Palo Alto Networks, Inc.

Q2 2024 Earnings Conference Call

2/20/2024

speaker
Operator
Good day, everyone, and welcome to Palo Alto Network's Fiscal Second Quarter 2024 Earnings Conference Call. I'm Walter Pritchard, Senior Vice President of Investor Relations and Corporate Development. Please note that this call is being recorded today, Tuesday, February 20, 2024, at 1.30 p.m. Pacific Time. With me on today's call to discuss second quarter results are Nikesh Arora, our Chairman and Chief Executive Officer, and Deepak Golecha, our Chief Financial Officer. Following our prepared remarks, Lee Klarich, our Chief Product Officer, will join us for the question and answer portion. You can find the press release and other information to supplement today's discussion on our website at investors.paloeltonetworks.com. While there, please click on the link for quarterly results to find the Q2 24 supplemental information and the Q2 24 earnings presentation. During the course of today's call, we will make forward-looking statements and projections regarding the company's business operations and financial performance. These statements made today are subject to a number of risks and uncertainties that could cause our actual results to differ from those forward-looking statements. Please review our press release and recent SEC filings for a description of these risks and uncertainties. We assume no obligation to update any forward-looking statements made in the presentations today. We will also refer to non-GAAP financial measures. These measures should not be considered a substitute for financial measures prepared in accordance with GAAP. The most directly comparable GAAP financial metrics and reconciliations are in the press release and the appendix of the investor presentation. Unless specifically noted otherwise, all results and comparisons are on a fiscal year-over-year basis. We would also like to note that management is scheduled to participate in the Morgan Stanley TMT Conference in March. I will now turn the call over to Nikesh.
speaker
Walter Pritchard
Thank you, Walter. Good afternoon, and thank you for joining us today for our earnings call. I'm pleased to report another quarter in which we successfully executed our profitable growth strategy, driving a combination of top-line growth, significant expansion and non-gap operating margin, and strong free cash flow generation. Revenues grew 19% a year and RPA grew 22%, capturing the full value of our future revenue. Billings grew 16% year over year. Just as important as we focus on profitable growth, we again delivered substantial operating margin leverage and strong growth in free cash flow. Non-GAAP operating margins of 28.6% expanded nearly 600 basis points year over year, and we generated $2.9 billion in adjusted free cash flow on a trailing 12-month basis. Our strong profitability drove non-GAAP EPS of $1.46 up 39% year-over-year, and our GAAP net income continued to grow meaningfully even without one-time items. Beyond our financial results, we achieved a number of notable milestones in Q2 worthy of spotlighting. We continued to drive large deals, including a steady stream of million-dollar-plus deals and success in our largest deals with 10 transactions over $20 million in the quarter. Our 10 highest spending customers in Q2 increased their spend with us by 36% in the period. I also wanted to update you on key achievements across our three platforms. In our network security business, we continue to see progress driving ARR growth in our SASE business. Q2 was our fifth consecutive quarter of 50% ARR growth. Additionally, more than 30% of our new SASE customers we signed in the second quarter were new to Palo Alto Networks, showing that we can win head-to-head in the market when leading with SASE. We continue to drive innovation in network security, refreshing our high-end 7500 series platform, and investing new OT security capabilities, which garnered a net new leadership position for us. In Prisma Cloud, we made significant investments in the first half of the year to drive new customers and saw this pay off in Q2 with our highest new ACV growth in five quarters. We continue to see strong trends in multi-modular adoption with approximately 30% growth in customers with two or more modules and approximately 60% growth in customers with three or more modules. Additionally, about a quarter of our customers are using five or more modules. Our external recognition in this market continued with Forrester Research positioning us as a leader in its cloud workload security wave report. In Cortex, XIM continues to be a significant catalyst for large transactions and growth across the business. This is evidenced by ARR for XIM customers being more than five times higher than that of Cortex customers who have not yet adopted XIM. We have seen significant progress in the milestone with XIM in Q2, including the most number of deals signed in a single quarter and bookings of over $90 million again this quarter. We've already displaced 19 different SIM vendors to date, and with the confidence under our belt, we're now looking systematically on how we can accelerate this legacy SIM displacement. From a regional perspective, demand overall is healthy. We did see softness in the U.S. federal government's market. We were positioned well for several large projects where we had requisite certifications and one technical selection, but these deals did not close. The situation started off towards the end of Q1, but worsened in Q2, and as a result, we had a significant shortfall in our U.S. federal government business. We expect this trend will continue into our Q3 and Q4. Offsetting the billing weakness in Fed was some non-product backlog that we shipped this quarter. With several leadership positions awarded in the second quarter, including our addition as a leader of the Gartner Endpoint Protection Magic Quadrant, we're now a recognized leader in 21 different categories across our three platforms. Five years ago when we began our strategy, the industry believed building leadership across multiple categories wasn't possible. No one was talking about security platform. Instead, the word was best of breed. Our success over the last five years has been driven by the shift to platformization. We're committed to investing in innovation to extend our industry leadership position and platform. This unique leadership across our three markets is driving strong adoption of our platforms in our target Global 2000 markets. As of Q2, 79% of Global 2000 have transacted with us on at least two of our platforms and 57% in all three. This is up from 73% and 47% two years ago. In most of these accounts, while they have adopted products from multiple platforms, we are early in driving each of our platforms wall to wall. This is a major area of focus for us as we move forward, driving consolidation within our three platforms. We know this is the right strategy as we see compelling economics with multi-platform wins. Our two platform customers have an average customer lifetime value that is more than five times that of our single platform customer. For our three platform customers, that is more than 40 times larger. While we are driving platformization, I personally think we should be doing this faster. Not only is this showing up in our deal statistics, but as we have established the portion of our platforms, position of our platforms, we are now seeing significant progress in consolidating vendors in our customer environments. We built our Zero Trust platforms through consistent architecture across our appliance, software, and SASE form factors. Customers can now consistently manage security policy across these form factors and then leverage a consistent set of security subscriptions to consolidate network security capabilities. These capabilities provided by point vendors can include intrusion prevention, web proxies, URL filtering, SD-WAN, and DLP, just to name a few. In Q2, we saw zero trust consolidation wins that included a large U.S. manufacturing company standardizing our network security platform in a $40 million transaction, replacing end-of-life competitive hardware, leveraging our security subscription, then removing a point competitor in SSE. We were the only company with