This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk02: Clay Bilby, Good day, everyone, and welcome to Palo Alto Network's fiscal second quarter 2023 earnings conference call. I am Clay Bilby, head of Palo Alto Networks Investor Relations. Please note that this call is being recorded today, Tuesday, February 21st, 2023 at 1.30pm Pacific Time. With me on today's call are Nikesh Arora, our Chairman and Chief Executive Officer, and Deepak Galecha, our Chief Financial Officer. Our Chief Product Officer, Lee Claridge, will join us in the Q&A session following the prepared remarks. You can find the press release and information to supplement today's discussion on our website at investors.paloaltonetworks.com. While there, please click on the link for events and presentations where you will find the investor presentation and supplemental information. During the course of today's call, we will make forward-looking statements and projections regarding the company's business operations and financial performance. These statements made today are subject to risks and uncertainties. We assume no obligation to update them. Please review the press release and our recent SEC filings to see these risks and uncertainties. We will also refer to non-GAAP financial measures. These measures should not be considered a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. All results and comparisons are on a fiscal year-over-year basis unless specifically noted otherwise. We would also like to note that management is scheduled to participate in the Morgan Stanley TMT Conference and JMP Securities Technology Conference in March. I will now turn the call over to Nikesh.
spk04: Thank you, Clay. Good afternoon. Thank you, everyone, for joining us today for our earnings call. I'm pleased to report that we had another strong quarter with a balance of top-line growth significant expansion in non-GAAP operating margin and strong free cash flow. Billings and revenue each grew 26% year-over-year. Our RPO grew 39% as we continued to sign large multi-year deals with our customers. We also delivered an acceleration in our operating leverage in Q2 as we focused on driving profitable growth. Our non-GAAP operating income grew 55% year-over-year, supported by a non-GAAP operating margin which exceeded 22% for the quarter. up over 440 basis points year-over-year. This translated to another quarter of profitability on a GAAP basis. We have now been GAAP profitable on a cumulative basis over the last four quarters. In addition, our strong free cash flow generation this quarter also puts us on track to outperform prior guidance. I know many of you are wondering about the macro environment, so I want to start with an update there. There is clearly a tougher macro emerging out there as the Fed continues on its crusade to tame inflation. The changing macro is clearly making business leaders more cautious. Some of our customers are seeing signs of a slight slowdown, while others are less impacted. I, however, feel that we're not done yet, and while not expecting shocks, I do think we will see more cautious activity over the next few quarters. Clearly, caution is abundant, driving more scrutiny, making customers demand more value from their partners. We've seen some projects get delayed or de-scoped, none canceled, while most continue on track. We've always maintained that we expect cybersecurity to be resilient, and we continue to see evidence of that. On the large deal front, this behavior is definitely widespread. For us, this has meant we need to get ahead of this and work closely with our CIO and CISO partners. Not just that, it's creating more conversations around payment terms, discounts, and scopes to deal with purchasing teams, something we've been working with our customers on as well. I'm delighted that based on our field teams getting ahead of this problem early this quarter, we did not see any major deals slip from the quarter. Our deal cadence and quality was consistent with the same quarter last year. On an equally positive note, this environment drives the need for consolidation, not just to generate clear security outcomes, but also to reduce the security vendor sprawl that has been prevalent in our customers' infrastructure and the need for a long-term security strategy based on total cost of ownership and value. We feel fortunate that with our portfolio, we are best positioned to deliver this to our customers. Within our own business, two things have happened. One, we have become more focused on efficiency from early this year. For example, our headcount growth this year is likely to be lower than any of the last three years. At the same time, we do not anticipate slowing down the pace of our development or business outcomes. Deepak and his team have been rigorously inspecting our cost structures across our portfolio to ensure we are set up to deliver consistent gross margins in all areas. This has been one of the major drivers of our improved operating margin, and we hope to continue to improve as we scale. Secondly, as anticipated, supply chain challenges and product have abated significantly versus six months ago. While this is evident in our product gross margins and our overall profitability, there are some lingering impacts which we expect will further abate through the end of this year. Let's also take a moment to discuss hardware growth. Over the last 12 months, a lot of factors have impacted hardware growth, including supply constraints, uneven demand given supply chain impacts and backlog. Additionally, we have noticed our customers continue to be more focused on their cloud, network and security operations transformations and are willing to sweat their hardware assets longer. Underlying all this, we still believe that the industry hardware growth rate is in the low to mid single digits. As all these extraneous factors mitigate over the next few months, we will see the long-term growth gravitate back to those levels. So what does this mean for the second half of this year and beyond? Somewhat counter to the market, we're raising guidance both on top-line metrics and profitability. Of course, this requires the current demand to sustain and for us to maintain a continued focus on execution. We have a unique opportunity in this environment to strengthen our position in the market. Hence, we are investing with an eye towards disciplined growth and positioning ourselves with a partner of choice for customers looking to consolidate. You'll hear more about this from Deepak, but we're raising billings and next-generation security AR guidance on the backs of strength in our software-based and cloud-delivered capabilities. In our hardware pipeline, we're seeing specific transactions that are on track for Q4, which has caused us to shift some forecasted revenue from Q3 to Q4 while maintaining our annual guidance. With all I've said about efficiency and better operations and the impact, we're now guiding to 21.5% to 22% operating margin for fiscal year 2023. Additionally, we're also increasing our cash flow guidance. Consolidation continues to be a key theme with our customers. Of course, customers are not willing to compromise on quality and cybersecurity. Given our market leadership in 13 categories, we are fortunate to be engaged in many such conversations. Those conversations are driving business, and many customers are on a long-term transformation path with us. The number of deals we closed over $1 million grew nearly 20% year-over-year, and the value of these transactions grew nearly 60%. Similarly, the number of greater than $5 million deals grew 84%, and the number of greater than $10 million deals grew over 140%. We saw deal values in these cohorts grow significantly. This continued momentum is critical to us being able to drive platform consolidation. Time and again, we see early millionaire customers become an onboarding ramp to help us drive more cybersecurity value to our customers. Almost all of our $10 million deals involve multiple platforms or an