This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Operator
Good day, everyone, and welcome to Palo Alto Network's fiscal second quarter 2022 earnings conference call. I am Clay Bilby, head of Palo Alto Network's investor relations. Please note that this call is being recorded today, Tuesday, February 22nd, 2022, at 2 p.m. Pacific time. With me on today's call are Nikesh Arora, our chairman and chief executive officer, and Deepak Galecha, our chief financial officer. Our chief product officer, Lee Klarich, will join us in the Q&A session following the prepared remarks. You can find the press release and information to supplement today's discussion on our investor website at investors.palaluzonetworks.com. While there, please click on the links for events and presentations where you will find the investor presentation and supplemental information. In the course of today's call, we will make forward-looking statements and projections that involve risk and uncertainty that could cause actual results to differ materially from forward-looking statements made in this presentation. These forward-looking statements are based on our current beliefs and information available to management as of today Risks, uncertainties, and other factors that could cause actual results to differ are identified in the safe harbor statements provided in our earnings release and presentation and in our SEC filings. Palo Alto Networks assumes no obligation to update the information provided as a part of today's presentation. We will also discuss non-GAAP financial measures. These non-GAAP financial measures are not prepared in accordance with GAAP and should not be considered as a substitute for or superior to measures of financial performance prepared in accordance with GAAP. We have included tables which provide reconciliations between the non-GAAP and GAAP financial measures in the appendix to the presentation and in our earnings release, which we have filed with the SEC and can also be found in the investor section of our website. Please also note that all comparisons are on a year-over-year basis unless specifically noted otherwise. We would also like to note that our management is scheduled to participate in the Morgan Stanley Investor Conference in March. I'd like to apologize for the delay in our start time. We experienced a technical issue that required delaying the call by 30 minutes. I will now turn the call over to Nikesh.
Clay Bilby
Thank you, Clay. Good afternoon. Thank you, everyone, for joining us today for our earnings call. As you've seen by results we released, we had an exceptional Q2. We continue to accelerate the growth of our business in line with our stated direction of fiscal year 22 being the year of focused execution. But first, let's talk about the market and the trends we're seeing. Firstly, we continue to see a strong demand for cybersecurity. We have not seen any changes in the IT spending patterns of our customers or a slowdown in companies investing in IT systems to drive competitive advantage. On the contrary, we see acceleration around trends associated with the shift to the cloud, as well as a continued effort to redefine network architectures to enable employees to work effectively from anywhere, a trend which has been bolstered by the pandemic, and we continue to believe we are still in the early innings here. Both these factors underpin continued demand for cybersecurity services. Secondly, we continue to see an evolving and complicated threat landscape. We have highlighted in the past that cybersecurity is at the front and center of all conversations around risks and threats at companies as well as nation-state levels. We believe cybersecurity will continue to become more and more relevant and important. With increased reliance on technology and the prevalence of cyberattacks, there is an ability to disrupt businesses and critical systems, making cybersecurity an area that will need continued focus and investment. In addition to industry-specific trends, we're seeing a trend that is unique to Palo Alto Networks. Given our investments in the areas and continued relevance across multiple platforms and needs of our customers, we're having more and more significant partnership conversations which encompass the entire Palo Alto Networks offering. Whilst early, we believe this is the true differentiation that Palo Alto Networks provides, both best of breed and integrated security that works. Thirdly, our continued focus on execution. This focus is bearing fruit as we execute multiple dimensions across our business. Execution from our product teams means continuing our rapid pace of integrated platform delivery. We will talk about the innovation across our platforms, but to highlight, just today we unveiled our XIM product, which is poised to reimagine security operations centers and truly deploy technology to resolve cyber attacks in real time. Execution from our go-to-market teams means focusing on the broader customer-driven priority of helping them significantly improve their cybersecurity posture. This is demonstrated by the multi-platform large deal commitments we're beginning to see. Execution from our supply chain team means we're able to work with our suppliers in this tough environment to deliver critical security appliances to our customers. We had to balance some of the increased costs with price increases as an offset, but we've been able to keep these increases modest in comparison to our peers. Execution from our people leaders means, despite this being a hot market for great talent, we're able to attract and retain the best minds in cybersecurity. As you saw in the opening of the call, we launched a welcome home program to welcome back employees that had left our company. We have seen good initial success here. Let's take a quick look at some of the outcomes caused by the focus on execution. In Q2, revenue was up 30%, while the leading billing and RPO metrics were up 32% and 36% respectively. We're building a more predictable business model. Our CRPO balance of $3.4 billion gives us significant visibility into our next 12 months revenue. Next Generation Security, or NGS, ARR, finished Q2 at $1.43 billion. As we hit our mid-year point, we have greater confidence that our strategy is working, which is driving us to make further investments in these businesses. At the same time, we continue to transform our core network security business, where the software mix within our firewall as a platform billings came in at 40%, up five points versus last year. We drove these strong top line results while balancing non-gap profitability, even as we absorbed some incremental