the right certifications across all these offerings that could support their broad geographic footprint. This deal was part of a consolidation and modernization effort across IT with positive ROI for the customer. We also had a seven figure deal with a large law firm, expanding our firewall footprint in the new data center and expanding their hybrid workforce initiatives with Prisma Access. As part of this, we won versus other firewall and SSE competitors and also consolidated their URL filtering and VPN capabilities. In Prisma Cloud, we have built a core to cloud platform combining key best of breed capabilities that we have acquired or developed organically. Our common architecture and user experience spreads across 12 modules. As our customers adopt multiple modules, they can consolidate a wide variety of vendors, including those in cloud security posture management, cloud workload protection, API security, SCA or software composition analysis, and infrastructure security, amongst others. In Q2, we closed a seven-figure Prisma Cloud new logo deal with a financial services company, displacing multiple incumbent vendors. The customer was looking for a CNAP solution to support their multi-cloud journey. The Prisma Cloud CNAP streamlined several previously deployed point solutions and tools. They also closed a seven-figure renew and expand deal with a leading North American technology company where the customer intends to expand the use of Prisma Cloud to seven modules and also value the consolidation and standardization delivered through Prisma Cloud. Finally, in our Cortex platform with our autonomous security operations platform, XIM, we were able to establish our offering, which has enabled us to accelerate our platform value proposition with Cortex. Our platform approach in the SOC is becoming a customer imperative as point products, each with their own data stores, cannot have full context nor drive appropriate action without overly complex integrations and high people costs. In Q2, we saw consolidation wins that include a large insurance company that renewed their subscriptions, support, and firewalls, and at the same time added Ex-SIM and Expanse capability for a $25 million transaction. The Ex-SIM choice displays the two leading EDR and SIM competitors in the market, enabling the customer to avoid the cost of adding other point products in their SOC. Additionally, in Q2, we saw follow-on consolidation success for the Japanese manufacturing company that previously consolidated their network security across our SASE capabilities, leveraging Prisma Access in our DLP and Gatsby capabilities. The customer then added XO into their SOC and expressed an interest in consolidating further. In Q2, they added XIME in a mid-seven-figure deal. I know if you've had a chance to look at our guidance, our guidance is not a consequence of a change in the demand outlook out there. Our guidance is a consequence of us driving a shift in our strategy in wanting to accelerate both our platformization and consolidation and activating our AI leadership. We believe this is the time for us to invest given our leadership position in the market and our leadership position across platformization and consolidation. But before I talk about that more as to how we intend to accelerate our growth prospects in the future and drive towards a much higher aspiration of $15 billion in ARR by 2030, I want to give you a candid view of where we see the cybersecurity market and the demand function out there. The demand story is no different from prior quarters and on the margin continues to get stronger. There are multiple drivers fueling this. The threat landscape continues to challenge our customers with increasing scale and sophistication of attacks. I'm personally getting calls from CEOs and members of boards that have had bad incidents, as well as those that have seen their peers adversely impacted. We're increasingly focusing on working with companies impacted by breaches, an important commitment as we continue to be the leader in this space. Last quarter, we offered 1,500 of our top customers an opportunity to get our free support during a breach. Surprisingly, 400 customers have signed up in the last 90 days out of 1,500 to get our help on this topic. Clearly, there is awareness and concern around cybersecurity as has never been before. Heightened geopolitical tensions are driving significant nation-state activity with national infrastructure being targeted. Successful breaches and ransomware attacks are being perpetrated across many industries with few repercussions for the bad actors, although we did see various law enforcement agencies this morning, over the weekend, shut down Lockpit, which is a promising sign. The new SEC mandate requires prompt disclosure of material incidents, which often result in companies reporting those incidents before a full assessment can be done, or incidents to mediate it. We see some companies making several disclosures in succession as they grapple with understanding the full extent of what they are facing. We see the results of these disclosure mandates recognizing the need for expedited action and security, visibility, and remediation in the early stage. The part that is new, despite the many demand drivers we're seeing, We're beginning to notice customers are facing spending fatigue in cybersecurity. This is new, as adding incremental point products is not necessarily driving a better security outcome for them. This is driving a greater focus on ROI and total cost of ownership amongst most customers. There are also some key trends within the industry that I think are worth highlighting. Palo Alto Networks is unique in seeing gains in market share in hardware firewalls or in the product space. This market is changing rapidly with us seeing some of our competitors who had introduced price increases begin to roll them back. From our vantage point, We see this share shift happening in our favor because we see customers consolidating into our zero trust platforms. Customers, as I mentioned, 30% net new network security customers for SASE were new to Palo Alto. Those are the customers who over time go ahead and consolidate their footprint and require our firewalls to be deployed, give them a consistent zero trust architecture. We see this as a promising trend. We intend to accelerate that opportunity. Along with the incremental focus on ROI and TCO, the single product vendors having challenges in articulating compelling value, they're also forced to have platformization narrative. When they're not able to convince the customers that their strategy is competitive, they're many times resorting to uneconomic pricing and putting pressure on transactions in this manner. We're beginning to see rogue behavior by some vendors in the space who are keen to retain their customers, primarily in the legacy vendor space and the startup space. We intend to combat that with investing in this space and trying to accelerate platformization and consolidation for our customers. We're also seeing increased demand for AI. Along with deploying AI in our products, we're beginning to see our customers asking us to help them protect for a successful and responsible deployment of AI in their infrastructure. Putting this all together, these trends in the market bolster our conviction that adopting platforms is the only viable strategy for customers and leveraging AI is imperative. We want to march faster to our aspiration to become the sales force, to become the service now, or the workday of cybersecurity. Customers have adopted platforms in other markets across technology, and this will inevitably happen in cybersecurity. These industry trends set up conditions that favor leaders that can drive consolidation. We intend to answer this challenge. With all the promise that platformization holds, adoption is not always easy for many of our customers. Until now, we have primarily assumed that our customers adopt our platforms at their own pace. The crux of the challenge is around execution. Customers face risk in executing or making significant changes to their environments, as well economic exposure from these changes. Key friction points you've noticed include the challenge of replacing multiple products simultaneously, as