underlying transformation that is driving vendor consolidation. Let's take a look at some of the ways we are driving consolidation. First, With Zero Trust Transformations, we're helping customers standardize their appliances and software firewalls with a broad line of security subscriptions. A Life Sciences customer signed an eight-figure deal to standardize their operations using our next-generation firewalls, VMs, and security subscriptions. In other cases, we're helping customers adopt SASE and software firewalls and consolidate their security stack across our consistent set of offerings driven by hybrid work in securing SaaS apps. A financial services firm recently signed an eight-figure deal with us because they wanted to transform their network and reduce both operational challenges and cost of ownership. They chose us over pure place active competitors because of the breadth of our offering and our comprehensive zero-trust network. Secondly, we're cloud transformations. We're using our Prisma Cloud and Prisma Access capabilities to help customers adopt hyperscale cloud and software as a service. Another financial services firm with a mandate to run over 90% of their apps in the cloud, signed a high eight-figure deal to standardize in both Prisma Access and Prisma Cloud. Lastly, in SOAR transformations, we're using our Cortex platform with XIM to help customers transform their security operations center and retool around high-fidelity data sources, AI, and automation. A retail company started a relationship with us around Unit 42 incident response with an expanse trial and small XDR deployment. They expanded the relationship with a high seven-figure deal to standardize on XDR and XSOAR. These strategic customer relationships and transformations would not have been possible without us building a new security industry paradigm, a paradigm around constant innovation. Our success is driven by investments in innovation and is increasingly clear to us that there is a flywheel at play here. This starts with R&D investment, where we have the largest budget of all dedicated cybersecurity companies, approximately $1 billion in non-GAAP spending on a trailing four-quarter basis. This is two to five times as much as our pure play peers. Our scale also allows us to spread this budget across a larger revenue base and the shared needs of our three platforms. Our R&D investments then translate into a record number of product releases. Our first off major release is number 35, up 59% from the first half of last year. So the key releases in the first half included our flagship Pan OS $11 Nova, our third advanced subscription, advanced Wildfire, our new AI-based SOC platform, XIM, and new modules and updates in Prisma Cloud. This constant innovation is causing industry analysts to take notice. We recently received recognition for leadership in the cloud-native application protection platform category, or CNAP, bringing our total number of active leadership recognitions to 13, which compares to 9 a year ago. All these leadership positions have helped us grow our NGS ARR at 63%. We still believe there is a large untapped time for many of these services, given the robust adoption of advanced software services that we have launched, which are all cloud-delivered, And us being in the early part of the SASE Cloud Genii lifecycle, we feel confident in our future ability to drive in GSARR. Let's take a deeper look at some of the highlights. I'll start with my personal favorite, our network security business. We launched our first SASE capability, Prisma Access, at the end of fiscal year 2019. In the first year, we booked less than $100 million in business. Over our last six quarters, we booked about $1 billion, with our largest deal last quarter being a TCV deal for $40 million for SASE. We now have over 4,000 customers and are growing AR approximately 50%. In Q2, we saw a healthy number of large competitive wins in SASE, and SASE has one of our strongest pipelines looking 12 months out. Beyond the top line traction, we're also seeing improving economics in the business. Two years ago, we showed you how the five-year revenue from a SASE customer compares to an appliance customer. At that time, SASE was about two times higher. Since then, we've added additional value to SASE. We launched autonomous digital experience management in FY22, followed by AIOps and SaaS security posture management this year. AI has the power to transform SASE. Our integrated security services are now all powered by AI to detect and prevent even zero-day attacks. And we'll soon be introducing additional AI-driven capability to transform the user experience when using the platform. We now expect our five-year revenue from a SASE customer to be more than two and a half times that of an appliance customer. We've also seen some improvements in our SASE gross margins over this period as we have scaled and become more efficient. If you go to the other side of our network security portfolio, our software firewall business is going strong. This includes the broadest deployment options for customers, including VM series and CM series, which can run in their data centers or be purchased in the cloud marketplaces, and the first-to-market integrated cloud next-generation firewall offerings for hyperscale clouds. We have the highest market share of any company in this market. We believe it's more than three times of our any closest competitor. The current macro environment is causing more customers to watch their CapEx budget. This shift, along with the fact that customers are transforming the data centers moving to the cloud, is leading more of them to adopt software firewalls. In Q2, the number of deals over $1 million for our software firewalls nearly doubled. And six of our top eight deals in Q2 included software firewalls in our offerings. Moving on to our cloud security business, we continue to make steady progress with Prisma Cloud. Platform enhancements are important to our growth. We released a new API risk profiling capability to enhance our web application security module. This capability helps security teams assess their API attack surface quickly based on more than 200 risk factors, including misconfigurations, exposure to sensitive data, and access privileges. This helps teams prioritize the most significant risks and take preventive measures to address them. We also continue to shift left and focus on security workloads as they are developed, solving our customers' application security challenges. To that end, we closed the acquisition of CIDR and have brought their team under common leadership with our Cloud Code Security team to help bring CIDR's CICD security capability to our platform. After releasing Cloud Code Security a year ago, over 15% of our customer base has adopted these capabilities. Our Cloud Code Security customers in Q2 grew 30% over Q1. A new secret management module launched in December scans code repos used by developers for hard-coded secrets like passwords and API keys to make sure this information is not exposed and used as a vector of attack. We continue to see these new capabilities and enhancements drive an increase in customer module adoption. For example, our customers with two or more modules grew over 40% and customers with four or more modules more than doubled. Credit consumption of Prisma Cloud increased 48% year-over-year. This growth is being driven by new customer additions, customers increasing their cloud footprints, and customers consuming additional modules. While there has been discussion of moderation in cloud consumption in the market, we believe the relatively early stage of cloud security adoption has and will continue to shelter us from this headwind. Before I move on to Cortex and talk about continuing signs of optimism I see in that category, I feel compelled to take a detour towards AI. Clearly, AI has been on everyone's mind given the continued conversation in the tech industry. Most of you know the story of my arrival at Palo Alto Networks. I