expenses from supply chain challenges. Operating income grew 20%, and adjusted free cash flow grew 33%, we outperformed our non-GAAP EPS guidance midpoint by 9 cents. For a number of quarters, we've talked about our large deal momentum. To accelerate these results, as we exited fiscal 2021, we layered on a sales strategy to elevate our focus and drive efficiency in our largest opportunities. With a growing portfolio of products across three platforms, making large deals selling a repeatable process is core to our sustaining and accelerated growth trajectory. With BJ Jenkins taking over the leadership role for our broader sales organization, We've had an ability to increase management attention on the largest deals in the form of Amit Singh, our CBO. We're pleased with the results we have seen in the first half of the year. These deeper multi-platform relationships are a win-win for Palo Alto Networks and our customers. As a testament to this, at the end of Q2, 47% of our global 2,000 customers used products from all three of our platforms, up from 38% a year ago. In Q2, we closed 221 seven-figure transactions, including three transactions over $20 million. Our millionaire customers were 1,077 in Q2, up 26% year-over-year. Our combined rate of growth in millionaire customers, as well as an increase in size of our large deals, has helped us sustain the accelerated level of growth we've seen over the last several quarters. In all, as a strong coordinator, I want to thank our global teams for their strong execution across the board. Driving these results are the transformation of our firewall business and our focus on capturing growth in next-generation security. In particular, this quarter, our strengths were well balanced in both of these categories. Let's do a quick review of our progress across our three platforms. As you know, we have them designed modularly so customers can initiate their partnership journey with Palo's Networks, whatever their current need is. But over time, we work with them to both expand across any one of our platforms and also work with them to adopt our other platforms in line with their plans. At the heart of our three platform strategy is innovation. This is a fuel of our growth, especially in next generation security, where we play in markets that are early in their life cycle. In the first half of fiscal year 2022, there are 22 major product releases, which is equal to all the releases we had in the full year of fiscal 2020. Even more impressive is that this quarter marks the end of all integrations of our acquired businesses over the last few years, i.e. all of our products are now seamlessly integrated and can have organic development continue on them. We're also pleased to receive two new industry awards, adding one in developer security tools and another in secure web gateway. We now have a leadership position in 10 categories. Focusing first on our firewall business, we're continuing to refresh our platform. And just last week, we announced two more new families with the PA3400 and PA5400. These new Generation 4 platforms have industry-leading performance on real-world encrypted traffic using our single-pass architecture and performance that is three times faster than similar Gen 3 appliances. We also rolled out PanOS 10.2 Nebula release, which adds significant new capability in using machine learning to stop the current generation of highly malicious attacks in line. This capability powers our recently released advanced URL and new advanced threat prevention subscriptions, as well as brings significant enhancements to the capability of our DNS security subscription. We added the industry's first integrated AIOps to our next generation firewalls. Our 10th subscription added to the firewall family. This capability assists customers to prevent firewall misconfigurations and proactively addresses performance issues before they impact customer networks. We were pleased with our ability to grow our product revenues at 21%. This contributed to our Q2 revenue upside and was ahead of our guided mid-teens growth for the full year, which we will be raising. Our teams worked tirelessly during Q2 to ensure we could fulfill product demands to customers as quickly as possible, while also navigating through the Gen 3 to Gen 4 refresh. We did see demand for our next-generation firewall appliances outstrip our ability to ship in the quarter, and this is reflected in the growing RPO I spoke about earlier. Strong security demand, innovations we are bringing to customers such as our Nebula release, as well as customer appetite for our Gen 4 gives us strong conviction in sustained product demand into fiscal year 2023. Next, I want to spend some time in our NGS business. This is one where our teams have done work which I personally believe has not been done in the cybersecurity industry before. And this is what makes Palo Alto Network special. We have built a formidable set of services which are cloud first, and these services are resonating with our customers. This success is truly driven by us working with our customers to anticipate their challenges, delivering best-of-breed solutions in an integrated fashion whilst continuing to focus on security outcomes. This has resulted in us building an NGS ARR stream of 1.43 billion, driven by Billings' growth of 79% in NGS. Diving deeper into SASE, which has been a strong contributor to NGS, we continue to see strong uptake from our existing customers. We're also seeing marquee new customer wins, which are reflected in our current customer count of 1,983, which is up 62%. A recent report from the IT Industry Analyst Enterprise Strategy Group noted that 78% of organizations have begun or are planning SaaS implementations. We see this mirrored in our customer conversations, where hybrid work is now the way many of these companies are planning on supporting the future work. We are pleased to again stand on Okta's Business at Work report, where we were identified as a leading provider of remote access solutions. We're seeing SASE emerge as a key platform for our customers, with these customers looking to Prisma SASE to deploy needed capabilities. We rolled out integrated CASB within Prisma Access 3.0, including a new capability around inline DLP for SaaS, and in particular, collaboration applications. We continue to see success attaching autonomous digital experience management, or ADEM, as an upsell in Prisma Access, as customers rely more on SASE as the foundation of the network architecture. On the cloud front, we're seeing mainstream adoption of hyperscale public cloud in our customer base, as well as an acceleration in production