This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Operator
First quarter 2023 earnings conference call. I am Clay Bilby, head of Palo Alto Networks Investor Relations. Please note that this call is being recorded today, Thursday, November 17, 2022, at 1.30 p.m. Pacific time. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer, and Deepak Galecha, our Chief Financial Officer. Our Chief Product Officer, Lee Klarich, will join us in the Q&A session following the prepared remarks. You can find the press release and information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for events and presentations where you will find the investor presentation and supplemental information. During the course of today's call, we will make forward looking statements and projections regarding the company's business operations and financial performance. These statements are subject to risks and uncertainties that are made as of today. We assume no obligation to update them. Please review the press release and our recent SEC filings for a discussion of these risks and uncertainties. We will also refer to non-GAAP financial measures. These measures should not be considered as a substitute for financial measures prepared in accordance with GAAP. The most directly comparable gap financial measures and reconciliations are included in the press release and the appendix of this investor presentation. All comparisons are on a year-over-year basis unless specifically noted otherwise. Please also note that the three-for-one stock split announced during our Q4 was completed with share and per share numbers now reflecting this. I will now turn the call over to Nikesh.
Clay Bilby
Thank you, Clay. Good afternoon, and thank you, everyone, for joining us for our earnings call. As you can see, we had a solid first quarter where we showed balanced top-line growth and a demonstrable focus on profitability. Early in the quarter, we saw some customer behavior changes and have adapted our operations to align with the changing market conditions. On the top line, billings threw 27% year-over-year, while RPO grew 38%. We have consistently maintained that cybersecurity is the most innovative sector of the technology industry. To demonstrate progress on our transformation, we have shared how our new cloud-delivered and cloud-enabled offerings are contributing to our business via our NGS ARR. In that context, this quarter, our NGS ARR hit a key milestone. It crossed the $2 billion mark and grew 67% year-over-year. As the macroeconomic environment changes, we are accelerating our efforts to drive incremental operating leverage in our business. Given that we're the largest independent cybersecurity business, we can meaningfully improve our margins over the next phase of our company's lifecycle. Our focus on profitability in the quarter drove operating income growth of 44% year-over-year, with operating margins up to 160 basis points during the same period. We also generated over $1 billion in free cash flow in the quarter. For the second quarter in a row, we generated net income on a gap basis as we focus on gap profitability for the fiscal year. At the center of our strategy is the need to drive more consolidation to get customers to a better security posture. Towards that end, we continue to see large cross-platform buys and grow our millionaire customers at a steady clip. Our customers have been on a journey with us. Initial deals that give them comfort with our products and help distinguish our abilities from our competition over time lead to customers seeing an opportunity to consolidate into one of our platforms. As they get comfortable with either Strata, Prisma, or Cortex, we see them looking at further consolidation across multiple platforms from us. This strategy has allowed us to continue to transition our deal sizes with satisfied customers, and we expect this to continue. Consistent with that approach, we've had some marquee deals this quarter. A U.S. federal government agency chose our Cortex technology. This transaction allows the total spend to grow into nine figures with additional ears and customer option. This selection highlights unique capabilities and market leadership of our expense technology, which was at the center of this transaction. We received a purchase order for the first three years of the deal for over $60 million in Q1. A large US utility signed a seven-figure deal for software firewalls, security subscriptions, and Prisma Cloud. The customer has hundreds of appliance-based firewalls and chose our software firewalls because of our consistent architecture and chose Prisma Cloud as a standardized security across four public clouds. A major European media company signed an eight-figure multi-product deal, replacing several incumbent network security vendors and consolidating on Palo Alto networks, including our full line of cloud-delivered security subscriptions. We closed a seven-figure deal with the U.S. technology company, spanning all three platforms. The customer did not have our physical firewalls in the environment, but valued our consistency of software firewall deployment across on-premise and cloud, our unique expanse offering, and the total cost of ownership benefits of consolidating on our platforms. You can see evidence of our broader success with large customer commitments in our active millionaire customer count, where we added over 230 year-over-year in the first quarter. We continue to innovate across our platforms and get recognized by the market for our abilities. This quarter saw us launch software composition analysis in Prisma Cloud, SaaS security posture management in SASE, and just this week across our next generation firewalls. Lastly, we announced general availability of XIAM in Cortex. External recognition of our innovation is important to us as many customers rely on this third-party validation as a part of their evaluation process. This quarter, we received leadership recognition in two new categories, adding Cloud Security Posture Management, or CSPM, and Cloud Native Application Protection Platform, or CNAP, to our list. Let's take a deeper look at our three platforms. We have continued to see solid growth in our network security business. Our innovations in the appliance firewall form factor, including our Gen 4 refresh, and our investments in the virtual form factor have continued to drive our share gains. On an year-over-year basis, we have gained approximately three percentage points of market share in the appliance market and seven percentage points in the VM market. Our customers see an opportunity to drive standardization and make decisions to move away from competitors that have not kept up with our pace of innovation. We also see many customers extending the standardization to SASE. Many are in the relatively early stages of executing SASE, given it involves changes to their security network architectures. Our Prisma SASE offering has gained industry recognition, and we've seen an increasing number of wins within our installed base, as well as with new