect operating margins to improve by 50 basis points year over year. We expect non-GAAP EPS to be in the range of 597 to 599, using 99 to 101 million shares. Regarding free cash flow for the full year, we expect an adjusted free cash flow margin of approximately 30%. Now let's review our fiscal year projections for NetSec and ClaySec. Overall, we are confirming our ClaySec projections while raising our NetSec billings by 300 basis points and revenue by 100 basis points, given the strong performance of SASE, VM Series, and subscription business overall within NetSec. Moving on to adjusted free cash flow, we expect network security will deliver a free cash flow margin of 42% in fiscal year 21, up from 38% in fiscal year 20. We continue to expect cloud and AI free cash flow margin of minus 43% in fiscal year 21, an improvement from negative 59% in fiscal year 20. While we are focused on growth investments in cloud and AI, over time, we expect cloud and AI to achieve gross operating and free cash flow margins in line with industry benchmarks as we gain scale, our customer base matures, and we become more efficient. In Q3, we repurchased $350 million in our own stock at an average price of $322. As of April 30, 2021, we had $652 million remaining available for repurchases. This is part of a broader capital allocation strategy focused on balancing priorities and maximizing total shareholder return. We start with fueling organic investments and managing priorities across innovation and go to market to set the foundation for sustainable growth of Palo Alto networks. Second, we've deployed capital for targeted acquisitions which accelerate this growth opportunity. We rigorously evaluate targets focused on acquiring leading technology, retaining key members of the team and following through with integrating these acquisitions into our businesses. Finally, we work to optimize our capital structure using the options available to us in this dynamic market. That includes deploying debt, using stock for M&A consideration, and also buying back our own stock when we see it representing a good value. With that, let's move on to the Q&A portion of the call. Walter, over to you.
spk06: Thanks. In the interest of time, please limit yourself to one question. Our first question comes from Brian Essex from Goldman Sachs with Fatima Boulani from UBS on deck.
spk03: Hi, thank you. Good afternoon. Thank you for taking the question. You know, maybe for Unicash, you know, we've seen a lot of, you know, solid outperformance relative to expectations on the network security side and nice performance this quarter with respect to cloud and AI ARR growth. We wanted to get a better understanding, given that the outperformance has been on the network security side, you know, how confident are you in your ability to hit that billion 150 guide for the full year? How do we think about, you know, how that business has performed relative to your expectations, you know, so far this year?
spk11: Brian, you know, remember, two or three years ago when we set out targets for our next generation security business, we didn't have the muscle that followed the networks to figure out how we can get out of the firewall business and have that Salesforce go out and actually go sell cloud and AI. The good news is over the last two and a half years, we're building muscle. We're learning how the market operates. It's kind of interesting. Every one of these markets operates slightly differently. If you look at NGS, it's a combination of SASE, Prisma Cloud and Cortex. Now, SASE's characteristics are a lot of the free trials we gave a few quarters ago and this whole push to work from home is forcing customers to think hard about their security stack. And it's no longer you can access half the apps half the time. You need to be able to access everything for wherever you are. So we're seeing network transformations, and that's what's driving the success on SASE and some of the huge wins we've had on Prisma Access. As I mentioned, one of the deals which we closed and shipped on the first of this month is our largest SASE deal ever, which gave us seven million dollars of NGS ARR. So you can see approximately the quantum of that deal. So we're seeing a lot of traction on the access front and the SASE front. So that's that's good. Cortex is an interesting space because we compete there with people like CrowdStrike and SentinelOne and the others. We're great on the product front, as we've showed you with the Forester Wave and the MITRE results. We're trying to create more muscle around being able to do those deals. Those deals are typically, because it's a competitive market, you've got to do a whole bunch of deals there. And they all range at the $1 to $5 million range at the higher end and the smaller below that. So you don't get lumpy deals. You just have to do a lot more deals. And that's what we're doing on the Cortex front. Last but not the least, on the cloud front, you've got 2,250 customers. But there, the deals end up being large deals. They're slightly lumpy. And they have very high variability