well as the issues around double-playing while working through complex contract terms. Over the last six months, we have been quietly working to develop programs that enable us to help minimize and even share in the risk of our customers' face. You will see us tomorrow launching a significant number of platform offers to our customers to help drive this consolidation and platformization strategy. We believe we can build customer confidence in our platforms by approaching them well before their point product contracts expire. After we gain their contractual commitment, we have offered an extended rollout period where we can demonstrate our ability to deliver these platform benefits. Customers can then start paying us after the obligation of legacy vendors ends. With the experience we've gained over the last six months, we believe now is the right time to accelerate programs across our portfolio to drive this platformization. All these programs will have mechanisms to reduce customer friction, accelerate product deployment, help customers realize the value of our platforms, and consume new innovation sooner. While this is not an exhaustive list, I wanted to give you some examples. We have begun to launch programs already that include legacy trade-ins, no-cost introductory offers, and product add-ons and incentives to accelerate estate standardization. Each of these programs has elements of reducing execution risk and dealing with the economic exposure that concern our customers. In that sense, we must bear the cost of the transition through lower upfront financial outcomes, but we are convinced these will yield amazing outcomes for us in the mid to long term. We have developed these programs across all three platforms and as I mentioned, we intend, we have announced a few and we intend to announce more starting tomorrow in addition to expanding some of the programs that we already have. Given this is an investor call and you're all focused on these numbers, I want to provide you a high level understanding of the aggregate impact we expect this will have in the medium term and long term. I will then have Deepak talk more about this in his section and explain this much more eloquently and elaborately. We expect a typical customer entering into a platformization transaction will not pay us for our technology for a period of time. As these programs ramp over the next year, we expect a change to our billings and revenue growth for the next 12 to 18 months. As customers move into the period where contracts have a full billing and revenue contribution, we expect to see an acceleration in our top-line metrics. Beyond this dip and acceleration of our top-line metrics, we believe we can sustain higher growth rates for longer, driven by sticky and broad platform relationships with incremental customers, allowing us to aspire to a goal of $15 billion in next-generation security in 2030. We also expect to achieve our transformation to a business with greater than 90% recurring revenue and industry-leading non-gap operating margins in the low to mid-30s. As Deepak will explain, we believe we can do this in a financially prudent and strong manner. Talking about bigger platforms and ARR aspirations cannot be done today without talking about AI. We have been working on AI for a long time as a company. However, we did accelerate our efforts with the arrival of generative AI. I personally believe AI is going to be one of the biggest inflection points in technology in over a decade and likely, more importantly, to significantly increase the total addressable market in cybersecurity. Carter predicts by 2027, $300 billion will be spent on AI software. This AI juggernaut continues to bring several challenges along with it from a security perspective. Multiple vectors of attacks ranging from phishing to malware to nation state activity and inflected negatively due to AI. Furthermore, customers are evaluating dozens of co-pilots type offerings within end users where security is not necessarily front and center. We see three discrete opportunities to drive additional growth in cybersecurity through AI. And we have internally put pen to paper to understand this opportunity and we're in alpha or beta stages of many of these across our product capabilities. First, organizations are concerned about their employees' access to AI in an insecure manner. Whether the consequences are unintended leakage of open source, other data models tampering, or AI-driven phishing, we see an opportunity to add value across the growing volume of users we secure. We currently secure north of 100 million users and their access to applications, both in the public cloud and in the data center. We expect each of these users is an opportunity for us to deliver an AI security sub for them. It's a $3 to $5 billion opportunity over the next five years. Secondly, organizations are increasingly deploying AI-related workloads in the cloud, just like they need to understand the overall security posture of their cloud estates and expeditiously identify and remediate issues. They must do this for AI-related workloads. We believe this in itself is a $5 to $6 billion opportunity in the next five years. Lastly, network traffic will increasingly have an AI context with interactions and transactions between applications and AI models are more than Half a million installed firewalls is the perfect place to inspect this traffic. We believe this is a five to six billion opportunity in the next five years. Overall, this combined 13 to $17 billion opportunity drives our conviction that investing in AI and maintaining our leadership can help us accelerate our growth towards $15 billion by 2030. Beyond the larger opportunity, we also believe we are uniquely positioned to garner our fair share of the stamp. Our proprietary data and large technology footprint is a significant advantage in driving AI outcomes. We've already seen the early benefits of this AI in our newly developed product offerings. In Q2, our AI offerings, which include Exime, Autonomous Digital Experience Management, or ADEM, and AIOps, crossed the $100 million in ARR milestone. We are possibly the first security companies to cross $100 million ARR in AI security. This is above and beyond the AI capabilities we have embedded across all of our platforms, including our advanced subscriptions and our core-to-cloud platforms. Our co-pilots are in alpha, are in the hands of leading customers who are giving us feedback before we move to general availability. Looking forward, we have aggressive plans to roll out additional AI-based offerings by the end of this fiscal year. We have plans to offer three new product offerings, one to address each of the stamps I talked about. Before I wrap up and pass it on to Deepak, I'd like to summarize. We have established our platformization motion, our clear industry leadership position with our best-to-be platforms, and the industry trends convince us we're in the best position to capitalize on this early trend and now focus on the next phase of cybersecurity, which is going to be all about consolidation. One of the hardest things to do is to change the strategy that is working. We have spent time understanding how to accelerate our strategy further. We firmly believe as a management team that the changes we are making today are going to give us better prospects in the mid to long term and allow us to drive this consolidation much faster whilst giving our customers better ROI and total cost of ownership. AI is an opportunity in the early stages. However, we are seeing the signs that there is significant demand there. It will prove to be an inflection point for cybersecurity, and today will be marked as a day where we will see that inflection begin to take hold as we start to deliver more AI security products over the course of the rest of the year. We have confidence we can drive our top-line growth trajectory higher for longer ahead of the growth trajectory we talked about back in August, despite absorbing some short-term impacts. We have shown we run the business in a financially prudent manner, which we will continue to do as we drive this acceleration, hitting our original operating profitably and cash flow margin targets. With that, I will pass on to Deepak.