customers. To put this into perspective, our firewall customer base is over 15 times larger than our SASE customer base. With our core sellers now enabled and executing and driving SASE into the installed base, SASE continues to represent our largest pipeline. Consolidation of network security capabilities by our customers is driving attached subscriptions into our install base across all firewall form factors. Our constant innovation and capability expansion in network security has been a hallmark of our platform since we entered the market over 15 years ago. While we have highlighted the number of new subscriptions we offer, we have also reimagined our existing capabilities. Our advanced URL filtering and threat prevention versions leverage deep learning to block evasive zero-day unknown attacks in real time. Yesterday, we introduced the advanced version of Wildfire to stop more zero-day cloud attacks as part of our PanOS 11.0 Nova release. These new subscriptions provide significant additional value to our install base and have already seen promising adoption. Moving on to Prisma Cloud. Prisma Cloud continues to be the industry's leading CNAP platform built from best-in-class acquisition and organic innovation. We acquired BridgeTru 18 months ago to shift left and introduced a cloud code security module with infrastructure as code scanning. Building on this, we released our SCA or software composition analysis solution in Q1. The integration of SCA with the Prisma Cloud Platform enables developers and security teams to prioritize known vulnerabilities that impact the application lifecycle proactively. We have seen hundreds of Prisma Cloud customers use our IAC and SCA capabilities as part of our Cloud Code security module. We continue to see Prisma Cloud customers increase their credit consumption as they expand their hyperscaler footprints and adopt more of our nine modules, such as Cloud Code. Half of our Prisma Cloud customers are using two or more modules and nearly 20% are using four or more modules. In Q1, our credit consumption grew 55% year over year. Building further upon our success, shifting left with IAC security and SCA adoption, we're doubling down on investing in software supply chain security. Today, we announced our intent to acquire CIDR security, which is key to the strategy. CIDR brings the ability to visualize customers' application development and deployment environment, analyze the tools, identify risks, and how to remediate them. This ability to secure the software supply chain is backed up by CIDR's leading CICD security research team. With the integration of Citus capabilities into Prisma Cloud, after the closing of the acquisition, we will further our leadership in cloud security, helping enterprises secure applications from code to cloud. Across Cortex, we are focused on driving momentum in a number of areas. The first key is ensuring we are winning customers with our best of breed product capability. In Q1, we saw strong Cortex large deal performance. We had success not only with XDR, XSOAR, and Xpans on a standalone basis, but a number of notable examples of multi-product deals. This included a multimillion-dollar transaction at a European construction company, which replaced their existing SIM and SOAR with XDR Pro and XSOAR. Another government customer adopted XDR Pro and XSOAR in a seven-figure deal as it formalized a new SOC for multiple agencies. These are in addition to the federal customer we already talked about. We continue to innovate across Cortex during Q1, delivering a new managed detection response service built on our XDR capability and enriched by our Unit 42 world-class threat intelligence. I'm most excited about the general availability of XIAM, our breakthrough autonomous security operations platform. Our launch events for XIAM were oversubscribed, and we see a lot of resonance with our product and its future roadmap as customers reimagine the world of SOC management. Just a few months ago, we had launched a design partner program. Most recently, we've had two multi-million dollar commitments from XIM design partners as they expanded into production diplomas. At this point, the majority of our design customers have transitioned to paying customers. In fact, we're carefully managing how we onboard future XIM customers because we want to ensure fast customer time to value. Our interest list is north of 50 customers who would like us to deploy XIM. We're qualifying them and carefully onboarding them so that we can scale the business appropriately and give them value. In summary, I feel our teams did a good job in a seasonally tough quarter where also the macroeconomic climate is fast changing. I'm sure all of you are trying to figure out what all of this means for us over the next three quarters. As we all know, the Fed is working to tame inflation, impacting growth. While cybersecurity is somewhat resilient, we do see some marginal signs of impact. Cybersecurity deals are getting more scrutiny, suggesting deeper and longer reviews of transformational projects. New conversations that include payment terms and discounts are causing deal cycles to elongate. On a positive front, while some deals have been sized down or broken into phases, we are experiencing few deal cancellations. We do expect this behavior to become the norm over the next year. The impact is not uniform across all sectors, but those feeling the impact of interest rate increases are more likely to scrutinize their budgets than those prospering in the high interest rate environment. Technology, CPG, and some parts of retail are feeling an impact, while utilities, oil and gas, defense and public sector verticals continue to be on course to their plans. Coming off Q4, Q1 tends to be a seasonally more challenging quarter, but we were able to tame some of these early trends by doubling down on execution. FY23 will require continued excellent execution to overcome some of these macro impacts. Towards that end, we have already taken concrete action. We have front-loaded hiring of our field teams to increase coverage across our customer base. We have also expanded our level of activity around both new accounts and existing customers to ensure faster time to value with our products. As we discussed last quarter, we have seen some customers delay hardware refresh plans. While they will ultimately need to refresh, some are choosing to defer and reassess at a later date. I continue to believe that hardware will have a long-term industry growth rate in the 5% to 8% range, and we might trend to the lower end of the range. However, coupled with an easing supply chain, I expect that near-term, we'll continue to report a low double-digit growth rate for product revenue. Too many vendors leads to complexity and increased risk. Given the increased scrutiny and return requirements, the silver lining for Palo Alto Network says that we're having more conversations around consolidating platforms than we've ever had before. We think customers are less likely to purchase newer security products. Instead, they