workloads. This is driving sustained strength we're seeing from Prisma Cloud. Four years ago, we made it a conscious strategy to be a first mover with multiple big bets to proactively invest where we believed the future of security was going. Our pivot began with several acquisitions targeting companies with the best technologies. We developed a unique go-to-market approach, allowing us to promote future modules as part of an integrated offering. We're seeing tremendous success with this approach. While our active customers grew 21% to 1,810 in Q2, we saw north of 56% growth in credit consumptions, driven both by increased adoption of the cloud by our customers and their continued adoption of more security modules in Prisma Cloud. While our two core modules, cloud security posture management and cloud workload protection are mainstream within most of our customer base, we're seeing an increase in adoption of three and more modules. There are two areas I would like to highlight in Prisma Cloud this quarter. First, the launch of cloud code security. And second, the launch of agentless scanning. Approximately one year ago, we acquired BridgeCrew, which has strong early traction in DevSecOps, enabling security to be shifted left into the software development lifecycle. This addresses security problems before they are created in production deployments and is far more efficient. A single deployment template can be propagated hundreds of times. If there are multiple vulnerabilities in the code, each deployment could create hundreds of security events even once in production. BridgeCrew had significant traction with its Chekhov open source tool, momentum that has significantly accelerated since its acquisition closed and downloads of up to five times here over here. Building on the BridgeCrew technology, in Q2, we released our fifth Prisma Cloud pillar, Cloud Code Security, which is part of our three-order release. Our standalone bridge crew product has about 70 customers. We're pleased to see DevSecOps customer momentum building as Prisma Cloud customers adopt cloud security to several weeks after its integrated release into our platform. Let's talk about agentless scanning. You've seen a number of smaller provider focus on small initiatives in cloud native security, providing only agentless scanning is one of them. What we hear clearly from our customers that they want a platform approach to cloud security, which offers the flexibility of both agent and agentless scanning. depending on their architecture and security needs. Towards this end, our teams rallied and delivered agentless scanning in record time. This makes sure that our customers can deploy either approach via the integrated platform that is Prisma Cloud. Now turn to Cortex, our endpoint security security analytics and automation solution. We continue to see significant customer demand for automation and security as the threat data and volume of security events grow at exponential rates. The human-only approach to interpreting data and responding to events is not keeping pace. We're seeing strong customer adoption for market-leading technologies across XDR, XOR, and Xpans. Total customers across XDR Pro and XOR reached 3,232 and increased over 69%. Q2 is a strong quarter for new customers, both those that are brand new to pilot networks and also across cells to Cortex. We also saw Q2's strength across all of our geographies for Cortex. At our Ignite event last November, we launched our managed partnership program, XMDR, and we continue to see partners join the program to further align the opportunity across the Cortex portfolio. We now have 27 partners here and have a strong pipeline of interest to partners working through the certification process. Cortex's growing success with Cortex is the innovation and investments we have made over the last year in XDR, XO, and Xpans with market-leading capabilities in each. shortly after releasing XTR 3.0 in Q1 to enable cloud detection response to release XTR 3.1 in Q2 to further enhance our cloud asset visibility and insights. Q2 also marked the release of our intelligence module for XSort providing end-to-end real-world threat intelligence to help identify and discover new malware familiar families or campaigns or attack techniques that are related to security incidents. This morning, We announced our Cortex Extended Security Intelligence and Automation Management, or XIM, platform and shared our vision to provide an autonomous cybersecurity solution as a modern alternative to SIM solutions. We believe security operations teams have an urgent threat detection remediation problem, and only by leaning into a natively AI-driven platform, we will be able to bring down response times from hours and days to seconds and minutes. We're on a mission to revolutionize how data, analytics, and automation is leveraged in cybersecurity, and Ex-SIME is a product of years of research and development we've been doing in this area. Ex-SIME is currently available to a limited number of customers and will be broadly available later this year. In summary, I am very pleased with our Q2 results. We both continue to benefit from strength in our core next-generation firewall business, and it's a strong sign of our future growth prospects, significant strength across our next-generation security portfolio. This balanced performance is a hallmark of our long-term strategy to drive durable growth. On the back of this trend, and based on what we're seeing in our pipeline, heading into the second half of fiscal year 2022, we are raising our total revenue, product revenue, and total billings guidance for the year. Within this top line, given our confidence in both our pipeline and our sales execution in GS, we're also raising in GS AR for the year. Lastly, we're delivering this top line while we continue to make significant investments in our business for future growth. We not only continue to see strong near-term demand, but also strong medium-term trends in cybersecurity, fueled by underlying strength in IT spending and secular trends like hybrid work and cloud native adoption. We have aligned investments both to building sales capacity for fiscal year 23, as well as medium-term investments in product capability. These investments have been made while also absorbing unexpected supply chain related costs this year. Despite this, we have been able to deliver upside to our non-GAAP EPS forecast so far this year. We're lifting a non-GAAP EPS guidance for the year, reflecting much of the upside we saw in Q2. With that, I will turn the call over to Deepak to go into more detail on the Q2 performance and our guidance.