in duration and consumption. So somebody will say, I'm moving to the cloud. I want to buy credits for the next three years. How many credits do I need? They'll suddenly find their deployment is slower because they haven't deployed fully on GCP or AWS or Azure. Others, you'll say, they've been customers the last two years. They're upping because they moved all their workloads to the cloud. their workload ramp has increased so all three of them have slightly different characteristics that's why we end up in a portfolio situation you saw this quarter we added about 132 million in net new ngs arr i just told you about seven more because i felt you guys are extremely curious on ngs and i don't want you guys to go out thinking we're not confident on our 1150. so right now we all feel that we'll get to 1150 on ngs arr and it's going to end up being a portfolio call in terms of some things extremely doing extremely well some things doing normal
spk04: Got it. Thank you for that. And then maybe to follow up with Deepak, appreciate the commentary on the improving operating efficiency or potential to improve the operating efficiency of cloud and AI. And I think that's one of the things that investors kind of struggle with when I think we've all looked at this business on a sum of the parts basis and the performance of each on its own in the challenge with cloud and AI is that it's burning cash at the rate that it is. What do you think about the term, the timeline for improving profitability and cashflow generation from that business. Because I think that might be a trigger for investors to maybe look at that business on a standalone basis and assign it a little bit more value.
spk12: yeah so maybe if I answered in two two different ways, I mean we look at what other companies have done as they've kind of like grown through there. You know they've scaled over time and we often benchmark ourselves versus where were they at this time and other things that we can do to be able to to get there, but at the same time. we're not shy from like you know, making the right investments, if we see the opportunity there that's why I don't want to really box ourselves into a timeframe, it really is a question of what. What opportunities are out there at the time, so we have a base plan. You know that's constantly improving but we're also reflecting on the fact that this is a dynamic market and sometimes you need to lean in if it makes sense for the long term.
spk11: yeah if I can add to that. yeah there are two parts to one as you know deepak highlighted. We continue to work hard towards getting gross margin efficiency on those products because the product development is in our control. And Lee, who's sitting to my right, he and his team work hard at trying to make sure that we optimize the gross margin part. The rest of it, honestly, is the question of how much do we want to invest in sales capacity to be able to drive those. In each of those areas, we are dealing with extremely competitive situations. In the case of XTR, we deal with dedicated salespeople from CrowdStrike. They outflank us eight to one on the number of salespeople. So we have to look hard at how much investment we want to make on the sales side. We do get leverage from the Palo Alto salespeople or eventually end up in hand-to-hand combat. On the Prisma Cloud side, I'd say we were doing fine and we are doing fine. But suddenly the equity, the venture markets have gone and you know, provided phenomenal valuations and dumped a lot of cash in some very early stage companies who are now dangling large paychecks to our salespeople who have got the most qualified cloud security sales team. So that's why I think Deepak is right in saying that we're going to watch the market carefully. But again, we just told you another number, $250 million in ARR in cloud security, VMs and, you know, public cloud security. That's a number which is outflanks our next competitor by probably 25 times.
spk04: Super helpful, Khaled. Thank you.
spk06: Great thanks just remind us limit to one question so next up is a team of alani and on deck is Keith Weiss from Morgan Stanley.
spk08: Thanks Walter. Nikesh maybe i'll start with you very quickly, you talked through a lot of the areas of strength from a product pillar perspective, but in terms of just zooming back, can you stack rank for us.
spk11: um what specific product areas in the ngs portfolio uh really were the drivers of Billings acceleration in the quarter and then I have a quick follow-up for the please yeah as I highlighted you know sassy is strong Deepak highlighted the subscriptions are strong uh we're pleased with the way cortex is evolving and cloud ends up being lumpy so some quarters will get some very large deals and they make up the billing some quarters uh they push but Across the board, the portfolios performing in line with our expectations are slightly ahead. As we said, we hit 973 or 980, depending on how you count it.
spk08: Fair enough.
spk06: Let's just go one question. We're going to move on next to Keith Weiss with Sterling from JPMorgan on deck.