will continue to consolidate towards like-for-like capabilities from fewer vendors. Cybersecurity is critical to IT transformation and hyperscaler adoption. We believe that whilst there may be short-term bumps to the pace of investment by some of the customers, these projects will continue for the medium and long term. We see cybersecurity spending as resilient but not immune to customers adjusting for the current environment. Having said that, I continue to believe that we can overcome these macroeconomic impacts with strong and focused execution, which is what we plan to do. It was just six to nine months ago that we were talking about the challenges we face in the competition for talent. We're now finding it easier to recruit and hire top talent. We're also seeing lower attrition rates, which necessitates fewer overall new hires. We'll closely monitor our hiring as well as our overall spending to further sharpen our focus on efficiency. As we proceed through the year and focus internally how we respond to the external landscape, sharp execution from our teams will be paramount. Before I turn the call over to Deepak, I want to provide some perspectives on how we're thinking about the forecast. We are adjusting the high end of our guidance ranges for revenue and billings for the year for the upside we saw in Q1. Within our revenue, we do expect slightly higher product revenue growth in the range of 10 plus percent, as we are able to ship some orders that had previously been held back by the more challenging supply chain situation I mentioned earlier. We're also reflecting the strength we saw in NGS ARR during Q1 with higher NGS ARR guidance range for the year. This reflects not only the performance of our Cortex Pisma Cloud SASE and software firewalls, but also the success we have seen in advanced cloud-delivered subscriptions that I noted. On a positive note, we are focusing more and more on execution and how our teams focus on driving incremental operating leverage. Towards that end, we were able to take steps to accelerate the profitability we previously outlined in our analyst day, which was deflected in our Q1 operating margin and EPS performance. We will remain focused here, and as a result, we are raising our operating margin guidance for the year by 50 basis points. This, as well as higher interest income, is driving the increase to our EPS and cash flow guidance, as Deepak will cover. Over the last few years, on a compounded basis, our EPS and adjusted free cash flow have grown below our revenue growth rate as we've made significant investments. We're now targeting EPS and adjusted free cash flow to both grow north of 30% at our guidance midpoint, which is ahead of our revenue growth. We are confident in our strategy and wouldn't trade our position with any other cybersecurity company. We believe our broad portfolio focus is an advantage as we focus on emerging areas where customers are allocating new budget dollars while also capturing an increased portion of the customer's broader cybersecurity budget as they look to consolidate spending. We will continue to invest for the long term with our commitment to fund innovation while we also pursue near-term opportunities to drive efficiencies in our business. With that, I will turn the call over to Deepak.
Strata , Prisma
Thank you, Nikesh, and good afternoon, everyone. For Q1, revenue of $1.56 billion grew 25% and was above the high end of our guidance range. Product grew 12% and total services grew by 30%. By geography, we saw growth across all theaters, with EMEA up 32%, the Americas growing 24%, and JPAC growing 26%. Our next-generation security capabilities are increasingly driving our results, and our NGS ARR grew 67%, and at $2.11 billion, exceeded $2 billion for the first time. We continue to see strength driven by a broad portfolio within next-generation security. This includes Cortex, Prisma Cloud, Prisma SASE, software firewalls, and the advanced versions of cloud-delivered subscriptions. We remain optimistic about the prospects of this broad and diverse portfolio. We delivered total billings of $1.75 billion, up 27%, which was above the high end of our guidance range. Total deferred revenue in Q1 was $7.2 billion, an increase of 39%. Remaining performance obligation, or RPO, was $8.3 billion, increasing 38%, with current RPO representing about half of our RPO, similar to previous quarters. Moving beyond the top line metrics, I already highlighted non-GAAP gross margin of 74.3% was down 10 basis points year over year, with some incremental supply chain related expenses being incurred for components and shipping. Operating margin was 20.6%, an increase of 260 basis points year over year. This strength in operating margin was the result of lower expenses as a percent of revenue across all three expense lines, R&D, sales and marketing, and G&A. We've already focused on aligning our investment plans to the areas of highest return, and thus, as we proceed through this environment, it is sharpening of these efforts. Non-GAAP net income for the first quarter grew 56% to $266 million or $0.83 per diluted share. Our non-GAAP effective tax rate was 22%. GAAP net income was $20 million or $0.07 per basic share and $0.06 per diluted share. Now turning to the balance sheet and cash flow statement. Our balance sheet is strong, closing Q1 with the highest cash and investable balance ever with cash equivalents and investments of $5.9 billion. We have ample flexibility to repay debt coming due, invest in the business, do tuck-in acquisitions, and return capital to shareholders. We're in the enviable position to be able to do all of these at the same time. Q1 cash flow from operations was $1.24 billion. We generated more than a billion dollars in free cash flow for the first time in our history, with total free cash flow of $1.2 billion this quarter. This puts us well on track to hit our annual guidance, which we are raising today. This cash flow performance was largely driven by strong collections in the quarter that we expected based on the strength of our business in Q4. During Q1, we did not repurchase any of our shares. As a reminder, our share repurchase program is opportunistic, and we're committed to this method of returning cash to shareholders over the medium term. As Nikesh discussed, on the M&A front, we entered into a definitive agreement to purchase CIDA security for approximately $195 million in cash, excluding the value of replacement equity awards, subject to adjustments. We expect this deal to close in the fiscal second quarter. We expect the financial impact of the transaction to be immaterial to our fiscal 23 guidance. Stock-based compensation ticked up slightly as a percentage of revenue quarter over quarter, as expected, with the issuance of a portion of our fiscal year 23 grants. On a year-over-year basis, we continue to manage our SBC down as a percent of revenue in line with our long-term plans. As we've had a number of questions about the impact of foreign exchange volatility on our business, I wanted to remind