speaker
Walter
Thank you, Nikesh, and good afternoon, everyone. Given all that we have to talk about this quarter, I will do an abbreviated review of our Q2 results. You can refer to the press release and supplemental financial information on our website for our key numbers. For Q2, revenue of $1.98 billion grew 19%. Product revenue grew 11%, while total service revenue grew 22%, with subscription revenue growing 26% and support revenue growing 14%. Moving on to geographies, we saw consistent revenue growth across all of our theaters, with the Americas growing 19%, EMEA up 19%, and JPAC also growing 19%. We had some puts and takes during the quarter related to billings. As Nikesh mentioned, we saw weakness in the US federal vertical related to some specific programs. This US federal weakness was a meaningful headwind to our billings in Q2 after we saw a slow start in the year to Fed. The impact of these federal deals on our revenue is significant, as they are relatively shorter than our average contract term. At the same time, we saw a decrease in our non-product backlog, which offset this Fed weakness in our billings. We continued to see customers closely watching cash outlays around deals, which we discussed last quarter, although this trend played out largely as we expected 90 days ago. Remaining performance obligation, or RPO, was $10.8 billion, and current RPO was $5.2 billion. You likely noticed that our GAAP EPS was $4.89 and GAAP net income was $1.75 billion. These benefited from a $1.5 billion release of a tax-related valuation allowance. This was a one-time item in fiscal year 24, which has been adjusted out of our non-GAAP results. This amount also does not impact our cash taxes. Our average duration on new contracts was relatively flat year over year, with average duration for new contracts remaining at approximately three years, while total contract duration was down slightly year over year. I did want to spend more time talking about our accelerated platformization and consolidation strategy and give you more of my perspective with some additional framing and detail with a financial lens. Nikesh talked about our programs to alleviate friction with customers. We believe that by moving from a deal by deal approach to a program based and systematic approach, we can accelerate platformization with our customer base and drive vendor consolidation faster by mitigating platformization friction. This results in a number of business benefits for us ranging from a faster capture of the customer estate and larger platform commitment to higher renewal and expansion rates and faster adoption of our new innovations. For the customer, they are able to execute on the platform deployment with lower risk and consolidate vendors while benefiting from a lower total cost of ownership and a better security posture. As Nikesh gave you the high-level trajectory in our pipeline, I wanted to help you understand how we think about the medium term. Our platformization offers to drive consolidation effectively provide customers a period of the contract for free as part of their commitment. We expect we may see a period of 12 to 18 months of pressure on our top line growth rates, notably billings. Some of our platformization programs embed deferred payments into deal structures, which we have spoken about in the past. We expect this will persist through fiscal year 25 as we anniversary the rollout of these programs and result in billings below the target we provided in August of 2023. Beyond this period, we expect we can sustain higher growth than we provided in these targets in August. From an NGS ARR perspective, we expect less impact on our year-end metrics, and we expect we can continue to meet or exceed our target, which called for 30% growth rate through fiscal year 26. As Nikesh noted, we are establishing a long-term target of $15 billion of NGS ARR in fiscal year 30. Underlying this trend, we expect customers deploying our full set of platforms to have a higher makeup of NGS products. These offerings tend to be deeply installed in our customer infrastructure, and once a customer deploys the platform, it's easier to continue to consolidate vendors and adopt new innovations. We expect this to drive a significant increase in our overall revenue mix that is recurring. From a revenue perspective, we expect to see less pressure on revenue as compared to billings. Generally, we see a lag in changes in our revenue growth versus our billings growth, and we expect that this will happen here as well. As Nikesh mentioned, part of what gives us confidence to execute on the strategy and especially to do so now is our success in driving profitable growth. As we embark on a strategy that we expect will negatively impact the top line in the short term, we have significant confidence that our business scales well, and we can continue to see operating leverage from a number of drivers. As I have mentioned multiple times before, we scale well across every line item of our P&L, ranging from customer support to cloud hosting to sales and marketing to G&A. And we've seen significant payoff from focusing on internal efficiency across all areas of the business. Let me give you some specific examples for Q2. First, in cloud hosting, we signed a significant extension with our primary cloud provider. This contract is constructed to enable us to drive further margin benefits as we scale. Second, within G&A, we're progressing well on a significant employee experience program. This started by analyzing all of our service desk tickets across all channels and identifying all the manual responses needed to address requests. The combination of process re-engineering, automation, and AI is still in progress, but we have already seen positive savings and have a target of automating 90% of the more than 300,000 manual interventions. By the end of Q2, we have roughly halved the cost of our T&E servicing. We are now leveraging this program as a template across other business areas. In short, whilst we made a lot of progress, we still have significant opportunities on the profitability front. That gives us confidence that we can maintain our median term operating margin and free cash margin targets beyond this year. Specifically, we believe that we can expand our operating margins by 100 basis points beyond this year, in line with the operating margin guidance we gave in August of 28% to 29%. And this can continue to support our medium term free cash flow margin target of 37% plus. We expect that this will come despite us absorbing some billings impact as we have both the benefit of some prior arrangements with deferred payments contributing, as well as efforts we have placed on optimizing the cash dynamics of our vendor spending. In short, I wanted to reiterate what Nikesh said, that it is important for us to be able to manage through this platformization acceleration in a financially prudent manner. And we have set ourselves up well to do this over the next 12 to 18 months. Now, moving on to the guidance for Q3 in the year. For the third quarter of 2024, we expect billings to be in the range of 2.30 to 2.35 billion dollars, an increase of two to four percent. We expect revenue to be in the range of 1.95 to 1.98 billion dollars, an increase of 13 to 15 percent. We expect non-GAAP EPS to be in the range of 1.24 to 1.26 dollars, an increase of 13 to 15 percent. For the fiscal year, we expect billings to be in the range of $10.10 to $10.20 billion, an increase of 10 to 11%. We expect NGS ARR to be in the range of $3.95 to $4 billion, an increase of 34 to 35%. We expect revenue to be in the range of $7.95 to $8 billion, an increase of 15 to 16%. We expect operating margins to be in the range of 26.5 to 27%, an increase of 240 to 290 basis points year over year. And we expect non-gap EPS to be in the range of 5.45 to 5.55, an increase of 23 to 25%. We expect adjusted pre-cash flow margin to be 38 to 39%. In the interest of time, and to get as many of your questions as possible, we've included the modeling points in the appendix of our earnings presentation. With that, I will turn the call back over to Walter for the Q&A portion of the call.