BJ Jenkins
Thank you, Nikesh, and good afternoon, everyone. We again delivered results ahead of our guidance across all metrics as we continue to transform our business. Top-line growth remains strong in Q2 with balanced strength across our portfolio, including product and especially in our next-generation security offerings. Supported by the strength in our differentiated offerings, we're raising our full-year guidance. For Q2, revenue of $1.32 billion grew 30% and was above the high end of our guidance range. Product grew 21% and total services grew by 32%. We saw strong growth in all geographies and across all platforms. By geography, the Americas grew 33%, EMEA was up 22%, and JPAC grew 23%. NGS ARR finished the quarter at $1.43 billion, supported by broad strength across each of our platforms. Prisma Access ARR more than doubled year on year, and we continue to see especially strong growth from XDR and Prisma Cloud. This demonstrates that our portfolio approach to driving growth in our high growth markets is working, and what gives us confidence to raise our guidance here, which I will talk more about shortly. In the second quarter of 2022, we delivered total billings of $1.61 billion, up 32%, and also above the high end of our guidance range. Total deferred revenue in Q2 was $5.4 billion, an increase of 31%. As a reminder, billings is total revenue plus the change in total deferred revenue, net of acquired deferred revenue. Our NGS billings grew 79% year over year, Going forward, we encourage investors to focus on our NGS ARR metric as we view this measure as being more indicative of the underlying drivers of this business. We will not be updating NGS billings in the future. Remaining performance obligation, or RPO, was $6.3 billion, increasing 36%, with current RPO growing largely in line with total RPO. As mentioned previously, we believe RPO adds meaningful insight into our future revenue as it includes both prepaid and contractual commitments from customers. The strength of our RPO growth gives us confidence in our future quarters as it effectively provides us a head start from a revenue perspective. Our product growth was 21% in Q2 and above what we have seen historically, reflecting strong customer demand for our appliance and software offerings. Within our firewall as a platform business, we saw billings grow 26% in line with the growth we have seen over the last year as customers purchase hardware, software, and SASE form factors. Within FWAP, our software mix increased 5 points to 40%. Last quarter, we raised our fiscal year 22 outlook for product revenue growth to mid-teens. We're raising this outlook to high teens as we continue to balance the forces of very strong customer demand and supply chain constraints. Turning to the details of our results, product revenue was $308 million, growing 21%. Subscription revenue of $618 million increased 34%. Support revenue of $391 million increased 30%. And in total, subscription support revenue of $1.01 billion increased 32% and accounted for 77% of our total revenue. Non-gap gross margin of 74% was down 130 basis points in part due to the ongoing costs associated with the supply chain. Our production teams have done an outstanding job in fulfilling the growing demand and keeping the priority focused on enabling shipments to customers. We will continue that posture moving forward. Non-GAAP operating margin of 18.4% was again up sequentially and down year over year as expected, with higher product and support costs impacting the year over year trend. Non-GAAP net income for the second quarter grew 20% to $185 million, or $1.74 per diluted share. Our non-GAAP effective tax rate was 22%. Our GAAP net loss was $94 million, or 0.95 cents per basic and diluted share. Turning now to the balance sheet and cash flow statement. We finished January with cash equivalents and investments of $4.2 billion. Today's sales outstanding was 60 days unchanged from a year ago. Cash flow from operations was $483 million. We generated adjusted free cash flow of $441 million, a margin of 33.5%. in qt we again balanced multiple financial priorities with strength in both top line underlying non-gap profitability and in cash conversion we believe it is important to hold ourselves to this discipline even when growth is robust in order to drive a best-in-class financial model as we scale into a larger company we continue to execute on our capital allocation priorities that outlined in our september analyst bay During Q2, we repurchased approximately 1 million shares on the open market at an average price of approximately $534 per share for a total consideration of $550 million. We continue to expect a large part of our cash flow to be used for share repurchase. We have approximately $450 million remaining on our authorization for future share repurchases expiring December 31st, 2022. On the M&A front, we did not close any acquisitions in Q2. As we noticed at Analyst Day, we continue to focus on managing down our stock-based compensation as a percentage of revenue. This quarter, we reduced SBC by about two points year over year as we apply our overall discipline to this process whilst balancing the current market for cybersecurity talent. We look forward to continuing this trend. Similarly, we talked about an aspiration for achieving the rule of 60, combining revenue growth and adjusted free cash flow margins. You will see that with the revised midpoint of our fiscal year guidance, we are now expecting to achieve this once aspirational goal. Lastly, moving to guidance and modeling points. As Nikesh highlighted, we continue to see very balanced demand. This includes demand from our appliance form factors that outstrips our ability to fulfill them in the short term, as well as strength in our next generation security portfolio. Our Q3 guidance takes into account the strong demand picture as well as the best information we have today on supply chain and other factors. Turning to our guidance for the third quarter of fiscal 22, we expect billings to be in the range of $1.59 to $1.61 billion, an increase of 24% to 25%. We expect revenue to be in the range of $1.345 to $1.365 billion, an increase of 25% to 27%. Non-GAAP EPS is expected to be in the range of $1.65 to $1.68, based on a weighted average diluted count of approximately 106 to 108 million shares. For fiscal year 2022, we expect billings to be in the range of $6.8 to $6.85 billion, an increase of 25 to 26%. We expect revenue to be in the range of $4.25 to $5.475 billion, an increase of 27% to 29%. We expect NGS ARR to be $1.725 to $1.775 billion, an increase of 46% to 50%. We expect product revenue to grow in the high teens with the seasonality weighted to Q4, as we have seen in prior years. We continue to expect operating margins to be in the range of 18.5% to 19%. Non-GAAP EPS is expected to be in the range of $7.23 to $7.3 based on a weighted average diluted count of approximately 106 to 108 million shares. Adjusted free cash flow margin is expected to be in the range of 32% to 33%. Additionally, please consider the following additional modeling points. We expect our non-GAAP tax rate to remain at 22% for Q3 22 and fiscal year 22, subject to the outcome of future tax legislation. We expect net interest and other expenses of 5 to 6 million per quarter. For Q3, we expect capital expenditures of 40 to 45 million dollars. For fiscal year 22, we expect capital expenditures of $185 to $195 million, which includes $39 million outlaid in Q2 related to our Santa Clara headquarters. With that, I will turn the call back over to Clay for the Q&A portion of the call. Thank you.
Operator
Great. Thank you, Deepak. And to allow for broad participation, I would ask that each person ask only one question. The first question is coming from Saket Kalia of Barclays with Liani of B of A to follow.
spk12
Okay, great. Thanks, Clay. Thanks, team. Nikesh, maybe I'll start off with a product question since it's hot off the press this morning. I was wondering if you could talk a little bit about the XIM product a little bit. Again, brand new given the announcement today. But maybe the question is, how do you envision it disrupting the SIEM market? And how can you maybe leverage your existing portfolio to cross-sell into the customer base?