spk14: Excellent. Thank you, guys. Very nice quarter, and thanks for taking the question. I think you guys are doing a very good job of illustrating the there's a difference between firewall appliances and more generally firewalling capabilities. And you're seeing that firewall as a platform growth sustained really well, actually accelerating in recent quarters. And I think that's probably one of the key areas that investors are most cautious on is the durability of growth and firewalling. Can you talk to us a little bit about where you're seeing that strength from? Do you believe it to be durable over the next couple of years? And is there anything that we should be watching out for in terms of tough compares or any one-time items from a year ago period that might upset that growth trend that you've been seeing in firewall as a platform?
spk11: So I'll make two comments, Keith. One is there are situations where the customers are looking for, like you say, firewalling capability. We can walk in and say we can solve this problem with software. or you can go deploy tons of hardware to solve the same problem. So take a large retailer, they can go deploy 1200 firewalls in each of their stores if they choose to go down the hardware route, which is more costly to deploy, harder to maintain, harder to upgrade over time. Or we can go in and say, let's do that with Prisma SASE, which is a software dependent solution which has lower cost of ownership easier deployment easier to solve so you're seeing us create some degree of substitution in our customer base so if you compare us like to like with some of the leading hardware firewall businesses which don't have that you know strengthen that software capability they cannot deal with that substitution capability, which we think is better for the long-term because we just pointed to the RPO. And so look, if we can grow RPO at 38%, that just means we have future revenue coming down the pike on the FWAP front, which is going to be harder to hunt and kill on a quarterly basis if you were a hardware-only business. So I actually think there's more resilience in our network security business than most hardware-dependent businesses. The second piece I would say in that context is what was proxy based architectures is now full firewall in the cloud and we're seeing that in spades in prisma sassy people are stepping back and saying okay let me understand this how do i get my trading system to be accessible from an employee's home you can't do that with proxy based architectures we talked about that at nauseam and we're seeing that really bear out in the success we're seeing in prisma sassy uh my my fellow uh colleagues walter and deepak will not let me throw out more stats in that area but i'll just say i'm extremely delighted with the progress we've made in sassy from where we came from two and a half years used to be a product called gpcs and we would shutter like you said the one-time items there was one deal when i came to palo alto we sweated the entire year to see how we lap that in the following quarter now you know we do six of those in a quarter and we've got tons and tons lined up in our pipe going forward so sassy is strong which should give us continued strength i think the network transformation is in a very very early stage if you think about it if you see aws gcb azure clipping 40 50 billion dollars of billings in a quarter all those customers are going to stand up and realize wait i'm relying on mpls based architectures to go back to my data center now i don't need to go there i need to go to the public cloud when you do that you got to go sassy and right now we firmly believe we have the best sassy solution in the market we firmly believe that we have the most deployed customers out there at scale great thanks um next question from sterling audi and uh saka kalia from barclays on deck
spk13: All right, thanks. It's fun to see Walter on the other side trying to keep us to one question after all these years. I want to follow up on Keith's question as well on FWAP. Help us understand what are the metrics that we should look at in terms of, and you gave a little bit of this last quarter, but when you look at your install base of the on-premise appliances, as some of that starts to transition to FWAP, is that happening? And if it does, how is the dollar for dollar comparison? In other words, do your customers still end up spending more because they're still expanding under an FWAP versus their traditional appliance? Is it smaller or the same?
spk11: I'm going to bring in my colleague, Lee Klarich, who spends a lot of his time making sure that these transitions work and we see these transitions happen.
spk00: Yes. Thank you, Nikesh. Good question. And actually, last quarter, we provided some insight into this, if you remember. There's effectively two transitions that we see play out. One transition has to do with the movement of applications from data centers to the cloud, where the form factor often is changing from a hardware form factor to software form factors, VM series, etc., The other transition is from based on how the employees and users are moving increasingly, obviously moving off the network and soon moving to more of a hybrid state where in that case, the it often is movement from hardware to hardware plus cloud delivered SASE architectures. And so as you think about those, the the net effect of all of it is positive for us in terms of the overall spend from customers. There's some puts and takes. Hardware going to VM series in the cloud is relatively similar. Hardware going to SASE is actually typically an uptick in overall spend because it's not just like for like. It's actually SASE includes network as a service and a lot of the networking components, global network reach, et cetera. And so the overall spend envelope becomes larger as more of the capabilities actually get integrated into the service that we're delivering to customers.