talked about fragmentation and the need for a solution there, which we have talked a lot about. I also talked about automation and AI. We counted. I used the word AI more times in my first six months at Palo Alto Networks than platform or consolidation. The challenge, as you all know, is that AI has been a data problem and continues to be so. Unlike consumer AI, where we can talk about sonnets and chat GPTs, creative capabilities, and the revolution that is going to drive in search or advertising, its ability to summarize data and continue to amuse and inform us, the demands from AI in enterprise are far more exacting, and so are the returns. In enterprise, AI needs to be clean. It has to have comprehensive data. And in security, especially, it needs to be real-time. So not only do you need to have the best data to create great security outcomes, you also need to be positioned in line to block threats. Let me make a case why with petabytes of data from trillions of events, billions of sessions, hundreds of millions of URLs, and tens of millions of flies flowing through our product across cloud, network, and endpoints daily, we are best positioned to deliver security outcomes using AI machine learning. Palo Alto Network's next-generation firewalls broke through the firewall industry in the early days because of our ability to then deliver next-generation security. These services were driven by our expansive data collection capabilities, EL, or enhanced application logs. We have since applied that capability across our entire network security stack. We estimate that this network security data is just under half the valuable security data that is needed for any AI-driven outcome. There are over 60,000 customers where we can help them use this data. As we conceived Cortex, we built XDR to ensure we collected the best endpoint data across the industry. We acquired and deployed the largest security automation footprint of XOR, but we're not stopping there. We then acquired and integrated Xpans, which looked at vulnerability data from a different and unique perspective. These formed the fundamental building blocks for XIAM. With our leadership position in automation, analytics, and attack surface management, again, we're driving an AI-based SOC transformation. With over 4,500 Cortex customers, we were able to bring what we believe is the next largest set of critical security data that is useful for AI. We applied the same thought and rigor as we built Prisma Cloud, integrating data from all hyperscalers, integrating shift-left data from developers. Slowly and steadily, the Prisma Cloud integration is being built on a stronger foundation of security data. Cloud is becoming an increasingly important contributor to AI, and our 2,000 customers will benefit from it. We have delivered unique AI-based outcomes, including blocking unknown yet malicious websites, command and control domains and files at scale. Also, we have shown in our own security operations center that we can reduce the mean time to detection to seconds and the mean time to respond to minutes. These are all outcomes that cannot be achieved without the data we have and the machine learning expertise we apply. Let's take a look into how we believe this has made us more excited and encouraged us around XIM. In Q2, as part of the Cortex and XIOM platform, we released important new capabilities, including SaaS-enabled XSOAR, delivering a cloud-based interface and expands active attack surface management, allowing our customers to remediate issues discovered using XIOM. We launched XIOM and GA at the end of Q1. So far, we've closed approximately $30 million in business and have a growing pipeline of customers that are looking to transform security operations of the new platform. I think XIM is going to pave the way for us to drive AI-driven security transformations and outcomes. We will continue to work hard with our early customers to drive evolution and success in XIM. I'm extremely positive, perhaps, and cautiously optimistic about XIM. Its early relevance, product market fit, and with the concurrent discussion around AI, it makes me hopeful that this could be the fastest ramp of any security product. We see our first milestone to get into $100 million in bookings faster than Cortex, SASE, or Prisma Cloud in our portfolio. Before I turn the floor over to Deepak, I want to pull all this together and talk about where we're focused as we enter the second half of our fiscal year and beyond. We see a clear roadmap ahead of us. We intend to put our head down and execute. Right now, We're in the process of transforming our business to software-based and cloud deliver offerings. Our revenue, which is increasingly driven by our next-generation security capabilities, is becoming more recurring in nature, and we have an opportunity to own a greater share of our customer cybersecurity budget. This should allow us to sustain high revenue growth for longer. Over the last couple of years, we set in motion a plan to expand our operating margins, including driving scale in our faster-growing businesses. Over the last six months, we've listened to investors who have encouraged us to focus on profitable growth and accelerate incremental leverage in our business. And we made good progress in Q2. We're now well positioned for the second half of the year. We are appreciably raising our margin target for FY23, up 200 basis points from our prior guidance and 250 basis points from our initial FY23 guidance. We believe we can continue to build on this into fiscal year 2024 and beyond, putting us three years ahead of our profitability targets we offered at our last analyst day in September 2021. As Deepak will describe, we believe the combination of sustaining higher top-line growth and focus on efficiency sets out well to build on this base of higher profitability and grow EPS ahead of revenue. I want to emphasize that achieving GAAP profitability is an important milestone for our company. In support of this, we're actively focused on managing our stock-based compensation to continue bringing this down as a percent of our revenue. With that, I'll turn the floor over to Deepak to take you through our details of results and guidance, and then we'll take questions.
spk14: Thank you, Nikesh, and good afternoon, everyone. For Q2, revenue of $1.66 billion grew 26%. Product revenue grew 15%, while total service revenue grew 29%, with subscription revenue growing 32% and support revenue growing 25%. Moving on to geographies, we saw revenue growth across all theaters, with the Americas growing 22%, EMEA up 35%, and JPAC growing 32%. The strength of our next-generation security capabilities continues to drive our results, with NGS ARR of $2.3 billion growing 63%. Strength was broad-based across all three of our platforms, network security, cloud security, and security operations. We delivered total billings of $2.03 billion, up 26%, and above the high end of our guidance range. Total deferred revenue in Q2 was $7.6 billion, an increase of 39%. Remaining performance obligation, or RPO, was $8.8 billion, increasing 39%, with current RPO representing about half of our RPO, similar to recent quarters. Our non-GAAP earnings per share was significantly ahead of our guidance, and this metric, as well as our trailing 12-month adjusted free cash flow, accelerated. Non-GAAP EPS of $1.05 grew 81% year-over-year, while trailing 12-month adjusted free cash flow of $2.7 billion grew 76% year-over-year. Moving on to the rest of the financial highlights. Non-GAAP gross margin of 75.5% was up 150 basis points year-over-year, driven mainly by an increase in our software mix. On a quarter-over-quarter basis, we saw less pressure from incremental costs related to the supply chain. We've made significant progress in driving leverage. This is something that we articulated at our analyst day in September 2021 and kicked off in fiscal year 22. And we have accelerated this in fiscal year 23 with a focus on profitable growth as evidenced by our Q2 