investors that we price our products in dollars around the world and therefore are not exposed to the direct translation impact to revenue that you may be hearing about from other companies. Now, moving on to our guidance for Q2. And for the year. For the second fiscal quarter of 2023, we expect billings to be in the range of $1.94 to $1.99 billion, an increase of 21 to 24%. We expect revenue to be in the range of $1.63 to $1.66 billion, an increase of 24 to 26%. We expect non-GAAP EPS to be in the range of 76 to 78 cents, an increase of 31 to 35%. For the fiscal year, we expect billings to be in the range of $8.95 to $9.1 billion, an increase of 20% to 22%. We expect NGS ARR to be in the range of $2.65 to $2.7 billion, an increase of 40% to 43%. We expect revenue to be in the range of $6.85 to $6.91 billion, an increase of 25% to 26%. We expect product revenue growth in the range of 10%, up slightly as Nikesh outlined in his remarks. We expect fiscal 23 operating margins to be in the range of 19.5% to 20%, up 50 basis points versus the range we outlined coming into the year. We expect non-GAAP EPS to be in the range of $3.37 to $3.40, an increase of 34% to 37%. We expect adjusted creep-free cash flow margin to be 34.5% to 35.5%. And we continue to expect to be GAAP profitable for fiscal year 2023. Additionally, please consider the following modeling points. We expect our non-GAAP tax rate to remain at 22% for Q2 and fiscal 23, subject to the outcome of future tax legislation. For Q2 23, we expect net interest and other income of 18 to $20 million. We expect Q2 23 diluted shares outstanding of 320 to 326 million shares. We expect fiscal year 23 diluted shares outstanding of 325 to 331 million. We expect Q2 capital expenditures of $40 to $45 million, and we expect fiscal year capital expenditures of $190 to $200 million. As an additional modeling support, based on our prior seasonality, we expect the quarter-over-quarter revenue and billings growth for Q3 23 to be in line with last year. Also, we expect operating income in Q3 to be roughly flat with our Q2 levels. To wrap up, we are confident in our strategy and wouldn't trade our position with any other cybersecurity company. We're focused on sharp execution and sales intensity to stay ahead of the changing macroeconomic environment. At the same time, we're focused on taking steps to accelerate our profitability as I guided. With that, I will turn the call back over to Clay for the Q&A portion of the call.
Operator
Great. Thank you, Deepak. To allow for broad participation, I'd like to ask that each person only ask one question. Our first question of the evening comes from Saket Galea of Barclays with Homs and Fowler Waller. To follow, Saket, you may ask your question.
Fowler Waller
OK, great. Hey, everyone. Thanks for taking my questions here and a nice set of results. Nikesh, maybe for you. You mentioned some early customer behavior changes. I was wondering if you could just expand on that a little bit and how that manifested in the business. It doesn't seem like there was much of an impact in the NGS business. In fact, that accelerated growth year over year. I wonder if you could just expand on where that customer behavior changed and how you've incorporated that into the full year guidance.
Clay Bilby
Looks like it, as I mentioned, we are seeing customers spend more time trying to understand what they're spending money on. There's more questions. The CFOs are getting involved. So larger deals are getting more scrutiny. We noticed that early in the quarter. so we accelerated our efforts in trying to get those deals in front of those cf was much faster and earlier in the quarter as opposed to waiting towards the end in certain cases customers came back and said i'd like this now i'd like to hold off on this and buy it next quarter that just means we have to go farm our pipeline much faster and much harder to make sure we can make up for those deals with other deals in our pipeline any point in time our pipeline as you would expect is larger than what we expect to deliver in that quarter. So we have deals in the pipeline. We just have to work with our customers to solidify them. And what we have done is because of that behavior, we have increased scrutiny internally. We've increased efforts with our sales teams to get ahead of this. And we're just increasing the activity of execution. We front loaded our hires. We hired 550 direct sales rep as quickly as we could in the quarter because we think this environment is going to continue. And the only way to fight this is to get more coverage out of the field. Get more coverage, get more focus on getting deals done, get them across the line. There's not a demand problem, right? All that is happening is that people are pushing out some of their purses. This means you just need to get more active with our customer base to make sure we get more business into our pipeline, which is what we're doing.
Fowler Waller
Makes sense. Thanks.
Clay Bilby
Pleasure.
Operator
Next question from Hamza Fadawalla or Morgan Stanley with Brad to follow. Go ahead, Hamza.
Brad
Hey, guys. Good evening. Thank you for taking my question. And a lot of great clarity in the prepared remarks. Nikesh, I wanted to talk a little bit about supply chain security and CIDR. I think a few months ago, there was an executive order from the Biden administration around securing software supply chains. I know it's early days and the acquisition, you know, the ink's not even dry yet, but What do you feel about sort of the pipeline, the opportunity, the Palo Alto networks being now the largest cybersecurity vendor for the US federal government? What are you seeing there? And is there interest already from that front?
Clay Bilby
Yeah, let me comment, and then I'm going to let our birthday boy, Lee Collider, speak to this because we've got to give him work to do. It's his birthday. He came to work. As you know, Prisma Cloud continues to go from strength to strength. We see very large deals in the hopper, in our pipeline, and we're beginning to see more and more seriousness on cloud security from our customers. I highlighted a customer which has four public clouds deployed. They can't do that. They can't secure it with four different, you know, native cloud csp platform security so we are seeing more interest we're seeing more engagement as i've always maintained i don't believe all the cloud security products have been created and you as you start to see the customers move so we saw the shift left movement we went ahead did bridge crew it's fully integrated we've seen you know significant percent of our customers begin to use that as we're talking to them we're realizing They have some legacy, some new AppSec vendors in place, which they're deploying, and they'll be trying to use that to take care of supply chain security. Some of that is older architectures, older ways of doing things. But we decided we want to do it differently. If I answer the question, Lee won't have anything to say. Lee, answer the rest of his question. Thank you, Nikesh.