spk07: overall positive um and we've been now tracking this and have history of this for a few years to be able to actually see how that plays out great thank you great thanks um next question from uh saka kalia from barclays and then matt hedberg from rbc on deck okay great thanks for taking my question here um nikesh maybe for you can you hear me okay walter yeah okay cool um that was that was helpful commentary on on the equity structure around around klycek I guess the question is, what were some of the things that went into your decision to explore that last quarter and then maybe reconsider it this quarter? And is it a matter of timing given the volatility in the market? Or would you say that the probability of exploring that down the road is still relatively low?
spk11: I think, Saket, as we went through the mechanics of creating all the paperwork required to file this, the debates began to happen with some of our shareholders. They said, look, the true value creation is when you actually can take this and separate it because you'll still have a stub with some sort of a tracking stock. And the challenge with separating it, as you saw, 70% of our customers are buying multiple platforms. 40% of our customers are buying all three platforms. We're getting into conversations with CIO and somebody goes to a breach or ransomware when they want to go wall to wall and say, listen, come protect me, protect my cloud, protect my SOC, protect my network transformation. And then it's suddenly saying, look, we have all this vantage point from where we are, where we can go pitch all three platforms and go envelope the customer with security. And we're creating this artificial separation amongst ourselves where we're not going to be able to leverage that. So that definitely went through the decision. I think the question which... I can't keep track, I think. So just asked around to Deepak about the funding of PlaySec vis-a-vis NetSec. I think, you know, we'd still have to make that a self-standing profitable entity in its own due course. And I think it's too early to go think about separating that into distinct businesses because we're getting phenomenal leverage from our firewall sales teams who've spent sort of one and a half decades trying to build relationships and get embedded in our customer base.
spk06: Very helpful, thanks. Great, thanks. Next question from Matt Hedberg from RBC, and then we've got Taliani from B of A up next.
spk05: Thanks, Walter. Hey, Nikesh, I wanted to talk about, you know, all these recent breaches. You know, you alluded to President Biden talking about the importance of zero trust. I guess, you know, how do you think about that impacting your federal business later this year? And then also, you know, as these breaches continue to accelerate in a post-COVID world, do you think you're going to be in a better position to consolidate security spending? There's always that debate on best of breed versus consolidation. Does this just accelerate your demand environment even more so?
spk11: You know, Matt, what's interesting is let's start with the second part first. Like clearly, whatever approach was used to buy security hasn't worked. Right. And we've traditionally been in a best of breed approach. You go to companies, they have 35, 25, 40 vendors. And the act of stitching all those solutions together is left on the shoulders of the customer. You couple that with the two biggest technological transitions that have ever happened in the history of computing. One is the shift to the public cloud where you have to fundamentally change your architecture. And the second is a network transformation that you're going through, driven by the cloud. So CIOs are dealing with those two technology transitions and at the same time having to take a hard look at security and bolster it up. And I think there, if you look at historically, I don't think there's been many security companies who've been able to give you best to breach solutions across multiple capabilities. So are firewalls nine times? Top right magic quadrant all fire one capability, whether it's sassy or hardware firewalls vm fit in that category. So they can get the best firewall and capabilities across three different architectures to XDR made of the top right and Forrester wave, but the only cloud security native security company with plasma cloud, we are. top right in SD-WAN, and we're top right next to if there was a quarter. So we actually have the ability to give you a stitched set of products across five leadership positions, which is not available today in the cybersecurity industry. So we're able to make both the best of breed and stitched platform argument right now, and it's resonating because customers who are going through these agonizing times are stepping back and saying, wait, I need to look at it from a different approach, and how can I go with a partner who I can hold accountable for my entire security footprint?
spk06: Great.
spk00: Thanks, Matt.
spk06: Next up is Taliani with Keith Bachman from BMO on deck.