performance. Our operating margin of 22.8% increased 440 basis points year over year. This result was driven by improving gross margins and a slower level of headcount additions. We expect to see ongoing improvements in our operational efficiency and as a result, we are raising our fiscal year 23 operating margin guidance. Non-GAAP net income for the second quarter grew 79% to $332 million or $1.05 per diluted share. Our non-GAAP effective tax rate was 22%. Delivering fiscal year GAAP profitability is another milestone in our balance of driving growth and profitability. For the quarter, GAAP net income was $84 million or 28 cents per basic share and 25 cents per diluted share. This was our third consecutive quarter of GAAP profitability, and as Nikesh noted, we have now been profitable on a cumulative basis for the last four quarters. We believe we now meet the criteria for inclusion in the S&P 500. Turning now to the balance sheet and cash flow statement. We ended Q2 with cash equivalents and investments of $6.2 billion. Our average duration Our new contracts increased slightly year over year, driven by deals with strategic customers. It remains at approximately three years where it has been historically. Q2 cash flow from operations was $695 million, with total adjusted free cash flow of $685 million this quarter. Our strong free cash flow in Q2 was driven by increased operating profitability, higher interest income, and improvement in billing's linearity due to improving supply chain conditions. During Q2, we repurchased approximately 1.8 million shares at the open market at an average price of approximately $139 per share for a total consideration of $250 million. As a reminder, our share repurchase program is opportunistic, and we are committed to this method of returning cash to shareholders over the medium term. Stock-based compensation ticked up 20 basis points as a percent of revenues sequentially. related to the issuance of our annual grants and the impact from the CIDR acquisition. On a year-over-year basis, stock basis compensation was down 350 basis points as a percent of revenue. Before I get to guidance, I wanted to cover my thoughts on operating margin. We have continued to drive improvements in the profitability for our fastest growing businesses as they have gained scale. Also, over the last six months, we have developed and executed detailed plans to accelerate our operating leverage. This includes raising the bar around the return on investment we expect, as well as remaining prudent in our hiring. We've also spent a lot of time looking at our peer group and studying benchmark data. As we look towards the second half of the year and into fiscal year 24, we believe we can continue to execute against our plans and drive higher operating margins. We expect that this will translate into us growing our EPS faster than our revenue growth rate. Now moving on to guidance. We're offering guidance for Q3 and also Q4 to make this explicit and then offering updated annual guidance. You'll see we're maintaining our annual revenue guidance and giving explicit guidance for Q3 to Q4 based on what we see in our pipeline for product revenue. For the third quarter of 2023, we expect billings to be in the range of $2.20 to $2.25 billion, an increase of 22% to 25%. We expect revenue to be in the range of 1.695 to 1.725 billion dollars, an increase of 22 to 24 percent. We expect non-GAAP EPS to be in the range of 90 cents to 94 cents, an increase of 50 to 57 percent. For the fourth quarter of the year, we expect billings to be in the range of 3.12 to 3.17 billion dollars, an increase of 16 to 18 percent. We expect revenue to be in the range of 1.937 to 1.967 billion dollars, an increase of 25% to 27%. We expect non-GAAP EPS to be in the range of $1.18 to $1.22 per share, an increase of 48% to 53%. For the fiscal year, we expect billings to be in the range of $9.1 to $9.2 billion, an increase of 22% to 23%. We expect NGS ARR to be in the range of $2.75 to $2.8 billion, an increase of 45% to 48%. We expect revenue to be in the range of $6.85 to $6.91 billion, an increase of 25 to 26%. We continue to expect product revenue growth in the range of 10% for the full fiscal year. For fiscal year 23, we're expecting our operating margins to be in the range of 21.5 to 22%. And we expect our non-GAAP EPS to be in the range of 3.97 to 4.03, an increase of 57 to 60%. We expect our adjusted free cash flow margin to be between 36.5% to 37.5%, and we expect to be GAAP profitable each quarter and for the fiscal year 2023. Additionally, please consider the following modeling points. We expect our non-GAAP tax rate to remain at 22% for Q3 and fiscal year 2023, subject to the outcome of future tax legislations. For Q3 and Q4, we expect net interest and other income of $45 to $49 million. We expect Q3 diluted shares outstanding of 321 to 327 million shares. We expect Q4 diluted shares outstanding of 326 to 332 million. We expect fiscal year 23 diluted shares outstanding of 320 to 326 million. We expect Q3 diluted capital expenditures of $35 to $40 million, with full-year capital expenditures of $165 to $170 million. With that, I will turn the call back over to Clay for the Q&A part of the call.
spk03: Great. Thank you, Deepak. To allow for broad participation, I would ask that each person ask only one question. The first question will be from Brian Essex of J.P. Morgan with Hansa Fadawala DePaul. Brian, you may ask your question.
spk07: Great. Thank you, Clay. And congrats to everyone on some fantastic results. Really, really strong here. Thanks for taking the question. You know, maybe, Nikesh, for you, just have a question on SASE. Maybe if we could dig in a little bit to the competitive dynamics there. Does it really help the, I guess, how much does it help the platform to have full end-to-end SASE? I see a lot of private vendors building out full-end and SASE platforms, or is this more of a transformational push, or maybe there's a little bit of both? Thank you.
spk04: Hey, thanks for the question. Look, the SASE market, I think, traditionally was a market which was focused on internet access. You know, customers used that as a proxy-based way to onboard internet access, and it was fine. I think the pandemic really flipped the switch, coupled with the whole cloud transformations that are going on, You know, customers, especially larger customers, want to create a first-class citizen of any user who's not sitting in the office or in the campus, and they want to get to zero trust. So I think that the confluence of zero trust, the confluence of the cloud transformation, the confluence to apply full security stack, open the door for full SASE deployment and network transformations, coupled that with the fact that people are trying to get away from, you know, large wide area network type networks. network architectures to SD-WAN type network architectures. I think our confidence in all of these things created a real spurt in the SASE market. We have 60 plus thousand customers who use firewalls. Now we're showing them a path to migrate from a firewall-based, campus-based, data center-based architecture towards a zero-trust architecture which spans hardware, software, and any kind of remote access and campus solutions. So I think that's what's driving that for us. And, you know, whilst your guys, you're impatient, your brains move faster than our ability to execute sometimes, it's only been three years. And I think I could challenge anybody out in the market. Everybody read the same Gardner, Magic Corner, and SASE. I want to see how many vendors can claim that in the last six quarters they sold a billion dollars to SASE and who just did a $40 million deal on SASE last quarter. So I think that's our execution, our ability to work with existing customers, our constantly listening to customers evolving our product is allowing us to get here. Now, it's a competitive market, but I think we're down to two, two and a half vendors in this market who we see at every customer now.