speaker
Operator
Thanks. We'll now proceed with Q&A. Please, in the interest of time, ask only one question with no follow-ups. Our first question will come from Hamza Fadarwala from Morgan Stanley, followed by Brian Essex from JPMorgan. Hamza, please go ahead with your question.
speaker
Brian Essex
Good afternoon. Thanks for taking my question. I just wanted to clarify, Nikesh, your comment on spending fatigue. What exactly were you referring to there, just given you also said demand was quite good? And then just the billing is cut. It seems like it's a function of some bundling, discounting, as well as lower duration. Any way to quantify that at all? Thank you.
speaker
Walter Pritchard
Hey, thanks, Hamza. Thanks for the question. Yeah, I think I want to make sure there's no confusion in our characterization of spending fatigue. For the last few years, most of our customers have ended up spending more on cybersecurity than on IT. As a consequence, they're feeling like my budget for cybersecurity keeps going up in double digits every year because I'm trying to protect against every new threat vector, yet you see the number of breaches continues to rise. So our customers are sitting down and saying, if I spend more money, can you show me how I get a lower total cost of ownership across my enterprise? How do I spend less on the services that I have to deploy? And how do I get better ROI? So I think it's more about optimizing their current cybersecurity budgets as opposed to there being no demand. Demand continues to be very strong. The customers are demanding to get more for the amount of money they have allocated to cybersecurity. That's where platformization consolidation kicks in. In terms of trying to quantify duration versus...
speaker
Walter
So just to be clear, Hamza, from a billings perspective, part of the billings guidance is related to the Fed that we talked about in the prepared remarks. Part of it is also because of the platform initiatives, platformization initiatives per se. But also part of it, we just expect there to be more deferred payments like annual billings, things like that, as we roll out these programs. That's what makes it up.
speaker
Operator
Great. Thank you, Hamza. Next question from Brian Essex at JP Morgan, followed by Saket Kalia at Barclays. Brian, go ahead.
speaker
Brian Essex
Yeah, thanks, Walter. And maybe to follow up on Hamza's question, maybe for Deepak, one thing that caught my ear was the comment about discounting or offering a free period up front for a certain period of time. I wanted to get a sense of what kind of headwind within that billings guidance is attributable to some of that discounting, and should we be looking at other metrics like average TCV or annualized TCV to get a sense of once those contracts hit a normal run rate, what would a normalized growth rate look like?
speaker
Walter Pritchard
Thanks, Brian. Hey, let me jump in here. Sure. I think let me clarify in terms of the discounting notion. What's happening today is when I go to a customer and say, listen, I'd like to replace your estate with the entire platform. The customer says, wait, wait a minute. I got this vendor for IPS, this for SD-WAN, this for SSC, and I got half my firewalls from another vendor. They all expire at different points in time. I'd love to deploy zero trust, but it's going to take me two, three years as the end of life for these vendors happen. And I'm scared that if I rip and replace this at this point in time, it's going to create execution risk, not just that, it's going to create economic risk. So the propositions we're going to customers is, listen, let's lay out a two-year, three-year cybersecurity consolidation and platformization plan. We'll go start implementing today. You pay us when they're done. So what it is is more of a sort of like you can use our services until you have to keep paying the other vendor. We'll take it from there. But that's taking away a lot of the economic exposure and the execution risk for our customers. Now, you can call it a discount or you can call that a free offer. Our estimate is approximately it works out about six months' worth of free product capabilities for our customers on a rolling basis. I think in about 12 months, as our offers start lapping each other, we should go back to our growth rate we've been talking about. And I think the right metric in the time frame is to look at RPO. Thank you. Great.
speaker
Operator
Thank you, Brian. Next question from Andy Dewinsky at Wells Fargo, followed by Gabriella Borges at Goldman Sachs. Go ahead, Andy.
speaker
Brian
Thank you. I wanted to ask about the U.S. federal spending. You said it was soft in Q2, Nikesh, and I think it's going to remain soft for the next six months. But, you know, given your comments about how nation state activity targeting the national infrastructure was increasing, I guess, why do you think there's a disconnect between that trend? And were those comments specific to your Palo Alto customers in the U.S. Fed or more broad based?
speaker
Walter Pritchard
And part of it is particular to us. As you are aware, there was a large program. We were part of down selected to be the only vendor. We had expected, we staffed it to make sure we could implement it and we could get the orders. That program didn't materialize at the pace and at the... at the spending levels we'd expected. We saw an early glimpse in Q1 towards the end. We saw it not show up in Q2, and we have it staffed for Q3 and Q4. Remember, Fed is a lower duration number, so it has a much more significant impact to revenue because Fed pays you on an annualized basis as opposed to on a TCV basis. So you're seeing the impact of that to our revenue for Q3 and Q4, and some of the billings miss in Q2, which we had to make up with shipping from non-product backlogs. So that's kind of what happened. The Fed business once bitten, twice shy. So we're being very cautious about how we expect it to come back or not in the second half of the year. So it's more pertinent to that as opposed to a broader comment around the federal space. And don't forget, Fed is, in general, is not a next-generation security adopter because they're usually slower on cloud services than they are on traditional cybersecurity products.
speaker
Brian
Makes sense. Thanks. Thanks, Andy. Apologies.
speaker
Operator
We're going to go back to Saket Kallia from Barclays and then go to Gabriella Borges from Goldman. Go ahead, Saket.
speaker
spk05
Hey, great. Hey, thanks, guys. Nikesh, maybe for you, just to touch on the platformization item a little bit deeper. I almost think about these as ramping contracts, and you tell me if that's off. But specifically, as you look at the second half, maybe putting the mechanics of the ramp aside, how do you feel about underlying demand with metrics like ACV or bookings, and what percentage of your book of business do you sort of expect to shift to sort of this ramping structure? Does that make sense?