Lee Collider
Good question, Hamza. So let me... Let me make one thing very clear. It's not just a US federal government challenge. Anyone who is developing and deploying applications into public cloud, which today is basically everybody, has a supply chain risk that they're dealing with. That supply chain risk can come in the form of software. in the form of open source software that they're building into their applications, which brings a certain type of supply chain risk. And the second type is through all of the tools and applications that they need to use in order to actually build an application. And we've seen that this can easily be hundreds of different third-party tools that they incorporate into the development process that have access to their source code. That is the second form of supply chain risk and sometimes referred to as CICD pipeline risk. And that is a key component of what CIDR will add to the broader capabilities we have with Prisma Cloud.
Prisma Cloud
All right. Thank you.
Brad
So you're on mute.
Operator
That is not good to be on mute. Okay, Brad Zelnick with Deutsche Bank with Andy to follow. Go ahead, Brad.
Brad Zelnick
Great. Thank you so much for taking my question and Congrats on a strong execution. Nikesh, I wanted to circle back on your comments about the easing supply chain and expectations for hardware growth to be above long-term trend this year. I believe you said low double digit. Just making sure the uptick is solely your view on supply. And just relatedly, when we look at product gross margin, it still seems to be under pressure. Can you help us just reconcile how much of this is mixed versus COGS and any other factors to appreciate and what to expect of hardware gross margin? Thank you.
Clay Bilby
First of all, Brad, remind me to send you a painting for your office. It looks a bit sparse. But that notwithstanding, Brad, I've always maintained the underlying hardware growth in the industry is about 5% to 8%. And I'm not deviated. We've seen changed behavior where people have tried to order ahead because of supply chain constraints. We've seen pricing impacts to drive some of the growth. But I think the underlying growth continues to be the same. What has happened in the last... I'd say four to six months, slowly and steadily, we're seeing easing of some elements of supply chain. There are some components that have become easier to get. As you've seen, some semiconductor companies are talking about cutting supply or cutting production in memory and in, you know, NAND and DRAMs. So you are beginning to see easing in various some certain amount of components, which is allowing us to ship product faster. At the same time, some I'd say real and perhaps some artificial supply chain constraints are being maintained in the industry. I expect them to ease over time, which would also ease up some of the pressure on gross margin. The gross margin impact is purely us having paid expedite fees for certain parts. It's really not an underlying component cost issue. So we think those will ease over the next, it really depends on the suppliers. I think the supply chain easing is happening as we speak, and we should be out of it in the six to nine month timeframe at the far end 12. It all depends on when the suppliers stop extracting more from us to try and get us those parts. If that helps.
Operator
Thank you for taking the question. Great. Next is Andy Nowinski of Wells Fargo with Phil Winslow to follow. Go ahead, Andy.
Prisma Cloud
All right. Thank you. Congrats on a great quarter. You know, one of the key metrics that stood out to us, I guess, was the next gen ARR growth, particularly your net new ARR growth. And I think you mentioned you saw strength across all. I was just wondering if you could put a finer point on that and maybe let us know the largest. components of next gen security and whether that big fat deal was included in that ARR this quarter? Thanks.
Clay Bilby
So go ahead, Deepak.
Strata , Prisma
Yeah, so I would say, look, we feel very good about all the elements of our NGS ARR. Just to repeat, we've got SaaS, we've got Cortex, we've got cloud, and we have some of the new cloud-delivered services. The majority of the growth continues to be the SaaS-y cloud Cortex side of the house. So I think all of that is good. There are portions of deals we don't comment on deals specifically, but if they have the appropriate products, then we contribute the appropriate amount of ARR in them. Yes.
Clay Bilby
Sorry. Yes. To your direct question. Yes. The expanse deal is in the net new ARR that you've seen.
Prisma Cloud
Thanks.
Operator
All right. Great. Next up is Phil Winslow of Credit Suisse with the team of Alani to follow. Go ahead, Phil.
Phil Winslow
Great, thanks for taking my question. Congrats on another phenomenal quarter. I want to focus in on Prisma SASE and Prisma Access. You gave some interesting stats there in terms of penetration into your existing firewall base, but also wins in the cloud with customers that are not current on-premise firewall customers of yours. When you look at the momentum you're seeing, are you getting better at penetrating that existing base? And are customers starting to understand the value of on-premise, off-premise one policy? Or are you seeing more momentum even in displacing competing vendors in the cloud, though?
Clay Bilby
So, Phil, first of all, thanks for the compliment. Thanks for the great question. As Saket asked, and I think I've maintained that, you know, I have seen, again, more activity this past quarter in C-level executives from our customers engaging on consolidation plays or getting cloud transformation plays going. And what is interesting is not only our customers, we're beginning to see increased engagement with GSIs or global system integrators, because system integrators are being brought in to try and keep costs down and create a transformation. So, you know, I'm not going to name any one of them, but I'd say more engagement against across the board with the SI community, as well as our direct customers. In terms of your question, are we seeing engagement from existing customers and net new customers? Is both. There are existing customers who are stepping up, and they are on a path to do their transformations, whether they're adopting the cloud. The big aha is, Phil, we used to be a firewall company. We used to sell firewalls. I got a dirty secret for you. CIOs and CISOs don't buy firewalls. network architects do, and they live on one corner of the enterprise. CIOs and CISOs do transformation projects. They'll do cloud transformations. They'll do network transformations. They'll do SOC transformations. And to be honest, we never had a portfolio until about two and a half years to actually have those conversations. So what's beginning to happen is we are really building a new muscle as a company where we are able to engage with CIOs and CISOs. We've got Amit flying in one direction, Helmut from Europe flying in the other direction. We got PJ Jenkins flying in the third direction, and we let Lee out as well once in a while. So across all of these people, we're having a lot more engagement across customers. And these are long-term plays, but the good news is we show you that a few of these always land in the quarters. We get large eight-figure deals in a quarter. These are consequences of these large transformation conversations. We're take between three to 10 months to germinate into real big deals. So I think the activity is still high. As I said, on the margin, there's scrutiny because people are saying, wait, this is a big deal. Can we parse it out and adapt it to our budget? But we're not seeing a reduction in conversation or activity. Awesome.