spk10: Hey, I have an accounting issue, accounting question. Great results. ARR were better than expected. At least some people expected some issues there, but I looked at your filing and you changed the definition of ARR a little bit this quarter. You added the language when I compared the language of this quarter versus last quarter. You added the language that this quarter it includes certain cloud delivered security services to ARR. Would you mind to quantify this addition? Was it material to the numbers this quarter? Thanks.
spk12: Yeah, I'll take that question. It's really not material to the overall number. We added a couple of cloud-delivered technology solutions, like IoT being one example, when you add all of them, they're relatively de minimis in nature.
spk10: Got it.
spk11: Thank you. Early launches of our products, and we want to make sure they sit in the right bucket. We can sell IoT against Cortex XT and Cortex Data Lakes, and they sit in both places, in our firewall business and in our cloud AI business.
spk10: Great. Thank you.
spk06: All right, next up is Keith Bachman, and then on deck is Gray Powell from VTIG.
spk15: All right, thank you very much, Nikesh. I wanted to ask you to flesh out Cortex a bit more in terms of run rate and expectations. Feedback we've been getting from the channels is Cortex certainly is doing better. And I was wondering if you could talk about win rates, where you're winning, some of the reasons why. Is there any metrics you can give us on growth associated with the Cortex brand, whether it's revenues or billings?
spk11: Yeah, well... I can't give you a metric we haven't given but i'll tell you cortex comprises three products, one is XDR which we compete with, as you see, with crowd strike and Sentinel one. I think the challenge we have there is, well, our product, as you can see, has technically been now ranked better than CrowdStrike and at par with SentinelOne and others. The challenge we see is we don't have as much coverage as CrowdStrike. So they're in more deals than we are. And that's a virtue of the fact that they have eight times more dedicated salespeople choosing the XTR category and we don't. Where we do end up against them, we pretty much don't lose technical POCs, obviously, because you've seen the technical comparison of the market. Then it becomes a price war, and we don't bend over on the price war. So we see reasonably good win rates against them where we are present. i think our challenges were not present in as many deals as we'd like to be present in because they've got us they've been at it for seven years we've been at it for two and a half so that's kind of like the xdr solution on xor uh it used to be phantom and demisto uh for the most part we don't see much competition in the xor category uh we think uh pretty much where the customer believes they have a need, they will go with XOR. So we're not, we don't feel challenged in that market, but it's a, it's a moderate deal size. It's not the deal size of cloud, which can get to, you know, eight figures. It's a, it's a deal size just smaller than that, but we do see less competitive activity in the XOR category. And last but not the least, Xpans attack surface management is a newer category where people are beginning to understand that the hackers can look at your entire vulnerability footprint from the outside so you're better off having a clear view for example any customer that goes into a breach or post ransomware actually wants to understand their entire footprint and the vulnerability associated with it so we end up having an engagement expanse whenever that happens What is going on is that with the formation of Unit 42, we're getting more and more involved and more incidents out there, and that's allowing them to drag and drop XDR and Xpans in those early days. But we have merged the forensic capabilities, for example, of Crypsis, which used to be a product called Hadron, that has been embraced into XDR and will go live very shortly. where our where our incident responders can go deploy xdr and provide all the forensic capabilities that they do when a breach happens so early days we are seeing more traction on cortex i think we announced that we have 2400 customers the only the the real upside and opportunity for us is to go ahead and execute at scale over there to get into more and more deals because the product is there two years ago 12 months ago we didn't have the product right okay terrific thank you
spk06: Thanks, Keith. Next up is a great pal from VTIG and on deck is Adam Tindall from Ames James.
spk02: Hey, Greg, can you hear me okay? All right, thanks for taking the question. So yeah, maybe back on Prisma Access. What's been the reception with Prisma Access 2.0 so far? And do you see that product update with proxy capabilities getting Palo Alto into more traditional secure web gateway replacement deals or potentially improving the pace of new logo ads on the product set?