Clay Bilby
Well, thank you, Sake. Thanks for the question. Look, when I came to Apology Networks, our mean time to respond at Apology Networks was measured in tens of days. And for someone who did not work in the security industry, I found that a little flabbergasting because if it takes tens of days to figure out that you've been breached and all you're doing is closing the door after somebody's gone, So we challenged our team internally, say, can you take that and turn that into seconds or minutes? Because that's the only way we're going to have a chance to be able to protect not just ourselves, but our customers in the future. That required us internally revamp from having north of, I'd say, 15 to 20 other security vendors, even in our infrastructure, down to less than 10, because there are some areas, as you know, we don't play in cybersecurity. But that, coupled with automation, with data analytics, we're down at power networks just under one minute as a mean time to resolution, which is how we can resolve log4j within our company or SolarWinds within our company. I think that's the capability that customers need. And he did a phenomenal job in his video where he says, look, you take a car and you add adaptive control, you add park lane assist, you add all those features to an old car, or as in old as in new car, but cars between around 20 years, that doesn't make it into autonomous vehicle. You have to start from scratch. You have to build it with software to build it analyzing data. And that's kind of the right analogy to think about it. The future of protecting our customers will have to depend on being able to analyze data on the fly, immediate on the fly, not wait for humans to analyze it and come back 10 days later and say, now I know what happened. So towards that end, we have launched XIM. It is an early release, working with a handful of design partners to work with them to go replace the security infrastructure in line with what we've done at Palo Alto that allows us to learn and to build with them. But we expect this product will be GA later in the year. Really excited. The way it leverages our portfolio is we can do it quickly if you're using Palo Alto appliances, Palo Alto firewalls, Palo Alto endpoints. We can do a problem with Prisma Cloud, it's an easy thing to do for us. We also integrate other security vendors, but obviously the quality of data becomes suspect as you keep going down to more and more legacy security technologies.
Apology Networks
Great, thanks.
Operator
And our next question comes from Tal Liani of Bank of America with Brian Essex. So next, Tal, please proceed.
Tal Liani
Hi, I hope you can hear me. I have a balance sheet. I'm limited to one question, so I'll just ask the question that no one else will ask probably. I'll ask the balance sheet question. There is a long-term convertible node that was rolled into short-term liabilities. The magnitude is big. It's $1.6 billion. Can you explain this? Also, I'm looking at your SBC. It's getting to $290 million this quarter almost. It's a big number. And if I go back, you're not profitable if I take into account SBC, and that has been the historical trend. So can you first explain the SBC and the outlook? What's going to be the trend with this account? And when are you going to turn profitability on a gap basis? What's the plan for the company? Thanks.
Clay Bilby
Let me start in a second. I'll hand over to Deepak to answer your question on the balance sheet and add to my answer. Look, when I came, we bought a bunch of companies. And the way we bought them was we unvested the founders from their equity and their companies and revested them with Palo Alto stock over a period of four years. That was the only way we could secure the talent of all these founders with the companies we bought. So a significant part of our SPC is the embedded M&A costs of retaining founders. As you've noticed, we have not done any significant M&A in the last two or three quarters. As that begins to roll off, you will see a step change down in our SPC when all those acquisitions begin to roll off. Obviously the earliest ones will start rolling off in about another six months. And then over the next year or so, year and a half, you'll see significant roll-offs. So that should show you that in addition to that, as Deepak highlighted, we are working hard to make sure that the normal SBC continues to be managed down. And of course, as you know, it's a percent of revenue. If revenue keeps going up, it also acts as a benefit towards that direction. So we will talk more about what our forecast to achieve gap profitability as we lap Q4 this year, because we have more visibility on the M&A stuff. But I will let Deepak add to that and as well talk about the balance sheet item.
BJ Jenkins
Yeah, I think the only thing that I would add is like, you know, what we found, you know, in the company is when we really focus on something, we find opportunities. You've seen that on pretty much every metric that we focus on. This now becomes another metric that we're focusing on. I just want to say that we're going to balance that with the need to retain our talent, just as you saw from the welcome home video. We want to make sure that we get the best talents as well. But that's really on the SBC. On your balance sheet question, Tell like a couple of different points, you know, the 2023 and 2025 notes eligible for early conversion from February 1st to April 30th, 2022, due to the share price exceeding the price thresholds. Those notes continue to be classified on the balance sheet as current liabilities in Q2 unchanged from Q1. In Q4, the 2023 notes were classified as current liability and the 2025 notes were a long-term liability. So it's just a question of how they're classified on the balance sheet based on all the trigger events on the notes. But hopefully that answers your question.
Operator
All right, great. Thank you. And the next question comes from Brian Essex of Goldman Sachs with Hamza Fadawar up next. Brian, please proceed.
Apology Networks
Yeah, great. Thank you. Good afternoon. Thank you for taking the question. You know, Nikesh, I just want to touch on the hardware side of the business, you know, see the innovation with the updates of Pan OS and Gen 4 hardware refresh. I guess the first part of the question, have you adjusted sales incentives to drive better hardware adoption? And then maybe part B of that question is, how do you think about, I guess, the ability or the incentives to leverage the product side of the business to drive consolidation of share on your platform going forward?