spk03: All right. Our next question from Hamza Fadawal or Morgan Stanley with Fatima Tafal. Go ahead, Hamza.
spk05: Hey, good afternoon. Thank you for taking my question. In front of Cash and the clerks, Just curious around the early customer conversations around AI as customers look to automate their security operations. And to what extent is that aiding the conversation towards consolidation for Palo Alto networks?
spk04: You know, that's a great question, Hamza. And, you know, I've been sort of on and off in terms of my how to temper my enthusiasm for this space. And as on my way to India to speak at a convocation, I experienced Chad GPD for the first time. And I turned around and rewrote my convocation speech saying this is the best thing that's happened to security enterprise and to consumer because I think it's kind of an inflection point, which is big. Now, clearly that's a conversation. I'd say three months ago, customers were not asking us about AI. And now they all want to know, are you deploying AI in your security products? That's great. And that's why we spent some time in the earnings call trying to elaborate how we've been using this for a long time. The conversations are around how do I start making more sense of my data. I think the last iteration of using data in the security industry has been more about, I'd say, offline or reactive data analysis for the most part. And this is the first time the customers want real-time, proactive, block-the-threat outcomes, which is sort of our sweet spot, if I may say so. And that conversation is beginning to start. I'll tell you, on XIM, there's no deal less than a million dollars. I haven't seen a security product that we've launched in the industry, which starts off at a minimum price of a million bucks, right? We've done $30 million of business in the last 12 to 16 weeks, where our teams are still getting trained. We're still getting traction. We still have, we think, 70%, 80% of product developers still working on the rest of it as we get feedback from customers. And I'm cautiously optimistic, and I think you will see this pave the way for deployment of AI. This is our first outcome-based product. This is the first time we can walk in and say, listen, I can reduce your mean time to respond and mean time to detect. Otherwise, I say, use this. This is really good. It's going to save you. But you won't find out until something happens. In the case of X-Lime, I say, I can demonstrate efficiency. I can demonstrate lower cost of ownership for you. So very hopeful. Don't get ahead of yourself. It's going to take a while. I already told you we'd be happy if I could $100,000 faster than any other product. And hopefully this becomes another leg of growth for Palo Alto to give us more sustained top line over the long term.
spk03: All right. Our next question from Fatima Bulani of Citigroup with Brad Selnick to follow. Go ahead, Fatima.
spk10: Good afternoon. Thanks for taking my questions. Nick, I have this one for you. You were pretty explicit that you are having realistic conversations with customers about payment firms and extensions and financial circumstances. as most organizations focus maybe more on cash flow preservation than they had in the past. So, maybe to specifically ask, it's not very apparent in your numbers that you're having those types of conversations. So, A, how are you managing to circumvent a lot of that, and how is Palo Alto Financial Services as a financing vehicle maybe helping you drive a lot of those conversations? That's not apparent to us.
spk04: Good. It means we are doing a good job of managing our cash flow margins and making sure our customers are happy. It's very rarely do I get to make both shareholders and customers happy at the same time. So it's one of those moments. Look, on a more serious note, yes, you're right. We are having those conversations. And I'd say Deepak and his team are doing a phenomenal job in making sure that our sales teams are supportive when the customer is talking about payment terms, annual billing plans, or specifically using PANFS. So I'm going to pass over to Deepak and explain how he's walking the tightrope of making sure that we're doing this effectively with our customers. I will say we're blessed because, as Deepak highlighted, we have $6.2 billion of cash on our balance sheet. So we have the capacity to be able to do this for our customers. But, Deepak?
spk14: Yeah, no, I think I would just say that it's being very selective and very purposeful looking at the actual customer interaction. We have a whole team that are very experienced at this. We've brought a lot of people in with external experience, and it really is a case-by-case situation. piece here, but that's how you keep it, like, very selective and strategic, and that's the only time we really use it.
spk03: All right, great. Our next question from Brad Zelnick of Deutsche Bank, followed by Taliani. Go ahead, Brad.
spk15: Great. Thank you very much, and congrats, Nikesh and team. Great, great job. Nikesh, Palo Alto Networks is far more than a hardware company.
spk04: Oh, my God, Brad, you're reminding me of the meeting we had four and a half years ago in my office. Go on.
spk15: I'm so glad that I left that impression on you, Nikesh. But I'm still waiting for the artwork, by the way. You can see behind here. It's still in front of the building. It's a bit sparse. But good to see you. So far more than a hardware company today. That's on full display. but you've down tipped on your industry hardware growth expectations from what you said last quarter. I believe last quarter you said 5% to 8%. Now you're saying low to mid-single digit. I don't know if that's a material difference, but I noticed the difference. If anything, what's changed at all in your market view? How should we expect your hardware business to perform versus market? And what would you say, Nikesh, to a skeptic that's perhaps skeptical that a lot of the success you see in everything else in next gen is riding along and opportunities created when a salesperson shows up and is selling hardware. I guess how much of that motion is happening away from hardware that we should appreciate? Thanks.