spk00: Yeah. Look, we were really excited about the 2.0 launch a few months ago. Great reception from customers. Really excited about everything that was in that launch. You remember, this is where we introduced cloud management. So cloud native experience, easy onboarding, activation. This is also where we launched the first ever autonomous digital experience management add-on module. So this allows our customers to monitor the actual end user experience that they're seeing through the service to the applications they're accessing, in addition to the proxy capabilities and cloud blaze technology, et cetera. So it was a big release, very well received. The adoption, almost all of the Prisma Access customers have now been upgraded to 2.0 and very smooth upgrade process. We're seeing great adoption in the new cloud management. Close to 100 customers are now using that in just the first couple months of availability. The autonomous DEM, we're getting great feedback from customers, some early adopters, and growing the pipeline of that. That's an add-on module that we can go and sell back into the Prisma Access customers as well as new customers. and you know the the proxy capability is interesting as as you know the you know we still believe most customers are going to want the full-fledged capabilities of prisma access and not just the proxy capabilities but uh that capability has achieved what we wanted is remove that as an objection it's allowed customers who need it to be able to move to prisma access and uh and just remove that as a criteria and so we're seeing a number of customers that are testing that on using it and
spk16: um happy happy we added it and made the change okay great thank you very much thanks great uh next up adam tindall from raymond james and then michael church okay thanks good afternoon congrats on the results um i wanted to ask on profitability whether it's nikesh or deepak wants to weigh in you're seeing deal sizes increase you're seeing cross-platform adoption and those are helpful metrics for us we typically associate those with very healthy contribution margin You did talk about 50 basis points of operating margin expansion this year, but I wanted to ask beyond this, do you think that this is something where you can build on? You're hitting a turning point. We could see sustained margin expansion from here. You talked about 150 basis points annually a couple years ago at an analyst day. I'm wondering the puts and takes to get back to that level of margin expansion. Thanks.
spk12: I think the honest answer is it's pretty situational, right? I mean, I think every customer deal is different and, you know, like we're obviously going to uh lean in if we have to you know in order to do that but i think what what really drives us is is making sure that we don't leave any money on the table i certainly think that as the portfolio grows as the attack surface area becomes more complicated you know uh hopefully the leverage moves more within uh towards our favor over time and that will help us um uh you know over time But I think in general, I would stand by, it's always a focus area for us. And we believe that with scale, we'll come to margin expansion over time. But at the same time, we just don't want to leave opportunities on the table if they're there for the taking.
spk11: Yeah, just adding to that, Adam, I read your note. Thank you for your initiation and upgrade. I noticed that you talk about operating margin leverage. And as many folks have highlighted in this call, we have two businesses, the network security business, where you can see the leverage 42 free cash flow margins you know still growing at 26 of billings and 38 are for some number of our peers and that's like a different role but so we see that's where the leverage is we love we use that leverage towards the classic businesses in the history of cyber security nobody's built a 735 million ar business in two and a half years so let's just like take stock and pause and and we didn't buy all of it we bought some products into it but It has been built by a lot of go-to-market capability. If you benchmark that against the CrowdStrike and the Octas of the world, or the Zscalers of the world, you'll see there is a natural evolution, which doesn't happen in two years. So yes, do we believe there is operating leverage in future years? Yes, we do. It becomes a real question of do I want to go hire another 300 salespeople and beat as many deals as CrowdStrike, or do I want to hire 100 salespeople and have a lower growth rate? because I don't believe I have the capability on the product side. Palo Alto Networks has never been in a position like today from a product capability perspective. Our products resonate. We rarely get thrown out because our products don't cut it. And given the heightened security awareness in the market, we're seeing more traction because, as you guys know, our products are on the margins slightly more expensive or premium than some of the other players in the market. As the security awareness or heightened desire to have a more secure product goes up, it's better for us because the customer is more willing to be willing to be tolerant of a price point associated with power travel. So honestly, I think I'm repeating what Deepak said, is that we don't want to total the growth opportunity for us. When I came to Palo Alto, we were growing at the low 20s. Now we just showed you 27 and, you know, maybe 20, 29 if you adjust for the annual plan stuff. And that's acceleration. And we'd like to see if we can maintain high growth rates going forward. And if that requires us to invest and look for leverage in future years, we'll do that as a management team.