Clay Bilby
Great question, Brian. So two parts. One, as you probably heard from everyone in the industry who's in the hardware business, demand is outstripping supply. I suspect it partly has to do with supply, partly has to do with volumes going up in the pandemic, inflation expectations. So we don't have to do a lot on sales incentives to drive even more hardware. We have customers who would like their hardware delivered sooner than later. So we are seeing demand. And as I said, our ability to supply, despite the 21% growth, still demand outstripped that 21% number, which is why you see our RPO continuing to rise. I think that's your answer to the first part. In terms of the ability for us to leverage hardware, and I'll highlight a metric we shared last time, that 25% of our customers in SASE were net new to Palo Alto last quarter. We haven't declared that number this quarter, but that gives you a sense. And typically those conversations, Brian, are, hey, I love your security platform. I love your security policy. I'd like to deploy it, but my firewalls are still around and they have two, three years more to go. In that case, we end up with a sassy deal with the expectation that over time, when that customer consolidates their firewall, it gets to be a Palo Alto end-to-end zero trust execution because the only way to do zero trust right is to make sure your hardware, your cloud, and your remote users are all consistent in terms of security policies used. From that perspective, we see an opportunity to take hardware and further consolidate. In some cases, it's customers going from two hardware vendors to one. In some cases, it's customers doing a replacement of some other hardware vendor with power networks because now they've already deployed SASE in their environment. So we see all of that happening. And one of the beautiful features, some of the subscriptions I laid out, whether it's autonomous monitoring or AIOps or DNS security or the auto filtering, et cetera, we can make that happen consistently for our customers across both platforms. So in that perspective, they already see the benefits of deploying that on a consistent basis.
Operator
Great. Thank you. And our next question comes from Hamza Faderwala of Morgan Stanley with Phil Winslow to follow up.
Phil Winslow
Hey, guys. Thanks for taking my question. So the NGS ARR grew really nicely, and you raised a full year guide on that, too, which you normally don't do midway through the year. The Prisma SASE, Prisma Cloud doing really well, as usual, it seems. But there appears to be an inflection on Cortex. Can you talk about some of the strategic initiatives that are driving that? in the last couple of quarters in particular, and then maybe just for Deepak, can you help us understand maybe the gap between NGS fillings and ARR growth going forward as some of the lower duration stuff becomes a higher percentage of the NGS mix?
Clay Bilby
Thanks, Hamza. Thanks for the question. Look, I think this was an all-out quarter of strength across every NGS category, whether it's cloud, SASE, or Cortex. I think there's an inflection point both in Cortex as well as Prisma Cloud. More and more conversations around where customers are coming to the point of saying, yes, I cannot do this with the cloud native tools because I've got multiple cloud providers I'm dealing with, or I cannot do this with the next startup from two guys who started it and I can cover one sliver. I need something that's more comprehensive. Because honestly, if I was going to replace a security capability with a startup capability, AWS, Azure, GCP already had that capability. It's not like they're lacking in capability from a security perspective. But just to give an example, if you deployed security using one cloud provider, whether it's AWS, GCP, or Azure, you'd have to integrate 10 of their modules to get one Prisma Cloud. You have to do the integration work yourself. So we've already done that, not just within their tools, but also across all public cloud providers. So that's why the consolidation of security capabilities in Prisma Cloud makes sense. We're seeing that inflection. You see the number of customers is closing in on 2,000 customers, 80 of the Fortune 100. So we're not dealing with small enterprises trying to replace some features, some CSPs. We're dealing with people who are now in complex production environment types and areas, and they're going to deploy in Prisma Cloud. So we're seeing that inflection there, and you're seeing that with 56% growth in credit, you're seeing not only are we benefiting from people adopting multiple modules, but also benefiting from the fact that their native sort of production workloads are going up. And I will tell you, our consumption of public cloud has always outstripped our forecast because of the success we're seeing in our NGS portfolio. So that's one part. And Cortex, I'd say, Again, remember three years ago, we didn't have any of these products of all the networks. We were busy selling firewalls. So I think part of it is the sales force getting behind it, understanding it. And on most technical tests out there, XDR fares better than most of the names you would know in the XDR space. So we have real technical differentiation advantage in the market. From that perspective, we are able to go now to our base and say, look, I know we didn't have this product two years ago. It's time for you to renew. It's time for you to deploy XDR. Why didn't you try Palo Alto? I was quoting XDR. So you're seeing both of those. Lee, do you want to add something? Good. I don't want to make Lee feel like he's not answering any questions. Next one's coming your way. It's a balance sheet question. All right. Thanks, Hamza.
BJ Jenkins
Do you want me to answer the billing versus ARR answer? It's a good question. It comes up quite often. I think fundamentally the way I look at it is you're comparing apples with oranges a little bit here. ARR is really looking at your annual recurring revenue. Your billings is looking at whatever the duration is for what's out there. And so if you have like one deal that happened to be a long duration, you would get more billings in ARR within that quarter. Previous times we've had that. So I think the last quarter, our NGS billings grew less than the ARR, which is why I'm probably more in the camp of let's just focus on NGS ARR. It's the source of truth and the one that we will focus on, but that's all that's happening. You know, it's quite variable quarter to quarter based on some of the larger deals that Nikesh mentioned.
Operator
All right, great. And up next is Phil Winslow of Credit Suisse with Brent Phil to follow. Please proceed, Phil.
Phil Winslow
Great. Thanks for taking my question. You're asking a great quarter. I just want to focus in on Prisma Cloud. Nikesh, maybe inception that question into my head with your with your fleece. But you mentioned the increased attached to production environments. as well as just being early in terms of consolidation, the functions at Palo Alto. What are you hearing from customers in terms of just adoption? You know, are we at that inflection point? And then also how are the competitive dynamics changing here?