spk04: So, Brad, I think it's important to understand that we have a very large install base. We have 62,000 customers who deploy Palo Alto firewalls. And let's just say in my four and a half years at Palo Alto, I don't know any customers who decommissioned us yet. So I think that this illusion that hardware is not being deployed, not being used is not true. So there is hardware in most of our customers. Even though somebody may not be buying hardware, a lot of our subscription growth, our ELA growth is driven by the fact that people have hardware, which they're extending the software capabilities on and buying more software capabilities from us. So it's not just that a salesperson shows up only to sell hardware. They actually show up to deploy more security capabilities on the software front. And couple that in the case of SASE, if you look at our large pipeline, it's clearly driven by a customer of Palo Alto who is a firewall customer or a potential SASE customer who's saying, listen, I know your security services. I know your zero-trust policies. I want to be able to expand into it and deploy a full end-to-end SASE solution or zero-trust solution for you. So I guess I'm trying to say that our success in software is not hardware-dependent. All I'm highlighting is that I believe that the market was very confused last year with supply chain. You couldn't get chips. There were orders being made. Customers are getting jittery saying I have capacities. I might need more hardware. So you know, a whole bunch of conflation of effects that happened to hardware. I've constantly maintained that hardware grows. The industry grows at low to mid single digits. Um, You notice that perhaps a slight downtick in my expectations, and that's probably fair. You're perceptive. But I don't think it changes the overall outcome for us as a company. I do worry about people who are purely hardware-focused and who don't have the ability to position a solution which includes software. I'll give you an example. A large retailer comes to us and says, I'd like to deploy a SASE solution across my entire retail base. I'd like to upgrade. I want to do AR, VR for my store. I want to go get more bandwidth in there. Technically, there are multiple ways to solve the problem. All you do is sell firewalls and say, hey, put a bigger firewall in your store and I can deliver SASE because I have security capability. I'd say put an SD-WAN box in there, go deploy a lot of bandwidth in there and do a software-based SASE implementation. A, it's going to be much easier to replace software in there, upgrade software. I take care of that for you. B, it's more secure because you have the most latest upgraded software available right away. Three, it's scalable. You can improve your bandwidth requirement and security requirements over time. And D, for me, it's great because it's two and a half times more valuable for me to have you deploy SASE than put a box which I'll have to keep sending a truck every year to try and sort of, you know, upgrade the software.
spk15: Makes perfect sense to me. Keep up the good work. Thank you. Thanks, Brad.
spk03: All right, great. Next question from Tal Viani of B of A, followed by Keith Bachman. Go ahead, Tal.
spk12: Since you're now an expert on art, I wanted to show you my art. I made it behind me. That's a dead artist.
spk06: Tal?
spk12: I wanted to ask you about the difference between revenue growth, billing, and deferred revenue. You increase the guidance for deferred and billing. They're very, very strong. We see less of an increase in revenue. What are the dynamics between the two?
spk04: I'm going to let Deepak answer, but I will recommend you try DALI, and you might be able to create a parallel poster of ours, and we'll have to figure out who did which one.
spk14: Yeah, look, Tal, I think at the end of the day, we are an enterprise company. And as you see in our guidance, we have a large Q4 guidance with a lot of customers sweating assets, as Nikesh had mentioned in his script. I think we're just trying to reflect that in our latest forecast, which is what drives the guidance. And so if you have people sweating assets, we don't know exactly what will fall in which quarter, and that's what drives the revenue.
spk04: Yeah, but I think just to make sure that we don't mix the forest from the trees, we are seeing better growth across our business on a TCD basis across our customers. That's driving the billings growth, which obviously then falls into revenue both short-term and long-term and deferred. I think what you're seeing is the higher mix of software and our expectations going forward, which makes it more ratable over time. It gives us more predictability. Hence, the revenue looks – consistent with expectations, and you see the software part, which is sitting in deferred, grow faster.
spk14: That's right. Certainly on SASE, that is the most prevalent. Does that make sense? Yeah.
spk03: All right. Great. Thanks. Our next question from Keith Bachman of BMO, followed by Patrick Colville. Go ahead, Keith.
spk13: Many thanks. Good afternoon. Good evening. I wanted to ask you, Nikesh, about Cortex, if I could, more broadly, and I'll break it in a The Cortex journey, the results have been solid, not just this quarter, but for some period of time now. And A, on the competitive front, we've been hearing a lot of discussion from some of the leading vendors that pricing's become much more material in winning share of the, you know, the CrowdStrikes or what have you. It doesn't appear that that's the case at all in your results from the growth rates and the profitability. So I just wanted to hear a little bit about pricing and then more broadly on B, just the competitive dynamics on your results. And you mentioned 100 million, you know, kind of run rate on XIM. How has the portfolio helped shaping this outcome as you look out over the horizon over the next number of quarters in Cortex?
spk04: So, Keith, that's a great question. I'm hesitating on my own analogy, which I was going to give you, but I don't think we should print that. It's clean. It's just I don't want to put a word against our Cortex business. First and foremost, look, I always maintain that the opportunity in a security market arises when there's an inflection point. And I think the endpoint industry went through an inflection point a few years ago when we saw the emergence of EDR and XDR players, and you saw that, I'd say, perhaps the the normalization of pure endpoint antivirus-type players in the market. And what's happened is if you look at the evolution, we've gone from a few endpoint players to many, and you're beginning to see convergence again, down to two or three people. And I'd... say that we are one of the three growing XDR vendors where customers are choosing us. We have one of the best POC outcomes across the entire market vis-a-vis other players. So I'd say today if you're looking for an XDR outcome, there's possibly two or three vendors that are always in the fray and we're beginning to see ourselves there. That was not the case three years ago. That was not the case two years ago. We're happy with our positioning, one. Two, XTR is a pipeline business because it's pretty consistent to your point about pricing. The deal sizes are pretty consistent and they're sort of in a range and you've got to have a lot of deals to your pipeline to get some conversion going from them. Cloud and SASE can be big. I sell a $40 million cloud deal, $40 million SASE deal. I don't have $40 million XTR deals. They're all in the same swim lane and you can, you know, substitute one for the other. We see consistent growth. Now, where I think our secret sauce is kicking in and should kick in is Exime only works with XDR. And what's interesting is we've seen very early, we've had 15 customers with Exime in the last 12 weeks and they're all north of a million dollars. Very early, we're seeing customers saying, I'd like XIAM. We said, listen, you can only get XIAM if you're going to buy XDR. So we're beginning to see there's a pull because of an outcome-based oriented XIAM. Again, as I said to Hansa, don't get ahead of your skids. This is a shift we're trying to engender in the industry. But we think that the way to drive XDR for us in the long term is going to be by creating the best security outcome in the SOC for the customer. But they realize, I need good data. The only way I get good data is through Palo Alto XDR. which allows us to go create the security outcome the next time. So that's our approach. Until then, we're just going to keep our head down, grind out the pipeline, make sure we can win the deals. But for us, we're headed for the bigger price because I can do a lot of XIM business, so I can XDR seed it into my customers. So XDR pricing is less contentious for me. It's more interesting for me to get the right customer in XDR. So you notice there's a certain part of the market we play in. We don't play in the low to mid-end of the market in XDR. We don't have 500 user customers. We like to get the 10,000, 15,000 customers. the higher end of the XTR customers, because we think there's a high transference to XIM in the future. We've been doing that consistently for the last few years, trying to build that base. As of when XIM is ready, we can start encouraging our customers to evolve from XTR to XIM.