Phil Winslow
Keep up the great work.
Operator
Thanks, Will. All right. Next is Fatuma Bulani from C Group with Mike Turitz next. Go ahead, Fatima.
Fatuma Bulani
Thank you. Good afternoon. Thank you for taking my questions and happy birthday, Lee. My gift to you is I won't be asking you a question. Nikesh and Deepak, for you, the commentary on the payment concessions and flexibility in light of a more challenged macro, I want to get a better sense of how pervasive these conversations have been for you in the install base. And maybe more directly, what are some of the impacts, Deepak, that maybe you're seeing from a deferred revenue mix standpoint and how we should think about invoicing duration and billings duration when we think about our cash flow trajectory in the context of some of those comments?
Clay Bilby
So, Fatima, let me give you context. I want to make sure I'm clear. So far, these are on the margin. This is not mainstream. We do expect the activity to get more in that direction because you can see the Fed continuing to be on this mission to go tame growth. And we expect that's going to cause more customers to pay attention. But let's not, as I said in my remarks, there are some industries that are making money hand over fist. Talk to oil and gas. They've never made so much money. So the public sector continues to spend with all the geopolitical issues that are out there. So financials, they're making more money, believe it or not. They're fine. So there are certain segments of the market where these conversations are happening. It's not across the board. We don't expect. I think 50% market is not feeling any pain with the interest rate increases. So take that aside. We take the rest of it. Some of them have budgets in place. They have transformation plans in place. So on the margin, yes, those conversations will increase. As you know, in anticipation of this, we built PAN-FS. We have a very good motion around providing financing. We're sitting on $5.9 billion of cash. So we are able to finance our customers if they so need to be able to facilitate their transformation project. So, you know, the conversation happens between us or our third-party vendors. They're able to go make this happen. I don't know, Deepak, if you want to comment on the deferred billing and deferred revenue conversation.
Strata , Prisma
I think all I would say, Fatima, I think Nikesh explained it excellently. And I would just say everything's included in our guidance, like in terms of what we think.
Clay Bilby
On the flip side, as we've said, you know, we have $5.9 billion in cash. Our entire interest income last year was $19 million. I think our Q1 interest income was twice that. So there's the flip side of that.
Fatuma Bulani
Appreciate that. Thank you.
Operator
Okay. Next is Michael Turitz of KeyBank and followed by Jonathan Holm. Michael, please proceed.
Michael Turitz
Hey, thanks, everybody. Congrats on a solid quarter and tough environment. Last quarter, Nikesh, I believe that when you talked about your billings guide, you also commented that you could achieve that billings guide with no reduction in product backlog. Is that maybe you could talk a little bit, if you could, about backlog in any way to the extent you can in terms of what happened with it this quarter, up, down, flat, and whether you still assume backlog, product backlog, I think is what you said, flat into the end of the year in order to make the numbers that you've got.
Clay Bilby
Michael, we don't comment on backlog. As I have said, and as Deepak has said, because of supply chain constraints having eased a bit, we have been able to ship product to our customers much faster, which has a positive impact on attached services that we're able to ship them. But remember, our billings grew at 27%. And as we've said in the past, backlog in the overall scheme of things is not as substantial as you might think.
Michael Turitz
Okay, so no change to that comment from last quarter about holding backlog to make the billings number.
Clay Bilby
No, we don't hold backlog to make billings numbers. We try and ship our products to our customers as soon as we can to ensure that they get their products as quickly as they would like. And we report the quarter based on what we've been able to ship.
Michael Turitz
Great, thanks and congrats.
Clay Bilby
Thank you.
Operator
All right, great. Next is Jonathan Hove, William Blair with Roger Boyd to follow. Go ahead, Jonathan.
Jonathan Hove
Great. Let me echo my congratulations as well and happy birthday, Lee. You can talk a little bit about the XIAM traction that you're seeing and maybe help us understand what this means from an upsell potential standpoint when customers start to move in this direction. Thank you.
Clay Bilby
You know, Jonathan, that's a great question because I'll tell you what, I was positively surprised by the reaction of our customers wanting to engage in an XIM conversation, both directly as well as many of the system integration partners who are there. So clearly, there seems to be a pent-up desire to reimagine their SOC. People are relying on old data ingestion platforms. People are relying on old alert-based optimization and prioritization things. And they all understand that it's physically and humanly impossible to intercept cyber threats by doing it manually. And that seems to be a common realization. Yet, none of them actually had a solution presented to them for a long period of time. So what we thought we were doing design partners, we signed up eight, nine design partners. Guess what? In three months, all of them said, we don't want to be a design partner. We'd like to start using the product on a commercial basis. So we accelerated our general availability of the product because we had to make sure it was available for those nine customers and all of them turn to customers. Now, you know, our sales teams are trying, are aggressively trying to go out there and pitch it. And we actually have to maintain a wait list to make sure we want, we won't need implementation resources to be able to implement, because this is a, this is a lift. You're ripping out a data ingestion lake. You're ripping out their existing SIM, yet they have to keep running their SOC in a way that we can transform that. So we're working with GSIs. We're working with third-party partners for them to build the capabilities so you can get this done with a variety of customers. I've said this before, and I still maintain this, you know, uh, Four years ago, when we embarked on the journey, we decided we're going to build a cloud security business. We're going to build a Cortex business. We're going to build a SASE business. As I said, all three businesses are on track to be billion-dollar businesses. I think XIAM has a similar potential in a similar timeframe to be our fourth business that's going to be in the same category.