spk06: Great, thanks. Next question from Michael Turitz at T-Bank. And after that, Patrick Colville at Deutsche Bank.
spk09: Hey, guys. Thanks. Nikesh, I think that one of the investment theses here has been that you're the company most likely to not only consolidate security, but to make that transition to software and to the cloud. And you're proving that out. But that said, you've also been doing a great job this year on the product slash appliance side of 3% here today versus what you had got to do flat. So I'm just trying to get a sense for the dynamics of that in the next three calendar quarters. Could we get a boost from refresh of what wasn't done last year? And is there any constraint to that if it's going to happen from supply chain components?
spk11: That's a great question, Michael. I think the supply chain situation changes weekly. And you can see all those machinations play out in the market. As you can imagine, like other players in the market, we have some degree of inventory capability vis-a-vis our expected demand in the shorter duration and the longer duration. All bets are off in the industry, depending on how they bring up more fabs to go print out the chips and get them to us. so the good news is as i highlighted we move 40 of our firewalling business software so if we if the industry starts to see supply constraints we are able to solve the customer's problem by giving them capability which is software based and we obviously will still have our baseline availability of hardware um we do have the units available for the recent announcements for our hardware launch which we just did which lee can talk about in a second but uh you know again I know we've talked about this, Michael, and we keep going back and forth on this is that I honestly look at the overall capability of the firewalling capability. And as much as I like product, I also like the idea of having more less and less reliance on hardware, because I promise you in a few years from now, you're going to tell me you love your business, but still got this hardware hunt and kill requirement every quarter. There you go. Punch the ticket and give me hardware. So we're trying to thread the needle with you here. trying to give you great firewalling growth, keep the revenue growth high, keep the cash flow high, and still transform our business from hardware to software. But Lee, do you want to talk about the hardware launch?
spk00: sure uh while we're you know transitioning the business there's still a wonderful business out there for hardware and and the two new models that we just announced yesterday are um you know pretty exciting really uh we introduced a new high-end appliance scales up to 150 gig throughput with all security turned on 75 gig with full ssl decryption uh just amazing product for the large campus data center environments And then for the branch environments, smaller enterprise environments, we announced four new appliances in the 400 series that basically 10x the performance of the previous platforms we had. And one thing that's, I think, particularly interesting about how we're bringing these new products to market is they have all of the leading security capabilities that Palace Networks is known for, but we're bringing them out at price points that are incredibly competitive with even some of the lower cost vendors out there. And so we're same capability, same great capabilities, leading capabilities.
spk11: uh but at super competitive price points changing the dynamic in the hardware space uh competitive space i can't get lee to say the statement i want to say he keeps saying leading leading competitors yes follow-up to great security at x prices you can't do it i can't do it okay fine great last uh last question here from uh patrick coville at george bank go ahead
spk01: Thank you for squeezing me in. I was actually going to ask about the new appliances because I think that's super interesting, but Lee covered it pretty comprehensively there. The questions we've been getting from investors over the last hour has been about the definitional change around ARR. So do you mind just quantifying what the certain cloud delivered security services, how much is that in 3Q versus 2Q?
spk12: Let me let me give that a crack and I said that it was the minimus it's it's less than $5 million so just just as a as a kind of like an overall number to be able to work through.
spk01: Great very clear, thank you so much.
spk06: Great well that that that concludes the Q amp a portion of the call Thank you all for joining and asking me questions we're going i'm going to turn it back over to cash for closing remarks.
spk11: Hey, I just want to take the opportunity to thank you all for joining our call. I also want to take the opportunity to thank the employees at Palo Alto Networks for all their hard work and dedication to allow us to produce these results. We are here because of what they do. So once again, thank you, everyone, and I look forward.
spk05: I used to spend all month chasing down receipts. Then I got team pay. I have full visibility into employee spending. There's no more manual work, questionable reporting. With team pay, everyone wins. Don't believe me? See for yourself.
Disclaimer