speaker
Walter Pritchard
Yeah, yeah, that makes a lot of sense. I think part of what we're noticing, Saket, is that we'd like to go from best of breed competitive behavior with legacy vendors or newer vendors and go straight to platform competition. Because we've noticed that we have a higher win rate on platform deals, we have a higher win rate in consolidation plays, as opposed to best-of-breed head-ons, which end up costing more time and energy, and you see very, as I called it, rogue behavior, where people start trying to desperately hold on to customers. So we are trying to shift our go-to-market towards a consolidation play, and a platform play. I think, as I said to earlier, the right number to look at in this context is RPO. The underlying demand is strong. Our book of business is strong. Our pipeline is strong. There is nothing going on on the demand side. It's just that we see this pushing out of the buildings towards later parts as we get more and more consolidation offers and platform offers out there. To give you an example, maybe we acquired Talon. We made Talon free to every SASE customer. Instead of going and trying to upsell that to every SASE customer and run the risk of running into POCs or other secure browsers, we've decided to give it away free for the next 12 months until the customer's renewal comes up. Now, that has a billing impact in the 12-month timeframe and a revenue impact However, at the end of 12 months, all these will be renewed because our aspiration is to get 50% of our customers to use the enterprise browser. It's one of the best products we've acquired. It has tremendous market tractions. When we acquired it, there were 100 POCs in place going on at customers. And we told them, listen, if you're a Palo Alto customer, just use it. It's part of our product. It's part of the licensing. You don't have to pay us more. You don't have to do a new contract. What that does, it allows us to penetrate a market segment which would end up being competitive. We end up getting some share and spend the rest of our lives trying to create more traction and more market share in the future. It's great. It's free. Our incident response offer, we never had 400 Fortune 2000 customers dealing with us on incident response. We launched an offer. In 90 days, we got 400 customers. We gave them 250 hours free, right? That's 100,000 hours of breach consulting for free. But that drives a future business for us where they become our cybersecurity partner of choice. So we're trying to seed ourselves into our customers' platform and consolidation strategies so we don't have to keep fighting on individual best of breed deal every time we go to a customer.
speaker
spk05
Makes sense. Thanks, guys.
speaker
Operator
Great. Thanks, Saket. We're going to go next to Gabriella Borges with Fatima Boulani from Citi on deck.
speaker
Fatima Boulani
Hi, good evening. Thank you. Nikesh, I wanted to ask how you think about the risk of potentially cannibalizing the customers that are willing to pay full price today as you implement the bundling strategy. And then how do you think about- If you find them, let me know. Okay. Sorry.
speaker
Walter Pritchard
Go ahead, please ask the question.
speaker
Fatima Boulani
Yeah, it's also a longer-term question on how do you think about maybe catalyzing a race to the bottom with pricing pressures? So as you think about RAMP deals, technology that may be worth $100 today or a year from now, by the time you get to renewal, is no longer worth $100 because you've created pricing competition or you've created a competitive response.
speaker
Walter Pritchard
I think there are two answers. Let me answer two parts of the question. I think this is to think about it as a price war is the wrong way to think about it. Actually, we're averting a price war by driving a platformization approach. And I'll explain how. First of all, you know, all of our customer deals are discussed, negotiated POC. So it's very rarely that we have a customer who does not understand the value of what they're offering because the competitive market, we have a price, our competitors are normally rational competitors have a price. So we don't think that, you know, we're cannibalizing a full price paying customer. We're possibly, I think what we are doing, Gabriel, is that, We're avoiding the unintended consequence where a customer says, oops, I have no time left. Because what happens, customers with all the right intentions will say, I'll renew, I'll buy Palo Alto in 12 months from now when my current contract goes away. They take a little while analyzing and they get to six months. Oh my God, if I'm not able to deploy you in six months, I'm going to have an exposure. So I'm going to go try and get a renewal. When they try and get a renewal, the other vendors know this is not going to be their business for too long. So that's when irrational pricing behavior happens. It's not when they execute early and deploy early. So actually reverting the last minute race to the bottom, like you called it, by making sure our customers don't have to worry about the execution risk and trying to get renewals and trying to get best pricing in the last six months.
speaker
Fatima Boulani
Thank you.
speaker
Operator
Great. Thanks, Gabriella. Next up is Fatima Bilani from Citi. And after that, Roger Boyd from UBS.
speaker
Gabriella
Hey, good afternoon. Thanks for taking my questions. Nikesh, on the platformization strategy, I was hoping you could drill into what the catalyst was for this to be a mid-year change. What were you hearing from customers where you said, we've got to pull the trigger? in the middle of the year because it's admittedly atypical. And as a related note, when you're rolling this out, if you've got customers who are not paying you for six months, how are salespeople going to get compensated for that free, freemium sort of stance you're taking? So just how are you protecting, I guess, the piece of the go-to-market organization as it relates to the new strategy?
speaker
Walter Pritchard
Thank you. Deepak did warn me this one will take a little bit of explaining. And so let me go back to what Saket said. For simplicity purposes, think about a ramp deal. That's why salespeople still get paid on TCV, right? So they're still gonna do a three-year deal or a five-year deal. We're not doing six-month or 12-month deals. So you'll see that in our RPO. You'll still see us doing ramp deals where the first six months may not be charged, but the next four and a half years is. So our salespeople will get paid on the DCV deals like they get paid today. That's not a problem. I think that's the best way to think about it. And I'm sorry, there was another part that I missed. I apologize.
speaker
Gabriella
Just the impetus of it being, yes, why not?
speaker
Walter Pritchard
The impetus, Fatima, is fascinating. We've managed to double our business the last five years. And for us to get to a double from here and more, we've had to step back and say, what do we do? We've got 21 categories where we're best in breed. And we realize we're still fighting best of breed deals while we should be selling the platformization strategy. And we realized selling the platformization strategy, which we have been for the last six months, as we said, we've been trialing this out, we've been running this play for the last six months, we're discovering when we go in with a platform approach, we win more often than if we go in with the best of breed only. You know, otherwise we get whittled down on price, XDR to XDR or SASE to SASE. When you go with XIM, with XDR, ASM and XOR, then we don't get whittled down on price because customer sees the TCO value and the ROI of doing the entire replacement together. But the moment we go up with that, it's like, well, that's a lot of risk. I got to replace everything in the next six months. I'm not willing to commit. Let's go one at a time. And to go one at a time, I get whittled down on price with a legacy vendor.
speaker
Operator
Great. Thanks, Fatima. Next up, we have Roger Boyd. And after that, it'll be Jonathan Ho from Liam Blair.
speaker
Fatima
Great. Thanks for taking the questions. Another follow-up on the platformization. But as you get more accommodative on some of these offerings, more aggressive on discounting, what are you expecting to see from a contract duration perspective? It sounds like the focus is going to be on RPO, but are you expecting to see contract duration actually extend in exchange for some of this economic flexibility? Thanks.