Jonathan Hove
Excellent. Thank you.
Operator
Next up is Roger Boyd of UBS with John DeFucci to follow. Go ahead, Roger.
Roger Boyd
Awesome. Well, thanks for taking the question and congrats on the nice results. Nikesh, you had talked last quarter about extending Prisma Access, Prisma SASE to the entire Salesforce and really becoming a SASE-first sales organization. I'm just wondering, relative to your expectations, any comments you can provide on what you're seeing from a sales productivity efficiency standpoint?
Clay Bilby
Well, you know, as we said that and we are in the midst of that transition, we have trained all of our salespeople to become sassy first. We have hired a bunch of people from sassy competitors to lead some of these areas for us. So we continue that field force transformation at the same time. And as I said, we've hired 550 direct salespeople in the first quarter because we want to increase the coverage. At the same time, we've been able to do that without having to create a specialist sales force on top of that. So you can see, we also said in our prepared remarks, we are accelerating our paths to more profitability because we believe we are going to get those efficiencies we anticipated by making a SASE first field force, but also doing some other things to drive more and more efficiency across the organization, not just in sales. we feel pretty comfortable that not only will we get sales productivity, but we also believe we'll get overall productivity in the organization so we can accelerate our operating margin aspirations ahead of our three-year plan we'd shared about NEAR and Coderuga.
Roger Boyd
Very good. Thanks a lot.
Operator
Okay, great. Next, John DeFucci from Guggenheim with Joshua Tilton to follow. Go ahead, John.
John DeFucci
Thanks, Clay. So really strong NGS ARR quarter, guys. My question's more on the product line. We heard in just in our checks into the quarter of any product refresh that might be happening perhaps is getting extended. and perhaps and think it sounds like maybe because of the macro backdrop some of the stuff you talked about in cash I guess first of all is this accurate and if so should we be thinking about perhaps a little like in this quarter a little bit lower product growth than we saw over the last several quarters but but decent product growth nevertheless for perhaps a longer period of time I'm trying to I'm trying to interpret your question Okay, so I'm talking about what I think is a product refresh.
Clay Bilby
Okay, well, I'm going to let Lee answer it. I promised him he'd get more than one question. Go ahead, Lee.
Lee Collider
So, John, one of the things I've said in the past in talking about product refresh as it pertains to the new models that we release, these refreshes typically play out over a fairly long period of time. And so I would suggest not looking at it as a singular quarter when you think about the trend and how this evolves. Most of our customers are large enterprise customers. They make long-term decisions. These decisions take place over one, two, three plus years of time. And so these harder refreshers play out over cycles like that, as opposed to on specific quarters.
John DeFucci
Well, it actually affected your results the last time you did it in 2017 for about two years. And it looks like you're about a year into it. And I was just wondering if perhaps it could last longer than two years this time. That's really the question.
Clay Bilby
We've seen a lot of extraneous factors which have muddied the outcomes for the industry with the supply chain crisis, with the pandemic, with the pull-in because of supply chain. Now with the Fed increasing interest rates, I'll tell you, one of the easiest decisions for our customers to make is to sweat their asset a little longer. Because it's not like these firewalls, you know, suddenly blow up at the end of life. They just they can be extended. So, you know, people say, listen, I'd rather put the money in my cloud transformation and sweat the asset a little longer. So if you add all of the myths, that's why that's why we went to this whole cybersecurity transformation of the company. We wanted to take away the impact of any one product line.
John DeFucci
Perfect. Thank you very much. It's really helpful.
Operator
Okay. Next is Joshua Tilton of Wolf Research with Adam Borg to follow. Go ahead, Josh.
Joshua Tilton
It's Patrick. I'm for Josh. Over the last several second quarters, the sequential billings guides have been the 9 to 10% range. But the guide for next quarter implies a 12% sequential growth. So how do we interpret that? Is it a little more aggressive than usual? Thanks.
Brad Zelnick
I'm sorry.
Strata , Prisma
I think probably the way that I would, I wouldn't interpret too much in it. At the end of the day, we have pipeline. We have lots of large deals. It really depends on when deals come in. They can have a significant impact on your billings. And so we're just trying to be as transparent as we can in terms of the information that we have on hand. There's no magical math behind the guide.
Adam Borg
Thanks.
Operator
Super. Thanks. Next is Adam Borg of Stiefel with Rob Olin. Go ahead, Adam.
Adam Borg
Awesome. Thanks so much for taking the question. I really appreciate it. Maybe just on a topic we haven't heard today on OT cybersecurity, that's an area that we're just picking up more on our checks and seeing some more focus. And I'd love to hear a little bit from Nikesh how you're thinking about the opportunity and what role Palo plays. Thanks.
Clay Bilby
Yeah, we've been very focused on making sure that we make IoT capability available as part of our integrated portfolio so you don't have to put yet one more sensor and yet one more cybersecurity vendor. Surprisingly, The OT stuff, can you talk about it? We'll let Lee talk about it, yes.