Clay Bilby
I'm going to hand over to Lee because I said if Lee doesn't answer the question, he won't come to the next earnings call. So, but before I give it to him, I will say one thing that we've deployed an adoption team on Prisma Cloud in the last six months, which is seeing phenomenal outcomes. And also, I want to say it, I want you to take it the right way. Competitively, the option is customers are not ready to go to a production quality, high-end, fully integrated cloud security platform. I'm fine with my DIY plus my cloud native tools. But we don't run into a POC or compete with somebody else. It's usually we either lose against ourselves because the customer would rather stay where they are, Now, in the case of XDR or SASE, we have competitive environments. It's not like we don't compete. But in the case of cloud, it's usually based on the customer needs. But I'm going to let Lee talk about what customers see from cloud, what typically does the trick.
Lee
Yeah, I think, thanks, Nikesh. There's a couple of, I think, key trends that we're seeing. One, and following on to what Nikesh was saying, There were a number of companies, you know, probably early adopters of cloud that built a lot of their own tooling, used a lot of open source. And, you know, it's interesting, a couple of years ago when we talked to them, they would say, no, no, no, we've got this covered. We've built our own tools. We're happy to maintain them. And many of them are now coming back to us and saying, actually, it turns out this is more work than we thought it was. You know, it's surprising, you know, just how many distinct APIs exist in each of the different cloud products that you have to integrate with, pull data from and understand. Just using that as one example of many, right? So that's one trend that we're seeing is the challenge of doing it yourself. The second is, I think the understanding of what actually needs to be accomplished. And, you know, again, early on we saw it was, I just need compliance in the cloud. And now we're seeing customers fully understand the needs across all different five pillars that we have and the importance of each of those and our ability to deliver on those. And lastly, I'd say we've actually gotten fairly good and we continue to work on this of, building in product adoption capability. So we're not just dependent on people, you know, customer success and adoption folks talk to our customers about adoption of new modules. We're building that into the product natively, suggesting to the customer what they need in order to be most secure. And we're seeing that drive a lot of adoption. You saw the metrics on the bridge core integration and just how quickly we've gotten to 70 customers adopting that end product in just a couple weeks since it was released into production. So love to see this trend. Obviously, there's a lot more adoption we're going to see in the future, but I do think that we're seeing that inflection point.
Operator
Great. Thank you. All right. Our next question comes from Brent Phil of Jefferies with Rob Owens to follow. Brent, please proceed.
Brent Phil
Nikesh, just on the demand environment, everyone's curious to hear your view on the strength of the pipeline relative to a year ago. And many are questioning that, you know, is there been a pull forward or not? Can you just address what you're seeing in the pipeline and ultimately why this has not been a pull forward of demand in your perspective?
Clay Bilby
I think, Brandon, it would be a pull forward demand if you saw you know, everyone posting numbers at this rate. You are seeing some other players in the industry who are low single digit in firewalls. So we must be taking demand away from somebody else, whether it's us taking it or Fortinet taking it, clearly we're taking some demand away from somebody else. Look, some of it is pent-up demand where people did not have anybody to go into the office and go deploy a firewall because nobody was going to the office. Now people are coming back slowly and steadily. There are people who go deploy. So part of it is that. Part of it is a refresh, as you know. We have now refreshed more than 65% of our portfolio, and that's still only three months in. So we're still seeing demand for Gen 4 products being created at Palo Alto Networks, I think. A couple of that, and I think, you know, to some degree, there's a little bit of a fear that they won't get the firewall on time, so people are ordering to get them. But I think we will still, as I said, we're going to see this into fiscal year 2023 at least, and we'll keep you posted.
Operator
All right, great. And our next question comes from Rob Owens of Piper Sandler with Greg Moskowitz to follow. Rob, please ask your question.
Rob Owens
Thank you very much. With the success that you guys are currently seeing in cloud, can you talk about the channel model in terms of how you go to markets and longer term, the potential economic implications, if there are any? Thanks.
Clay Bilby
Yeah, look, I think it's fair to say in the large enterprise customers, the model hasn't changed. From a channel perspective. On the margin, as you would appreciate, almost all cybersecurity products are slowly and steadily being listed on public cloud marketplaces. So all of us, including Palo Alto, we're seeing some customers buy on those marketplaces. In some cases, it makes sense. We've got an embedded native firewall in GCP, and you can deploy it by accessing it through the marketplace, you will. In some cases, people using unused credits on public cloud marketplaces to be able to buy security because that's a feature that public cloud marketplaces have offered. I think that's on the margin, but I'll tell you what's more interesting about people. We're seeing channel partners get very savvy and start building adoption teams and sales teams who are specific to cloud and specific to our portfolio because they see the market is shifting in that direction. There is a bit of a amongst themselves, a channel where the more qualified people are likely to get more customers to buy from them because, and it's not always the person you use for your firewalls.
Rob Owens
Thanks.
Operator
Our next question is from Greg Moskowitz of Mizuho Securities with Adam Borg to follow. Greg, please proceed.
Greg Moskowitz
Okay, thank you and congrats on a terrific quarter. Nikesh, last quarter you sized the pull forward at about 10% of product orders. How do you think about the net impact of this for the Q2? And then maybe as a sort of a little bit of a follow-on to Brent's question, is there any evidence of double ordering at either the partner or the customer level?