spk03: Next is Patrick Colville of Scotiabank, followed by Matt Hepberg. Go ahead, Pat.
spk11: Hey there, guys. Thank you for taking my question, and it's good to be back. So I want to ask about margin. So really impressive to see what you guys printed in the margin. I mean, looking at the numbers for fiscal second quarter, to me, the two most important levers were the product gross margin and the sales and marketing kind of costs that were moderated. I guess as we think about the remainder of the year, how should we model out those two levers? So should we continue to expect... less incremental pressure from, you know, supply chain costs on the product GMs? And how far can this S&M efficiency go?
spk04: Well, I think, Patrick, first and foremost, Deepak made your life easier by giving you an operating margin guidance for the year. So you don't have to worry about the competent parts. You can just take a look at the total and have a wonderful time. They've used some modeling as well. So that notwithstanding, I think between Deepak and I, we both said that that I contemplated putting this in our earnings script. I had a meeting with an investor. Deepak and I had a meeting for hours about six or seven months ago. And they took us through the brute force of profitability and margins and margin expansion and long-term EPS for Palo Alto. And that was the day Deepak and I looked at each other and said, you know what? Growth is important, but profitable growth is even more important. And I'd say there's a series of programs that Deepak has been running over the last six months, which include looking at gross margins across all of our products, looking at our spend across categories, looking at headcount. So this is a sustained program we have in place. We're going to moderate our way through it to make sure that we don't impact our ability to generate the right amount of growth and the right amount of profitable growth. But I think the thing I'll leave you with is that We're giving the guidance for the full year for operating margin, how it's going to evolve. We think it's a very good place compared to where we were expecting to be right now. And I think we've also given you hope that we don't believe this is the end. We believe we can keep improving from here. So for now, that's all we're going to say. All right. Thank you so much.
spk03: All right. Next, we've got Matt Edberg of RBC, followed by Jonathan Ho. Go ahead, Matt.
spk01: Cool. Thanks, guys. Congrats from me as well. Nikesh, I have to go back to SASE. I mean, the 50% growth in ARR off of a large space is impressive. And you guys took a different approach this year in terms of integrating your core firewall and your SASE sales force. Can you talk about the strides in those conversations into the other sort of 50,000 firewall customers that aren't SASE customers? You know, how does that discussion go? And, you know, just because it feels like such a marriage that makes so much sense from a crossover perspective.
spk04: Yeah, Matt, look, I think a happy firewall customer is a customer who at least has a good feeling about Palo Alto. And I think if they've deployed our security services, they're even better because they know how those security capabilities work. And now we're working through each of these customers and trying to work with them on their zero trust strategy. SASE is generally a long lead time, long conversation because it's not just security. I think the part which sometimes gets lost in this in some of the analysts is that SASE is actually you're taking See, the firewall, I give you a firewall, you run the firewall, it's in your network, it's all good, you run your product. And sadly, I run your network. I take the traffic from your laptop onto me, onto GCP, and route the traffic for you. So now I'm part of your mission-critical capabilities. That means my network has to be strong, my latency has to be low, my availability has to be high. That's not a traditional question security companies have been asked. They're not used to running networks. That's why I just fall off my chair when I keep hearing there are seven other vendors building SASE solutions. I'm like, good luck. Learn how to run a network. So, you know, it is no coincidence that we decided that we were not going to run the network. We're going to write AWS and GCP on the network for us because that's what they do really well. And they have cloud capability with low latency. So we built our SASE stack, which runs now concurrently on GCP and AWS, allowing us to give you availability, which is higher than those two individually. So we think the long term, that's the right answer. Now, clearly, we're not 11 years old in SASE. We're three and a half years old in SASE. So there are some things which we get stumped on because there are features and capabilities we need to keep building because there are edge cases which have been brought to the forefront. That's where Lee and his team are doing a phenomenal job, continuing to keep us at the top of the sort of pyramid on that topic. We're working on some really exciting capabilities in the upcoming future. We'll inform you in the next upcoming quarters. But we feel very good about our SASE team pipeline, our on-ramp, they're lumpy, they're large deals, but, you know, there is product market fit and we're seeing success.
spk03: All right. Our next question from Jonathan Ho of William Blair, followed by Socket Kalia. Go ahead, Jonathan.
spk09: Congratulations. Just wanted to maybe start out, you've seen some tremendous large field success this quarter. In terms of the platform consolidation discussions with customers, what are you seeing? And is there evidence of customers maybe standardizing on Palo Alto across multiple areas? You know, what could drive that sort of trend over time? Thank you.
spk04: So William, you know, The reason we showcase the millionaire customers, the $5 million deals and the $10 million deal slide is there's a journey. By the way, I'm going to send you a Palo Alto shirt so you can at least wear that in this meeting. You can wear that other one other times. But anyway, so yeah, we showed you the slide on $1 million and $5 million and $10 million because customers go through a journey. You know, it's very rarely you walk into a fresh customer and we convince them to go spend tens of millions of dollars and consolidate. So, it's usually an evolutionary process where we've become the firewall vendor of choice. They go with us on SASE. They're working on cloud. They see the concurrence of cloud and SASE. They have XDR. They want to get XIM. So, slowly and steadily, you know, We are showing them the benefits of consolidation. I'll tell you, us being leaders in 13 categories helps because the first time you use the word consolidation, the first reaction of the CIO or CISO is, wait a minute, I want the best stuff. I just don't want it because you have it. They say, wait a minute, our stuff is the best stuff as well as it works together. It's a journey. It is not something there is a panacea that every customer comes in and walks in. But our teams are now focused towards trying to evolve our customers down that path or across that journey, right? And that's why we can go out and do a deal. I think our largest deal this quarter is north of $75 million.
spk03: All right. Our next question from Saket Kalia of Barclays, followed by Joe Gallo. Go ahead, Saket.
spk08: Okay, great. Hey, guys, thanks for fitting me in. A number speak for themselves, Nikesh. Maybe a question for you. A lot of excitement around XIM, some interesting wins you called out as well in your AI section, but maybe a strategic question for you. As you think ahead maybe the next couple years for XIM, How do you think that that will have started to disrupt the SIM market, either from a tech or pricing perspective? And maybe just to flip that on its head a little bit, is it possible that tools like XIM maybe help expand the SIM market?