Lee Collider
Look, OT environments have long been secured by keeping them disconnected from everything else. And there's OT environments that are still running Windows 95, Windows NT, for those who've been around for a while. That obviously has significant risk. And so the way to control that is simply segmented and wall it off from the rest of the world. But what's been happening over the last couple of years is OT networks are increasingly being digitized. Specific parts of them are having to be connected to the cloud, which also means the OT and the IoT are starting to merge together a little bit more. And so as that happens, there is a greater interest in thinking about what the next generation of security for an OT environment looks like. And so this is where our ability to to come in with a next gen firewall infrastructure that can provide the segmentation where it's needed. But layer on top of that, the IoT security capabilities designed to secure that transformation is starting to pay dividends. I still think this is early days in transformation, but there definitely is a strong interest in these types of organizations. And as Mikesh mentioned earlier, many of these are oil and gas utilities and others that actually are seeing some of the benefits of some of the recent macro environments. And so that's also part of an opportunity to leverage and make investments now.
Adam Borg
Incredibly helpful. Thanks again.
Operator
All right, next we got Rob Owens of Piper Sandler with Matt Hedberg to follow up. Go ahead, Rob.
Rob Owens
Thanks, Clay. And thanks for taking my question. Could you drill down a little bit in terms of Fed and what you saw in period, obviously calling out a couple of large deals. But if I rewind, the thought process was that Fed was going to get more linear and less budget flush, typical to the September quarter. So are you seeing those trends play out or was this more a budget flush type of quarter and was it in line with your expectations? Thanks.
Clay Bilby
No, it wasn't a budget flush quarter. We've been working the deal, which we announced for a very long time, as you can imagine. Those size deals don't happen overnight. It just happened to converge at the right time for us from a timing perspective. But we're beginning to see the Fed activity get bigger. stronger because we're at that point in time with this administration where they've gotten their stuff together across the various agencies and they've actually started executing against the strategy. So we think, yes, the Fed spend will continue to stay strong and we continue to get linear as time passes, as we get through, you know, the rest of this administration's term. It's always dicey in the first year or first year and a half because it's a whole new set of characters, especially if you change administrations, but they're still trying to figure out what they want to endorse and what they don't want to. So I think things are more stable and things are going to continue to stay strong in that space. Thanks for the color.
Operator
Next is Matt Hedberg from RBC with great politics. Go ahead, Matt.
Matt Hedberg
Thanks, Clay. Hey, congrats from me as well on the quarter. So, Deepak, question for you. Obviously, you price in U.S. dollars, but I'm wondering, in international markets, obviously, there's been a huge currency movement. I know, historically, partners would absorb a lot of that price movement. I'm just kind of sort of curious how that's happening in some of these customer conversations where the dollar is appreciated pretty materially.
Strata , Prisma
Yeah, so I think, look, there's always going to be the isolated instances where it comes up in discussion. But for the most part, our sales reps will try to manage that through different tools that they have available to them. And then that's pretty much it.
Clay Bilby
I think, Matt, that's a fair question in addition to what Deepak said. There have been customers who come back and said, look, the currency has moved a lot. Our price has gone up in the last two weeks. And what can we do about it? In that case, it becomes a conversation. In some cases, we've had to adjust prices. But at the same time,
Matt
you know um like you said some of them get absorbed by the channel something get absorbed by the customer something get absorbed by us all right our last question for the evening will be from gray paulo bt ig go ahead great okay great thanks for thanks for taking the questions and uh congratulations on the uh on the strong results um so so yeah the the ngs arr really really stood out um uh to me um within that can you just sort of can you remind us on the economics of selling sassy um to that of the traditional firewall is there is there any sort of like you know uh one year trade-off or just like how should we think about that playing out as as sassy um becomes a bigger piece of the mix
Clay Bilby
I think it's kind of interesting that all of our SASE deals, I think like for like, are much larger than our firewalls deals, even with the same customer. And they can range from two to three X and sometimes even up to five X, depending on the comprehensiveness of the requirement and the customer's desire to deploy. So we have lots and lots of eight figure deals out there that are being competed for in the SASE space. And I think there's two and a half vendors fighting for those deals. We were not a player, as you know, two and a half years ago in that space. Now we're almost in every one of the large deals out there head to head. So either the deal gets won or lost, but we're in every one of them and they're typically large sizes. And the economics are better and the security posture is better for the customer. Because imagine if I sell 500 firewalls, it takes customers a serious amount of time to go deploy them. And every time I give a software upgrade, the customer has to go drive a truck and upgrade all those firewalls because they want to sandbox the upgrade, which leaves them exposed from a security perspective. On SASE, we actually do the upgrades, and we can get the entire customer base upgraded in a span of two weeks. In some cases, we just announced Pan OS 11.0, and we still have a lot of customers who have not upgraded to 10.2. So this does improve the security posture, improves the total cost of ownership. And that shows up in a larger deal size because we're shifting costs from the customer to having it be software managed by us and our partners. So look, the economics of SASE are phenomenal from a deal size perspective, as well as they're pretty consistent from a margin perspective. So I think there's still, as I've said in the past, there's an $8 to $10 billion SASE market out there. And that space is growing in double digits. as an opportunity.
Matt
Okay, got it. Thank you very much.
Operator
All right. And with that, we'll conclude the Q&A portion of our call, and I'll turn it back over to Nikesh for his closing remarks.
Clay Bilby
Thank you, Clay. Thank you, everyone, again, for joining us. We look forward to seeing many of you at upcoming investor events. I also want to thank our customers, partners, and employees around the world for helping us deliver these great results in such a tough environment. With that, have a great day.
Disclaimer