speaker
Walter Pritchard
I think that's a great question. I think the way to think about it is that we still have two parts to our business. We'll still have the regular part of our business, which is still going and competing best of breed. We expect that business to continue. Remember, this platformization really applies to where customers have the opportunity to consolidate and platformize. There are still many who are in different parts of their cybersecurity journey or the IT journey. So to the extent that we are dealing with a customer who's willing to consolidate with us, you will see contract durations go up because we're not gonna do this if you're not gonna get a commitment for a three to five year deal, because it does not behoove us to do those deals if you don't see a long-term commitment of the customer, because we are gonna be consolidating multiple security products with them and working with them to implement them across the enterprise.
speaker
Operator
Great, thank you. Next question, Jonathan Ho from William Blair. And after that, we've got Adam Borg from Stifel.
speaker
Jonathan Ho
Great. Thank you for taking my question. I guess one thing I'm trying to understand a little bit better is, does this ability to standardize on the platform give you something similar to what Microsoft has done with their E5 bundling to sort of force customers or package very attractive terms for customers to switch? And I guess, how does that maybe play out in terms of a customer's willingness to commit to a single vendor platform? Thank you.
speaker
Walter Pritchard
That's a great question, Jonathan. Very apt question. Look, it allows us to do a much better job of putting stuff together across our portfolio as opposed to having to do each of these deals on an individualized basis. So you're bang on on the idea that this consolidation benefits us and allows us to drive towards that platform much faster. That's helpful. I think it also gives us financial flexibility in terms of pricing deals. That's also very important, very true. But I'll give you an example. Just this morning, I was on the phone, and a customer is trying to buy an IoT capability. And apparently that IoT capability is going to cost them north of $5 million. They already have our firewalls. we allowed them to activate IoT off our firewalls, which costs us a lot less than $5 million, but that allowed them to consolidate. And now when the renewal comes up in six months or 12 months, they're going to be able to renew for a higher amount. So that degree of flexibility that we can offer our customers, where they don't have to go end up spending more and building yet another vector that they have to go consolidate in the future is what we're trying to drive to.
speaker
Operator
Great. Thanks, Adam. Next up is Keith Bachman from BMO, followed by Taliani at V of A. Hi, thank you.
speaker
Adam
You confused me, Walter. I think, Deepak, for you, you mentioned we certainly have the billings guide for Q3 and then implied for Q4, something like 10%. And you indicated that this was going to be a 12 to 18 month sort of impact as you try to anniversary consolidating spend, but is there any, you know, trough or any way to think about FY25? I mean, is it still double digit billings growth that we should be thinking about or any kind of metrics on how you think about the six to, or excuse me, 12 to 18 month impact where you're trying to anniversary the program?
speaker
Walter Pritchard
Yeah, our aspiration is that towards the second half of 25, we should revert back to our original expectations of mid to high double digit growth. But as I said, so 12 to 18 is obviously, you know, we have to go experience these programs to see how they persist. But at some point in time, they will start to lap and give us better upside in the larger size deals that we're able to do. Okay, all right. I just want to make one more point, sorry, on this context. One of the things that I think should not be lost, what Deepak has said, we have maintained our absolute free cash flow guidance for the year and absolute EPS guidance for the year. So we believe we can make all this happen whilst holding our earnings and free cash flow constant.
speaker
Adam
Yeah, noted.
speaker
Operator
Great, thanks. Next, we're going to go back to Adam Borg and then we're going to go to Taliani from B of A.
speaker
spk09
Awesome. Thanks, Walter. And thanks everyone for taking the question. Maybe just on XIM, it was good to see the traction there. Maybe talk more about the displacement opportunity that you saw in the quarter. I think you talked about replacing up, displacing up to 19 different vendors since being introduced and talk more about how you plan to further penetrate that as part of this broader platformization approach.
speaker
Walter Pritchard
Thanks. Thanks, Adam. So Adam, we've displaced 19 unique different SIEM vendors. And the reason that's relevant for us is that tells us that our platform has capability that spans multiple use cases and different types of products in the market. It's not like we only replace one kind of SIEM. We have been able to replace different kinds of SIEM, which offer different capabilities in our customers. And we still believe this is the fastest and best cybersecurity product that has been created. We are north of 65 customers now in nine months. As we said, we have signed the largest number of deals this quarter on a deal basis. We did $90 million in in TCV. So we're really excited about it. This does resonate with our customers. We are launching tomorrow an offer to replace endpoints for our customers who are stuck with legacy endpoints, which is one of the things that holds us back in being able to deploy XIM. We've also announced support of other non-legacy vendors that they have in their infrastructure. So our customers have been asking for that so we can support some of the other leading edge XDR capabilities in the market. So we are making a concerted play to be able to be the SOC of choice. It is radically different and better than most other SIMs out in the marketplace. So we are putting in concerted effort. We're excited about where we are with it. Great. Thanks.
speaker
Operator
Thanks a lot, Adam. Next up, Taliani from Viva, followed by Brad Zelnick at Deutsche Bank.
speaker
Adam
Hi. First, just a clarification. You spoke about discounting or pricing. Is there any product where you see more discounting than others? Is it on the legacy firewall side or do we see it on SASE or Cortex? Or should we look at it as a complete kind of pricing for the platform?
speaker
Walter Pritchard
I think the best analogy is Jonathan's analogy. which is the bundling of multiple things into one capability, more like a, you know, I don't want to call it that one. More like one of the other vendors has a certain bundling philosophy. I think it's more like that than it is about individual product categories because it's not about if you buy SASE, I'll make it cheaper. If you buy XT, I'll make it cheaper. It's about if you commit to my network security platform, the combined whole of it will be much better TCO and ROI for you, and I'll take the execution risk. Remember, the exit ARR for me is going to be no different than it is today. And I think that's why I don't like the word discounting or reduced pricing. The exit ARR will be consistent with what I would get today. I would end up taking the execution risk away from the customer.
speaker
Operator
Great. Thank you, Tal. Next up, we have Brad Zelnick from Deutsche Bank. And after that, Matt Hedberg from RBC.