Clay Bilby
So, Greg, on the first part, I think there's a net wash. There's a pull-through, but there's a lack of ability to fulfill. So whilst I might be seeing a pull through, you're not seeing in my product revenue because that's kind of within the range of what I've not been able to ship because of the exceeded demand. So in my numbers, you're seeing a balance. You're seeing, you know, and you probably if you had visibility, you see in the booking, but you wouldn't see in the revenue because I haven't been able to ship. not our ability. So I think that's the answer to the first question. And in terms of, I know there's this question that's been asked at least for the last two quarters about double ordering and shadow ordering. We don't work that way. When you order from us, you pay us. And I haven't seen a refund being asked for on a firewall or a canceled order yet in the last two quarters. So it's not our numbers. And that may be true at the lower end where people have distribution channels where, you know, channel will preorder and hold on to it. So you may see that there where the end customer is not customer on record in the beginning, where you have distribution stocking that goes on. We don't do any distribution stocking. We basically have end customers in every purchase order, and we haven't seen a canceled order or refund.
BJ Jenkins
In fact, just to build on that, like our sales cycle is six to nine months, and all of our purchase orders are non-cancelable. So it's just to put a point on it that they are non-cancelable. Helpful. Thank you, guys.
Operator
All right, the next question coming from Adam Borg of Stifel, followed by Patrick Covell. Adam, please proceed.
Adam Borg
Great. Thanks so much for taking the question. Maybe just to drill down on Cortex for a minute, just given the traction there, and maybe you can talk a little bit more about attack surface management. It just seems like that's the area of interesting importance, just given the breach environment. So I was hoping you could talk more about traction there and the opportunities going forward. Thanks.
Lee
Yeah. Look, when we acquired Expanse a little bit over a year ago, we talked about why we thought this was so important. And number one is the proactive side of it, the finding an issue so you can fix it before an attacker finds it. And attackers have increasingly automated tools, and so it becomes even more important. For example, if you look at Log4j, shortly after Log4j information became available, what we saw was attackers building automated scripts to basically try to find vulnerable Apache servers, right? And so that's the kind of challenge that a lot of customers are up against. And Expanse makes it very easy for customers to proactively find that, fix it, et cetera. Second is in a reactive state. where something has become known publicly, Expanse helps our customers find where they have exposure in order to address those issues first. And so both of these are examples of why Expanse has become so important to our customer base. And we've seen our customer base really understand that better over the last couple of quarters and really embrace this as a sort of a must-have product in their security operations.
Operator
Great, thanks so much. And our last question for today will come from Patrick Colville of Deutsche Bank. Patrick, you may ask your question.
Patrick Colville
Thank you for squeezing me in. So I guess congrats on a really excellent call. I mean, the numbers are so clean that I think I'm going to ask a philosophical question, if I may. It's going to be about M&A. Valuations are roughly 30% cheaper than when we last spoke three months ago. The start of your tenure at Nikesh as CEO was quite acquisitive. Is the moderation in valuations for private companies, public companies as well, does that mean that your philosophy around M&A might have changed versus the messaging you gave us six months ago?
Clay Bilby
So there's no change, Patrick. I don't think the valuation of the private markets have quite normalized like the public markets have first and foremost. I think the private markets are still enjoying the lack of liquidity as the no reason to mark the market devaluation. So that's just more of a philosophical answer, not correlated with my M&A point, right? I would like you to have them purely because some of those companies are trying to come attract talent from policy networks and I'd like them to get marked to market so people realize that these things can go down. But that having been said, There's been no change. Look, as I said, the reason we're acquisitive in the beginning, there were many areas of cybersecurity which were up and coming and going to be important, and we were not in there, and we were behind the eight ball or picking an analogy. We were late to the party. We hadn't done the work needed to be ready for that market. Take cloud security, right? We bought six or seven companies in cloud security. Each of them had been in existence for three to four years. So that's four years of development that we were able to benefit from in a market we needed to be in first. With Prisma Cloud, it's abundantly clear why we did that. Take XSOAR, we didn't have automation workflows and platforms, we did that. Take SASE, we didn't have an endpoint monitoring. We didn't have SD-WAN. That's stuff that takes four to seven years to build. We didn't have the time to go build it. Otherwise, the market, we would not be in the market. Today, we compete with Zscaler, Netscope. In SASE, we compete with CrowdStrike Center One and XDR. We would not have been a player. So that made sense. Today, if you look forward, I don't see many areas of cybersecurity where we don't have a leading product or a leading product is not under development. If you look at Palo Alto's innovation cycle, I'd say, you know, creating firewalls continues to innovate, spend three years acquiring, getting up to snuff to a place where now we can compete in multiple categories. And now with XIM, we're delivering industry-leading innovations. I couldn't buy anything for X time because I looked at everything in the same space. And I said, wait a minute, why do I need to look at something which is 10 years old? I don't need customers. I have customers. I need to buy technology. So from that perspective, nothing has changed. I don't think there's any company out there that is valued a place where I said, oh, my God, this could be a creative. We should go take this because I think the cost of integration and cybersecurity is is going to make you from a leading player to a mediocre player because you've spent too much time merging sales forces, merging customers, trying to run two competing technologies. So that's not our playbook. Our playbook is to go find cool technology which you can absorb, make part of a go-to-market motion, enthuse those founders. And we've done that, and we've left the door open, saying if you were to buy companies, it would be more in the product category, which would be more in line with the smaller to mid-size acquisitions we've made than anything else. So that philosophy hasn't changed much.
Operator
All right, great. And thank you. With that, we'll close the call. I'll turn it over to Nikesh for his final remarks.
Clay Bilby
Well, once again, thank you, everybody, for joining us. And as Clay said, we apologize for the 30-minute delay. We look forward to seeing many of you at upcoming investor events and some of you on calls after this. I just, once again, want to thank our customers, our partners, and most importantly, our employees around the world for helping us deliver a great quarter. Have a great day.
Disclaimer