spk04: So, I think, Saket, the SIM market doesn't have a pricing problem. It has a value problem. I spend a lot of money. I don't get enough value. And, you know, if you ask some of the customers out there, how do they use the SIM? SIM is used post-breach or post-event to figure out what happened. A SIM is not doing on-the-fly real-time blocking. So when SolarWinds happens, Log4j happens, you can go to your SIM and look at where it happened and figure out and trace it back and try and block the hole. What it won't do for you is stop it mid-flight. And that's a paradigm shift as far as security is concerned. The only way you can do that and stop at mid-flight is if you're analyzing data as it's being created. So to us, the reason we call it XIM not SIM is here's how it works. We watch the data in flow. We watch it coming from the endpoint. We cross correlate mid-flight with firewall data. We go and triage it. We automate some of the alert or some of the noise away. And we're looking at Like real incidents have been triaged already, which are not being put in some large data lake and then running query language against it to see how do I solve the problem. They're already doing it in the back end. Now, of course, with the availability of new LLMs that are out there, which you all, I'm sure, have been talking about and dealing with in their free time, they do a lot more useful things than write poetry for your wife. They can actually analyze data to tell you what is anomalous and what is off pattern. And if you can figure that out, then what do you have to do? You have to go ahead and remediate it. How do you remediate it? You've got to be a firewall to remediate it in the network. You've got to be an endpoint to remediate it in the endpoint. You've got to be Prisma Cloud to remediate it in the cloud. So I think what XIAM is going to do is going to bring real-time capability in the SOC or real-time capability in security. It's early days. Again, I'm going to say, keep repeating in repetition. Do not spoil the prayer. Don't get ahead of yourself. But this is where we're heading. And if you can picture chat GPD 10 years from now, picture AI and security 10 years from now. You will not have humans trying to analyze because it would be too hard for humans to analyze petabytes of data. Already the data in an organization is too much for a security analyst to analyze.
spk03: All right, great. Next question from Joe Gallo of Jefferies, followed by Ben Mullen of Cleveland. Go ahead, Joe.
spk16: Hey, guys, thanks for the question. Can you just comment on the execution in cloud security despite the backdrop of hyperscale or growth moderation? And then maybe more importantly, you know, where customers are in the journey to cloud security consolidation, it still feels like the Wild West with a lot of disparate products in that category. When does that market merge, which I'd imagine benefits? Thanks.
spk04: Thanks, Joe. Two quick answers. One, we're still the largest player with north of 2,000 customers in cloud security. I don't know if you explicitly call it out, but our largest cloud security deal was $40 million this past quarter. I don't know any other vendor in the cloud security space who's doing half of that in a quarter in one deal. So, yes, there are many small players out there, but we've seen a bit of churn in the market where some small players have kind of been acquired and gone. Now, does that mean we'll be the only player? No, there'll be other players in the medium term, but We feel comfortable that there are people who are consolidating. It feels like the Wild West because customers are still not fully in the full cloud security platform mode. So they've not fully embraced the need to have all these things connected. But I think it's a matter of time and a matter of demonstration that this is going to happen. In terms of your question around where we are, and we talked about that in the prepared remarks around hyperscalers. Remember, the cloud security market is a few billion dollars. The hyperscalable market is hundreds of billions of dollars. Now the difference is, When you commit to a hyperscaler, you commit that you're going to move, you're going to transition, you're going to spend a lot of money. A lot of that stuff sits in deferred revenue because they are not fully deployed or customers haven't fully consumed. Cloud security applies to stuff that you consume. If you haven't consumed it or you aren't ready to consume it, they're not going to be buying cloud security. So I think we have a little bit of a gap in terms of when people commit to when they deploy it to when they take cloud security. I just think that stuff can slow down for a while, but there's a lot of headroom for us to get from where we are. Even if you got to all the customers who are in deployment or are deployed, I think we should see a steady, continued growth for Prisma Cloud. So the market demand, to me, is not where the challenge is. The challenge for us or the opportunity is to go convince as many customers as we can that this is a platform play. You have to consolidate across multiple modules. You have to have stuff talk to each other on a constant basis. Otherwise, you end up in the same situation as you were in enterprise security.
spk03: Our last question today is from Ben Bolin of Cleveland Research. Go ahead, Ben.
spk06: Good afternoon, everyone. Thank you for taking the question. Nikesh, you've talked about – some GSI opportunities in the past. I'm interested in how you see that channel developing, what type of tail you see there, and how meaningful your platform is becoming for those partners. Thanks.
spk04: Thanks, Ben. I used to say that about a year ago that I've had more CIO conversations in a quarter than I did in many years. I now say that about GSIs. I'd say in the last six months, I've had more GSI conversations than I had in the first five years of Palo Alto or four and a half years of Palo Alto, right? And the reason is GSIs are interested in transformations. They're interested in where they can go into a customer and deploy a much better security outcome for them. We were not relevant as a firewall-only company. With SASE, with Cloud Security, with now XIM, they see a real opportunity to go in and do some transformation for their customers. And transformation for them means revenue to them and means a solid product in the back. I'd say most GSIs are still early-ish in their journey to build a full cybersecurity competency across the board. They'd rather deal with lesser vendors than more. So us being leaders in certain categories plays into our strength and our ability to partner with them. And I think we are already, without specifically calling out deals, there are many deals where we are partnered with GSIs, where they are the front and we work with them to be as part of a larger transformation project. And we're seeing more and more of that.
spk03: With that, we conclude the Q&A portion of our call today. I'll turn it back over to Nikesh for his final remarks.
spk04: First of all, I want to thank all of you for joining our call. I also want to thank our employees who worked really hard towards delivering these results. I have to say six months ago when we started to see warning signs, we pivoted hard. We made sure that our teams got ahead of it and they have delivered. So I want to thank all of them for their contribution. As I said, this is a This is a challenging macro environment out there, and the only way we're going to get through this as Palo Alto Networks is to keep our head down and execute, and that's what we intend to do. Once again, thank you guys, and see you next quarter.
Disclaimer