speaker
Tal
Great. Thanks so much. I want to ask another question from a go-to-market perspective, just extending on Fatima's question. Excuse me. Nikesh, how do you align the channel to execute on this platformization strategy where for you to win, somebody else has to lose? And their economics are typically a function of present day billings, not LTV. And then also just extending on that, you've talked about BSIs as a real strategic opportunity for you. Where do they fit into this platform? I got to practice the word. platformation strategy.
speaker
Walter Pritchard
Thank you. I know it's a new word, only introduced five years ago when you didn't believe us, but now we've got to worry about consolidation. Thank you, Brad. So when I start to make fun with you, I start forgetting your question. So look, your channel question. So two parts to it. It's a great question. First of all, channel does get constant pay compensated on TCV. So, look, I think part of what we said is our deals are 40 times when they use all three platforms compared to a single platform deal. Our deals are not 20 times when they use two platforms, right? Our top 10 customers spend 36% more with us than everybody else. And that's all a function of as the deal size, as we do this platformization, the deal size is going to get bigger. The channel gets paid on TCV. So the channel has a lot of incentive to help us drive this platformization. I think you hit on a very important point around SIs. We have been working really hard over the last six months with our SI partners to help activate. And we're actually trying to get in front of their engagements with customers as opposed to wait for their RFPs. We have very strong relationships with almost every SI out there. It's been a concerted effort. We've just hired Christy Fredericks, who was the CEO of New Relic, to drive our partnerships, the chief partnership officer. So we are putting a lot of attention and focus on it. And we're positively enthused about the traction we're getting with the ASIs. The thing about it, the ASIs are new to this business the last three to five years. They used to have cybersecurity businesses, but they really doubled down and focused on it. You can take your favorite aside. They all have a very strong practice in cybersecurity. And they would much rather partner with one large player or a few large players than the entire gamut of 3,000 cybersecurity companies that are out there. So it fits their aspirations. It fits our aspirations of getting ahead of it. They are a critical part of this platformization approach because These platform offers actually spin out a lot more services revenue than individual best-of-breed offers.
speaker
Operator
Thank you. Great. Thanks. Next up is Matt Hedberg from RBC, followed by Joe Gallo from Jefferies.
speaker
Matt Hedberg
Great. Thanks, Walter. You know, I think one of the important points in the catch you made is, you know, despite all these changes, free cash flow margins are unchanged for fiscal 24 on the midterm targets. I guess the question for Deepak is I just want to make sure I understood why that's the case. It sounds like you said it was prior arrangements and optimizing vendor payments. First of all, did I get that right? And I guess secondly, when we get into 25, are there other variables that we think of that could potentially change that margin target or kind of confidence level that that margin target can hold into next year?
speaker
Walter
So whilst we're not guiding to next year, we're pretty confident in our free cash flow margin, as I said in my prepared remarks going forward. Just to be clear, the thing that buttresses our free cash flow margin the most is our operating margin. So we do expect that to continue to increase. And that's kind of like one part of it. Secondly, we've got more business that's coming off prior contracts that we've signed. So we have visibility to that. We know when they're going to come. We also have some incremental focus on factors that impact our cash flow, for example, vendor payment terms. But when we put that all together, we're pretty confident on the cash flow side.
speaker
Operator
Great. Thank you. And we'll take our final questions from Joe Gallo at Jefferies. Go ahead, Joe.
speaker
Joe Gallo
Hey, guys. Thanks for the question. I appreciate the candor and the cash on spend fatigue, and it's logical. But given your discounting comments, can you just give an update on the competitive environment on win rates or any metrics you're tracking, particularly in SASE? You've seen several vendors enter the market, several noting large eight-figure wins. You've certainly made eight-figure deals look easy over time, but what gives you confidence this is not competitive and this is more of a short-term hiccup?
speaker
Walter Pritchard
First of all, I would not classify this as a short-term hiccup. I know you guys would love life that was linearly nice in quarters and moved up in a beat and raise percentage basis. I'm trying to get this done in the next three to five years where we become even a bigger and larger platform in cybersecurity. If I step back and look at what we've done in the last five years, we established the notion of the platform in cybersecurity. It wasn't a notion that existed. I'm trying to accelerate the deployment of the notion because I believe competitive advantage in product in this industry lasts two to three years. At this point in time, I believe we have the largest competitive advantage across our platforms in the market, starting with our XIM product in our SOC space. We think that is a 15-year-old legacy space, which we should get quickly and go and deploy as quickly as we can across the board and take away any friction in the process. On network security, we did not have network security zero trust offers in the marketplace. We are starting to see where a customer bought $40 million of SASE and then came and replaced all their firewalls with us in the last six months, right? So we are seeing the customers show that behavior. We're trying to take all the friction out of the way so they can make that happen. If I break it down into the three categories we're in, I think network security, you'll see more and more zero trust offers where hardware, software, and SaaS have to combine. There's very few vendors in the space who can do that today. So they're trying to hold on to their legacy positions. We're accelerating combination across that category. You can make your own judgments as to which vendors are going to benefit, which ones are not going to benefit as much. In the SOC space, there is only one option, deploy AI in your SOC. The average technology in the SOC space is 13 to 15 years old. That was not made for AI, it was not ready for AI, it doesn't matter who you buy, it doesn't matter what gets acquired. What is important is that you can actually have an AI-delivered data lake that delivers you the capability next time. On cloud, it's a new space. We're beginning to see, what's fascinating is for us, our best cloud customers are the ones who are delivering SaaS software to their customers. So you take the large platform players, they use our cloud security because they understand the need to have an integrated cloud platform. So we have green shoots. We have trial this. This is the time for us to double down and accelerate. That's what we're doing. It's not a hiccup.
speaker
Operator
Makes sense. Thank you. Great. Thanks, Joe, for that last question. With that, I'll pass it over to Nikesh for his closing remarks.
speaker
Walter Pritchard
Now, I know this was exciting for all of you guys, even more exciting for us. We are committed. We believe this is the right way forward. We believe this is the way we can deliver a faster platformization, a faster way to consolidate the industry into a platform. We hope that in the next five years, this allows us to double our business from here, which is why I'm here. I want to say thank you to all of our employees, all of our partners, and of course, all of you for taking the time to listen to our earnings call.
Disclaimer

This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.

-

-